diff --git a/posts/pre-commit-agent.md b/posts/pre-commit-agent.md index e1524a6..78a33d5 100644 --- a/posts/pre-commit-agent.md +++ b/posts/pre-commit-agent.md @@ -21,11 +21,11 @@ We built a pre-commit hook with two layers: a regex blocklist that's instant and A text file of patterns, each tagged with scope and message: ``` -public|\bCosmos\b|Classified codename — use "advanced colonist AI" +public|\b\b|Classified codename — use the public-facing alias all|github\.com/(tinqs-ltd|tinqs)/|GitHub repos deleted — use tinqs.com all|sk-[a-zA-Z0-9]{20,}|Possible API key leaked all|AKIA[A-Z0-9]{16}|AWS access key leaked -public|admin\.arikigame\.com|Internal admin URL in public content +public|admin\.|Internal admin URL in public content ``` The scope field controls where patterns apply. `all` means every file. `public` means only public-facing content — blog posts, website, marketing pages. We *want* classified codenames in internal architecture docs. We just don't want them in blog posts. diff --git a/pre-commit-agent.html b/pre-commit-agent.html index e7cfcfa..7e23e4d 100644 --- a/pre-commit-agent.html +++ b/pre-commit-agent.html @@ -269,11 +269,11 @@

We built a pre-commit hook with two layers: a regex blocklist that's instant and free, and an LLM review that costs $0.001. Together they catch everything.

Layer 1: Regex blocklist (0ms, $0.00)

A text file of patterns, each tagged with scope and message:

-
public|\bCosmos\b|Classified codename — use "advanced colonist AI"
+
public|\b<internal-codename>\b|Classified codename — use the public-facing alias
 all|github\.com/(tinqs-ltd|tinqs)/|GitHub repos deleted — use tinqs.com
 all|sk-[a-zA-Z0-9]{20,}|Possible API key leaked
 all|AKIA[A-Z0-9]{16}|AWS access key leaked
-public|admin\.arikigame\.com|Internal admin URL in public content

+public|admin\.<internal-domain>|Internal admin URL in public content

The scope field controls where patterns apply. all means every file. public means only public-facing content — blog posts, website, marketing pages. We want classified codenames in internal architecture docs. We just don't want them in blog posts.

The blocklist runs grep against the staged diff. No network call, no API, no latency. Match found → commit blocked immediately with file path and explanation. This catches 80% of issues before the LLM wakes up.

Layer 2: DeepSeek V4 Flash review (~4s, $0.001)