lintai docs

Appearance

Preset Reference

membership36 direct rules

governance

Opt-in review rules for shared mutation authority and broad bare tool grants that should not read like headline security findings.

Membership preset: directly activates this rule set.

Coverage

Covered Rules

SEC390AI markdown: shared git push tool grantAI-native markdown frontmatter grants `Bash(git push)` tool accesspreviewmarkdown
SEC391AI markdown: shared git checkout tool grantAI-native markdown frontmatter grants `Bash(git checkout:*)` tool accesspreviewmarkdown
SEC392AI markdown: shared git commit tool grantAI-native markdown frontmatter grants `Bash(git commit:*)` tool accesspreviewmarkdown
SEC393AI markdown: shared git stash tool grantAI-native markdown frontmatter grants `Bash(git stash:*)` tool accesspreviewmarkdown
SEC423AI markdown: bare Read tool grantAI-native markdown frontmatter grants bare `Read` tool accessstablemarkdown
SEC424AI markdown: bare Write tool grantAI-native markdown frontmatter grants bare `Write` tool accessstablemarkdown
SEC425AI markdown: bare Edit tool grantAI-native markdown frontmatter grants bare `Edit` tool accessstablemarkdown
SEC426AI markdown: bare Glob tool grantAI-native markdown frontmatter grants bare `Glob` tool accessstablemarkdown
SEC427AI markdown: bare Grep tool grantAI-native markdown frontmatter grants bare `Grep` tool accessstablemarkdown
SEC474AI markdown: shared gh pr tool grantAI-native markdown frontmatter grants `Bash(gh pr:*)` tool accesspreviewmarkdown
SEC494AI markdown: shared npm exec tool grantAI-native markdown frontmatter grants `Bash(npm exec:*)` tool accesspreviewmarkdown
SEC495AI markdown: shared bunx tool grantAI-native markdown frontmatter grants `Bash(bunx:*)` tool accesspreviewmarkdown
SEC496AI markdown: shared uvx tool grantAI-native markdown frontmatter grants `Bash(uvx:*)` tool accesspreviewmarkdown
SEC497AI markdown: shared pnpm dlx tool grantAI-native markdown frontmatter grants `Bash(pnpm dlx:*)` tool accesspreviewmarkdown
SEC498AI markdown: shared yarn dlx tool grantAI-native markdown frontmatter grants `Bash(yarn dlx:*)` tool accesspreviewmarkdown
SEC499AI markdown: shared pipx run tool grantAI-native markdown frontmatter grants `Bash(pipx run:*)` tool accesspreviewmarkdown
SEC500AI markdown: shared npx tool grantAI-native markdown frontmatter grants `Bash(npx:*)` tool accesspreviewmarkdown
SEC501AI markdown: shared git ls-remote tool grantAI-native markdown frontmatter grants `Bash(git ls-remote:*)` tool accesspreviewmarkdown
SEC505AI markdown: shared gh api POST tool grantAI-native markdown frontmatter grants `Bash(gh api --method POST:*)` tool accessstablemarkdown
SEC506AI markdown: shared gh issue create tool grantAI-native markdown frontmatter grants `Bash(gh issue create:*)` tool accessstablemarkdown
SEC507AI markdown: shared gh repo create tool grantAI-native markdown frontmatter grants `Bash(gh repo create:*)` tool accessstablemarkdown
SEC511AI markdown: shared gh secret set tool grantAI-native markdown frontmatter grants `Bash(gh secret set:*)` tool accessstablemarkdown
SEC512AI markdown: shared gh variable set tool grantAI-native markdown frontmatter grants `Bash(gh variable set:*)` tool accessstablemarkdown
SEC513AI markdown: shared gh workflow run tool grantAI-native markdown frontmatter grants `Bash(gh workflow run:*)` tool accessstablemarkdown
SEC517AI markdown: shared gh secret delete tool grantAI-native markdown frontmatter grants `Bash(gh secret delete:*)` tool accessstablemarkdown
SEC518AI markdown: shared gh variable delete tool grantAI-native markdown frontmatter grants `Bash(gh variable delete:*)` tool accessstablemarkdown
SEC519AI markdown: shared gh workflow disable tool grantAI-native markdown frontmatter grants `Bash(gh workflow disable:*)` tool accessstablemarkdown
SEC529AI markdown: shared gh api DELETE tool grantAI-native markdown frontmatter grants `Bash(gh api --method DELETE:*)` tool accessstablemarkdown
SEC532AI markdown: shared gh api PATCH tool grantAI-native markdown frontmatter grants `Bash(gh api --method PATCH:*)` tool accessstablemarkdown
SEC533AI markdown: shared gh api PUT tool grantAI-native markdown frontmatter grants `Bash(gh api --method PUT:*)` tool accessstablemarkdown
SEC535AI markdown: shared gh repo delete tool grantAI-native markdown frontmatter grants `Bash(gh repo delete:*)` tool accessstablemarkdown
SEC537AI markdown: shared gh release delete tool grantAI-native markdown frontmatter grants `Bash(gh release delete:*)` tool accessstablemarkdown
SEC539AI markdown: shared gh repo edit tool grantAI-native markdown frontmatter grants `Bash(gh repo edit:*)` tool accessstablemarkdown
SEC541AI markdown: shared gh release create tool grantAI-native markdown frontmatter grants `Bash(gh release create:*)` tool accessstablemarkdown
SEC543AI markdown: shared gh repo transfer tool grantAI-native markdown frontmatter grants `Bash(gh repo transfer:*)` tool accessstablemarkdown
SEC545AI markdown: shared gh release upload tool grantAI-native markdown frontmatter grants `Bash(gh release upload:*)` tool accessstablemarkdown

What This Preset Enables

The governance preset enables opt-in review rules for shared authority decisions that are structurally detectable, but should not be framed as headline security findings by default.

This includes both:

  • shared mutation authority such as Git publication or repository-changing commands
  • broad default read, write, edit, search, and discovery grants in checked-in AI-native frontmatter

When To Use It

Use it when you want lintai to review repo-wide defaults such as shared Git mutation authority or broad bare tool grants in allowed-tools, especially in teams that care about least privilege and workflow design in checked-in agent instructions.

Tradeoffs

These checks are intentionally separate from both recommended and preview. They are precise, but some findings can still be legitimate workflow choices that need explicit review rather than automatic escalation.