| commit | dbfd36a4149c03a501be12aacfecdbe237c7b7bf | [log] [tgz] |
|---|---|---|
| author | Josh Bleecher Snyder <josharian@gmail.com> | Fri May 23 20:57:50 2025 +0000 |
| committer | Josh Bleecher Snyder <josharian@gmail.com> | Fri May 23 14:25:55 2025 -0700 |
| tree | c8928ebe5568b7c5330f9211538ab8139832652f | |
| parent | afeafea91f20db4e5b99620df98baa1628bfeaf1 [diff] |
claudetool/bashkit: add validation to reject blind git add commands
Implements new validation function to prevent bash commands that blindly
add all files to git commits, requiring agents to specify files explicitly.
Changes include:
1. New noBlindGitAdd validation function that rejects:
- git add -A (add all)
- git add --all (add all)
- git add . (add current directory)
- git add * (add all files via glob)
2. Enhanced hasBlindGitAdd helper function:
- Parses git command structure using existing AST approach
- Finds 'add' subcommand and checks subsequent arguments
- Handles git flags before 'add' subcommand correctly
- Allows legitimate specific file additions like 'git add main.go'
3. Comprehensive test coverage for all blind add patterns:
- Tests rejection of all blind patterns including flags combinations
- Tests acceptance of specific file additions and valid use cases
- Tests multiline scripts and edge cases like filenames that look
like flags (e.g., 'file.A')
4. Integration with existing validation framework:
- Added noBlindGitAdd to the checks slice alongside existing
noGitConfigUsernameEmailChanges validation
- Uses same error reporting pattern and AST parsing infrastructure
This prevents agents from accidentally committing unintended files or
build artifacts by forcing explicit file specification in git add
commands. The validation maintains the existing pattern of being
mistake-prevention rather than security-focused.
Error message provides clear guidance: 'blind git add commands (git add -A,
git add ., git add --all, git add *) are not allowed, specify files explicitly'
Co-Authored-By: sketch <hello@sketch.dev>
Change-ID: s4d8fe71ef5816b36k
- .github/
- .vscode/
- bin/
- browser/
- claudetool/
- cmd/
- dockerimg/
- experiment/
- git_tools/
- httprr/
- llm/
- loop/
- skabandclient/
- skribe/
- termui/
- test/
- webui/
- .clabot
- .dockerignore
- .gitignore
- CONTRIBUTING.md
- dear_llm.md
- go.mod
- go.sum
- LICENSE
- README.md
Sketch
Sketch is an agentic coding tool. It draws the 🦉
🚀 Overview
Sketch runs in your terminal, has a web UI, understands your code, and helps you get work done. To keep your environment pristine, sketch starts a docker container and outputs its work onto a branch in your host git repository.
Sketch helps with most programming environments, but Sketch has extra goodies for Go.
📋 Quick Start
go install sketch.dev/cmd/sketch@latest sketch
🔧 Requirements
Currently, Sketch runs on macOS and Linux. It uses Docker for containers.
| Platform | Installation |
|---|---|
| macOS | brew install colima (or Docker Desktop/Orbstack) |
| Linux | apt install docker.io (or equivalent for your distro) |
| WSL2 | Install Docker Desktop for Windows (docker entirely inside WSL2 is tricky) |
The sketch.dev service is used to provide access to an LLM service and give you a way to access the web UI from anywhere.
🤝 Community & Feedback
- Discord: Join our community at https://discord.gg/6w9qNRUDzS
- GitHub Issues: Submit feedback at https://github.com/boldsoftware/sketch/issues
📖 User Guide
Getting Started
Start Sketch by running sketch in a Git repository. It will open your browser to the Sketch chat interface, but you can also use the CLI interface. Use -open=false if you want to use just the CLI interface.
Ask Sketch about your codebase or ask it to implement a feature. It may take a little while for Sketch to do its work, so hit the bell (🔔) icon to enable browser notifications. We won't spam you or anything; it will notify you when the Sketch agent's turn is done, and there's something to look at.
How Sketch Works
When you start Sketch, it:
- Creates a Dockerfile
- Builds it
- Copies your repository into it
- Starts a Docker container with the "inside" Sketch running
This design lets you run multiple sketches in parallel since they each have their own sandbox. It also lets Sketch work without worry: it can trash its own container, but it can't trash your machine.
Sketch's agentic loop uses tool calls (mostly shell commands, but also a handful of other important tools) to allow the LLM to interact with your codebase.
Getting Your Git Changes Out
Sketch is trained to make Git commits. When those happen, they are automatically pushed to the git repository where you started sketch with branch names sketch/*.
Finding Sketch branches:
git branch -a --sort=creatordate | grep sketch/ | tail
The UI keeps track of the latest branch it pushed and displays it prominently. You can use standard Git workflows to pull those branches into your workspace:
git cherry-pick $(git merge-base origin/main sketch/foo)
or merge the branch
git merge sketch/foo
or reset to the branch
git reset --hard sketch/foo
Ie use the same workflows you would if you were pulling in a friend's Pull Request.
Advanced: You can ask Sketch to git fetch sketch-host and rebase onto another commit. This will also fetch where you started Sketch, and we do a bit of "git fetch refspec configuration" to make origin/main work as a git reference.
Don't be afraid of asking Sketch to help you rebase, merge/squash commits, rewrite commit messages, and so forth; it's good at it!
Reviewing Diffs
The diff view shows you changes since Sketch started. Leaving comments on lines adds them to the chat box, and, when you hit Send (at the bottom of the page), Sketch goes to work addressing your comments.
Connecting to Sketch's Container
You can interact directly with the container in three ways:
- Web UI Terminal: Use the "Terminal" tab in the UI
- SSH: Look at the startup logs or click the information icon to see a command like
ssh sketch-ilik-eske-tcha-lott. We have automatically configured your SSH configuration to make these special hostnames work. - Visual Studio Code: Look for a command line or magic link behind the information icon, or when Sketch starts up. This starts a new VSCode session "remoted into" the container. You can edit the code, use the terminal, review diffs, and so forth.
Using SSH (and/or VSCode) allows you to forward ports from the container to your machine. For example, if you want to start your development webserver, you can do something like this:
# Forward container port 8888 to local port 8000 ssh -L8000:localhost:8888 sketch-ilik-epor-tfor-ward go run ./cmd/server
This makes http://localhost:8000/ on your machine point to localhost:8888 inside the container.
Using Browser Tools
You can ask Sketch to browse a web page and take screenshots. There are tools both for taking screenshots and "reading images", the latter of which sends the image to the LLM. This functionality is handy if you're working on a web page and want to see what the in-progress change looks like.
❓ FAQ
"No space left on device"
Docker images, containers, and so forth tend to pile up. Ask Docker to prune unused images and containers:
docker system prune -a
🛠️ Development
See CONTRIBUTING.md for development guidelines.
📄 Open Source
Sketch is open source. It is right here in this repository! Have a look around and mod away.
If you want to run Sketch entirely without the sketch.dev service, you can set the flag -skaband-addr="" and then provide an ANTHROPIC_API_KEY environment variable. (More LLM services coming soon!)