Safer vibecoding via old hacker habits
addxorrol.blogspot.comYou can keep the git folder in your machine, then use sshfs to mount the remote into your directory where: project-root -.git/ -code/ <= remote/code
This way you don't have to give git access to the potentially unsafe server. Git hook attacks are still possible so disable those by defaultç
This is an unusual folder structure but works fine, let me know if there is anything iffy
That's a clever and intriguing idea. I have to think through the security implications a bit though - I don't actually know much about how git operates with regards to hooks etc.
I'd imagine you lose the ability to have the coding agent do the commits for you? E.g. if you just mount the code directory, then an agent running on the remote side can't commit anything, right?
So you'd have to mount the .git directory from the remote side to then push?
git will check the .git folder, find a hook, and run it where it is applicable. If you are cloning a remote repository may inherit you with malicious hooks. These hooks run before you git operations, for example it is useful if you want lint the code a certain way before pushing, it does it automatically.
You can disable this behavior globally. Yes, the agent should have no git access this way, however you could always do a local sub repository if you want to. You track your changes twice, but should work