fix: trust-gate gtrconfig tool defaults

Author: helizaga

CHANGELOG.md

@@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com), and this
 
 ## [Unreleased]
 
+### Added
+
+- `git gtr trust` now covers `.gtrconfig` `defaults.editor` and `defaults.ai` entries as executable commands, preventing shared config from selecting editor or AI commands until reviewed.
+
 ## [2.7.0] - 2026-04-27
 
 ### Added

README.md

@@ -345,13 +345,13 @@ git gtr clean --merged --force --yes           # Force-clean and auto-confirm
 
 ### `git gtr trust`
 
-Review and approve hook commands defined in the repository's `.gtrconfig` file. Hooks from `.gtrconfig` are **not executed** until explicitly trusted — this prevents malicious contributors from injecting arbitrary shell commands via shared config files.
+Review and approve executable commands defined in the repository's `.gtrconfig` file. Hooks and editor/AI defaults from `.gtrconfig` are **not used** until explicitly trusted — this prevents malicious contributors from injecting arbitrary shell commands via shared config files.
 
 ```bash
-git gtr trust                              # Review and approve .gtrconfig hooks
+git gtr trust                              # Review and approve .gtrconfig commands
 ```
 
-Trust is stored per repository path plus hook definitions and must be re-approved if hooks change. Hooks from your local git config (`.git/config`, `~/.gitconfig`) are always trusted.
+Trust is stored per repository path plus executable command definitions and must be re-approved if hooks or editor/AI defaults change. Hooks and defaults from your local git config (`.git/config`, `~/.gitconfig`) are always trusted.
 
 ### Other Commands
 
@@ -412,14 +412,14 @@ git gtr config set gtr.ui.color never
     remote = upstream
 ```
 
-**Hook trust:** Hooks defined in `.gtrconfig` require explicit approval before they execute. Run `git gtr trust` after cloning a repository or when `.gtrconfig` hooks change. This protects against malicious hook injection in shared repositories.
+**Command trust:** Hooks and editor/AI defaults defined in `.gtrconfig` require explicit approval before they execute or select tools. Run `git gtr trust` after cloning a repository or when `.gtrconfig` command entries change. This protects against malicious command injection in shared repositories.
 
 **Adapter safety:** Generic `gtr.editor.default` and `gtr.ai.default` values must resolve to safe PATH commands. Filesystem paths such as `./tool` and shell wrapper forms such as `sh -c ...` are rejected. Override-backed adapters like `claude`, `cursor`, and `nano` may include additional flags, for example `claude --continue` or `nano -w`.
 
 **Configuration precedence** (highest to lowest):
 
 1. `git config --local` (`.git/config`) - personal overrides
-2. `.gtrconfig` (repo root) - team defaults (hooks require `git gtr trust`)
+2. `.gtrconfig` (repo root) - team defaults (hooks and editor/AI defaults require `git gtr trust`)
 3. `git config --global` (`~/.gitconfig`) - user defaults
 
 > For complete configuration reference including all settings, hooks, file copying patterns, and environment variables, see [docs/configuration.md](docs/configuration.md)

completions/_git-gtr

@@ -45,7 +45,7 @@ _git-gtr() {
     'config:Manage configuration'
     'completion:Generate shell completions'
     'init:Generate shell integration for cd support'
-    'trust:Trust .gtrconfig hooks'
+    'trust:Trust .gtrconfig commands'
     'version:Show version'
     'help:Show help'
   )

completions/git-gtr.fish

@@ -54,7 +54,7 @@ complete -f -c git -n '__fish_git_gtr_using_command completion' -a 'bash zsh fis
 complete -f -c git -n '__fish_git_gtr_needs_command' -a init -d 'Generate shell integration for cd support'
 complete -f -c git -n '__fish_git_gtr_using_command init' -a 'bash zsh fish' -d 'Shell type'
 complete -c git -n '__fish_git_gtr_using_command init' -l as -d 'Custom function name' -r
-complete -f -c git -n '__fish_git_gtr_needs_command' -a trust -d 'Trust .gtrconfig hooks'
+complete -f -c git -n '__fish_git_gtr_needs_command' -a trust -d 'Trust .gtrconfig commands'
 complete -f -c git -n '__fish_git_gtr_needs_command' -a version -d 'Show version'
 complete -f -c git -n '__fish_git_gtr_needs_command' -a help -d 'Show help'
 

docs/configuration.md

@@ -68,6 +68,9 @@ Create a `.gtrconfig` file in your repository root to share configuration across
 > [!TIP]
 > See `templates/.gtrconfig.example` for a complete example with all available settings.
 
+> [!IMPORTANT]
+> Hooks and editor/AI defaults from `.gtrconfig` are executable command entries. They are ignored until you review them with `git gtr trust`; changing those entries requires re-approval.
+
 ---
 
 ## Worktree Settings

lib/commands/help.sh

@@ -415,23 +415,24 @@ EOF
 
 _help_trust() {
   cat <<'EOF'
-git gtr trust - Trust .gtrconfig hooks
+git gtr trust - Trust .gtrconfig commands
 
 Usage: git gtr trust
 
-Reviews and approves hook commands defined in the repository's .gtrconfig
-file. Hooks from .gtrconfig are not executed until explicitly trusted.
+Reviews and approves executable commands defined in the repository's
+.gtrconfig file. Hooks and editor/AI defaults from .gtrconfig are not
+used until explicitly trusted.
 
 This prevents malicious contributors from injecting arbitrary shell
 commands via shared .gtrconfig files. Trust is stored per repository
-path plus hook definitions in ~/.config/gtr/trusted/ and must be
-re-approved if hooks change.
+path plus executable command definitions in ~/.config/gtr/trusted/ and
+must be re-approved if those commands change.
 
-Hooks from your local git config (.git/config, ~/.gitconfig) are always
-trusted since you control those files directly.
+Hooks and defaults from your local git config (.git/config, ~/.gitconfig)
+are always trusted since you control those files directly.
 
 Examples:
-  git gtr trust                                 # Review and approve hooks
+  git gtr trust                                 # Review and approve commands
 EOF
 }
 
@@ -609,9 +610,9 @@ SETUP & MAINTENANCE:
          --force, -f: force removal even if worktree has uncommitted changes or untracked files
 
   trust
-         Review and approve .gtrconfig hook commands
-         Hooks from .gtrconfig are not executed until trusted
-         Trust is re-required when hook content changes
+         Review and approve .gtrconfig executable commands
+         Hooks and editor/AI defaults from .gtrconfig are not used until trusted
+         Trust is re-required when executable command entries change
 
   completion <shell>
          Generate shell completions (bash, zsh, fish)

lib/commands/init.sh

@@ -113,7 +113,7 @@ __FUNC___hooks_current_content_hash() {
 __SHELL_PRELUDE__
   local _gtr_config_file="$1"
   local _gtr_hook_defs
-  _gtr_hook_defs="$(git config -f "$_gtr_config_file" --get-regexp '^hooks\.' 2>/dev/null)" || return 1
+  _gtr_hook_defs="$(git config -f "$_gtr_config_file" --get-regexp '^hooks\.|^defaults\.editor$|^defaults\.ai$' 2>/dev/null)" || return 1
   printf '%s\n' "$_gtr_hook_defs" | shasum -a 256 | cut -d' ' -f1
 }
 
@@ -182,7 +182,7 @@ end
 
 function __FUNC___hooks_current_content_hash
   set -l _gtr_config_file "$argv[1]"
-  set -l _gtr_hook_defs (git config -f "$_gtr_config_file" --get-regexp '^hooks\.' 2>/dev/null)
+  set -l _gtr_hook_defs (git config -f "$_gtr_config_file" --get-regexp '^hooks\.|^defaults\.editor$|^defaults\.ai$' 2>/dev/null)
   test $status -eq 0; or return 1
   printf '%s\n' "$_gtr_hook_defs" | shasum -a 256 | cut -d' ' -f1
 end
@@ -783,7 +783,7 @@ complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a adapter -d 'List avai
 complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a config -d 'Manage configuration'
 complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a completion -d 'Generate shell completions'
 complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a init -d 'Generate shell integration'
-complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a trust -d 'Trust .gtrconfig hooks'
+complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a trust -d 'Trust .gtrconfig commands'
 complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a version -d 'Show version'
 complete -f -c __FUNC__ -n '___FUNC___needs_subcommand' -a help -d 'Show help'
 

lib/commands/trust.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# Trust management for .gtrconfig hooks
+# Trust management for executable .gtrconfig commands
 
 cmd_trust() {
   local config_file
@@ -10,18 +10,18 @@ cmd_trust() {
     return 0
   fi
 
-  # Show all hook entries from .gtrconfig
+  # Show all trusted command entries from .gtrconfig
   local hook_content
-  hook_content=$(git config -f "$config_file" --get-regexp '^hooks\.' 2>/dev/null) || true
+  hook_content=$(_hooks_read_definitions "$config_file") || true
 
   if [ -z "$hook_content" ]; then
-    log_info "No hooks defined in $config_file"
+    log_info "No hooks or executable defaults defined in $config_file"
     return 0
   fi
 
   if _hooks_are_trusted "$config_file"; then
-    log_info "Hooks in $config_file are already trusted"
-    log_info "Current hooks:"
+    log_info "Executable commands in $config_file are already trusted"
+    log_info "Current trusted commands:"
     printf '%s\n' "$hook_content" >&2
     return 0
   fi
@@ -32,26 +32,26 @@ cmd_trust() {
     return 1
   }
 
-  log_warn "The following hooks are defined in $config_file:"
+  log_warn "The following executable commands are defined in $config_file:"
   echo "" >&2
   printf '%s\n' "$hook_content" >&2
   echo "" >&2
   log_warn "These commands will execute on your machine during gtr operations."
 
-  if prompt_yes_no "Trust these hooks?"; then
+  if prompt_yes_no "Trust these commands?"; then
     if _hooks_write_trust_marker "$trust_path" "$config_file"; then
       local current_trust_path
       current_trust_path=$(_hooks_current_trust_path "$config_file") || true
       if [ -n "$current_trust_path" ] && [ "$current_trust_path" != "$trust_path" ]; then
-        log_warn "Hooks changed during review; current hooks remain untrusted"
+        log_warn "Executable commands changed during review; current commands remain untrusted"
         return 1
       fi
-      log_info "Hooks marked as trusted"
+      log_info "Executable commands marked as trusted"
     else
-      log_error "Failed to mark hooks as trusted"
+      log_error "Failed to mark executable commands as trusted"
       return 1
     fi
   else
-    log_info "Hooks remain untrusted and will not execute"
+    log_info "Executable commands remain untrusted and will not run from .gtrconfig"
   fi
 }

lib/config.sh

@@ -431,3 +431,54 @@ cfg_default() {
   # 5. Use fallback if still empty
   printf "%s" "${value:-$fallback}"
 }
+
+# Get a default config value while trust-gating the .gtrconfig source.
+# Usage: cfg_default_trusted_file key env_name fallback_value file_key
+# Precedence: local config > trusted .gtrconfig > global/system config > env var > fallback
+cfg_default_trusted_file() {
+  local key="$1"
+  local env_name="$2"
+  local fallback="$3"
+  local file_key="${4:-}"
+  local value file_value config_file
+
+  # Auto-map file_key if not provided and key is a gtr.* key
+  if [ -z "$file_key" ] && [[ "$key" == gtr.* ]]; then
+    file_key=$(cfg_map_to_file_key "$key")
+  fi
+
+  # 1. Try local git config first (highest priority)
+  value=$(git config --local --get "$key" 2>/dev/null || true)
+
+  # 2. Try .gtrconfig file only if its trusted command definitions are approved
+  if [ -z "$value" ] && [ -n "$file_key" ]; then
+    config_file=$(_gtrconfig_path)
+    if [ -n "$config_file" ] && [ -f "$config_file" ]; then
+      file_value=$(git config -f "$config_file" --get "$file_key" 2>/dev/null || true)
+      if [ -n "$file_value" ]; then
+        if _hooks_are_trusted "$config_file"; then
+          value="$file_value"
+        else
+          log_warn "Untrusted .gtrconfig $file_key skipped — run: git gtr trust"
+        fi
+      fi
+    fi
+  fi
+
+  # 3. Try global/system git config
+  if [ -z "$value" ]; then
+    value=$(git config --global --get "$key" 2>/dev/null || true)
+  fi
+
+  if [ -z "$value" ]; then
+    value=$(git config --system --get "$key" 2>/dev/null || true)
+  fi
+
+  # 4. Fall back to environment variable
+  if [ -z "$value" ] && [ -n "$env_name" ]; then
+    value=$(printenv "$env_name" 2>/dev/null) || true
+  fi
+
+  # 5. Use fallback if still empty
+  printf "%s" "${value:-$fallback}"
+}

lib/hooks.sh

@@ -2,35 +2,37 @@
 # Hook execution system
 
 # ── Hook trust model ────────────────────────────────────────────────────
-# Hooks from .gtrconfig files (committed to repositories) require explicit
-# user approval before execution. This prevents malicious contributors from
-# injecting arbitrary commands via shared config files.
+# Hooks and executable defaults from .gtrconfig files (committed to
+# repositories) require explicit user approval before use. This prevents
+# malicious contributors from injecting arbitrary commands via shared config
+# files.
 #
 # Trust state is stored in ~/.config/gtr/trusted/<key>
-# where <key> is a SHA-256 of the canonical repo root plus the hook content hash.
-# Trust is scoped to repo identity + hook definitions, not repo snapshot state.
+# where <key> is a SHA-256 of the canonical repo root plus trusted content hash.
+# Trust is scoped to repo identity + trusted .gtrconfig definitions, not repo
+# snapshot state.
 
 _GTR_TRUST_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/gtr/trusted"
 
-# Read all hook definitions from a .gtrconfig file.
+# Read all trusted command definitions from a .gtrconfig file.
 # Usage: _hooks_read_definitions <config_file>
 _hooks_read_definitions() {
   local config_file="$1"
   local hook_content
-  hook_content=$(git config -f "$config_file" --get-regexp '^hooks\.' 2>/dev/null) || true
+  hook_content=$(git config -f "$config_file" --get-regexp '^hooks\.|^defaults\.editor$|^defaults\.ai$' 2>/dev/null) || true
   [ -n "$hook_content" ] || return 1
   printf '%s\n' "$hook_content"
 }
 
-# Compute a content hash for hook definitions.
+# Compute a content hash for trusted command definitions.
 # Usage: _hooks_content_hash <hook_content>
 _hooks_content_hash() {
   local hook_content="$1"
   [ -n "$hook_content" ] || return 1
   printf '%s\n' "$hook_content" | shasum -a 256 | cut -d' ' -f1
 }
 
-# Compute a content hash of all current hook entries in a .gtrconfig file.
+# Compute a content hash of all current trusted command entries in a .gtrconfig file.
 # Usage: _hooks_current_content_hash <config_file>
 _hooks_current_content_hash() {
   local config_file="$1"
@@ -63,7 +65,7 @@ _hooks_canonical_config_path() {
   printf '%s/%s\n' "$repo_root" "$(basename "$config_file")"
 }
 
-# Compute the repo-scoped trust key for reviewed hook content
+# Compute the repo-scoped trust key for reviewed trusted command content
 # Usage: _hooks_reviewed_trust_key <config_file> <hook_content>
 _hooks_reviewed_trust_key() {
   local config_file="$1"
@@ -74,7 +76,7 @@ _hooks_reviewed_trust_key() {
   printf '%s\n%s\n' "$repo_root" "$hash" | shasum -a 256 | cut -d' ' -f1
 }
 
-# Compute the repo-scoped trust key for the current hook content
+# Compute the repo-scoped trust key for the current trusted command content
 # Usage: _hooks_current_trust_key <config_file>
 _hooks_current_trust_key() {
   local config_file="$1"
@@ -88,7 +90,7 @@ _hooks_trust_key() {
   _hooks_current_trust_key "$1"
 }
 
-# Resolve the trust marker path for reviewed hook content
+# Resolve the trust marker path for reviewed trusted command content
 # Usage: _hooks_reviewed_trust_path <config_file> <hook_content>
 _hooks_reviewed_trust_path() {
   local config_file="$1"
@@ -129,9 +131,9 @@ _hooks_marker_matches_config() {
   [ "$marker_content" = "$canonical_config_file" ]
 }
 
-# Check if .gtrconfig hooks are trusted for the current repository
+# Check if .gtrconfig command definitions are trusted for the current repository
 # Usage: _hooks_are_trusted <config_file>
-# Returns: 0 if trusted (or no hooks), 1 if untrusted
+# Returns: 0 if trusted (or no trusted command definitions), 1 if untrusted
 _hooks_are_trusted() {
   local config_file="$1"
   [ ! -f "$config_file" ] && return 0
@@ -142,7 +144,7 @@ _hooks_are_trusted() {
   _hooks_marker_matches_config "$trust_path" "$config_file"
 }
 
-# Write a trust marker that matches the reviewed hooks
+# Write a trust marker that matches the reviewed command definitions
 # Usage: _hooks_write_trust_marker <trust_path> [config_file]
 _hooks_write_trust_marker() {
   local trust_path="$1"
@@ -165,7 +167,7 @@ _hooks_write_trust_marker() {
   fi
 }
 
-# Mark .gtrconfig hooks as trusted
+# Mark .gtrconfig command definitions as trusted
 # Usage: _hooks_mark_trusted <config_file>
 _hooks_mark_trusted() {
   local config_file="$1"