Updated items based on CONTRIBUTING.md

Author: shadowcodex

README.md

@@ -340,6 +340,16 @@ git gtr clean --merged --force --yes           # Force-clean and auto-confirm
 
 **Note:** The `--merged` mode auto-detects your hosting provider (GitHub or GitLab) from the `origin` remote URL and requires the corresponding CLI tool (`gh` or `glab`) to be installed and authenticated. For self-hosted instances, set the provider explicitly: `git gtr config set gtr.provider gitlab`.
 
+### `git gtr trust`
+
+Review and approve hook commands defined in the repository's `.gtrconfig` file. Hooks from `.gtrconfig` are **not executed** until explicitly trusted — this prevents malicious contributors from injecting arbitrary shell commands via shared config files.
+
+```bash
+git gtr trust                              # Review and approve .gtrconfig hooks
+```
+
+Trust is stored per content hash and must be re-approved if hooks change. Hooks from your local git config (`.git/config`, `~/.gitconfig`) are always trusted.
+
 ### Other Commands
 
 - `git gtr doctor` - Health check (verify git, editors, AI tools)
@@ -390,10 +400,12 @@ git gtr config set gtr.ui.color never
     ai = claude
 ```
 
+**Hook trust:** Hooks defined in `.gtrconfig` require explicit approval before they execute. Run `git gtr trust` after cloning a repository or when `.gtrconfig` hooks change. This protects against malicious hook injection in shared repositories.
+
 **Configuration precedence** (highest to lowest):
 
 1. `git config --local` (`.git/config`) - personal overrides
-2. `.gtrconfig` (repo root) - team defaults
+2. `.gtrconfig` (repo root) - team defaults (hooks require `git gtr trust`)
 3. `git config --global` (`~/.gitconfig`) - user defaults
 
 > For complete configuration reference including all settings, hooks, file copying patterns, and environment variables, see [docs/configuration.md](docs/configuration.md)

completions/_git-gtr

@@ -45,6 +45,7 @@ _git-gtr() {
     'config:Manage configuration'
     'completion:Generate shell completions'
     'init:Generate shell integration for cd support'
+    'trust:Trust .gtrconfig hooks'
     'version:Show version'
     'help:Show help'
   )

completions/git-gtr.fish

@@ -54,6 +54,7 @@ complete -f -c git -n '__fish_git_gtr_using_command completion' -a 'bash zsh fis
 complete -f -c git -n '__fish_git_gtr_needs_command' -a init -d 'Generate shell integration for cd support'
 complete -f -c git -n '__fish_git_gtr_using_command init' -a 'bash zsh fish' -d 'Shell type'
 complete -c git -n '__fish_git_gtr_using_command init' -l as -d 'Custom function name' -r
+complete -f -c git -n '__fish_git_gtr_needs_command' -a trust -d 'Trust .gtrconfig hooks'
 complete -f -c git -n '__fish_git_gtr_needs_command' -a version -d 'Show version'
 complete -f -c git -n '__fish_git_gtr_needs_command' -a help -d 'Show help'
 

completions/gtr.bash

@@ -25,7 +25,7 @@ _git_gtr() {
 
   # If we're completing the first argument after 'git gtr'
   if [ "$cword" -eq 2 ]; then
-    COMPREPLY=($(compgen -W "new go run copy editor ai rm mv rename ls list clean doctor adapter config completion init help version" -- "$cur"))
+    COMPREPLY=($(compgen -W "new go run copy editor ai rm mv rename ls list clean doctor adapter config completion init trust help version" -- "$cur"))
     return 0
   fi
 

lib/commands/help.sh

@@ -401,6 +401,27 @@ Command palette (gtr cd with no arguments, requires fzf):
 EOF
 }
 
+_help_trust() {
+  cat <<'EOF'
+git gtr trust - Trust .gtrconfig hooks
+
+Usage: git gtr trust
+
+Reviews and approves hook commands defined in the repository's .gtrconfig
+file. Hooks from .gtrconfig are not executed until explicitly trusted.
+
+This prevents malicious contributors from injecting arbitrary shell
+commands via shared .gtrconfig files. Trust is stored per content hash
+in ~/.config/gtr/trusted/ and must be re-approved if hooks change.
+
+Hooks from your local git config (.git/config, ~/.gitconfig) are always
+trusted since you control those files directly.
+
+Examples:
+  git gtr trust                                 # Review and approve hooks
+EOF
+}
+
 _help_version() {
   cat <<'EOF'
 git gtr version - Show version
@@ -572,6 +593,11 @@ SETUP & MAINTENANCE:
          --dry-run, -n: show what would be removed without removing
          --force, -f: force removal even if worktree has uncommitted changes or untracked files
 
+  trust
+         Review and approve .gtrconfig hook commands
+         Hooks from .gtrconfig are not executed until trusted
+         Trust is re-required when hook content changes
+
   completion <shell>
          Generate shell completions (bash, zsh, fish)
          Usage: eval "$(git gtr completion zsh)"

scripts/generate-completions.sh

@@ -115,7 +115,7 @@ _git_gtr() {
 
   # If we're completing the first argument after 'git gtr'
   if [ "$cword" -eq 2 ]; then
-    COMPREPLY=($(compgen -W "new go run copy editor ai rm mv rename ls list clean doctor adapter config completion init help version" -- "$cur"))
+    COMPREPLY=($(compgen -W "new go run copy editor ai rm mv rename ls list clean doctor adapter config completion init trust help version" -- "$cur"))
     return 0
   fi
 
@@ -304,6 +304,7 @@ _git-gtr() {
     'config:Manage configuration'
     'completion:Generate shell completions'
     'init:Generate shell integration for cd support'
+    'trust:Trust .gtrconfig hooks'
     'version:Show version'
     'help:Show help'
   )
@@ -529,6 +530,7 @@ complete -f -c git -n '__fish_git_gtr_using_command completion' -a 'bash zsh fis
 complete -f -c git -n '__fish_git_gtr_needs_command' -a init -d 'Generate shell integration for cd support'
 complete -f -c git -n '__fish_git_gtr_using_command init' -a 'bash zsh fish' -d 'Shell type'
 complete -c git -n '__fish_git_gtr_using_command init' -l as -d 'Custom function name' -r
+complete -f -c git -n '__fish_git_gtr_needs_command' -a trust -d 'Trust .gtrconfig hooks'
 complete -f -c git -n '__fish_git_gtr_needs_command' -a version -d 'Show version'
 complete -f -c git -n '__fish_git_gtr_needs_command' -a help -d 'Show help'