🪝 Hooks
⚡ Built-in Actions
Pre-configured hook actions optimized for common tasks
scan_secrets
Fast multi-threaded secret scanning with entropy analysis.
Usage:
hooks:
pre-commit:
builtin: ["scan_secrets"]Features:
- 40+ detection patterns (API keys, tokens, passwords)
- Entropy analysis for high-entropy strings
- File type detection
- Optimized for speed
Detected Secrets:
- AWS credentials
- GitHub tokens
- API keys
- Private keys
- Database credentials
- JWT tokens
- And more...
conventional_commits
Validates commit messages follow conventional commits specification.
Usage:
hooks:
commit-msg:
builtin: ["conventional_commits"]Valid Formats:
feat: description- New featurefix: description- Bug fixdocs: description- Documentationstyle: description- Formattingrefactor: description- Code restructuringtest: description- Testschore: description- Maintenance
With Scope:
feat(api): add user authentication
fix(ui): resolve button alignmentBreaking Changes:
feat!: breaking API change
feat(api)!: new authentication systemensure_clean
Ensures working directory is clean before push.
Usage:
hooks:
pre-push:
builtin: ["ensure_clean"]Checks:
- No unstaged changes
- No untracked files
- Clean working tree
Combining Built-in and Custom
You can use built-in actions with custom commands:
hooks:
pre-commit:
builtin: ["scan_secrets"]
commands:
format:
run: dprint fmt
stage_fixed: true
lint:
run: cargo clippy
fail_on_error: truePerformance
Built-in hooks are optimized for speed:
- scan_secrets: Multi-threaded scanning, typically <200ms
- conventional_commits: Regex validation, <10ms
- ensure_clean: Git status check, <50ms
Configuration
Built-in hooks work without configuration, but you can customize scanner behavior:
scanner:
entropy_threshold: 3.5 # Higher = fewer false positives
file_extensions:
- "*.rs"
- "*.js"
ignore_patterns:
- "target/"
- "node_modules/"
hooks:
pre-commit:
builtin: ["scan_secrets"]