vibe trust / untrust
The trust and untrust commands manage the trust status of configuration files.
# Trust configuration filesvibe trust
# Untrust configuration filesvibe untrustWhy Trust?
Section titled “Why Trust?”vibe uses SHA-256 hash verification to ensure configuration files haven’t been tampered with. This prevents malicious scripts from running through hooks.
Trust Flow
Section titled “Trust Flow”- First time: Run
vibe trustto register the hash of.vibe.tomland.vibe.local.toml - Subsequent runs: vibe verifies the hash before running any hooks
- File changes: If the file changes, you’ll need to re-run
vibe trust
vibe trust
Section titled “vibe trust”Registers the current configuration files as trusted by storing their SHA-256 hashes.
$ vibe trustTrusted .vibe.toml (hash: abc123...)Trusted .vibe.local.toml (hash: def456...)What Gets Trusted
Section titled “What Gets Trusted”.vibe.toml(if exists).vibe.local.toml(if exists)
vibe untrust
Section titled “vibe untrust”Removes trust for configuration files in the current repository.
$ vibe untrustUntrusted .vibe.tomlUntrusted .vibe.local.tomlHash Verification
Section titled “Hash Verification”When Hash Doesn’t Match
Section titled “When Hash Doesn’t Match”If a configuration file has been modified since trusting:
$ vibe start feat/new-featureError: .vibe.toml hash mismatch.The file has been modified since last trusted.Run 'vibe trust' to re-trust the file.Multiple Hashes
Section titled “Multiple Hashes”vibe stores multiple hashes per file (up to 100), so you can switch between branches without re-trusting (as long as you’ve trusted each branch’s version at least once).
Related
Section titled “Related”- Security - Hash verification details
- Configuration - Configuration file format