Hermetically-sealed (container/vm/whatever) quality assurance tasks that can be run locally, please. The un-sandboxed shell scripts and precommit hooks are prone to doing the wrong thing, for example testing uncommitted changes and approving a commit based on that invalid reasoning.