wire up bash allowlist

2026-04-26 08:56:22 +02:00 · 2025-11-18 20:54:54 +05:30 · 2025-11-18 20:54:54 +05:30 · 150f23ab90
commit 150f23ab90
parent f6019a4fde
2 changed files with 17 additions and 26 deletions
--- a/apps/cli/src/application/lib/agent.ts
+++ b/apps/cli/src/application/lib/agent.ts
@ -13,6 +13,7 @@ import { execTool } from "./exec-tool.js";
 import { AskHumanRequestEvent, RunEvent, ToolPermissionRequestEvent, ToolPermissionResponseEvent } from "../entities/run-events.js";
 import { BuiltinTools } from "./builtin-tools.js";
 import { CopilotAgent } from "../assistant/agent.js";
+import { isBlocked } from "./command-executor.js";

 export async function mapAgentTool(t: z.infer<typeof ToolAttachment>): Promise<Tool> {
    switch (t.type) {
@ -552,11 +553,14 @@ export async function* streamAgent(state: AgentState): AsyncGenerator<z.infer<ty
                        });
                    }
                    if (underlyingTool.type === "builtin" && underlyingTool.name === "executeCommand") {
-                        yield *state.ingestAndLogAndYield({
-                            type: "tool-permission-request",
-                            toolCall: part,
-                            subflow: [],
-                        });
+                        // if command is blocked, then seek permission
+                        if (isBlocked(part.arguments.command)) {
+                            yield *state.ingestAndLogAndYield({
+                                type: "tool-permission-request",
+                                toolCall: part,
+                                subflow: [],
+                            });
+                        }
                    }
                    if (underlyingTool.type === "agent" && underlyingTool.name) {
                        yield* state.ingestAndLogAndYield({
--- a/apps/cli/src/application/lib/command-executor.ts
+++ b/apps/cli/src/application/lib/command-executor.ts
@ -55,18 +55,15 @@ function findBlockedCommands(command: string): string[] {
  return invoked.filter((cmd) => !allowSet.has(cmd));
 }

-function enforceSecurity(command: string): CommandResult | null {
+// export const BlockedResult = {
+//   stdout: '',
+//   stderr: `Command blocked by security policy. Update ${SECURITY_CONFIG_PATH} to allow them before retrying.`,
+//   exitCode: 126,
+// };
+
+export function isBlocked(command: string): boolean {
  const blocked = findBlockedCommands(command);
-
-  if (!blocked.length) {
-    return null;
-  }
-
-  return {
-    stdout: '',
-    stderr: `Command blocked by security policy. Blocked command(s): ${blocked.join(', ')}. Update ${SECURITY_CONFIG_PATH} to allow them before retrying.`,
-    exitCode: 126,
-  };
+  return blocked.length > 0;
 }

 export interface CommandResult {
@ -89,11 +86,6 @@ export async function executeCommand(
    maxBuffer?: number; // max buffer size in bytes
  }
 ): Promise<CommandResult> {
-  const securityResult = enforceSecurity(command);
-  if (securityResult) {
-    return securityResult;
-  }
-
  try {
    const { stdout, stderr } = await execPromise(command, {
      cwd: options?.cwd,
@ -128,11 +120,6 @@ export function executeCommandSync(
    timeout?: number;
  }
 ): CommandResult {
-  const securityResult = enforceSecurity(command);
-  if (securityResult) {
-    return securityResult;
-  }
-
  try {
    const stdout = execSync(command, {
      cwd: options?.cwd,