apunkt/rowboat
1
0
Fork 0
mirror of https://github.com/rowboatlabs/rowboat.git synced 2026-04-25 08:26:22 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add security allowlist for command execution and update copilot instructions

Browse source 
- Add security.ts with allowlist configuration for shell commands
- Update command-executor.ts to enforce security policy (exit code 126 for blocked commands)
- Update copilot instructions to clarify builtin tools vs shell commands
- Document that builtin tools (deleteFile, createFile, etc.) bypass security filtering
- Only executeCommand (shell commands) requires security.json allowlist entries
This commit is contained in:
tusharmagar 2025-11-18 20:42:11 +05:30
parent 570543e1c7
commit 28488d5fd1
4 changed files with 183 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
apps/cli/src/application/assistant/skills/builtin-tools/skill.ts
View file

@ -10,6 +10,8 @@ Agents can use builtin tools by declaring them in the \`"tools"\` object with \`
### executeCommand
**The most powerful and versatile builtin tool** - Execute any bash/shell command and get the output.
**Security note:** Commands are filtered through \`.rowboat/config/security.json\`. Populate this file with allowed command names (array or dictionary entries). Any command not present is blocked and returns exit code 126 so the agent knows it violated the policy.
**Agent tool declaration:**
\`\`\`json
"tools": {
@ -176,4 +178,3 @@ There are no separate "workflow" files - everything is an agent!
`;
export default skill;