extractCommandNames() splits on shell separators to enumerate the
commands an LLM-generated shell string will invoke, then the allowlist
gate isBlocked() decides whether to ask the user for permission.
The split regex was missing single `&` (background separator), so:
isBlocked('echo hi & rm -rf $HOME', new Set(['echo'])) // false
The parser saw only `echo`, but bash actually runs `echo hi` in the
background then immediately runs `rm -rf $HOME` — without prompting.
The cli copy of the parser was also missing backtick, `$(`, `(`, and
`)`, so command substitution and subshells (`echo \`rm /x\``,
`echo $(rm /x)`, `(rm /x)`) bypassed it the same way.
Fix: add `&` to both regexes (ordered after `&&` so leftmost-longest
match still picks `&&` first), and bring the cli regex up to parity
with the apps/x version.
Severity: high. CWE-78 (OS Command Injection), CWE-863 (incorrect
authorization).
Detected by Aeon + semgrep + manual parser review.
Detect the runtime platform and default shell at startup, inject
platform context into assistant instructions, and replace hardcoded
/bin/sh with the detected shell in command executors (cli + electron).
Made-with: Cursor
- Implemented agent selection dropdown in the input area.
- Enhanced artifact management with loading, saving, and error handling.
- Added new API routes for fetching agent summaries and run details.
- Updated sidebar to display agents, configurations, and runs dynamically.
- Introduced theme selection options in the user navigation menu.
* add workspace access guidelines to instructions
* updated example
* removed incorrect example
* add --example to add the examples from rowboat
* changed --example to --sync-example
* rename sync-examples option to sync-example in CLI
* fix: sync-example implementation
* refactor example import
* fix yargs
* fix: - remove changes to package-lock
- remove output messages from app.js and moved them into importExample
* fix: restore package-lock.json to match main (remove diff)
* fix: naming of the commands
* update: made import-example into import and it can import example workflows or user made workflows
* update: added export capability
* delete: remove misplaced podcast.json file
* removed incomplete gemini3-test example json
* remove: eliminate gemini3-test example from exports
* Fix: better prompting around MCP config
Add: copilot tool to add MCP servers
* clean up prompt
---------
Co-authored-by: Ramnique Singh <30795890+ramnique@users.noreply.github.com>
