fix: default exec security to allowlist
This commit is contained in:
Peter Steinberger
@@ -400,7 +400,7 @@ export function createExecTool(
|
||||
host = "gateway";
|
||||
}
|
||||
|
||||
const configuredSecurity = defaults?.security ?? "deny";
|
||||
const configuredSecurity = defaults?.security ?? (host === "sandbox" ? "deny" : "allowlist");
|
||||
const requestedSecurity = normalizeExecSecurity(params.security);
|
||||
let security = minSecurity(configuredSecurity, requestedSecurity ?? configuredSecurity);
|
||||
if (elevatedRequested) {
|
||||
@@ -447,7 +447,10 @@ export function createExecTool(
|
||||
applyPathPrepend(env, defaultPathPrepend);
|
||||
|
||||
if (host === "node") {
|
||||
const approvals = resolveExecApprovals(defaults?.agentId);
|
||||
const approvals = resolveExecApprovals(
|
||||
defaults?.agentId,
|
||||
host === "node" ? { security: "allowlist" } : undefined,
|
||||
);
|
||||
const hostSecurity = minSecurity(security, approvals.agent.security);
|
||||
const hostAsk = maxAsk(ask, approvals.agent.ask);
|
||||
const askFallback = approvals.agent.askFallback;
|
||||
@@ -616,7 +619,7 @@ export function createExecTool(
|
||||
}
|
||||
|
||||
if (host === "gateway") {
|
||||
const approvals = resolveExecApprovals(defaults?.agentId);
|
||||
const approvals = resolveExecApprovals(defaults?.agentId, { security: "allowlist" });
|
||||
const hostSecurity = minSecurity(security, approvals.agent.security);
|
||||
const hostAsk = maxAsk(ask, approvals.agent.ask);
|
||||
const askFallback = approvals.agent.askFallback;
|
||||
|
||||
@@ -188,31 +188,54 @@ export function ensureExecApprovals(): ExecApprovalsFile {
|
||||
return updated;
|
||||
}
|
||||
|
||||
function normalizeSecurity(value?: ExecSecurity): ExecSecurity {
|
||||
function normalizeSecurity(value: ExecSecurity | undefined, fallback: ExecSecurity): ExecSecurity {
|
||||
if (value === "allowlist" || value === "full" || value === "deny") return value;
|
||||
return DEFAULT_SECURITY;
|
||||
return fallback;
|
||||
}
|
||||
|
||||
function normalizeAsk(value?: ExecAsk): ExecAsk {
|
||||
function normalizeAsk(value: ExecAsk | undefined, fallback: ExecAsk): ExecAsk {
|
||||
if (value === "always" || value === "off" || value === "on-miss") return value;
|
||||
return DEFAULT_ASK;
|
||||
return fallback;
|
||||
}
|
||||
|
||||
export function resolveExecApprovals(agentId?: string): ExecApprovalsResolved {
|
||||
export type ExecApprovalsDefaultOverrides = {
|
||||
security?: ExecSecurity;
|
||||
ask?: ExecAsk;
|
||||
askFallback?: ExecSecurity;
|
||||
autoAllowSkills?: boolean;
|
||||
};
|
||||
|
||||
export function resolveExecApprovals(
|
||||
agentId?: string,
|
||||
overrides?: ExecApprovalsDefaultOverrides,
|
||||
): ExecApprovalsResolved {
|
||||
const file = ensureExecApprovals();
|
||||
const defaults = file.defaults ?? {};
|
||||
const agentKey = agentId ?? "default";
|
||||
const agent = file.agents?.[agentKey] ?? {};
|
||||
const fallbackSecurity = overrides?.security ?? DEFAULT_SECURITY;
|
||||
const fallbackAsk = overrides?.ask ?? DEFAULT_ASK;
|
||||
const fallbackAskFallback = overrides?.askFallback ?? DEFAULT_ASK_FALLBACK;
|
||||
const fallbackAutoAllowSkills = overrides?.autoAllowSkills ?? DEFAULT_AUTO_ALLOW_SKILLS;
|
||||
const resolvedDefaults: Required<ExecApprovalsDefaults> = {
|
||||
security: normalizeSecurity(defaults.security),
|
||||
ask: normalizeAsk(defaults.ask),
|
||||
askFallback: normalizeSecurity(defaults.askFallback ?? DEFAULT_ASK_FALLBACK),
|
||||
autoAllowSkills: Boolean(defaults.autoAllowSkills ?? DEFAULT_AUTO_ALLOW_SKILLS),
|
||||
security: normalizeSecurity(defaults.security, fallbackSecurity),
|
||||
ask: normalizeAsk(defaults.ask, fallbackAsk),
|
||||
askFallback: normalizeSecurity(
|
||||
defaults.askFallback ?? fallbackAskFallback,
|
||||
fallbackAskFallback,
|
||||
),
|
||||
autoAllowSkills: Boolean(defaults.autoAllowSkills ?? fallbackAutoAllowSkills),
|
||||
};
|
||||
const resolvedAgent: Required<ExecApprovalsDefaults> = {
|
||||
security: normalizeSecurity(agent.security ?? resolvedDefaults.security),
|
||||
ask: normalizeAsk(agent.ask ?? resolvedDefaults.ask),
|
||||
askFallback: normalizeSecurity(agent.askFallback ?? resolvedDefaults.askFallback),
|
||||
security: normalizeSecurity(
|
||||
agent.security ?? resolvedDefaults.security,
|
||||
resolvedDefaults.security,
|
||||
),
|
||||
ask: normalizeAsk(agent.ask ?? resolvedDefaults.ask, resolvedDefaults.ask),
|
||||
askFallback: normalizeSecurity(
|
||||
agent.askFallback ?? resolvedDefaults.askFallback,
|
||||
resolvedDefaults.askFallback,
|
||||
),
|
||||
autoAllowSkills: Boolean(agent.autoAllowSkills ?? resolvedDefaults.autoAllowSkills),
|
||||
};
|
||||
const allowlist = Array.isArray(agent.allowlist) ? agent.allowlist : [];
|
||||
|
||||
@@ -545,7 +545,7 @@ async function handleInvoke(
|
||||
const rawCommand = typeof params.rawCommand === "string" ? params.rawCommand.trim() : "";
|
||||
const cmdText = rawCommand || formatCommand(argv);
|
||||
const agentId = params.agentId?.trim() || undefined;
|
||||
const approvals = resolveExecApprovals(agentId);
|
||||
const approvals = resolveExecApprovals(agentId, { security: "allowlist" });
|
||||
const security = approvals.agent.security;
|
||||
const ask = approvals.agent.ask;
|
||||
const autoAllowSkills = approvals.agent.autoAllowSkills;
|
||||
|
||||
Reference in New Issue
Block a user