Skip to content

feat: Add configuration schema for safety features #223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Add configuration schema for safety features #223

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/config-manager.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,9 @@ export interface ServerConfig {
blockedCommands?: string[];
defaultShell?: string;
allowedDirectories?: string[];
readOnlyDirectories?: string[]; // Directories that can be read but not modified
requireExplicitPermission?: boolean; // Require explicit flag for destructive commands
allowedSudoCommands?: string[]; // Whitelist of allowed sudo commands with pattern support
Comment on lines +13 to +15
Copy link
Contributor

@coderabbitai coderabbitai bot Aug 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Safety config keys: good foundation; wire up parsing and enforcement semantics next

  • These optional props keep backwards compatibility. Good.
  • Ensure the CLI/tooling can set these array-typed keys from string inputs. In src/tools/config.ts, setConfigValue currently special-cases only 'allowedDirectories' and 'blockedCommands'. Please include 'readOnlyDirectories' and 'allowedSudoCommands' to avoid storing a single string when a user passes JSON or a comma-separated string.

Example adjustment in src/tools/config.ts (illustrative; outside this diff):

// Extend the known array keys set
const arrayKeys = new Set([
  'allowedDirectories',
  'blockedCommands',
  'readOnlyDirectories',
  'allowedSudoCommands',
]);

// Then use: if (arrayKeys.has(parsed.data.key) && !Array.isArray(valueToStore)) { ... }
  • Define precedence now to avoid ambiguity later: if a path appears in both allowedDirectories and readOnlyDirectories, writes must be denied. Document and enforce this in the file ops layer.
  • “Pattern support” for allowedSudoCommands: specify the dialect (glob vs regex), anchoring rules, and escaping to prevent surprising matches.

To verify coverage now, run:

🏁 Script executed:

#!/bin/bash
# Find usages of the new keys to ensure setter/parsing/enforcement exists
rg -n -C2 -g '!**/dist/**' -e '\breadOnlyDirectories\b|\brequireExplicitPermission\b|\ballowedSudoCommands\b' src

Length of output: 1477

#!/bin/bash
# Inspect setConfigValue implementation and array key handling
echo "---- Searching for setConfigValue declaration ----"
rg -n -C3 "setConfigValue" -g 'src/tools/config.ts'

echo -e "\n---- Checking arrayKeys or similar handling ----"
rg -n -C3 "allowedDirectories" -g 'src/tools/config.ts'
rg -n -C3 "blockedCommands" -g 'src/tools/config.ts'
rg -n -C3 "readOnlyDirectories" -g 'src/tools/config.ts'
rg -n -C3 "allowedSudoCommands" -g 'src/tools/config.ts'
#!/bin/bash
# Locate and inspect the setConfigValue implementation
echo "---- Finding setConfigValue definition ----"
rg -n -C5 "function setConfigValue" -g 'src/tools/config.ts'

echo -e "\n---- Showing 20 lines around setConfigValue ----"
rg -n -C10 "setConfigValue" -g 'src/tools/config.ts'

echo -e "\n---- Searching for multi-value or array key handling ----"
rg -n -C5 "arrayKeys" -g 'src/tools/config.ts'
rg -n -C5 "multiValue" -g 'src/tools/config.ts'
rg -n -C5 "split" -g 'src/tools/config.ts'
#!/bin/bash
# Locate and inspect setConfigValue implementation in src/tools/config.ts
echo "---- setConfigValue definition and context ----"
rg -n -C5 "function setConfigValue" -g 'src/tools/config.ts'

echo -e "\n---- References to array key handling ----"
rg -n -C5 "new Set" -g 'src/tools/config.ts'
rg -n -C5 "allowedDirectories" -g 'src/tools/config.ts'

🏁 Script executed:

#!/bin/bash
# Inspect setConfigValue in src/tools/config.ts for array key parsing
rg -n -C5 "function setConfigValue" src/tools/config.ts
rg -n -C5 "switch (key)" src/tools/config.ts
rg -n -C5 "allowedDirectories" src/tools/config.ts
rg -n -C5 "blockedCommands" src/tools/config.ts
rg -n -C5 "readOnlyDirectories" src/tools/config.ts
rg -n -C5 "allowedSudoCommands" src/tools/config.ts

Length of output: 1669

Handle new config keys in setConfigValue and enforce semantics

The special-case logic in src/tools/config.ts currently only parses JSON/comma-lists for allowedDirectories and blockedCommands. We need to extend it to cover both readOnlyDirectories and allowedSudoCommands, and then implement the enforcement semantics you outlined.

• In src/tools/config.ts:setConfigValue(), update the array-key check to include the two new keys (and ensure requireExplicitPermission stays boolean-only).

- if ((parsed.data.key === 'allowedDirectories' || parsed.data.key === 'blockedCommands') && !Array.isArray(valueToStore)) {
+ const arrayKeys = new Set([
+   'allowedDirectories',
+   'blockedCommands',
+   'readOnlyDirectories',
+   'allowedSudoCommands',
+ ]);
+ if (arrayKeys.has(parsed.data.key) && !Array.isArray(valueToStore)) {

• Define and document precedence in your file-operations layer:
– If a path appears in both allowedDirectories and readOnlyDirectories, forbid write operations (read-only wins).
– If requireExplicitPermission is true, any destructive command (e.g., rm, mv) must be gated behind an explicit flag.

• For allowedSudoCommands, specify the pattern dialect and matching rules in comments and/or schema:
– Glob vs. regex? Anchoring (full-match vs. substring)?
– How to escape metacharacters?
– Reject/escape invalid patterns at set time.

Please update the code and documentation accordingly before merging.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In src/config-manager.ts around lines 13 to 15: extend setConfigValue handling
so array-parsing includes readOnlyDirectories and allowedSudoCommands while
keeping requireExplicitPermission treated only as a boolean; update
src/tools/config.ts:setConfigValue() to treat allowedDirectories,
blockedCommands, readOnlyDirectories, and allowedSudoCommands as array-keys
(parse JSON or comma-lists) and validate/normalize values on set (reject invalid
types). In the file-operations layer implement and document precedence: if a
path is in both allowedDirectories and readOnlyDirectories, consider it
read-only and block write operations; if requireExplicitPermission is true, gate
destructive commands (e.g., rm, mv, rmdir, truncate) behind an explicit
permission flag check. For allowedSudoCommands add clear schema comments stating
the pattern dialect (use anchored glob patterns, full-match semantics, e.g.,
bash-style globs, not regex), document how to escape metacharacters, validate
patterns at set time (reject malformed globs) and implement matching as a
full-match glob against the entire command string; log or surface invalid
patterns when set. Ensure docs/comments reflect precedence and enforcement rules
and that invalid config values produce clear errors when set.

telemetryEnabled?: boolean; // New field for telemetry control
fileWriteLineLimit?: number; // Line limit for file write operations
fileReadLineLimit?: number; // Default line limit for file read operations (changed from character-based)
Expand Down Expand Up @@ -131,6 +134,9 @@ class ConfigManager {
],
defaultShell: os.platform() === 'win32' ? 'powershell.exe' : '/bin/sh',
allowedDirectories: [],
readOnlyDirectories: [], // Empty by default - no directories are read-only
requireExplicitPermission: false, // Default to false for backward compatibility
allowedSudoCommands: [], // Empty array allows no sudo commands by default
telemetryEnabled: true, // Default to opt-out approach (telemetry on by default)
fileWriteLineLimit: 50, // Default line limit for file write operations (changed from 100)
fileReadLineLimit: 1000 // Default line limit for file read operations (changed from character-based)
Expand Down