CalvinBackup/claw-code-parity
1
0
Fork 0
mirror of https://github.com/ultraworkers/claw-code-parity.git synced 2026-04-22 20:56:16 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat: add bash validation submodules — readOnlyValidation, destructiveCommandWarning, modeValidation, sedValidation, pathValidation, commandSemantics

Browse Source 
Ports 6 of 9 upstream BashTool validation submodules:
- readOnlyValidation: blocks write/state-modifying commands in read-only mode
- destructiveCommandWarning: flags dangerous commands (rm -rf /, fork bombs, etc.)
- modeValidation: enforces permission mode constraints on commands
- sedValidation: blocks sed -i in read-only mode
- pathValidation: detects directory traversal and home dir escapes
- commandSemantics: classifies command intent (read-only, write, destructive, network, etc.)

Full validation pipeline: validate_command() runs all checks in priority order.
32 new tests covering all validation paths.

Remaining bash submodules for separate lane: bashPermissions, bashSecurity, shouldUseSandbox
This commit is contained in:
Jobdori
2026-04-03 13:54:05 +09:00
parent 85c5b0e01d
commit 36dac6cbbe
2 changed files with 1005 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rust/crates/runtime/src/bash_validation.rs
+1004
View File
File diff suppressed because it is too large Load Diff
rust/crates/runtime/src/lib.rs
+1
View File
@@ -1,4 +1,5 @@
mod bash;
pub mod bash_validation;
mod bootstrap;
mod compact;
mod config;