Files
claw-code-parity/rust/crates/runtime
Jobdori 36dac6cbbe feat: add bash validation submodules — readOnlyValidation, destructiveCommandWarning, modeValidation, sedValidation, pathValidation, commandSemantics
Ports 6 of 9 upstream BashTool validation submodules:
- readOnlyValidation: blocks write/state-modifying commands in read-only mode
- destructiveCommandWarning: flags dangerous commands (rm -rf /, fork bombs, etc.)
- modeValidation: enforces permission mode constraints on commands
- sedValidation: blocks sed -i in read-only mode
- pathValidation: detects directory traversal and home dir escapes
- commandSemantics: classifies command intent (read-only, write, destructive, network, etc.)

Full validation pipeline: validate_command() runs all checks in priority order.
32 new tests covering all validation paths.

Remaining bash submodules for separate lane: bashPermissions, bashSecurity, shouldUseSandbox
2026-04-03 13:54:05 +09:00
..