Skip to content

feat: enhance trusted commands system #2232

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 6 commits into
base: main
Choose a base branch
from
Draft

feat: enhance trusted commands system #2232

wants to merge 6 commits into from

Conversation

omansour
Copy link

@omansour omansour commented Jul 4, 2025

Why ?

  1. I found myself frustrated not enjoying a vibe coding experience without trusting execute_bash globally
  2. Trusting execute_bash globally is dangerous and propose it in the command validation can lead to a unintended and harmfull validation (AI doing git push or deleting file)
  3. I want to kept what commands I trusted accross my q chat profile

Related to

#1260 [RFC] Extra-granular Tool Permissions

This is a first step to implement this RFC.

Description of changes:

  • Add conditional 'c' option for execute tools with context manager in confirmation prompts
  • Add /tools allow execute_bash and /tools remove execute_bash commands
  • Remove the t option to èxecute_bash` commands

Preview

1-tools-listing
2-exact-command
3-exact-command-definition
4-pattern-command-definition
5-interactive-creation

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Olivier Mansour added 6 commits June 30, 2025 11:03
feat: enhance trusted commands system
6fdd114 
- Add conditional 'c' option for execute tools with context manager in confirmation prompts
- Restore 't' option for non-execute tools (fs_write, use_aws, custom_tool)
- Update trusted command pattern generation to use "git*" instead of "git *" format
- Allow updating existing trusted command descriptions instead of throwing errors
- Enhance trust display labels to distinguish between trust types:
  * "(trusted by user configuration)" for execute commands trusted via patterns
  * "(trusted - tool level)" for tools trusted via 't' option
  * "(trusted - all tools)" for global trust mode
- Reorganize code structure by moving dangerous_patterns.rs and trusted_commands.rs
  to execute/ directory for better logical grouping
- Update all tests to reflect new behavior and pattern formats
- Suppress dead code warnings for test-only methods

This improves the user experience by making trusted commands more intuitive,
provides clearer feedback about trust sources, and organizes execute-related
safety code in a more maintainable structure.
feat: Add exit option to trusted command rule creation Add a new opti…
9495f83 
…on 'Exit rule creation and don't run any commands' to the interactive trusted command rule creation menu. This allows users to cancel both rule creation and command execution when prompted with the 'c' option. Changes: - Add option 5 to the interactive menu display - Update choice range from 1-4 to 1-5 in user prompt - Handle new exit option by returning to PromptUser state - Maintain existing behavior for options 1-4 (create rules or run command) The new option provides users with a clean way to exit the rule creation process without executing the command or creating any trusted command rules. Refactor duplicate code.
refactor: queue_description
4f8d9e6
doc: document the trusted commands feature
c199c84
Merge branch 'main' into trusted-commands-extension
d2e1984
feat: add a remove all options
a2e9736
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@omansour