odium/claw-code-parity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add bash validation submodules — readOnlyValidation, destructiveCommandWarning, modeValidation, sedValidation, pathValidation, commandSemantics

Browse source 
Ports 6 of 9 upstream BashTool validation submodules:
- readOnlyValidation: blocks write/state-modifying commands in read-only mode
- destructiveCommandWarning: flags dangerous commands (rm -rf /, fork bombs, etc.)
- modeValidation: enforces permission mode constraints on commands
- sedValidation: blocks sed -i in read-only mode
- pathValidation: detects directory traversal and home dir escapes
- commandSemantics: classifies command intent (read-only, write, destructive, network, etc.)

Full validation pipeline: validate_command() runs all checks in priority order.
32 new tests covering all validation paths.

Remaining bash submodules for separate lane: bashPermissions, bashSecurity, shouldUseSandbox
This commit is contained in:
Jobdori 2026-04-03 13:54:05 +09:00
parent 85c5b0e01d
commit 36dac6cbbe
2 changed files with 1005 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1004
rust/crates/runtime/src/bash_validation.rs Normal file
View file

File diff suppressed because it is too large Load diff

1
rust/crates/runtime/src/lib.rs
View file

@ -1,4 +1,5 @@
mod bash; mod bash;
pub mod bash_validation;
mod bootstrap; mod bootstrap;
mod compact; mod compact;
mod config; mod config;