odium/claw-code-parity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: odium:main
Branches Tags
odium:main
odium:fix/render-diff-report-isolation
odium:ultraclaw/session-control-api
odium:ultraclaw/mcp-lifecycle-harden
odium:ultraclaw/summary-compression
odium:ultraclaw/policy-engine
odium:ultraclaw/trust-resolver
odium:ultraclaw/stale-branch-detect
odium:ultraclaw/green-contract
odium:ultraclaw/recovery-recipes
odium:ultraclaw/plugin-lifecycle
odium:ultraclaw/task-packet
odium:gaebal/roadmap-main
odium:jobdori/fix-test-env-pollution
odium:gaebal/fix-ci-main-85c5b0e
odium:jobdori/permission-enforcement
odium:gaebal/mcp-lifecycle-parity-v2
odium:jobdori/lsp-client
odium:jobdori/mcp-lifecycle
odium:jobdori/update-parity-doc
odium:jobdori/team-cron-runtime
odium:jobdori/task-registry-wiring
odium:jobdori/task-runtime
odium:jobdori/file-tool-edge-cases
odium:jobdori/fix-ci-sandbox
odium:jobdori/bash-validation-submodules
odium:bellman/parity-harness-v2
odium:clawcode-issue-9506-mock-llm-parity-harness
odium:dori/behavioral-parity-audit
odium:dori/final-tool-parity
odium:dori/remaining-tools-parity
odium:dori/task-tools-parity
odium:clawcode-issue-9405-plugins-execution-pipeline
odium:clawcode-issue-9407-cli-agents-mcp-config
odium:clawcode-issue-9408-api-sse-streaming
odium:clawcode-issue-9406-commands-skill-install
odium:clawcode-issue-9410-cli-ux-progress-status-clear
odium:clawcode-issue-9409-config-env-project-permissions
odium:clawcode-issue-9404-tools-plan-worktree
odium:dori/commands-parity
odium:dori/tools-parity
odium:dori/mcp-parity
odium:dori/hooks-parity
odium:dori/plugins-parity
odium:dori/integration-tests
odium:dori/stub-commands
odium:dori/runtime-parity
odium:omx-issue-9203-release-binary
odium:gaebal/cli-dispatch-top5
odium:omx-issue-9202-release-harness
odium:omx-issue-9201-release-ci
odium:omx-issue-9101-codex-ux-compare
odium:omx-issue-9102-opencode-ux-compare
odium:omx-issue-9103-clawcode-ux-enhance
odium:fix/clippy-warnings
odium:integration/dori-cleanroom
odium:dev/rust
...
pull from: odium:jobdori/bash-validation-submodules
Branches Tags
odium:main
odium:fix/render-diff-report-isolation
odium:ultraclaw/session-control-api
odium:ultraclaw/mcp-lifecycle-harden
odium:ultraclaw/summary-compression
odium:ultraclaw/policy-engine
odium:ultraclaw/trust-resolver
odium:ultraclaw/stale-branch-detect
odium:ultraclaw/green-contract
odium:ultraclaw/recovery-recipes
odium:ultraclaw/plugin-lifecycle
odium:ultraclaw/task-packet
odium:gaebal/roadmap-main
odium:jobdori/fix-test-env-pollution
odium:gaebal/fix-ci-main-85c5b0e
odium:jobdori/permission-enforcement
odium:gaebal/mcp-lifecycle-parity-v2
odium:jobdori/lsp-client
odium:jobdori/mcp-lifecycle
odium:jobdori/update-parity-doc
odium:jobdori/team-cron-runtime
odium:jobdori/task-registry-wiring
odium:jobdori/task-runtime
odium:jobdori/file-tool-edge-cases
odium:jobdori/fix-ci-sandbox
odium:jobdori/bash-validation-submodules
odium:bellman/parity-harness-v2
odium:clawcode-issue-9506-mock-llm-parity-harness
odium:dori/behavioral-parity-audit
odium:dori/final-tool-parity
odium:dori/remaining-tools-parity
odium:dori/task-tools-parity
odium:clawcode-issue-9405-plugins-execution-pipeline
odium:clawcode-issue-9407-cli-agents-mcp-config
odium:clawcode-issue-9408-api-sse-streaming
odium:clawcode-issue-9406-commands-skill-install
odium:clawcode-issue-9410-cli-ux-progress-status-clear
odium:clawcode-issue-9409-config-env-project-permissions
odium:clawcode-issue-9404-tools-plan-worktree
odium:dori/commands-parity
odium:dori/tools-parity
odium:dori/mcp-parity
odium:dori/hooks-parity
odium:dori/plugins-parity
odium:dori/integration-tests
odium:dori/stub-commands
odium:dori/runtime-parity
odium:omx-issue-9203-release-binary
odium:gaebal/cli-dispatch-top5
odium:omx-issue-9202-release-harness
odium:omx-issue-9201-release-ci
odium:omx-issue-9101-codex-ux-compare
odium:omx-issue-9102-opencode-ux-compare
odium:omx-issue-9103-clawcode-ux-enhance
odium:fix/clippy-warnings
odium:integration/dori-cleanroom
odium:dev/rust
Sign in to create a new pull request.

2 commits
main ... jobdori/ba

Author SHA1 Message Date
YeonGyu-Kim
0a03f12432 feat: add bashPermissions, bashSecurity, shouldUseSandbox — complete 9/9 bash validation submodules 
- bashPermissions: CommandPermissionRule + BashPermissionPolicy with
  allow/deny list matching (exact and prefix patterns)
- bashSecurity: check_security() detects embedded credentials, dangerous
  env vars (LD_PRELOAD, DYLD_INSERT_LIBRARIES), and shell injection in
  data-passing commands
- shouldUseSandbox: command-aware sandbox decision based on CommandIntent
  classification and SandboxConfig
- Pipeline extended: validate_command() now runs security checks as step 5
- 19 new tests (51 total), all passing
- fmt/clippy clean
 2026-04-03 14:57:22 +09:00
Jobdori
36dac6cbbe feat: add bash validation submodules — readOnlyValidation, destructiveCommandWarning, modeValidation, sedValidation, pathValidation, commandSemantics 
Ports 6 of 9 upstream BashTool validation submodules:
- readOnlyValidation: blocks write/state-modifying commands in read-only mode
- destructiveCommandWarning: flags dangerous commands (rm -rf /, fork bombs, etc.)
- modeValidation: enforces permission mode constraints on commands
- sedValidation: blocks sed -i in read-only mode
- pathValidation: detects directory traversal and home dir escapes
- commandSemantics: classifies command intent (read-only, write, destructive, network, etc.)

Full validation pipeline: validate_command() runs all checks in priority order.
32 new tests covering all validation paths.

Remaining bash submodules for separate lane: bashPermissions, bashSecurity, shouldUseSandbox
 2026-04-03 13:54:05 +09:00
2 changed files with 1403 additions and 0 deletions
Show stats Expand all files Collapse all files

1402
rust/crates/runtime/src/bash_validation.rs Normal file
View file

File diff suppressed because it is too large Load diff

1
rust/crates/runtime/src/lib.rs
View file

@ -1,4 +1,5 @@
mod bash;
pub mod bash_validation;
mod bootstrap;
mod compact;
mod config;