diff options
| author | Aiden Cline <[email protected]> | 2025-11-19 12:31:24 -0600 |
|---|---|---|
| committer | Aiden Cline <[email protected]> | 2025-11-19 12:31:34 -0600 |
| commit | 1ff5d888c287e6d585e6d72a068c3c633f9a5d78 (patch) | |
| tree | 8adad9138846b7dccbfcacb6f8ec8a972c56f498 /packages | |
| parent | 5d25758400e546775f7300dc883b0e039df303e9 (diff) | |
| download | opencode-1ff5d888c287e6d585e6d72a068c3c633f9a5d78.tar.gz opencode-1ff5d888c287e6d585e6d72a068c3c633f9a5d78.zip | |
fix: make bash tool use external_directory perm
Diffstat (limited to 'packages')
| -rw-r--r-- | packages/opencode/src/tool/bash.ts | 31 |
1 files changed, 27 insertions, 4 deletions
diff --git a/packages/opencode/src/tool/bash.ts b/packages/opencode/src/tool/bash.ts index 3f502fe1a..d74a8d83d 100644 --- a/packages/opencode/src/tool/bash.ts +++ b/packages/opencode/src/tool/bash.ts @@ -12,6 +12,7 @@ import { Filesystem } from "@/util/filesystem" import { Wildcard } from "@/util/wildcard" import { Permission } from "@/permission" import { fileURLToPath } from "url" +import path from "path" const MAX_OUTPUT_LENGTH = 30_000 const DEFAULT_TIMEOUT = 1 * 60 * 1000 @@ -68,7 +69,8 @@ export const BashTool = Tool.define("bash", { if (!tree) { throw new Error("Failed to parse command") } - const permissions = await Agent.get(ctx.agent).then((x) => x.permission.bash) + const agent = await Agent.get(ctx.agent) + const permissions = agent.permission.bash const askPatterns = new Set<string>() for (const node of tree.rootNode.descendantsOfType("command")) { @@ -107,9 +109,30 @@ export const BashTool = Tool.define("bash", { : resolved if (!Filesystem.contains(Instance.directory, normalized)) { - throw new Error( - `This command references paths outside of ${Instance.directory} so it is not allowed to be executed.`, - ) + const parentDir = path.dirname(normalized) + if (agent.permission.external_directory === "ask") { + await Permission.ask({ + type: "external_directory", + pattern: parentDir, + sessionID: ctx.sessionID, + messageID: ctx.messageID, + callID: ctx.callID, + title: `This command references paths outside of ${Instance.directory}`, + metadata: { + command: params.command, + }, + }) + } else if (agent.permission.external_directory === "deny") { + throw new Permission.RejectedError( + ctx.sessionID, + "external_directory", + ctx.callID, + { + command: params.command, + }, + `This command references paths outside of ${Instance.directory} so it is not allowed to be executed.`, + ) + } } } } |