diff options
| author | Grail Finder <wohilas@gmail.com> | 2026-02-18 21:22:58 +0300 |
|---|---|---|
| committer | Grail Finder <wohilas@gmail.com> | 2026-02-18 21:22:58 +0300 |
| commit | f560ecf70baa163b7f384b4d8162bf41026e80f9 (patch) | |
| tree | 73bbc5316e26b1b544c8ce58c381f3f0f722bd20 /tools.go | |
| parent | f40f09390b7ccf365b41fa1cc134432537b50cad (diff) | |
Card: coding assistant
Diffstat (limited to 'tools.go')
| -rw-r--r-- | tools.go | 39 |
1 files changed, 29 insertions, 10 deletions
@@ -648,12 +648,6 @@ func executeCommand(args map[string]string) []byte { return []byte(msg) } - if !isCommandAllowed(command) { - msg := fmt.Sprintf("command '%s' is not allowed", command) - logger.Error(msg) - return []byte(msg) - } - // Get arguments - handle both single arg and multiple args var cmdArgs []string if args["args"] != "" { @@ -673,6 +667,12 @@ func executeCommand(args map[string]string) []byte { } } + if !isCommandAllowed(command, cmdArgs...) { + msg := fmt.Sprintf("command '%s' is not allowed", command) + logger.Error(msg) + return []byte(msg) + } + // Execute with timeout for safety ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) defer cancel() @@ -907,7 +907,19 @@ func todoDelete(args map[string]string) []byte { return jsonResult } -func isCommandAllowed(command string) bool { +var gitReadSubcommands = map[string]bool{ + "status": true, + "log": true, + "diff": true, + "show": true, + "branch": true, + "reflog": true, + "rev-parse": true, + "shortlog": true, + "describe": true, +} + +func isCommandAllowed(command string, args ...string) bool { allowedCommands := map[string]bool{ "grep": true, "sed": true, @@ -937,8 +949,15 @@ func isCommandAllowed(command string) bool { "whoami": true, "date": true, "uname": true, + "git": true, + } + if !allowedCommands[command] { + return false + } + if command == "git" && len(args) > 0 { + return gitReadSubcommands[args[0]] } - return allowedCommands[command] + return true } func summarizeChat(args map[string]string) []byte { @@ -1303,14 +1322,14 @@ var baseTools = []models.Tool{ Type: "function", Function: models.ToolFunc{ Name: "execute_command", - Description: "Execute a shell command safely. Use when you need to run system commands like grep sed awk find cat head tail sort uniq wc ls echo cut tr cp mv rm mkdir rmdir pwd df free ps top du whoami date uname", + Description: "Execute a shell command safely. Use when you need to run system commands like grep sed awk find cat head tail sort uniq wc ls echo cut tr cp mv rm mkdir rmdir pwd df free ps top du whoami date uname. Git is allowed for read-only operations: status, log, diff, show, branch, reflog, rev-parse, shortlog, describe.", Parameters: models.ToolFuncParams{ Type: "object", Required: []string{"command"}, Properties: map[string]models.ToolArgProps{ "command": models.ToolArgProps{ Type: "string", - Description: "command to execute (only commands from whitelist are allowed: grep sed awk find cat head tail sort uniq wc ls echo cut tr cp mv rm mkdir rmdir pwd df free ps top du whoami date uname", + Description: "command to execute (only commands from whitelist are allowed: grep sed awk find cat head tail sort uniq wc ls echo cut tr cp mv rm mkdir rmdir pwd df free ps top du whoami date uname; git allowed for reads: status log diff show branch reflog rev-parse shortlog describe)", }, "args": models.ToolArgProps{ Type: "string", |