Skip to content

feat(permission): extract inner commands from wrappers for permission matching#16724

Closed
Chetic wants to merge 1 commit into
anomalyco:devfrom
Chetic:feat/extract-wrapper-inner-commands
Closed

feat(permission): extract inner commands from wrappers for permission matching#16724
Chetic wants to merge 1 commit into
anomalyco:devfrom
Chetic:feat/extract-wrapper-inner-commands

Conversation

@Chetic

@Chetic Chetic commented Mar 9, 2026
edited
Loading

Copy link
Copy Markdown

Issue for this PR

Closes #9516

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

When commands are wrapped in xargs, timeout, sudo, etc., the permission system only sees the wrapper command. A rule like "rm *": "deny" is bypassed when the command is sudo rm -rf / because the system matches against sudo, not rm.

This adds a BashWrapper module that extracts inner commands from known wrapper commands. Both the wrapper and inner command(s) get checked against permission rules. The change is purely additive — existing behavior is unchanged, inner commands are additionally checked.

Supported wrappers: timeout, time, nice, nohup, ionice, stdbuf, watch, sudo, env, xargs, find -exec/-execdir. Nested wrappers are handled recursively (e.g. timeout 5 sudo gh api extracts gh api).

How did you verify your code works?

  • 34 unit tests for the extraction logic (test/permission/wrapper.test.ts)
  • 3 integration tests with tree-sitter parsing (test/tool/bash.test.ts)
  • Existing arity and bash tests continue to pass
  • Full test suite passes, typecheck passes

Screenshots / recordings

N/A — no UI changes.

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

@Chetic @claude
feat(permission): extract inner commands from wrapper commands for pe…
0783a1b 
…rmission matching

When commands are wrapped in xargs, timeout, sudo, nice, nohup, etc.,
the permission system now extracts and checks the inner command against
permission rules in addition to the wrapper command itself. This prevents
bypassing deny rules like "rm *": "deny" by running "sudo rm -rf /".

Closes anomalyco#9516

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@Chetic Chetic mentioned this pull request Mar 9, 2026
Closed
@github-actions github-actions Bot added needs:compliance This means the issue will auto-close after 2 hours. and removed needs:compliance This means the issue will auto-close after 2 hours. labels Mar 9, 2026
@github-actions

github-actions Bot commented Mar 9, 2026

Copy link
Copy Markdown
Contributor

Thanks for updating your PR! It now meets our contributing guidelines. 👍

@github-actions

github-actions Bot commented May 9, 2026

Copy link
Copy Markdown
Contributor

Closing this pull request because it has had no updates for more than 60 days. If you plan to continue working on it, feel free to reopen or open a new PR.

@github-actions github-actions Bot closed this May 9, 2026
@webpro webpro mentioned this pull request Jun 9, 2026
Open
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE]: Extract inner commands from xargs/parallel/find -exec for permission matching

1 participant

@Chetic