fix(exec): implement Windows argPattern allowlist flow

2026-04-29 10:02:04 +00:00 · 2026-04-02 15:29:55 +01:00
parent cc5146b9c6
commit fff6333773
10 changed files with 1247 additions and 111 deletions
--- a/src/agents/bash-tools.exec-host-gateway.ts
+++ b/src/agents/bash-tools.exec-host-gateway.ts
@@ -1,17 +1,16 @@
 import type { AgentToolResult } from "@mariozechner/pi-agent-core";
 import {
  addDurableCommandApproval,
-  addAllowlistEntry,
  type ExecAsk,
  resolveExecApprovalAllowedDecisions,
  type ExecSecurity,
  buildEnforcedShellCommand,
  evaluateShellAllowlist,
  hasDurableExecApproval,
-  recordAllowlistUse,
+  persistAllowAlwaysPatterns,
+  recordAllowlistMatchesUse,
  resolveApprovalAuditCandidatePath,
  requiresExecApproval,
-  resolveAllowAlwaysPatterns,
 } from "../infra/exec-approvals.js";
 import {
  describeInterpreterInlineEval,
@@ -144,19 +143,14 @@ export async function processGatewayAllowlist(
    logInfo(`exec: obfuscation detected (gateway): ${obfuscation.reasons.join(", ")}`);
    params.warnings.push(`⚠️ Obfuscated command detected: ${obfuscation.reasons.join("; ")}`);
  }
-  const recordMatchedAllowlistUse = (resolvedPath?: string) => {
-    if (allowlistMatches.length === 0) {
-      return;
-    }
-    const seen = new Set<string>();
-    for (const match of allowlistMatches) {
-      if (seen.has(match.pattern)) {
-        continue;
-      }
-      seen.add(match.pattern);
-      recordAllowlistUse(approvals.file, params.agentId, match, params.command, resolvedPath);
-    }
-  };
+  const recordMatchedAllowlistUse = (resolvedPath?: string) =>
+    recordAllowlistMatchesUse({
+      approvals: approvals.file,
+      agentId: params.agentId,
+      matches: allowlistMatches,
+      command: params.command,
+      resolvedPath,
+    });
  const hasHeredocSegment = allowlistEval.segments.some((segment) =>
    segment.argv.some((token) => token.startsWith("<<")),
  );
@@ -320,20 +314,15 @@ export async function processGatewayAllowlist(
      } else if (decision === "allow-always") {
        approvedByAsk = true;
        if (!requiresInlineEvalApproval) {
-          const patterns = resolveAllowAlwaysPatterns({
+          const patterns = persistAllowAlwaysPatterns({
+            approvals: approvals.file,
+            agentId: params.agentId,
            segments: allowlistEval.segments,
            cwd: params.workdir,
            env: params.env,
            platform: process.platform,
            strictInlineEval: params.strictInlineEval === true,
          });
-          for (const pattern of patterns) {
-            if (pattern) {
-              addAllowlistEntry(approvals.file, params.agentId, pattern, {
-                source: "allow-always",
-              });
-            }
-          }
          if (patterns.length === 0) {
            addDurableCommandApproval(approvals.file, params.agentId, params.command);
          }