add allowedBashPatterns NixOS option for finer-grained Bash tool approval
This commit is contained in:
damocles
parent
c05a750409
commit
3c672ed6b2
3 changed files with 88 additions and 10 deletions
|
|
@ -276,11 +276,21 @@ status hint moved to the wake prompt + UI header.
|
|||
|
||||
### Tool whitelist (`mcp::ALLOWED_BUILTIN_TOOLS`)
|
||||
|
||||
- Allowed built-ins: `Bash`, `Edit`, `Glob`, `Grep`, `Read`,
|
||||
`TodoWrite`, `Write`.
|
||||
- Allowed built-ins: `Bash`, `Edit`, `Glob`, `Grep`, `Read`, `Write`.
|
||||
- Denied by omission: `WebFetch`, `WebSearch`, `Task`,
|
||||
`NotebookEdit`.
|
||||
`NotebookEdit`, `TodoWrite`.
|
||||
- Allowed MCP tools: as listed above per flavor.
|
||||
|
||||
`Bash` is on the allow-list pending a finer-grained pattern allow-list
|
||||
(`Bash(git *)`-style) — see [issue #21](http://localhost:3000/hyperhive/hyperhive/issues/21).
|
||||
By default `Bash` is approved wholesale — any shell command runs
|
||||
without confirmation. To restrict an agent to specific command
|
||||
families, set `hyperhive.allowedBashPatterns` in its `agent.nix`:
|
||||
|
||||
```nix
|
||||
hyperhive.allowedBashPatterns = [ "git *" "ls *" ];
|
||||
```
|
||||
|
||||
The harness reads `/etc/hyperhive/bash-allow.json` and replaces
|
||||
`Bash` in `--allowedTools` with `Bash(git *)` + `Bash(ls *)` etc.
|
||||
Commands outside the pattern list require confirmation — which in
|
||||
`--print` mode means they will not run. An empty list (default) keeps
|
||||
the current wholesale `Bash` entry.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue