ros/autocoder
1
0
Fork 0
mirror of https://github.com/leonvanzyl/autocoder.git synced 2026-01-30 06:12:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: revert unsafe permission changes from PR #78

Browse Source 
Security fixes to restore defense-in-depth after merging PR #78:

**client.py:**
- Revert permission mode from "bypassPermissions" to "acceptEdits"
- Remove redundant web_tools_auto_approve_hook from PreToolUse hooks
- Remove unused import of web_tools_auto_approve_hook

**security.py:**
- Remove web_tools_auto_approve_hook function (was redundant and
  returned {} for ALL tools, not just WebFetch/WebSearch)

**server/services/spec_chat_session.py:**
- Restore allowed_tools restriction: [Read, Write, Edit, Glob,
  WebFetch, WebSearch]
- Revert permission mode from "bypassPermissions" to "acceptEdits"
- Keeps setting_sources=["project", "user"] for global skills access

**ui/src/components/AgentAvatar.tsx:**
- Remove unused getMascotName export to fix React Fast Refresh warning
- File now only exports AgentAvatar component as expected

The bypassPermissions mode combined with unrestricted tool access in
spec_chat_session.py created a security gap where Bash commands could
execute without validation (sandbox disabled, no bash_security_hook).

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Auto
2026-01-22 08:04:53 +02:00
parent 47dabb5f08
commit f9d9ad9b85
4 changed files with 11 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
security.py
View File

@@ -309,28 +309,6 @@ def get_command_for_validation(cmd: str, segments: list[str]) -> str:
return ""
async def web_tools_auto_approve_hook(input_data, tool_use_id=None, context=None):
"""
Pre-tool-use hook that auto-approves WebFetch and WebSearch tools.
Workaround for Claude Code bug where these tools are auto-denied in dontAsk mode.
See: https://github.com/anthropics/claude-code/issues/11881
Args:
input_data: Dict containing tool_name and tool_input
tool_use_id: Optional tool use ID
context: Optional context
Returns:
Empty dict to allow (auto-approve)
"""
tool_name = input_data.get("tool_name", "")
if tool_name in ("WebFetch", "WebSearch"):
# Return empty dict = allow/approve the tool
return {}
return {}
async def bash_security_hook(input_data, tool_use_id=None, context=None):
"""
Pre-tool-use hook that validates bash commands using an allowlist.