mirror of
https://github.com/leonvanzyl/autocoder.git
synced 2026-01-30 06:12:06 +00:00
fix: revert unsafe permission changes from PR #78
Security fixes to restore defense-in-depth after merging PR #78: **client.py:** - Revert permission mode from "bypassPermissions" to "acceptEdits" - Remove redundant web_tools_auto_approve_hook from PreToolUse hooks - Remove unused import of web_tools_auto_approve_hook **security.py:** - Remove web_tools_auto_approve_hook function (was redundant and returned {} for ALL tools, not just WebFetch/WebSearch) **server/services/spec_chat_session.py:** - Restore allowed_tools restriction: [Read, Write, Edit, Glob, WebFetch, WebSearch] - Revert permission mode from "bypassPermissions" to "acceptEdits" - Keeps setting_sources=["project", "user"] for global skills access **ui/src/components/AgentAvatar.tsx:** - Remove unused getMascotName export to fix React Fast Refresh warning - File now only exports AgentAvatar component as expected The bypassPermissions mode combined with unrestricted tool access in spec_chat_session.py created a security gap where Bash commands could execute without validation (sandbox disabled, no bash_security_hook). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Auto
@@ -181,8 +181,15 @@ class SpecChatSession:
|
||||
# System prompt loaded from CLAUDE.md via setting_sources
|
||||
# Include "user" for global skills and subagents from ~/.claude/
|
||||
setting_sources=["project", "user"],
|
||||
# No allowed_tools restriction - full access to all tools, skills, subagents
|
||||
permission_mode="bypassPermissions", # Auto-approve all tools
|
||||
allowed_tools=[
|
||||
"Read",
|
||||
"Write",
|
||||
"Edit",
|
||||
"Glob",
|
||||
"WebFetch",
|
||||
"WebSearch",
|
||||
],
|
||||
permission_mode="acceptEdits", # Auto-approve file writes for spec creation
|
||||
max_turns=100,
|
||||
cwd=str(self.project_dir.resolve()),
|
||||
settings=str(settings_file.resolve()),
|
||||
|
||||
Reference in New Issue
Block a user