autocoder

ros/autocoder

Fork 0

mirror of https://github.com/leonvanzyl/autocoder.git synced 2026-01-29 22:02:05 +00:00

Commit Graph

Author	SHA1	Message	Date
Marian Paul	edff398fe6	test: add safe environment variable handling in integration tests Changes: - Add temporary_home() context manager for safe HOME manipulation - Handle both Unix (HOME) and Windows (USERPROFILE, HOMEDRIVE, HOMEPATH) - Update test_org_blocklist_enforcement to use context manager - Update test_org_allowlist_inheritance to use context manager Benefits: - Environment variables always restored, even on exceptions - Prevents test pollution across test runs - Cross-platform compatibility (Windows + Unix) All 9 integration tests passing.	2026-01-22 16:31:50 +01:00
Marian Paul	f1b48be10e	feat: increase command limit to 100 and add optimization guide Changes: - Increase command limit from 50 to 100 per project - Add examples/OPTIMIZE_CONFIG.md with optimization strategies - Update all documentation references (50 → 100) - Update tests for new limit Rationale: - 50 was too restrictive for projects with many tools (Flutter, etc.) - Users were unknowingly exceeding limit by listing subcommands - 100 provides headroom while maintaining security - New guide teaches wildcard optimization (flutter* vs listing each subcommand) UI feedback idea: Show command count and optimization suggestions (tracked for Phase 3 or future enhancement)	2026-01-22 13:29:33 +01:00
Marian Paul	a9a0fcd865	feat: add per-project bash command allowlist system Implement hierarchical command security with project and org-level configs: WHAT'S NEW: - Project-level YAML config (.autocoder/allowed_commands.yaml) - Organization-level config (~/.autocoder/config.yaml) - Pattern matching (exact, wildcards, local scripts) - Hardcoded blocklist (sudo, dd, shutdown - never allowed) - Org blocklist (terraform, kubectl - configurable) - Helpful error messages with config hints - Comprehensive documentation and examples ARCHITECTURE: - Hierarchical resolution: Hardcoded → Org Block → Org Allow → Global → Project - YAML validation with 50 command limit per project - Pattern matching: exact ("swift"), wildcards ("swift"), scripts ("./build.sh") - Secure by default: all examples commented out TESTING: - 136 unit tests (pattern matching, YAML, hierarchy, validation) - 9 integration tests (real security hook flows) - All tests passing, 100% backward compatible DOCUMENTATION: - examples/README.md - comprehensive guide with use cases - examples/project_allowed_commands.yaml - template (all commented) - examples/org_config.yaml - org config template (all commented) - PHASE3_SPEC.md - mid-session approval spec (future enhancement) - Updated CLAUDE.md with security model documentation USE CASES: - iOS projects: Add Swift toolchain (xcodebuild, swift, etc.) - Rust projects: Add cargo, rustc, clippy - Enterprise: Block aws, kubectl, terraform org-wide - Custom scripts: Allow ./scripts/build.sh PHASES: ✅ Phase 1: Project YAML + blocklist (implemented) ✅ Phase 2: Org config + hierarchy (implemented) 📋 Phase 3: Mid-session approval (spec ready, not implemented) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>	2026-01-22 12:29:20 +01:00

Author

SHA1

Message

Date

Marian Paul

edff398fe6

test: add safe environment variable handling in integration tests

Changes:
- Add temporary_home() context manager for safe HOME manipulation
- Handle both Unix (HOME) and Windows (USERPROFILE, HOMEDRIVE, HOMEPATH)
- Update test_org_blocklist_enforcement to use context manager
- Update test_org_allowlist_inheritance to use context manager

Benefits:
- Environment variables always restored, even on exceptions
- Prevents test pollution across test runs
- Cross-platform compatibility (Windows + Unix)

All 9 integration tests passing.

2026-01-22 16:31:50 +01:00

Marian Paul

f1b48be10e

feat: increase command limit to 100 and add optimization guide

Changes:
- Increase command limit from 50 to 100 per project
- Add examples/OPTIMIZE_CONFIG.md with optimization strategies
- Update all documentation references (50 → 100)
- Update tests for new limit

Rationale:
- 50 was too restrictive for projects with many tools (Flutter, etc.)
- Users were unknowingly exceeding limit by listing subcommands
- 100 provides headroom while maintaining security
- New guide teaches wildcard optimization (flutter* vs listing each subcommand)

UI feedback idea: Show command count and optimization suggestions
(tracked for Phase 3 or future enhancement)

2026-01-22 13:29:33 +01:00

Marian Paul

a9a0fcd865

feat: add per-project bash command allowlist system

Implement hierarchical command security with project and org-level configs:

WHAT'S NEW:
- Project-level YAML config (.autocoder/allowed_commands.yaml)
- Organization-level config (~/.autocoder/config.yaml)
- Pattern matching (exact, wildcards, local scripts)
- Hardcoded blocklist (sudo, dd, shutdown - never allowed)
- Org blocklist (terraform, kubectl - configurable)
- Helpful error messages with config hints
- Comprehensive documentation and examples

ARCHITECTURE:
- Hierarchical resolution: Hardcoded → Org Block → Org Allow → Global → Project
- YAML validation with 50 command limit per project
- Pattern matching: exact ("swift"), wildcards ("swift*"), scripts ("./build.sh")
- Secure by default: all examples commented out

TESTING:
- 136 unit tests (pattern matching, YAML, hierarchy, validation)
- 9 integration tests (real security hook flows)
- All tests passing, 100% backward compatible

DOCUMENTATION:
- examples/README.md - comprehensive guide with use cases
- examples/project_allowed_commands.yaml - template (all commented)
- examples/org_config.yaml - org config template (all commented)
- PHASE3_SPEC.md - mid-session approval spec (future enhancement)
- Updated CLAUDE.md with security model documentation

USE CASES:
- iOS projects: Add Swift toolchain (xcodebuild, swift*, etc.)
- Rust projects: Add cargo, rustc, clippy
- Enterprise: Block aws, kubectl, terraform org-wide
- Custom scripts: Allow ./scripts/build.sh

PHASES:
✅ Phase 1: Project YAML + blocklist (implemented)
✅ Phase 2: Org config + hierarchy (implemented)
📋 Phase 3: Mid-session approval (spec ready, not implemented)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

2026-01-22 12:29:20 +01:00

3 Commits