Problem
ResolvedConfig has a dangerous_patterns field (from .codi.json dangerousPatterns) but there is no corresponding field in AgentConfig and no logic to check commands against these patterns before execution.
Expected Behavior
When a user configures dangerousPatterns (e.g., ["rm -rf", "DROP TABLE"]), the agent should:
- Check tool call arguments against these patterns before execution
- Require explicit user confirmation if a dangerous pattern is matched, even if the tool is in the auto-approve list
Proposed Approach
- Add
dangerous_patterns: Vec<String> to AgentConfig
- In the tool execution path (before calling
execute_tool), check if any argument matches a dangerous pattern
- If matched, bypass auto-approve and prompt for user confirmation
- Wire the field from
ResolvedConfig in build_agent_config()
Related
PR #261 — Wire config options, context compaction, and auto-index on startup
Problem
ResolvedConfighas adangerous_patternsfield (from.codi.jsondangerousPatterns) but there is no corresponding field inAgentConfigand no logic to check commands against these patterns before execution.Expected Behavior
When a user configures
dangerousPatterns(e.g.,["rm -rf", "DROP TABLE"]), the agent should:Proposed Approach
dangerous_patterns: Vec<String>toAgentConfigexecute_tool), check if any argument matches a dangerous patternResolvedConfiginbuild_agent_config()Related
PR #261 — Wire config options, context compaction, and auto-index on startup