kurihada/ai-terminal-assistant
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(core): 简化 Plan Agent bash 权限规则,移除 deny 改用 ask

Browse Source
This commit is contained in:
kurihada
2025-12-16 11:42:48 +08:00
parent f116b8a14a
commit 6817aebfc4
1 changed files with 38 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files
packages/core/src/agent/presets/plan.ts
+38 -73
View File
@@ -16,29 +16,38 @@ export const planAgent: Omit<AgentInfo, 'name'> = {
mode: 'primary', mode: 'primary',
// prompt 留空,由 SystemPrompt.plan() + SystemPrompt.provider() 组合 // prompt 留空,由 SystemPrompt.plan() + SystemPrompt.provider() 组合
tools: { tools: {
disabled: [ enabled: [
// 文件写入操作 // 文件读取(只读)
'write_file', 'read_file',
'edit_file', 'list_directory',
'delete_file', 'search_files',
'move_file', 'grep_content',
'copy_file', 'get_file_info',
'create_directory', // Git 只读
'multi_edit', 'git_status',
// 注意:bash 不再禁用,改用细粒度权限控制 'git_diff',
// Git 写操作 'git_log',
'git_add', 'git_branch',
'git_commit', // Shell(配合 bash 权限规则)
'git_push', 'bash',
'git_pull', // Checkpoint 只读
'git_checkout', 'checkpoint_list',
'git_stash', 'checkpoint_diff',
// checkpoint 操作(会修改状态) // Task 调用子代理
'checkpoint_create', 'task',
'checkpoint_restore', 'agent_output',
'undo', // Web 搜索
// 工具发现(Plan 模式不应动态发现新工具) 'web_search',
'tool_search', 'web_extract',
// Todo 管理
'todoread',
'todowrite',
// Plan 模式响应
'plan_mode_respond',
// 代码分析
'repo_map',
'skill',
'skill_search',
], ],
}, },
permission: { permission: {
@@ -51,53 +60,9 @@ export const planAgent: Omit<AgentInfo, 'name'> = {
bash: { bash: {
enabled: true, enabled: true,
rules: [ rules: [
// ============================================================ // 只读操作 - 允许(其他命令默认 ask)
// 重要:deny 规则必须放在 allow 规则之前,确保优先匹配!
// ============================================================
// ============ 危险命令 - 拒绝 ============ // ============ 文件查看 ============
{ pattern: 'rm *', action: 'deny' },
{ pattern: 'rmdir *', action: 'deny' },
{ pattern: 'mv *', action: 'deny' },
{ pattern: 'cp *', action: 'deny' },
{ pattern: 'mkdir *', action: 'deny' },
{ pattern: 'touch *', action: 'deny' },
{ pattern: 'chmod *', action: 'deny' },
{ pattern: 'chown *', action: 'deny' },
{ pattern: 'sudo *', action: 'deny' },
{ pattern: 'su *', action: 'deny' },
{ pattern: 'ln *', action: 'deny' },
{ pattern: 'install *', action: 'deny' },
{ pattern: 'truncate *', action: 'deny' },
{ pattern: 'dd *', action: 'deny' },
{ pattern: 'tee *', action: 'deny' },
// ============ 重定向操作 - 拒绝(必须在 cat/echo 等允许规则之前)============
{ pattern: '* > *', action: 'deny' },
{ pattern: '* >> *', action: 'deny' },
{ pattern: '* << *', action: 'deny' }, // heredoc 重定向
// ============ Git 写操作 - 拒绝 ============
{ pattern: 'git add *', action: 'deny' },
{ pattern: 'git commit *', action: 'deny' },
{ pattern: 'git push *', action: 'deny' },
{ pattern: 'git pull *', action: 'deny' },
{ pattern: 'git checkout *', action: 'deny' },
{ pattern: 'git reset *', action: 'deny' },
{ pattern: 'git rebase *', action: 'deny' },
{ pattern: 'git merge *', action: 'deny' },
{ pattern: 'git stash *', action: 'deny' },
{ pattern: 'git clean *', action: 'deny' },
// ============ find 危险操作 - 拒绝 ============
{ pattern: 'find * -delete*', action: 'deny' },
{ pattern: 'find * -exec*', action: 'deny' },
// ============================================================
// 以下为只读操作的 allow 规则
// ============================================================
// ============ 文件查看 - 允许 ============
{ pattern: 'ls', action: 'allow' }, { pattern: 'ls', action: 'allow' },
{ pattern: 'ls *', action: 'allow' }, { pattern: 'ls *', action: 'allow' },
{ pattern: 'pwd', action: 'allow' }, { pattern: 'pwd', action: 'allow' },
@@ -107,14 +72,14 @@ export const planAgent: Omit<AgentInfo, 'name'> = {
{ pattern: 'less *', action: 'allow' }, { pattern: 'less *', action: 'allow' },
{ pattern: 'more *', action: 'allow' }, { pattern: 'more *', action: 'allow' },
// ============ 搜索 - 允许 ============ // ============ 搜索 ============
{ pattern: 'find *', action: 'allow' }, { pattern: 'find *', action: 'allow' },
{ pattern: 'grep *', action: 'allow' }, { pattern: 'grep *', action: 'allow' },
{ pattern: 'rg *', action: 'allow' }, { pattern: 'rg *', action: 'allow' },
{ pattern: 'tree', action: 'allow' }, { pattern: 'tree', action: 'allow' },
{ pattern: 'tree *', action: 'allow' }, { pattern: 'tree *', action: 'allow' },
// ============ 文件信息 - 允许 ============ // ============ 文件信息 ============
{ pattern: 'wc *', action: 'allow' }, { pattern: 'wc *', action: 'allow' },
{ pattern: 'stat *', action: 'allow' }, { pattern: 'stat *', action: 'allow' },
{ pattern: 'file *', action: 'allow' }, { pattern: 'file *', action: 'allow' },
@@ -123,14 +88,14 @@ export const planAgent: Omit<AgentInfo, 'name'> = {
{ pattern: 'which *', action: 'allow' }, { pattern: 'which *', action: 'allow' },
{ pattern: 'whereis *', action: 'allow' }, { pattern: 'whereis *', action: 'allow' },
// ============ 文本处理(只读)- 允许 ============ // ============ 文本处理(只读) ============
{ pattern: 'sort *', action: 'allow' }, { pattern: 'sort *', action: 'allow' },
{ pattern: 'uniq *', action: 'allow' }, { pattern: 'uniq *', action: 'allow' },
{ pattern: 'cut *', action: 'allow' }, { pattern: 'cut *', action: 'allow' },
{ pattern: 'awk *', action: 'allow' }, { pattern: 'awk *', action: 'allow' },
{ pattern: 'sed -n *', action: 'allow' }, // 只允许 -n (不修改) { pattern: 'sed -n *', action: 'allow' }, // 只允许 -n (不修改)
// ============ Git 只读 - 允许 ============ // ============ Git 只读 ============
{ pattern: 'git status', action: 'allow' }, { pattern: 'git status', action: 'allow' },
{ pattern: 'git status *', action: 'allow' }, { pattern: 'git status *', action: 'allow' },
{ pattern: 'git diff', action: 'allow' }, { pattern: 'git diff', action: 'allow' },