feat(policy): built-in policy presets (strict | permissive | shell_safe)#126
Merged
Conversation
…104) Ship named presets resolvable from Project defaults, direct policy references, or Policy.spec.preset with local overrides layered on top. Expand presets during normalize so validate/plan show effective rules. shell_safe classifies native shell command tokens and integrates with tool safety metadata from #103. Co-authored-by: Cursor <cursoragent@cursor.com>
ReviewGate [WARN]
|
Automated reviewSummarySignificant additions of policy presets with schemes for shell command safety. Findings
|
… merge Fail closed on shell metacharacters; remove dead synthetic requiredFor entries; use tri-state *bool merge for requireAllTools/permissive overlays; unify shell command helpers; simplify evaluator decision path; add adversarial and integration tests. Co-authored-by: Cursor <cursoragent@cursor.com>
Combine shell_safe token gating with explicit approvals.requiredFor at runtime; move EffectiveToolDecision shell_safe check outside Approvals guard; drop unreachable requiresToolCallApproval branch. Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
strict,permissive, andshell_safe(issue feat(policy): built-in policy presets (strict | permissive | shell_safe) #104), selectable viaProject.spec.defaults.policy, direct agent/workflow policy references, orPolicy.spec.presetwith local overrides layered on top.NormalizeProjectGraphsovalidate/planshow effective rules (requireAllTools,permissive, expanded gate-token patterns forshell_safe).shell_safeclassifies native shell operations (command.run,run,exec,shell) by first token: read-only commands (ls,cat, …) run unattended; risky/unknown tokens and side-effecting tools require--approve.agentctl initscaffold policy now usespreset: shell_safefor safe defaults out of the box.Test plan
make ci(gofmt, vet,go test -race ./...)agentctl init→ validate → plan → apply → run flowdefaults.policy: shell_safegatescommand.runwithrm -rfbut allowslsCloses #104
Made with Cursor