Merge pull request #59 from VibePod/issue-58

Implement explicit directory permissions

Author: nezhar

src/vibepod/commands/config.py

@@ -11,6 +11,12 @@
 import yaml
 
 from vibepod.constants import SUPPORTED_AGENTS
+from vibepod.core.allowed_dirs import (
+    add_allowed_dir,
+    is_protected_dir,
+    load_allowed_dirs,
+    remove_allowed_dir,
+)
 from vibepod.core.config import get_config, get_global_config_path, get_project_config_path
 from vibepod.utils.console import console, error, success
 
@@ -142,3 +148,69 @@ def path(
     print(f"Global:  {global_path}")
     print(f"Project: {project_path}")
     print(f"Logs:    {logs_path}")
+
+
+@app.command("allow-dir")
+def allow_dir(
+    directory: Annotated[
+        Path | None,
+        typer.Argument(help="Directory to allow (defaults to current directory)"),
+    ] = None,
+) -> None:
+    """Add a directory to the vp run allow list."""
+    try:
+        target = (directory or Path.cwd()).expanduser().resolve()
+    except (OSError, ValueError) as exc:
+        error(f"Could not resolve directory path: {exc}")
+        raise typer.Exit(1) from exc
+    if not target.exists() or not target.is_dir():
+        error(f"Not a valid directory: {target}")
+        raise typer.Exit(1)
+    if is_protected_dir(target):
+        error(
+            f"'{target}' is a protected directory (home or root) and cannot be added "
+            "to the allow list."
+        )
+        raise typer.Exit(1)
+    try:
+        add_allowed_dir(target)
+    except OSError as exc:
+        error(f"Could not update allow list: {exc}")
+        raise typer.Exit(1) from exc
+    success(f"Allowed: {target}")
+
+
+@app.command("remove-dir")
+def remove_dir(
+    directory: Annotated[
+        Path | None,
+        typer.Argument(help="Directory to remove (defaults to current directory)"),
+    ] = None,
+) -> None:
+    """Remove a directory from the vp run allow list."""
+    try:
+        target = (directory or Path.cwd()).expanduser().resolve()
+    except (OSError, ValueError) as exc:
+        error(f"Could not resolve directory path: {exc}")
+        raise typer.Exit(1) from exc
+    try:
+        removed = remove_allowed_dir(target)
+    except OSError as exc:
+        error(f"Could not update allow list: {exc}")
+        raise typer.Exit(1) from exc
+    if removed:
+        success(f"Removed: {target}")
+    else:
+        error(f"Directory not in allow list: {target}")
+        raise typer.Exit(1)
+
+
+@app.command("list-allowed-dirs")
+def list_allowed_dirs() -> None:
+    """List all directories in the vp run allow list."""
+    dirs = load_allowed_dirs()
+    if not dirs:
+        console.print("No directories in the allow list.")
+        return
+    for d in dirs:
+        console.print(d)

src/vibepod/commands/run.py

@@ -22,6 +22,7 @@
     get_agent_spec,
     resolve_agent_name,
 )
+from vibepod.core.allowed_dirs import add_allowed_dir, is_dir_allowed, is_protected_dir
 from vibepod.core.config import get_config
 from vibepod.core.docker import DockerClientError, DockerManager, _is_latest_tag
 from vibepod.core.session_logger import SessionLogger
@@ -262,6 +263,32 @@ def run(
     if not workspace_path.exists() or not workspace_path.is_dir():
         raise typer.BadParameter(f"Workspace not found: {workspace_path}")
 
+    if is_protected_dir(workspace_path):
+        error(
+            f"'{workspace_path}' is a protected directory (home or root) and cannot be "
+            "added to the allow list. Change to a project directory first."
+        )
+        raise typer.Exit(1)
+
+    if not is_dir_allowed(workspace_path):
+        if not sys.stdin.isatty():
+            error(
+                f"'{workspace_path}' is not in the allowed directories list. "
+                "Run `vp config allow-dir` to add it."
+            )
+            raise typer.Exit(1)
+        if not Confirm.ask(
+            f"'{workspace_path}' is not allowed for `vp run`. Would you like to allow it?",
+            default=True,
+        ):
+            error("Directory not allowed. Aborting.")
+            raise typer.Exit(1)
+        try:
+            add_allowed_dir(workspace_path)
+        except OSError as exc:
+            error(f"Could not update allow list for '{workspace_path}': {exc}")
+            raise typer.Exit(1) from exc
+
     agent_cfg = config.get("agents", {}).get(selected_agent, {})
     spec = get_agent_spec(selected_agent)
     init_commands = _agent_init_commands(selected_agent, agent_cfg)

src/vibepod/core/allowed_dirs.py

@@ -0,0 +1,77 @@
+"""Allowed directories management for vp run."""
+
+from __future__ import annotations
+
+import json
+import os
+from pathlib import Path
+
+from vibepod.core.config import get_config_root
+
+
+def get_allowed_dirs_path() -> Path:
+    """Return path to the allowed-directories JSON file."""
+    return get_config_root() / "allowed_dirs.json"
+
+
+def load_allowed_dirs() -> list[str]:
+    """Load and return the list of allowed directory paths."""
+    path = get_allowed_dirs_path()
+    if not path.exists():
+        return []
+    try:
+        data = json.loads(path.read_text(encoding="utf-8"))
+        if isinstance(data, list):
+            return [str(d) for d in data if isinstance(d, str)]
+    except (json.JSONDecodeError, OSError):
+        pass
+    return []
+
+
+def save_allowed_dirs(dirs: list[str]) -> None:
+    """Persist the list of allowed directory paths."""
+    path = get_allowed_dirs_path()
+    path.parent.mkdir(parents=True, exist_ok=True)
+    tmp = path.with_suffix(".tmp")
+    tmp.write_text(json.dumps(sorted(set(dirs)), indent=2), encoding="utf-8")
+    os.replace(tmp, path)
+
+
+def is_protected_dir(path: Path) -> bool:
+    """Return True if *path* is the filesystem root or the current user's home directory."""
+    try:
+        resolved = path.expanduser().resolve()
+    except OSError:
+        return False
+    home = Path.home().resolve()
+    root = Path("/").resolve()
+    return resolved == home or resolved == root
+
+
+def is_dir_allowed(path: Path) -> bool:
+    """Return True if *path* is in the allow list."""
+    try:
+        resolved = str(path.expanduser().resolve())
+    except OSError:
+        return False
+    return resolved in load_allowed_dirs()
+
+
+def add_allowed_dir(path: Path) -> None:
+    """Add *path* to the allow list (no-op if already present)."""
+    resolved = str(path.expanduser().resolve())
+    dirs = load_allowed_dirs()
+    if resolved not in dirs:
+        dirs.append(resolved)
+        save_allowed_dirs(dirs)
+
+
+def remove_allowed_dir(path: Path) -> bool:
+    """Remove *path* from the allow list. Returns True if it was present."""
+    resolved = str(path.expanduser().resolve())
+    dirs = load_allowed_dirs()
+    if resolved in dirs:
+        dirs.remove(resolved)
+        save_allowed_dirs(dirs)
+        return True
+    return False

tests/test_config.py

@@ -163,3 +163,91 @@ def test_llm_env_overrides(monkeypatch, tmp_path: Path) -> None:
     assert llm["base_url"] == "http://localhost:11434/v1"
     assert llm["api_key"] == "sk-test"
     assert llm["model"] == "llama3"
+
+
+
+# ---------------------------------------------------------------------------
+# allow-dir / remove-dir / list-allowed-dirs subcommand tests
+# ---------------------------------------------------------------------------
+
+
+def test_allow_dir_adds_current_directory(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("VP_CONFIG_DIR", str(tmp_path / "cfg"))
+    monkeypatch.chdir(tmp_path)
+
+    result = runner.invoke(app, ["config", "allow-dir"])
+    assert result.exit_code == 0, result.stdout
+    assert str(tmp_path) in result.stdout
+
+
+def test_allow_dir_accepts_explicit_path(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("VP_CONFIG_DIR", str(tmp_path / "cfg"))
+    target = tmp_path / "myproject"
+    target.mkdir()
+
+    result = runner.invoke(app, ["config", "allow-dir", str(target)])
+    assert result.exit_code == 0, result.stdout
+    assert str(target) in result.stdout
+
+
+def test_allow_dir_rejects_nonexistent_path(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("VP_CONFIG_DIR", str(tmp_path / "cfg"))
+
+    result = runner.invoke(app, ["config", "allow-dir", str(tmp_path / "nonexistent")])
+    assert result.exit_code == 1
+
+
+def test_allow_dir_rejects_home_directory(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("VP_CONFIG_DIR", str(tmp_path / "cfg"))
+    home = str(Path.home())
+
+    result = runner.invoke(app, ["config", "allow-dir", home])
+    assert result.exit_code == 1
+    assert "protected" in result.stdout
+
+
+def test_allow_dir_rejects_root_directory(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("VP_CONFIG_DIR", str(tmp_path / "cfg"))
+
+    result = runner.invoke(app, ["config", "allow-dir", "/"])
+    assert result.exit_code == 1
+    assert "protected" in result.stdout
+
+
+def test_remove_dir_removes_allowed_directory(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("VP_CONFIG_DIR", str(tmp_path / "cfg"))
+    target = tmp_path / "myproject"
+    target.mkdir()
+
+    runner.invoke(app, ["config", "allow-dir", str(target)])
+    result = runner.invoke(app, ["config", "remove-dir", str(target)])
+    assert result.exit_code == 0, result.stdout
+    assert str(target) in result.stdout
+
+
+def test_remove_dir_fails_when_not_in_list(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("VP_CONFIG_DIR", str(tmp_path / "cfg"))
+    target = tmp_path / "myproject"
+    target.mkdir()
+
+    result = runner.invoke(app, ["config", "remove-dir", str(target)])
+    assert result.exit_code == 1
+
+
+def test_list_allowed_dirs_shows_added_directories(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("VP_CONFIG_DIR", str(tmp_path / "cfg"))
+    target = tmp_path / "myproject"
+    target.mkdir()
+
+    runner.invoke(app, ["config", "allow-dir", str(target)])
+    result = runner.invoke(app, ["config", "list-allowed-dirs"])
+    assert result.exit_code == 0, result.stdout
+    assert str(target) in result.stdout
+
+
+def test_list_allowed_dirs_empty(monkeypatch, tmp_path: Path) -> None:
+    monkeypatch.setenv("VP_CONFIG_DIR", str(tmp_path / "cfg"))
+
+    result = runner.invoke(app, ["config", "list-allowed-dirs"])
+    assert result.exit_code == 0
+    assert "No directories" in result.stdout