Fix false positves rejection on plan agent

ericdallo · ericdallo · commit 15265133295c · 2026-04-01T12:58:26.000-03:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,7 @@
 - Bump plumcp to 0.2.0-beta6.
 - Fix MCP server start/stop blocking the protocol thread, causing ECA to become unresponsive.
 - Dispatch request and notification handlers off the protocol thread to prevent blocking.
+- Fix false positves rejection on plan agent.
 
 ## 0.122.1
 
diff --git a/src/eca/config.clj b/src/eca/config.clj
@@ -42,14 +42,14 @@
 (defn get-property [property] (System/getProperty property))
 
 (def ^:private dangerous-commands-regexes
-  [".*[12&]?>>?\\s*(?!/dev/null($|\\s))(?!/tmp/\\S*($|\\s))(?!&\\d+($|\\s))(?!>)\\S+.*" ;; output redirection (except /dev/null and /tmp/)
+  [".*[12&]?>>?\\s*(?!/dev/null\\b)(?!/tmp/\\S*\\b)(?!&\\d+\\b)(?!>)\\S+.*" ;; output redirection (except /dev/null and /tmp/)
    ".*\\|\\s*(tee|dd|xargs).*",                                                          ;; pipe to tee/dd/xargs
    ".*\\b(sed|awk|perl)\\s+.*-i.*",                                                      ;; in-place editing
    ".*\\b(rm|mv|cp|touch|mkdir)\\b.*",                                                   ;; file mutation commands
    ".*git\\s+(add|commit|push).*",                                                       ;; git write ops
    ".*npm\\s+install.*",                                                                 ;; npm install
    ".*-c\\s+[\"'].*open.*[\"']w[\"'].*",                                                 ;; python open(...,'w')
-   ".*bash.*-c.*[12&]?>>?\\s*(?!/dev/null($|\\s))(?!/tmp/\\S*($|\\s))(?!&\\d+($|\\s))(?!>)\\S+.*"])
+   ".*bash.*-c.*[12&]?>>?\\s*(?!/dev/null\\b)(?!/tmp/\\S*\\b)(?!&\\d+\\b)(?!>)\\S+.*"])
 
 (def ^:private openai-variants
   {"none" {:reasoning {:effort "none"}}
diff --git a/test/eca/features/tools_test.clj b/test/eca/features/tools_test.clj
@@ -322,7 +322,10 @@
         "head -10 file.txt"
         "pwd"
         "date"
-        "env"))
+        "env"
+        "cd /tmp && jar xf /home/user/.m2/repository/lib/lib-1.0.jar src/foo.cljc 2>&1; echo \"---DONE---\""
+        "some-cmd 2>&1; echo done"
+        "some-cmd 2>/dev/null; echo done"))
 
     (testing "redirections to /tmp/ are not denied in plan mode"
       (are [command] (not= :deny
