Skip to content

Allow plan-mode read-only command prefixes / 支持计划模式只读命令前缀#5867

Merged
SivanCola merged 3 commits into
esengine:main-v2from
SivanCola:fix/plan-mode-read-only-commands
Jul 3, 2026
Merged

Allow plan-mode read-only command prefixes / 支持计划模式只读命令前缀#5867
SivanCola merged 3 commits into
esengine:main-v2from
SivanCola:fix/plan-mode-read-only-commands

Conversation

@SivanCola

@SivanCola SivanCola commented Jul 3, 2026

Copy link
Copy Markdown
Collaborator

Summary

  • Add a dedicated plan-mode trust prompt for unknown query-shaped bash commands so commands like gh issue view ... can be trusted once, for the session, or persisted as [agent].plan_mode_read_only_commands.
  • Keep the safety boundary narrow: shell operators, interpreters, broad prefixes, writer-capable verbs, unsafe arguments, task, and run_skill remain blocked while planning.
  • Route accepted command-prefix trust through the normal permission gate as read-only to avoid a second generic Bash prompt, and update CLI/TUI, desktop labels, i18n, docs, startup warnings, and project-config persistence.

Related to #4572 and follow-up to #5246.

Validation

  • go test -count=1 ./internal/planmode ./internal/agent ./internal/control ./internal/boot ./internal/config
  • go test -count=1 ./internal/agent -run TestPlanModeDoesNotMutateSystemOrTools
  • pnpm --dir desktop/frontend install --frozen-lockfile --offline
  • pnpm --dir desktop/frontend typecheck
  • git diff --check
  • CACHE_IMPACT_PR_BODY_FILE=/tmp/<body> CACHE_IMPACT_CHANGED_FILES_FILE=/tmp/<files> scripts/check-cache-impact.sh

Cache impact

Cache-impact: low - plan-mode policy/config behavior changes, but this does not change provider-visible tool schemas or the stable system prompt shape.
Cache-guard: go test -count=1 ./internal/agent -run TestPlanModeDoesNotMutateSystemOrTools
System-prompt-review: self-reviewed; startup/config routing and docs changed, with no intended stable system prompt or provider-visible tool schema change.

@SivanCola SivanCola requested a review from esengine as a code owner July 3, 2026 10:27
@github-actions github-actions Bot added agent Core agent loop (internal/agent, internal/control) config Configuration & setup (internal/config) v2 Go rewrite (1.x) — main-v2 branch, active development labels Jul 3, 2026
@github-actions github-actions Bot added desktop Wails desktop app (desktop/**) tui Terminal UI / CLI (internal/cli, internal/control) labels Jul 3, 2026
…-only-commands

# Conflicts:
#	internal/boot/boot.go
#	internal/control/controller.go
@SivanCola SivanCola merged commit a306a07 into esengine:main-v2 Jul 3, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

agent Core agent loop (internal/agent, internal/control) config Configuration & setup (internal/config) desktop Wails desktop app (desktop/**) tui Terminal UI / CLI (internal/cli, internal/control) v2 Go rewrite (1.x) — main-v2 branch, active development

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant