Feature/code sandbox security v3

.gitignore

@@ -7,6 +7,8 @@ __pycache__/
 
 # Log files
 *.log
+/logs/
+logs/*
 
 # macOS system files
 .DS_Store
@@ -62,4 +64,4 @@ gemini_models.txt
 # OS-specific files
 Thumbs.db
 ehthumbs.db
-desktop.ini
+desktop.ini

CHANGELOG.md

@@ -1,7 +1,51 @@
+
+## v3.2.1 (2026-04-07)
+- Add mode indicator, strict safe-mode blocking, unsafe confirmations, warnings, and improved safety controls for enterprise-grade execution behavior and user awareness
+- Update the Sandbox and Code Exectution
+- Refactor execution architecture with python-first model, restore bash compatibility for tests, fix decoding bug, enforce output limits, update versioning, and correct gitignore entries for logs and newline compliance.
+- Overhaul execution architecture with python-first model, sandboxing, and improved safety controls
+- stop tracking history.json
+- Removed /shell command and added Code Exeuction safety
+- fix(safety): block unquoted absolute-path del command (e.g. del D:\Temp\*.txt)
+- test: add safety checks for quoted wildcard del commands and mocked LLM repair loop for dangerous commands
+- fix: block quoted wildcard del commands and add Windows absolute-path delete patterns
+- feat: enhance safety manager to block absolute-path deletions in various contexts
+- feat: enhance llm_dispatcher to support local endpoints
+- refactor: update configuration files to use JSON format
+- feat: fixed package manager issues with retry circuit logic
+- Update configuration files to use triple backtick separators for code generation
+- Merge pull request #24 from haseeb-heaven/feature/sandbox-safety-v3
+- chore: update changelog, improve README links, and remove deprecated config files
+- Merge branch 'feature/sandbox-safety-v3' of https://github.com/haseeb-heaven/code-interpreter into feature/sandbox-safety-v3
+- fix: update model configurations and improve error handling in code execution
+- fix: apply CodeRabbit auto-fixes
+- feat: update litellm version and add model normalization utility
+- fix: apply CodeRabbit auto-fixes
+- fix: apply CodeRabbit auto-fixes
+- 📝 CodeRabbit Chat: Generate unit tests for PR changes
+- Optimize README: move models to Models.MD, shorten sections
+- release: prepare v3.1.0 assets and docs
+- feat: Add OpenRouter API support with multiple model configurations
+- feat: Introduce execution safety features and self-repair mechanism
+- Add configuration files and terminal UI for model selection
+- Update LLM catalog to newer models and fix model routing bugs
+
 # Changelog
 
 All notable changes to this project are documented in this file.
 
+## v3.2.0 - April 6, 2026
+- Added visual mode indicator in session banner ([SAFE MODE] or [UNSAFE MODE ⚠️])
+- Implemented strict safety blocking: dangerous operations are hard-blocked in SAFE MODE
+- Added confirmation prompts for dangerous operations in UNSAFE MODE
+- Enhanced user awareness of destructive operations with warning messages
+- Improved enterprise-level safety and user control
+
+## v3.1.1 - April 6, 2026
+- Refactored execution architecture to Python-first model (replacing shell-subprocess as default)
+- Enforced 10 KB hard output limit with truncation sentinel
+- Minor fixes for timeout handling, output limits, and version alignment.
+
 ## v3.1.0 - April 5, 2026
 - Added OpenRouter support with multiple paid and free model aliases.
 - Added OpenRouter free defaults and switched `OPENROUTER_API_KEY` auto-selection to `openrouter/free`.

README.md

@@ -140,6 +140,39 @@ python interpreter.py -md 'code' -m 'gpt-4o' -dc
 - 🤝 Integrates with HuggingFace, OpenAI, Gemini, etc.
 - 🎯 Versatile tasks: file ops, image/video editing, data analysis
 
+## 🛡️ **Safety Features**
+
+### Mode Indicator
+The interpreter displays the current safety mode in the session banner:
+- **[SAFE MODE]** - Default mode with safety restrictions enabled (green)
+- **[UNSAFE MODE ⚠️]** - Unrestricted mode (red with warning emoji)
+
+To enable unsafe mode, use the `--unsafe` flag:
+```bash
+interpreter --unsafe
+```
+
+### Dangerous Operation Handling
+The interpreter handles dangerous operations with a single confirmation prompt:
+
+**SAFE MODE:**
+- Dangerous operations are **blocked entirely** (no confirmation prompt)
+- You will see: `❌ Dangerous operation blocked in SAFE MODE.`
+- No file deletion or modification operations are allowed
+
+**UNSAFE MODE:**
+- Single prompt for ALL operations (safe or dangerous)
+- Safe operations: `Execute the code? (Y/N):`
+- Dangerous operations: `⚠️ Dangerous operation. Continue? (Y/N):`
+- Operations execute only if you confirm with 'Y'
+
+To enable unsafe mode, use the `--unsafe` flag:
+```bash
+interpreter --unsafe
+```
+
+**Warning:** Use unsafe mode with caution! Dangerous operations can delete or modify your files.
+
 ## 🛠️ **Usage**
 
 To use Code-Interpreter, use the following command options:
@@ -321,9 +354,10 @@ If you're interested in contributing to **Code-Interpreter**, we'd love to have
 
 ## 📌 **Versioning**
 
-Current version: **3.1.0**
+Current version: **3.2.0**
 
 Quick highlights:
+- **v3.2.0** - Added mode indicator ([SAFE MODE] or [UNSAFE MODE ⚠️]) in session banner, implemented strict safety blocking for dangerous operations in SAFE MODE, added single confirmation prompt for operations in UNSAFE MODE.
 - **v3.1.0** - Added OpenRouter free-model aliases, made `openrouter/free` the default OpenRouter selection, improved simple-task code generation, added fresh TUI screenshots, and prepared release packaging assets.
 - **v3.0.0** - Added a default execution safety sandbox, dangerous command/code circuit breaker, bounded ReACT-style repair retries after failures, clearer execution feedback, and polished CLI/TUI runtime output.
 - **v2.4.1** - Added NVIDIA, Z AI, Browser Use, `.env.example`, and `--cli` / `--tui` startup flows.

VERSION

@@ -1 +1 @@
-3.1.0
+v3.2.1

build_release.sh

@@ -0,0 +1,75 @@
+#!/bin/bash
+
+VERSION_FILE="VERSION"
+CHANGELOG_FILE="CHANGELOG.md"
+DEFAULT_BUMP="patch"
+
+confirm() {
+  read -p "⚠️ $1 (y/N): " choice
+  case "$choice" in
+    y|Y ) return 0 ;;
+    * ) echo "❌ Skipped: $1"; return 1 ;;
+  esac
+}
+
+bump_version() {
+  local version=$1
+  local type=$2
+
+  IFS='.' read -r major minor patch <<< "${version#v}"
+
+  case "$type" in
+    major) major=$((major+1)); minor=0; patch=0 ;;
+    minor) minor=$((minor+1)); patch=0 ;;
+    patch) patch=$((patch+1)) ;;
+    *) echo "❌ Invalid bump type"; exit 1 ;;
+  esac
+
+  echo "v$major.$minor.$patch"
+}
+
+# INIT VERSION
+[ ! -f "$VERSION_FILE" ] && echo "v0.0.0" > $VERSION_FILE
+CURRENT_VERSION=$(cat $VERSION_FILE)
+
+BUMP_TYPE=${1:-$DEFAULT_BUMP}
+NEW_VERSION=$(bump_version "$CURRENT_VERSION" "$BUMP_TYPE")
+
+echo "🔼 Version: $CURRENT_VERSION → $NEW_VERSION"
+
+# UPDATE VERSION FILE
+echo "$NEW_VERSION" > $VERSION_FILE
+
+# CHANGELOG
+DATE=$(date +"%Y-%m-%d")
+COMMITS=$(git log --pretty=format:"- %s" $(git describe --tags --abbrev=0 2>/dev/null)..HEAD)
+[ -z "$COMMITS" ] && COMMITS="- Minor updates"
+
+CHANGELOG_ENTRY="\n## $NEW_VERSION ($DATE)\n$COMMITS\n"
+echo -e "$CHANGELOG_ENTRY" | cat - $CHANGELOG_FILE > temp && mv temp $CHANGELOG_FILE
+
+echo "📝 Changelog updated"
+
+# =====================
+# CONFIRM STEPS
+# =====================
+
+if confirm "Commit changes?"; then
+  git add .
+  git commit -m "Release $NEW_VERSION" || echo "⚠️ Nothing to commit"
+fi
+
+if confirm "Push to origin/main?"; then
+  git push origin main
+fi
+
+if confirm "Create & push tag $NEW_VERSION?"; then
+  git tag $NEW_VERSION
+  git push origin $NEW_VERSION
+fi
+
+if confirm "Create GitHub release?"; then
+  gh release create $NEW_VERSION --title "$NEW_VERSION" --generate-notes
+fi
+
+echo "✅ Done: $NEW_VERSION"

interpreter.py

@@ -26,7 +26,7 @@
 from libs.utility_manager import UtilityManager
 
 # The main version of the interpreter.
-INTERPRETER_VERSION = "3.1.0"
+INTERPRETER_VERSION = "3.2.0"
 
 
 def build_parser():
@@ -39,9 +39,9 @@ def build_parser():
     parser.add_argument('--lang', '-l', type=str, default='python', help='Set the interpreter language. (Defaults to Python)')
     parser.add_argument('--display_code', '-dc', action='store_true', default=False, help='Display the generated code in output')
     parser.add_argument('--history', '-hi', action='store_true', default=False, help='Use history as memory')
-    parser.add_argument('--unsafe', action='store_true', default=False, help='Disable execution safety checks and sandbox protections')
     parser.add_argument('--upgrade', '-up', action='store_true', default=False, help='Upgrade the interpreter')
     parser.add_argument('--file', '-f', type=str, nargs='?', const='prompt.txt', default=None, help='Sets the file to read the input prompt from')
+    parser.add_argument("--unsafe", action="store_true", help="Allow unsafe execution (write/delete enabled)")
     mode_group = parser.add_mutually_exclusive_group()
     mode_group.add_argument('--cli', action='store_true', default=False, help='Launch the classic interactive CLI')
     mode_group.add_argument('--tui', action='store_true', default=False, help='Launch the selector-based terminal UI')