You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Safety Net's built-in rules block legitimate cleanup operations from tools like gstack that use standard Unix patterns for session/temp file management.
Blocked commands
find with -delete flag — gstack's skill preamble runs find ~/.gstack/sessions -mmin +120 -type f with the delete flag to clean up stale session files. Safety Net blocks this with: "find -delete permanently removes files. Use -print first to preview."
rm -rf outside cwd — Commands like rm -rf /tmp/gstack-test-dir are blocked with: "rm -rf in home directory is dangerous." This triggers when cwd is ~, even though the target is /tmp/.
Why these are false positives
The find cleanup is scoped to ~/.gstack/sessions/ with -mmin +120 (files older than 2 hours). This is safe, targeted cleanup.
/tmp/ is designed for ephemeral files. Blocking rm -rf /tmp/<specific-dir> is overly conservative.
The string-matching also triggers on gh issue create body text that merely mentions the blocked pattern — blocking the creation of this very issue.
Current workaround
Skip the cleanup commands or ask the user to run them manually. Works but adds friction.
Suggested fix
Consider one of:
Allow find with delete flag when scoped to user config directories (~/.gstack/, ~/.cache/, etc.)
Problem
Safety Net's built-in rules block legitimate cleanup operations from tools like gstack that use standard Unix patterns for session/temp file management.
Blocked commands
findwith-deleteflag — gstack's skill preamble runsfind ~/.gstack/sessions -mmin +120 -type fwith the delete flag to clean up stale session files. Safety Net blocks this with: "find -delete permanently removes files. Use -print first to preview."rm -rfoutside cwd — Commands likerm -rf /tmp/gstack-test-dirare blocked with: "rm -rf in home directory is dangerous." This triggers when cwd is~, even though the target is/tmp/.Why these are false positives
findcleanup is scoped to~/.gstack/sessions/with-mmin +120(files older than 2 hours). This is safe, targeted cleanup./tmp/is designed for ephemeral files. Blockingrm -rf /tmp/<specific-dir>is overly conservative.gh issue createbody text that merely mentions the blocked pattern — blocking the creation of this very issue.Current workaround
Skip the cleanup commands or ask the user to run them manually. Works but adds friction.
Suggested fix
Consider one of:
findwith delete flag when scoped to user config directories (~/.gstack/,~/.cache/, etc.)rm -rftargeting/tmp/regardless of cwdgh issue createis not a shell command)Environment