Description
While exploring how the fallback scan works, I noticed that time and watch are included in DISPLAY_COMMANDS in src/core/analyze/constants.ts. Commands in this list skip the fallback scan, which is intended for display-only commands like echo or cat that don't execute their arguments.
However, time and watch actually execute their arguments as commands, so dangerous commands wrapped by them currently go undetected.
I'm not sure if this is an intentional design decision, so I wanted to raise it as a discussion before assuming it's a bug.
Example
$ bunx cc-safety-net explain "git reset --hard"
INPUT
git reset --hard
STEP 1 ─ Split shell commands
Segment 1: ["git","reset","--hard"]
STEP 2 ─ Match rules
Rule: rules-git.ts:analyzeGit()
Result: MATCHED
RESULT
Status: BLOCKED
Reason: git reset --hard destroys all uncommitted changes permanently. Use
'git stash' first.
$ bunx cc-safety-net explain "time git reset --hard"
INPUT
time git reset --hard
STEP 1 ─ Split shell commands
Segment 1: ["time","git","reset","--hard"]
✓ Allowed (no matching rules)
RESULT
Status: ALLOWED
$ bunx cc-safety-net explain "watch git reset --hard"
INPUT
watch git reset --hard
STEP 1 ─ Split shell commands
Segment 1: ["watch","git","reset","--hard"]
✓ Allowed (no matching rules)
RESULT
Status: ALLOWED
Root Cause (if this is a bug)
In src/core/analyze/segment.ts, the fallback scan is skipped for commands in DISPLAY_COMMANDS:
if (!DISPLAY_COMMANDS.has(normalizedHead)) {
// fallback scan
}Since time and watch are in this list, their arguments are never analyzed.
Potential Fix
Removing time, watch (and timeout for Linux users) from DISPLAY_COMMANDS would allow the fallback scan to analyze their arguments.
Note on Scope
This fits the project's goal of preventing accidental data loss by coding agents. While the likelihood of a coding agent intentionally combining time or watch with a destructive command is low, it could happen unintentionally — for example, running time rm -rf ./build to measure cleanup duration.
Description
While exploring how the fallback scan works, I noticed that
timeandwatchare included inDISPLAY_COMMANDSinsrc/core/analyze/constants.ts. Commands in this list skip the fallback scan, which is intended for display-only commands likeechoorcatthat don't execute their arguments.However,
timeandwatchactually execute their arguments as commands, so dangerous commands wrapped by them currently go undetected.I'm not sure if this is an intentional design decision, so I wanted to raise it as a discussion before assuming it's a bug.
Example
Root Cause (if this is a bug)
In
src/core/analyze/segment.ts, the fallback scan is skipped for commands inDISPLAY_COMMANDS:Since
timeandwatchare in this list, their arguments are never analyzed.Potential Fix
Removing
time,watch(andtimeoutfor Linux users) fromDISPLAY_COMMANDSwould allow the fallback scan to analyze their arguments.Note on Scope
This fits the project's goal of preventing accidental data loss by coding agents. While the likelihood of a coding agent intentionally combining
timeorwatchwith a destructive command is low, it could happen unintentionally — for example, runningtime rm -rf ./buildto measure cleanup duration.