Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat: Add configuration schema for safety features#223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
Corlzee wants to merge1 commit intowonderwhy-er:main
base:main
Choose a base branch
Loading
fromCorlzee:feature/safety-config

Conversation

@Corlzee
Copy link

@CorlzeeCorlzee commentedAug 22, 2025
edited by coderabbitaibot
Loading

PR 1: Configuration Schema

Title: feat: Add configuration schema for safety features

Description:
This PR adds the foundation for safety features without changing any existing behavior.

What this adds:

  • readOnlyDirectories configuration option (empty by default)
  • requireExplicitPermission flag for destructive commands (false by default)
  • allowedSudoCommands array for sudo whitelist (empty by default)

Why this matters:

Sets up the configuration structure needed for safety features while maintaining 100% backward compatibility.

Testing:

  • ✅ Builds successfully with TypeScript
  • ✅ All existing functionality unchanged
  • ✅ Configuration loads with defaults

Breaking changes:

None - all new options have safe defaults that maintain current behavior.

Summary by CodeRabbit

  • New Features
    • Enhanced server safety controls in settings:
      • Mark specific directories as read-only to prevent accidental modifications.
      • Option to require explicit confirmation for destructive commands.
      • Define an allowlist of permitted sudo commands (supports patterns) for tighter control.
    • Defaults preserve existing behavior: no read-only directories, confirmation off, and sudo commands blocked unless explicitly allowed.
    • Admins can tailor these settings to match organizational policies and reduce operational risk.

- Add readOnlyDirectories for protected paths- Add requireExplicitPermission flag for destructive commands- Add allowedSudoCommands array for sudo whitelist- Backward compatible with defaults (empty arrays, false flag)This commit adds configuration without changing behavior.
@coderabbitai
Copy link
Contributor

coderabbitaibot commentedAug 22, 2025
edited
Loading

Walkthrough

Added three optional properties to ServerConfig in src/config-manager.ts and initialized corresponding defaults: readOnlyDirectories (string[]), requireExplicitPermission (boolean), and allowedSudoCommands (string[]).

Changes

Cohort / File(s)Summary
Config schema updates
src/config-manager.ts		Extended ServerConfig with optional properties:readOnlyDirectories?: string[],requireExplicitPermission?: boolean,allowedSudoCommands?: string[]. Set default config values:readOnlyDirectories: [],requireExplicitPermission: false,allowedSudoCommands: [].

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I twitch my whiskers, configs anew,
Read-only burrows, clear paths to pursue.
A nod for permission, before I hop through,
Sudo’s whitelist—just a select few.
In clover of defaults, I chew and review.
Thump-thump: changes crisp as morning dew.

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from theIntegrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches
  • 📝 Generate Docstrings
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat withCodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag@coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag@coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on oursupport page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type@coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add@coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add@coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add@coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a.coderabbit.yaml file to the root of your repository.
  • Please see theconfiguration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation:# yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit ourStatus Page to check the current availability of CodeRabbit.
  • Visit ourDocumentation for detailed information on how to use CodeRabbit.
  • Join ourDiscord Community to get help, request features, and share feedback.
  • Follow us onX/Twitter for updates and announcements.

Copy link
Contributor

@coderabbitaicoderabbitaibot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

  • MCP integration is disabled by default for public repositories
  • Jira integration is disabled by default for public repositories
  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between218531b and94d8e73.

📒 Files selected for processing (1)
  • src/config-manager.ts (2 hunks)
🧰 Additional context used
🧬 Code graph analysis (1)
src/config-manager.ts (2)
src/tools/filesystem.ts (1)
  • getAllowedDirs (108-128)
src/tools/config.ts (1)
  • setConfigValue (55-142)
🔇 Additional comments (1)
src/config-manager.ts (1)

136-140:Incorrect interpretation of defaultallowedDirectories—no change needed

The current logic ingetAllowedDirs() returns an empty array ([]) when the default config is used. InisPathAllowed(), there is an explicit check:

constallowedDirectories=awaitgetAllowedDirs();if(allowedDirectories.includes('/')||allowedDirectories.length===0){returntrue;}

BecauseallowedDirectories.length === 0 evaluates to true,all filesystem paths remain allowed by default—preserving the original, unrestricted behavior on fresh installs. The reviewer’s concern that[] would lock out FS access overlooks this secondary fallback inisPathAllowed.

No modifications to the defaults or filesystem utils are required.

Likely an incorrect or invalid review comment.

Comment on lines +13 to +15
readOnlyDirectories?:string[];// Directories that can be read but not modified
requireExplicitPermission?:boolean;// Require explicit flag for destructive commands
allowedSudoCommands?:string[];// Whitelist of allowed sudo commands with pattern support
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

💡 Verification agent

🧩 Analysis chain

Safety config keys: good foundation; wire up parsing and enforcement semantics next

  • These optional props keep backwards compatibility. Good.
  • Ensure the CLI/tooling can set these array-typed keys from string inputs. In src/tools/config.ts, setConfigValue currently special-cases only 'allowedDirectories' and 'blockedCommands'. Please include 'readOnlyDirectories' and 'allowedSudoCommands' to avoid storing a single string when a user passes JSON or a comma-separated string.

Example adjustment in src/tools/config.ts (illustrative; outside this diff):

// Extend the known array keys setconstarrayKeys=newSet(['allowedDirectories','blockedCommands','readOnlyDirectories','allowedSudoCommands',]);// Then use: if (arrayKeys.has(parsed.data.key) && !Array.isArray(valueToStore)) { ... }
  • Define precedence now to avoid ambiguity later: if a path appears in both allowedDirectories and readOnlyDirectories, writes must be denied. Document and enforce this in the file ops layer.
  • “Pattern support” for allowedSudoCommands: specify the dialect (glob vs regex), anchoring rules, and escaping to prevent surprising matches.

To verify coverage now, run:

🏁 Script executed:

#!/bin/bash# Find usages of the new keys to ensure setter/parsing/enforcement existsrg -n -C2 -g'!**/dist/**' -e'\breadOnlyDirectories\b|\brequireExplicitPermission\b|\ballowedSudoCommands\b' src

Length of output: 1477

#!/bin/bash# Inspect setConfigValue implementation and array key handlingecho"---- Searching for setConfigValue declaration ----"rg -n -C3"setConfigValue" -g'src/tools/config.ts'echo -e"\n---- Checking arrayKeys or similar handling ----"rg -n -C3"allowedDirectories" -g'src/tools/config.ts'rg -n -C3"blockedCommands" -g'src/tools/config.ts'rg -n -C3"readOnlyDirectories" -g'src/tools/config.ts'rg -n -C3"allowedSudoCommands" -g'src/tools/config.ts'
#!/bin/bash# Locate and inspect the setConfigValue implementationecho"---- Finding setConfigValue definition ----"rg -n -C5"function setConfigValue" -g'src/tools/config.ts'echo -e"\n---- Showing 20 lines around setConfigValue ----"rg -n -C10"setConfigValue" -g'src/tools/config.ts'echo -e"\n---- Searching for multi-value or array key handling ----"rg -n -C5"arrayKeys" -g'src/tools/config.ts'rg -n -C5"multiValue" -g'src/tools/config.ts'rg -n -C5"split" -g'src/tools/config.ts'
#!/bin/bash# Locate and inspect setConfigValue implementation in src/tools/config.tsecho"---- setConfigValue definition and context ----"rg -n -C5"function setConfigValue" -g'src/tools/config.ts'echo -e"\n---- References to array key handling ----"rg -n -C5"new Set" -g'src/tools/config.ts'rg -n -C5"allowedDirectories" -g'src/tools/config.ts'

🏁 Script executed:

#!/bin/bash# Inspect setConfigValue in src/tools/config.ts for array key parsingrg -n -C5"function setConfigValue" src/tools/config.tsrg -n -C5"switch (key)" src/tools/config.tsrg -n -C5"allowedDirectories" src/tools/config.tsrg -n -C5"blockedCommands" src/tools/config.tsrg -n -C5"readOnlyDirectories" src/tools/config.tsrg -n -C5"allowedSudoCommands" src/tools/config.ts

Length of output: 1669

Handle new config keys insetConfigValue and enforce semantics

The special-case logic insrc/tools/config.ts currently only parses JSON/comma-lists forallowedDirectories andblockedCommands. We need to extend it to cover bothreadOnlyDirectories andallowedSudoCommands, and then implement the enforcement semantics you outlined.

• Insrc/tools/config.ts:setConfigValue(), update the array-key check to include the two new keys (and ensurerequireExplicitPermission stays boolean-only).

- if ((parsed.data.key === 'allowedDirectories' || parsed.data.key === 'blockedCommands') && !Array.isArray(valueToStore)) {+ const arrayKeys = new Set([+   'allowedDirectories',+   'blockedCommands',+   'readOnlyDirectories',+   'allowedSudoCommands',+ ]);+ if (arrayKeys.has(parsed.data.key) && !Array.isArray(valueToStore)) {

• Define and document precedence in your file-operations layer:
– If a path appears in bothallowedDirectories andreadOnlyDirectories, forbid write operations (read-only wins).
– IfrequireExplicitPermission istrue, any destructive command (e.g.,rm,mv) must be gated behind an explicit flag.

• ForallowedSudoCommands, specify the pattern dialect and matching rules in comments and/or schema:
– Glob vs. regex? Anchoring (full-match vs. substring)?
– How to escape metacharacters?
– Reject/escape invalid patterns at set time.

Please update the code and documentation accordingly before merging.

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents
In src/config-manager.ts around lines 13 to 15: extend setConfigValue handlingso array-parsing includes readOnlyDirectories and allowedSudoCommands whilekeeping requireExplicitPermission treated only as a boolean; updatesrc/tools/config.ts:setConfigValue() to treat allowedDirectories,blockedCommands, readOnlyDirectories, and allowedSudoCommands as array-keys(parse JSON or comma-lists) and validate/normalize values on set (reject invalidtypes). In the file-operations layer implement and document precedence: if apath is in both allowedDirectories and readOnlyDirectories, consider itread-only and block write operations; if requireExplicitPermission is true, gatedestructive commands (e.g., rm, mv, rmdir, truncate) behind an explicitpermission flag check. For allowedSudoCommands add clear schema comments statingthe pattern dialect (use anchored glob patterns, full-match semantics, e.g.,bash-style globs, not regex), document how to escape metacharacters, validatepatterns at set time (reject malformed globs) and implement matching as afull-match glob against the entire command string; log or surface invalidpatterns when set. Ensure docs/comments reflect precedence and enforcement rulesand that invalid config values produce clear errors when set.

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@coderabbitaicoderabbitai[bot]coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Corlzee
[8]ページ先頭
©2009-2025 Movatter.jp