bryanb
/
CheddahBot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

1.4: Wire require_approval check for shell commands 

When config.shell.require_approval is True, run_command now refuses
execution and directs the user to delegate_task instead. The execution
brain (Claude Code CLI) has its own approval controls.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
cora-start
PeninsulaInd 2026-02-17 09:59:27 -06:00
parent ed751d843b
commit 202a5e99e4
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
cheddahbot/tools/shell.py
View File

@ -18,7 +18,14 @@ BLOCKED_PATTERNS = [
@tool("run_command", "Execute a shell command and return output", category="shell") @tool("run_command", "Execute a shell command and return output", category="shell")
def run_command(command: str, timeout: int = 30) -> str: def run_command(command: str, timeout: int = 30, ctx: dict | None = None) -> str:
# Check require_approval setting
if ctx and ctx.get("config") and ctx["config"].shell.require_approval:
return (
"Shell commands require approval. Use the `delegate_task` tool instead — "
"it routes through the execution brain which has its own safety controls."
)
# Safety check # Safety check
cmd_lower = command.lower().strip() cmd_lower = command.lower().strip()
for pattern in BLOCKED_PATTERNS: for pattern in BLOCKED_PATTERNS: