Skip to content

feat(opencode): add pre-execution shell command safety validator#27070

Open
jinguanghai wants to merge 1 commit into
anomalyco:devfrom
jinguanghai:pr-safety-validator
Open

feat(opencode): add pre-execution shell command safety validator#27070
jinguanghai wants to merge 1 commit into
anomalyco:devfrom
jinguanghai:pr-safety-validator

Conversation

@jinguanghai
Copy link
Copy Markdown

@jinguanghai jinguanghai commented May 12, 2026

Adds an optional safetyCheck() function that validates shell commands against 14 known dangerous patterns before execution.

Issue for this PR

Closes #27069

Type of change

  • New feature

What does this PR do?

Adds tool/safety.ts — a pre-execution shell command safety validator with 14 danger patterns (5 BLOCK, 7 WARN, 2 LOG). The function is self-contained with no integration into the execute flow yet, making this PR minimal and non-breaking.

How did you verify your code works?

Added 10 test cases covering all 14 patterns (BLOCK/WARN/LOG/SAFE). Tests pass locally: bun test test/tool/safety.test.ts

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

feat(opencode): add pre-execution shell command safety validator
c313353 
Adds an optional safetyCheck() function that validates shell commands
against 14 known dangerous patterns before execution.

- 5 BLOCK-level patterns (reject immediately)
- 7 WARN patterns (allow with warning)
- 2 LOG patterns (record for review)

Tests: 10 test cases covering all 14 patterns.
No breaking changes. No new dependencies.

Closes anomalyco#27069
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Proposal: Built-in pre-execution shell safety validation

1 participant

@jinguanghai