(
input: { command: string },
toolPermissionContext: ToolPermissionContext,
)
| 642 | * - 'passthrough' if no sed commands or all are safe |
| 643 | */ |
| 644 | export function checkSedConstraints( |
| 645 | input: { command: string }, |
| 646 | toolPermissionContext: ToolPermissionContext, |
| 647 | ): PermissionResult { |
| 648 | const commands = splitCommand_DEPRECATED(input.command) |
| 649 | |
| 650 | for (const cmd of commands) { |
| 651 | // Skip non-sed commands |
| 652 | const trimmed = cmd.trim() |
| 653 | const baseCmd = trimmed.split(/\s+/)[0] |
| 654 | if (baseCmd !== 'sed') { |
| 655 | continue |
| 656 | } |
| 657 | |
| 658 | // In acceptEdits mode, allow file writes (-i flag) but still block dangerous operations |
| 659 | const allowFileWrites = toolPermissionContext.mode === 'acceptEdits' |
| 660 | |
| 661 | const isAllowed = sedCommandIsAllowedByAllowlist(trimmed, { |
| 662 | allowFileWrites, |
| 663 | }) |
| 664 | |
| 665 | if (!isAllowed) { |
| 666 | return { |
| 667 | behavior: 'ask', |
| 668 | message: |
| 669 | 'sed command requires approval (contains potentially dangerous operations)', |
| 670 | decisionReason: { |
| 671 | type: 'other', |
| 672 | reason: |
| 673 | 'sed command contains operations that require explicit approval (e.g., write commands, execute commands)', |
| 674 | }, |
| 675 | } |
| 676 | } |
| 677 | } |
| 678 | |
| 679 | // No dangerous sed commands found (or no sed commands at all) |
| 680 | return { |
| 681 | behavior: 'passthrough', |
| 682 | message: 'No dangerous sed operations detected', |
| 683 | } |
| 684 | } |
| 685 |
no test coverage detected