fix(exec): require explicit safe-bin profiles

src/node-host/invoke-system-run.ts

@@ -18,6 +18,7 @@ import {
   type ExecSecurity,
 } from "../infra/exec-approvals.js";
 import type { ExecHostRequest, ExecHostResponse, ExecHostRunResult } from "../infra/exec-host.js";
+import { resolveSafeBinProfiles } from "../infra/exec-safe-bin-policy.js";
 import { getTrustedSafeBinDirs } from "../infra/exec-safe-bin-trust.js";
 import { sanitizeSystemRunEnvOverrides } from "../infra/host-env-security.js";
 import { resolveSystemRunCommand } from "../infra/system-run-command.js";
@@ -116,6 +117,10 @@ export async function handleSystemRunInvoke(opts: {
   });
   const env = opts.sanitizeEnv(envOverrides);
   const safeBins = resolveSafeBins(agentExec?.safeBins ?? cfg.tools?.exec?.safeBins);
+  const safeBinProfiles = resolveSafeBinProfiles({
+    ...cfg.tools?.exec?.safeBinProfiles,
+    ...agentExec?.safeBinProfiles,
+  });
   const trustedSafeBinDirs = getTrustedSafeBinDirs();
   const bins = autoAllowSkills ? await opts.skillBins.current() : new Set<string>();
   let analysisOk = false;
@@ -127,6 +132,7 @@ export async function handleSystemRunInvoke(opts: {
       command: shellCommand,
       allowlist: approvals.allowlist,
       safeBins,
+      safeBinProfiles,
       cwd: opts.params.cwd ?? undefined,
       env,
       trustedSafeBinDirs,
@@ -145,6 +151,7 @@ export async function handleSystemRunInvoke(opts: {
       analysis,
       allowlist: approvals.allowlist,
       safeBins,
+      safeBinProfiles,
       cwd: opts.params.cwd ?? undefined,
       trustedSafeBinDirs,
       skillBins: bins,