Security/Exec: persist inner commands for shell-wrapper approvals

2026-05-08 07:21:23 +00:00 · 2026-02-21 21:26:06 -08:00
parent 2f023a4775
commit 98b2b16ac3
5 changed files with 279 additions and 4 deletions
--- a/src/agents/bash-tools.exec-host-gateway.ts
+++ b/src/agents/bash-tools.exec-host-gateway.ts
@@ -11,6 +11,7 @@ import {
  minSecurity,
  recordAllowlistUse,
  requiresExecApproval,
+  resolveAllowAlwaysPatterns,
  resolveExecApprovals,
 } from "../infra/exec-approvals.js";
 import { markBackgrounded, tail } from "./bash-process-registry.js";
@@ -153,8 +154,13 @@ export async function processGatewayAllowlist(
      } else if (decision === "allow-always") {
        approvedByAsk = true;
        if (hostSecurity === "allowlist") {
-          for (const segment of allowlistEval.segments) {
-            const pattern = segment.resolution?.resolvedPath ?? "";
+          const patterns = resolveAllowAlwaysPatterns({
+            segments: allowlistEval.segments,
+            cwd: params.workdir,
+            env: params.env,
+            platform: process.platform,
+          });
+          for (const pattern of patterns) {
            if (pattern) {
              addAllowlistEntry(approvals.file, params.agentId, pattern);
            }