fix: harden allow-always shell multiplexer wrapper handling

2026-05-09 09:27:39 +00:00 · 2026-02-24 03:06:34 +00:00
parent 4a3f8438e5
commit a67689a7e3
8 changed files with 193 additions and 1 deletions
--- a/src/infra/exec-approvals-allowlist.ts
+++ b/src/infra/exec-approvals-allowlist.ts
@@ -21,6 +21,7 @@ import {
  extractShellWrapperInlineCommand,
  isDispatchWrapperExecutable,
  isShellWrapperExecutable,
+  unwrapKnownShellMultiplexerInvocation,
  unwrapKnownDispatchWrapperInvocation,
 } from "./exec-wrapper-resolution.js";

@@ -299,6 +300,30 @@ function collectAllowAlwaysPatterns(params: {
    return;
  }

+  const shellMultiplexerUnwrap = unwrapKnownShellMultiplexerInvocation(params.segment.argv);
+  if (shellMultiplexerUnwrap.kind === "blocked") {
+    return;
+  }
+  if (shellMultiplexerUnwrap.kind === "unwrapped") {
+    collectAllowAlwaysPatterns({
+      segment: {
+        raw: shellMultiplexerUnwrap.argv.join(" "),
+        argv: shellMultiplexerUnwrap.argv,
+        resolution: resolveCommandResolutionFromArgv(
+          shellMultiplexerUnwrap.argv,
+          params.cwd,
+          params.env,
+        ),
+      },
+      cwd: params.cwd,
+      env: params.env,
+      platform: params.platform,
+      depth: params.depth + 1,
+      out: params.out,
+    });
+    return;
+  }
+
  const candidatePath = resolveAllowlistCandidatePath(params.segment.resolution, params.cwd);
  if (!candidatePath) {
    return;