Expand description
ct-test’s command allow-gate.
ct-test can run an arbitrary program, so it runs only commands on a
fixed, compiled-in list of read-only commands (BUILTIN). The list is
intentionally static and immutable: nothing a caller does at run time can
extend it, so an agent driving ct-test cannot grant itself new commands. A
command that is not on the list is refused, and nothing runs.
Gating is by program name (the file-name component of --cmd, or sh
under --shell, since a shell line can run anything). It is a guard against
unintended side effects, not a sandbox: it does not inspect arguments or
resolve which binary a name ultimately runs.
Constants§
- BUILTIN
- Commands trusted as read-only — the entire, fixed allowlist.
Functions§
- gated_
name - The program name the gate checks for a given
--cmd/--shellpairing. - is_
allowed - Whether
nameis on the fixed allowlist.