Expand description
Shell allowlist with AST-based command parsing.
Security model (Information Bottleneck principle):
- When allowlist is set: ALL segments of a compound command must be allowed (deny-by-default)
- When empty: all commands pass (backwards-compatible blocklist-only mode)
- Dangerous patterns (subshells, eval, backticks) are blocked in restricted mode
Functionsยง
- check_
shell_ allowlist - Checks if a command is allowed by the shell allowlist.
Returns
Ok(())if allowed,Err(message)if blocked. - extract_
base_ command