vtcode_core/config/core/
commands.rs

1use serde::{Deserialize, Serialize};
2
3/// Command execution configuration
4#[derive(Debug, Clone, Deserialize, Serialize)]
5pub struct CommandsConfig {
6    /// Commands that can be executed without prompting
7    #[serde(default)]
8    pub allow_list: Vec<String>,
9
10    /// Commands that are always denied
11    #[serde(default)]
12    pub deny_list: Vec<String>,
13
14    /// Glob patterns allowed for shell commands (applies to run_terminal_cmd/Bash)
15    #[serde(default)]
16    pub allow_glob: Vec<String>,
17
18    /// Glob patterns denied for shell commands
19    #[serde(default)]
20    pub deny_glob: Vec<String>,
21
22    /// Regex allow patterns for shell commands
23    #[serde(default)]
24    pub allow_regex: Vec<String>,
25
26    /// Regex deny patterns for shell commands
27    #[serde(default)]
28    pub deny_regex: Vec<String>,
29}
30
31impl Default for CommandsConfig {
32    fn default() -> Self {
33        Self {
34            allow_list: vec![
35                "ls".to_string(),
36                "pwd".to_string(),
37                "cat".to_string(),
38                "grep".to_string(),
39                "find".to_string(),
40                "head".to_string(),
41                "tail".to_string(),
42                "wc".to_string(),
43                "git status".to_string(),
44                "git diff".to_string(),
45                "git log".to_string(),
46                "cargo check".to_string(),
47                "cargo tree".to_string(),
48                "cargo metadata".to_string(),
49                "which".to_string(),
50                "echo".to_string(),
51            ],
52            deny_list: vec![
53                "rm -rf /".to_string(),
54                "rm -rf ~".to_string(),
55                "rm -rf /*".to_string(),
56                "shutdown".to_string(),
57                "reboot".to_string(),
58                "halt".to_string(),
59                "poweroff".to_string(),
60                "sudo rm".to_string(),
61                "sudo chmod".to_string(),
62                "sudo chown".to_string(),
63                "format".to_string(),
64                "fdisk".to_string(),
65                "mkfs".to_string(),
66                "dd if=".to_string(),
67                "wget".to_string(),
68                "curl".to_string(),
69                ":(){ :|:& };:".to_string(), // Fork bomb
70            ],
71            allow_glob: vec![
72                "git *".to_string(),
73                "cargo *".to_string(),
74                "rustc *".to_string(),
75                "python -m *".to_string(),
76                "node *".to_string(),
77                "npm *".to_string(),
78                "yarn *".to_string(),
79                "pnpm *".to_string(),
80            ],
81            deny_glob: vec![
82                "rm *".to_string(),
83                "sudo *".to_string(),
84                "chmod *".to_string(),
85                "chown *".to_string(),
86                "kill *".to_string(),
87                "pkill *".to_string(),
88                "systemctl *".to_string(),
89                "service *".to_string(),
90                "mount *".to_string(),
91                "umount *".to_string(),
92                "docker run *".to_string(),
93                "kubectl *".to_string(),
94            ],
95            allow_regex: vec![
96                r"^(ls|pwd|cat|grep|find|head|tail|wc)\b".to_string(),
97                r"^git (status|diff|log|show|branch)\b".to_string(),
98                r"^cargo (check|build|test|doc|clippy|fmt)\b".to_string(),
99            ],
100            deny_regex: vec![
101                r"rm\s+(-rf|--force)".to_string(),
102                r"sudo\s+.*".to_string(),
103                r"chmod\s+.*".to_string(),
104                r"chown\s+.*".to_string(),
105                r"docker\s+run\s+.*--privileged".to_string(),
106                r"kubectl\s+(delete|drain|uncordon)".to_string(),
107            ],
108        }
109    }
110}