Skip to content

feat(knowledge): treat informational invocations as safe (1.3.0)#5

Merged
gmpassos merged 1 commit into
masterfrom
feature/informational-form-gate
Jun 29, 2026
Merged

feat(knowledge): treat informational invocations as safe (1.3.0)#5
gmpassos merged 1 commit into
masterfrom
feature/informational-form-gate

Conversation

@gmpassos

Copy link
Copy Markdown
Contributor

Context

Many commands are risky-by-default in the knowledge base — dart, flutter, and the interpreters in shell_knowledge.dart (node, python, ruby, java, …) plus cargo/go carry baseCapabilities: {executePrograms}. The analysis pipeline only ever adds capabilities and raises risk, so harmless invocations like dart --version, node --version, python --version were wrongly reported as executePrograms.

This adds a new mechanism — an informational-form gate — that recognizes purely informational invocations as read-only/safe, only when every argument is informational (so dart can still run arbitrary code with other parameters).

What changed

  • New global defaultInformationalTokens (--version, --help, --usage) applied to all known commands.
  • New per-command CommandKnowledge.informationalTokens field for tool-specific forms: java -version, python -V, node/php/ruby -v, perl -v/-V, deno/cargo -V, go version/env, dotnet --info/--list-sdks/--list-runtimes.
  • Gate runs at the top of _collect, before base caps/risk and at every recursion depth → wrapped forms like sudo node --version are handled (and sudo still reports privilegeEscalation).
  • Case-sensitive matching (-V-v); a single payload token defeats the gate (dart --version x.dart, go env -w K=V still report executePrograms).

Behavior change

Bare --version/--help/--usage (and the per-command short forms) on execute-by-default tools now classify as read-only/safe instead of executePrograms. npm --version moves from an empty capability set to readFilesystem (risk stays safe).

Verification

  • dart format — clean
  • dart analyze — No issues found
  • dart test404/404 pass (13 new gate tests)

Bumps version to 1.3.0 and updates CHANGELOG.md + doc/architecture.md.

🤖 Generated with Claude Code

Add an informational-form safety gate so commands that are risky-by-default
(dart, flutter, node, python, go, cargo, …) classify as read-only/safe when
*every* argument is a purely informational token (--version/--help/--usage,
plus per-command forms like java -version, python -V, go version/env).

- New top-level `defaultInformationalTokens` (global) and per-command
  `CommandKnowledge.informationalTokens` field.
- Gate runs at the top of `_collect`, before base caps/risk and at every
  recursion depth, so wrapped forms (`sudo node --version`) are handled.
- Case-sensitive matching (-V ≠ -v); a payload token defeats the gate
  (`dart --version x.dart`, `go env -w K=V` still execute).
- Adds a dedicated test group; bumps version to 1.3.0 and updates docs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@codecov

codecov Bot commented Jun 29, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

@gmpassos gmpassos merged commit baa9bf1 into master Jun 29, 2026
3 checks passed
@gmpassos gmpassos deleted the feature/informational-form-gate branch June 29, 2026 08:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant