mirror of
https://github.com/mark3labs/kit.git
synced 2026-06-14 03:30:26 +00:00
Ed Zynda
65 lines
1.4 KiB
Go
65 lines
1.4 KiB
Go
//go:build ignore
|
|
|
|
package main
|
|
|
|
import (
|
|
"encoding/json"
|
|
"strings"
|
|
|
|
"kit/ext"
|
|
)
|
|
|
|
// Init intercepts potentially dangerous bash commands and asks the user for
|
|
// confirmation before allowing execution.
|
|
//
|
|
// Dangerous patterns: rm -rf, sudo, chmod 777, mkfs, dd, > /dev/
|
|
//
|
|
// Usage: kit -e examples/extensions/permission-gate.go
|
|
func Init(api ext.API) {
|
|
// Patterns that require user confirmation.
|
|
dangerousPatterns := []string{
|
|
"rm -rf",
|
|
"rm -r /",
|
|
"sudo ",
|
|
"chmod 777",
|
|
"chmod -R 777",
|
|
"mkfs",
|
|
"dd if=",
|
|
"> /dev/",
|
|
":(){ :|:& };:",
|
|
}
|
|
|
|
api.OnToolCall(func(tc ext.ToolCallEvent, ctx ext.Context) *ext.ToolCallResult {
|
|
if tc.ToolName != "Bash" {
|
|
return nil
|
|
}
|
|
|
|
// Extract the command from the tool input JSON.
|
|
var input struct {
|
|
Command string `json:"command"`
|
|
}
|
|
if err := json.Unmarshal([]byte(tc.Input), &input); err != nil {
|
|
return nil
|
|
}
|
|
cmd := strings.ToLower(input.Command)
|
|
|
|
// Check for dangerous patterns.
|
|
for _, pattern := range dangerousPatterns {
|
|
if strings.Contains(cmd, strings.ToLower(pattern)) {
|
|
result := ctx.PromptConfirm(ext.PromptConfirmConfig{
|
|
Message: "Dangerous command detected: " + input.Command + "\n\nAllow execution?",
|
|
})
|
|
if result.Cancelled || !result.Value {
|
|
return &ext.ToolCallResult{
|
|
Block: true,
|
|
Reason: "User denied execution of dangerous command: " + input.Command,
|
|
}
|
|
}
|
|
return nil // user approved
|
|
}
|
|
}
|
|
|
|
return nil
|
|
})
|
|
}
|