Skip to content

Comments

fix: add catch-all Allow rule to legacy permission policy#334

Merged
bug-ops merged 2 commits intomainfrom
fix/permission-policy-default-allow
Feb 15, 2026
Merged

fix: add catch-all Allow rule to legacy permission policy#334
bug-ops merged 2 commits intomainfrom
fix/permission-policy-default-allow

Conversation

@bug-ops
Copy link
Owner

@bug-ops bug-ops commented Feb 15, 2026

Summary

  • PermissionPolicy::from_legacy() lacked a fallback rule, causing check() to return Ask for any command not in blocked_commands or confirm_patterns
  • Safe commands like find, ls, echo triggered confirmation prompts that appeared unresponsive after approval
  • Added wildcard Allow rule at the end of the legacy rule chain so unmatched commands execute without confirmation

Test plan

  • Existing permission tests pass (17/17)
  • Full workspace tests pass (1378/1378)
  • New assertions: find and ls return Allow via from_legacy

@bug-ops
fix: add catch-all Allow rule to legacy permission policy
33c949f 
from_legacy() created rules only for blocked commands (Deny) and
confirm patterns (Ask) but lacked a fallback. Since check() defaults
to Ask when no rule matches, every safe command (find, ls, echo, etc.)
triggered a confirmation prompt that appeared to hang after approval.

Append a wildcard Allow rule so unmatched commands execute without
confirmation.
@github-actions github-actions bot added bug Something isn't working rust size/S and removed bug Something isn't working labels Feb 15, 2026
@github-actions github-actions bot added the bug Something isn't working label Feb 15, 2026
@bug-ops bug-ops enabled auto-merge (squash) February 15, 2026 16:05
@codecov-commenter
Copy link

codecov-commenter commented Feb 15, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #334   +/-   ##
=======================================
  Coverage   80.28%   80.28%           
=======================================
  Files          99       99           
  Lines       24236    24241    +5     
=======================================
+ Hits        19458    19463    +5     
  Misses       4778     4778
Files with missing lines Coverage Δ
crates/zeph-tools/src/permissions.rs 100.00% <100.00%> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@bug-ops bug-ops merged commit 8ba0bc0 into main Feb 15, 2026
17 checks passed
@bug-ops bug-ops deleted the fix/permission-policy-default-allow branch February 15, 2026 16:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

bug Something isn't working rust size/S

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bug-ops @codecov-commenter