Merge pull request #32 from kevinnft/fix/run-command-permission-gate

fix(security): require user permission before run_command executes

Author: enowdev

src-tauri/src/agents/runner.rs

@@ -1034,6 +1034,27 @@ impl AgentRunner {
         executor: &ToolExecutor,
         tool_call: &ParsedToolCall,
     ) -> Option<oneshot::Receiver<bool>> {
+        if tool_call.name == "run_command" {
+            let command = tool_call
+                .input
+                .get("command")
+                .and_then(Value::as_str)
+                .map(std::string::ToString::to_string)?;
+
+            let rx = self.permissions.register(agent_run_id.to_string());
+
+            let _ = self.app_handle.emit(
+                "agent-permission-request",
+                AgentPermissionRequestEvent {
+                    agent_run_id: agent_run_id.to_string(),
+                    permission_type: "shell_command".to_string(),
+                    path: command,
+                    agent_type: agent_type.to_string(),
+                },
+            );
+            return Some(rx);
+        }
+
         let path = tool_call
             .input
             .get("path")

src/components/chat/PermissionDialog.tsx

@@ -31,6 +31,11 @@ export function PermissionDialog({ request, onAllow, onDeny }: PermissionDialogP
               Agent <span className="font-semibold text-[var(--text)]">{agentLabel}</span> wants to access a path outside the project:
             </>
           )}
+          {request.type === 'shell_command' && (
+            <>
+              Agent <span className="font-semibold text-[var(--text)]">{agentLabel}</span> wants to run a shell command:
+            </>
+          )}
           <br />
           <span className="inline-block mt-2 font-mono text-xs bg-[var(--surface-2)] px-2 py-1 rounded border border-[var(--border)] break-all">
             {request.path}

src/components/layout/AppShell.tsx

@@ -310,7 +310,7 @@ export const AppShell: React.FC = () => {
 
       const unlistenPermission = await listen<{
         agentRunId: string;
-        type: 'sensitive_file' | 'outside_sandbox';
+        type: 'sensitive_file' | 'outside_sandbox' | 'shell_command';
         path: string;
         agentType: string;
       }>('agent-permission-request', (event) => {

src/types/index.ts

@@ -127,7 +127,7 @@ export interface AgentRunWithTools extends AgentRun {
 }
 
 export interface PermissionRequest {
-  type: 'sensitive_file' | 'outside_sandbox';
+  type: 'sensitive_file' | 'outside_sandbox' | 'shell_command';
   path: string;
   agentType: AgentType;
   agentRunId: string;