will/flynn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(safety): gate sensitive tools behind elevation and immutable denylist

Browse Source
This commit is contained in:
William Valentin
2026-02-17 23:51:04 -08:00
parent 9345a864f4
commit 540f6780e6
10 changed files with 279 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/config/schema.ts
+28
View File
@@ -436,6 +436,12 @@ const automationSchema = z.object({
const truthfulnessModeSchema = z.enum(['strict', 'standard', 'relaxed']);
const autonomyLevelSchema = z.enum(['conservative', 'standard', 'autonomous']);
const sensitiveModeSchema = z.enum(['deny_without_elevation', 'confirm_without_elevation']);
const immutableDenyRuleSchema = z.object({
tool: z.string().min(1),
args_pattern: z.string().min(1).optional(),
reason: z.string().min(1).optional(),
});
const agentsSchema = z.object({
primary_tier: z.enum(['fast', 'default', 'complex', 'local']).default('default'),
@@ -460,6 +466,26 @@ const agentsSchema = z.object({
truthfulness_mode: truthfulnessModeSchema.default('standard'),
/** Autonomy level for tool execution: conservative | standard | autonomous. */
autonomy_level: autonomyLevelSchema.default('standard'),
/** Sensitive host-action behavior for high-impact tools. */
sensitive_mode: sensitiveModeSchema.default('deny_without_elevation'),
/** Immutable denylist enforced even during elevated mode. */
immutable_denylist: z.array(immutableDenyRuleSchema).default([
{
tool: 'shell.exec',
args_pattern: 'git push origin main',
reason: 'direct push to main is blocked by immutable policy',
},
{
tool: 'shell.exec',
args_pattern: 'git reset --hard',
reason: 'destructive hard reset is blocked by immutable policy',
},
{
tool: 'shell.exec',
args_pattern: 'git clean -fd',
reason: 'destructive clean is blocked by immutable policy',
},
]),
}).default({});
const embeddingProviderSchema = z.enum(['openai', 'gemini', 'ollama', 'llamacpp', 'voyage']);
@@ -950,3 +976,5 @@ export type AuditConfig = z.infer<typeof auditSchema>;
export type AuditLevel = z.infer<typeof auditLevelSchema>;
export type TruthfulnessMode = z.infer<typeof truthfulnessModeSchema>;
export type AutonomyLevel = z.infer<typeof autonomyLevelSchema>;
export type SensitiveMode = z.infer<typeof sensitiveModeSchema>;
export type ImmutableDenyRule = z.infer<typeof immutableDenyRuleSchema>;