feat: default to full-access mode with hook-based sensitive guards
This commit is contained in:
William Valentin
@@ -626,6 +626,12 @@ Control sensitive operations with pattern matching:
|
||||
hooks:
|
||||
confirm: # Requires user approval via Telegram
|
||||
- shell.*
|
||||
- process.start
|
||||
- process.kill
|
||||
- browser.*
|
||||
- message.send
|
||||
- cron.create
|
||||
- cron.delete
|
||||
- file.write
|
||||
- file.patch
|
||||
log: # Logs but doesn't block
|
||||
@@ -640,7 +646,7 @@ For unrestricted deployments, pair hooks with agent-level sensitive gating:
|
||||
```yaml
|
||||
agents:
|
||||
# deny_without_elevation | confirm_without_elevation
|
||||
sensitive_mode: deny_without_elevation
|
||||
sensitive_mode: confirm_without_elevation
|
||||
immutable_denylist:
|
||||
- tool: shell.exec
|
||||
args_pattern: "git push origin main"
|
||||
|
||||
Reference in New Issue
Block a user