will/flynn
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: default to full-access mode with hook-based sensitive guards

Browse Source
This commit is contained in:
William Valentin
2026-02-18 11:14:35 -08:00
parent fc2090b599
commit a76c5ae346
9 changed files with 72 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/config/schema.test.ts
+1 -1
View File
@@ -1544,7 +1544,7 @@ describe('configSchema — agents truthfulness/autonomy', () => {
const result = configSchema.parse(minimalConfig);
expect(result.agents.truthfulness_mode).toBe('standard');
expect(result.agents.autonomy_level).toBe('standard');
expect(result.agents.sensitive_mode).toBe('deny_without_elevation');
expect(result.agents.sensitive_mode).toBe('confirm_without_elevation');
expect(result.agents.immutable_denylist).toEqual(
expect.arrayContaining([
expect.objectContaining({ tool: 'shell.exec', args_pattern: 'git push origin main' }),
src/config/schema.ts
+1 -1
View File
@@ -499,7 +499,7 @@ const agentsSchema = z.object({
/** Autonomy level for tool execution: conservative | standard | autonomous. */
autonomy_level: autonomyLevelSchema.default('standard'),
/** Sensitive host-action behavior for high-impact tools. */
sensitive_mode: sensitiveModeSchema.default('deny_without_elevation'),
sensitive_mode: sensitiveModeSchema.default('confirm_without_elevation'),
/** Immutable denylist enforced even during elevated mode. */
immutable_denylist: z.array(immutableDenyRuleSchema).default([
{