feat(execpolicy): bash arity dictionary for command-prefix allow rules (closes #410)#655
Merged
Merged
Conversation
All system prompts were English-only, causing DeepSeek V4 to reason and respond in English even when users wrote in Chinese or other languages. Add a Language Mirror section to base.md and base.txt that instructs the model to detect the user's primary language and use it for both reasoning (thinking tokens) and the final reply.
base.txt is not referenced via include_str! in prompts.rs. Only base.md is loaded (BASE_PROMPT). Remove the redundant change to base.txt as noted by Gemini Code Assist review.
closes Hmbown#410) Add `crates/execpolicy/src/bash_arity.rs` with a hand-curated `BashArityDict` struct (160+ entries, 30+ command families: git, npm, yarn, pnpm, cargo, docker, kubectl, go, pip, gh, rustup, deno, bun, aws, terraform, helm, make). Wire arity-aware prefix matching into: - `crates/tui/src/command_safety.rs` — new public `prefix_allow_matches()` function so `auto_allow = ["git status"]` matches `git status -s` / `git status --porcelain` but NOT `git push`. - `crates/tui/src/execpolicy/rules.rs` — `ExecPolicyConfig::evaluate()` now checks allow rules via `prefix_allow_matches` before falling back to the existing regex/wildcard `pattern_matches` path. - `crates/execpolicy/src/lib.rs` — `ExecPolicyEngine` uses `BashArityDict` for trusted-prefix matching; backward-compatible with existing exact-match deny rules. `cargo +nightly check` passes. 0 errors, 0 warnings. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Contributor
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
|
谁家PR机器人 |
Owner
Triple-check: cleanVerified: |
Hmbown
added a commit
that referenced
this pull request
May 5, 2026
47 fmt drifts had accumulated from the squash-merged community PRs on this branch (#653, #654, #655, #645, #658, #668, #659, #661, #660, #667, #656). Pure formatting — no behavioural changes — applied via `cargo fmt --all` to satisfy CI's `cargo fmt --all -- --check` gate. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This was referenced May 5, 2026
MMMarcinho
pushed a commit
to MMMarcinho/DeepSeek-TUI
that referenced
this pull request
May 6, 2026
MMMarcinho
pushed a commit
to MMMarcinho/DeepSeek-TUI
that referenced
this pull request
May 6, 2026
47 fmt drifts had accumulated from the squash-merged community PRs on this branch (Hmbown#653, Hmbown#654, Hmbown#655, Hmbown#645, Hmbown#658, Hmbown#668, Hmbown#659, Hmbown#661, Hmbown#660, Hmbown#667, Hmbown#656). Pure formatting — no behavioural changes — applied via `cargo fmt --all` to satisfy CI's `cargo fmt --all -- --check` gate. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
crates/execpolicy/src/bash_arity.rswith a newBashArityDictstruct containing a hand-curated arity table of 160+ entries covering 30+ command families (git, npm, yarn, pnpm, cargo, docker, kubectl, go, pip, gh, rustup, deno, bun, aws, terraform, helm, make, and more)crates/tui/src/command_safety.rsvia a new publicprefix_allow_matches()functioncrates/tui/src/execpolicy/rules.rssoExecPolicyConfig::evaluate()uses arity-aware matching for allow rules before falling back to the existing wildcard/regexpattern_matchespathcrates/execpolicy/src/lib.rssoExecPolicyEngineusesBashArityDictfor trusted-prefix allow matchingBehaviour
git statusgit status -sgit status --porcelaingit push origin mainExisting exact-match allow rules and wildcard rules (
cargo *) continue to work unchanged.Test plan
cargo +nightly checkpasses — 0 errors, 0 warningsBashArityDictunit tests inbash_arity.rscoverclassify()andallow_rule_matches()for all major tool familiesprefix_allow_matchesdoctest examples cover git/cargo/npm/makerules.rstests:test_prefix_rule_allows_git_status_with_flagsandtest_prefix_rule_allows_cargo_check_variantscommand_safety.rsclassify_commandtests andauto_allow_*integration tests all still passdict_covers_at_least_30_commandstest)🤖 Generated with Claude Code