Skip to content

feat: Configurable security settings and improved output formatting#27

Closed
alexx-ftw wants to merge 1 commit intoRichardAtCT:mainfrom
alexx-ftw:feat/configurable-security-and-improved-output
Closed

feat: Configurable security settings and improved output formatting#27
alexx-ftw wants to merge 1 commit intoRichardAtCT:mainfrom
alexx-ftw:feat/configurable-security-and-improved-output

Conversation

@alexx-ftw
Copy link
Copy Markdown
Contributor

@alexx-ftw alexx-ftw commented Feb 16, 2026
edited
Loading

Summary

This PR introduces configurable security settings and significantly improves the output formatting for tool usage in agentic mode.

Security Configuration (via Environment Variables)

  • DISABLE_SECURITY_PATTERNS: When set to True, disables dangerous pattern validation (pipes, redirections, shell operators, etc.) for trusted environments
  • DISABLE_TOOL_VALIDATION: When set to True, allows all Claude tools without restriction
  • SHOW_TOOL_DETAILS: Controls whether detailed tool call information is shown in responses (default: True)

These settings allow administrators to relax security restrictions in trusted environments while maintaining the default secure-by-default behavior.

Output Formatting Improvements

  • Added detailed response formatting that shows tool calls with their inputs and results
  • Tool usage summary displayed at the end of each agent turn
  • Better handling of streaming responses with real-time tool updates
  • Cleaner message structure with clear sections for tool calls and results

Bug Fixes

  • Fixed /new command not properly clearing all user sessions - now correctly accesses the session manager through the Claude integration facade
  • Fixed command construction to prioritize configured claude_cli_path over default binary path
  • Session clearing now removes all persisted sessions from SQLite database

Files Changed

  • src/config/settings.py - Added new security configuration fields
  • src/security/validators.py - Made dangerous patterns configurable
  • src/claude/monitor.py - Made tool validation configurable
  • src/claude/integration.py - Fixed CLI path resolution
  • src/bot/orchestrator.py - Fixed session clearing, improved output formatting
  • src/main.py - Pass security config to validators

@claude
feat: Add configurable security options and improve output formatting
e7bf01e 
## Security Configuration
- Add DISABLE_SECURITY_PATTERNS env var to disable dangerous pattern validation
  (allows pipes, redirections, etc. for trusted environments)
- Add DISABLE_TOOL_VALIDATION env var to allow all Claude tools
  (bypasses tool allowlist for unrestricted access)
- Add SHOW_TOOL_DETAILS env var to control detailed tool output in responses
- Security options default to OFF (secure by default)

## Bug Fixes
- Fix /new command to properly clear ALL user sessions
  (previously only cleared current directory session)
- Fix session_manager access path (via claude_integration)
- Fix claude_cli_path usage instead of deprecated claude_binary_path

## Output Improvements
- Add real-time tool call display during execution
- Add detailed tool results in final responses
- Add tool usage summary at end of responses
- Improve formatting of tool inputs and outputs
- Better handling of Task subagent results

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@RichardAtCT
Copy link
Copy Markdown
Owner

RichardAtCT commented Feb 18, 2026

Hey @alexx-ftw - I have implemented most/all of the output formatting change in #29. Would you be interested in creating a new PR with just the security config changes?

@alexx-ftw alexx-ftw mentioned this pull request Feb 18, 2026
Merged
@alexx-ftw
Copy link
Copy Markdown
Contributor Author

alexx-ftw commented Feb 18, 2026

This PR has been split as requested into focused PRs:

Closing #27 in favor of those scoped PRs.

@alexx-ftw
Copy link
Copy Markdown
Contributor Author

alexx-ftw commented Feb 18, 2026

Closing in favor of #40 and #41 (with output-formatting already merged in #29).

@alexx-ftw alexx-ftw closed this Feb 18, 2026
@alexx-ftw alexx-ftw deleted the feat/configurable-security-and-improved-output branch February 18, 2026 20:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alexx-ftw @RichardAtCT @claude