β¨ feat(builtin-tool-local-system): skip intervention for safe paths like /tmp#13232
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
@arvinxx - This is a tool calling feature (builtin-tool-local-system intervention audit). Please take a look. |
Codecov Reportβ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## canary #13232 +/- ##
=======================================
Coverage 66.91% 66.91%
=======================================
Files 1867 1867
Lines 147855 147869 +14
Branches 16904 16906 +2
=======================================
+ Hits 98942 98952 +10
- Misses 48802 48806 +4
Partials 111 111
Flags with carried forward coverage won't be shown. Click here to find out more.
π New features to boost your workflow:
|
There was a problem hiding this comment.
π‘ Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: faedd2f719
βΉοΈ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with π.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
β¦ike /tmp Add SAFE_PATH_PREFIXES whitelist to bypass user confirmation for file operations targeting ephemeral directories (/tmp, /var/tmp).
7ea664e to
bb7362c
Compare
|
@codex review it |
There was a problem hiding this comment.
π‘ Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: bb7362c559
βΉοΈ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with π.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (toolScope && !isPathWithinWorkingDirectory(toolScope, workingDirectory, workingDirectory)) { | ||
| return true; |
There was a problem hiding this comment.
Apply safe-path exemption to
scope arguments
The new early return on toolScope forces intervention before the safe-path audit runs, so calls that rely on scope (for example globFiles with scope: '/tmp' and a relative pattern) can never benefit from the /tmp//var/tmp exemption. This is a regression from previous behavior and contradicts the commitβs intended rule that operations targeting only safe paths should skip intervention.
Useful? React with πΒ / π.
|
β€οΈ Great PR @Innei β€οΈ The growth of project is inseparable from user feedback and contribution, thanks for your contribution! If you are interesting with the lobehub developer community, please join our discord and then dm @arvinxx or @canisminor1990. They will invite you to our private developer channel. We are talking about the lobe-chat development or sharing ai newsletter around the world. |
# π release: 20260326 This release includes **91 commits**. Key updates are below. - **Agent can now execute background tasks** β Agents can perform long-running operations without blocking your conversation. [#13289](#13289) - **Better error messages** β Redesigned error UI across chat and image generation with clearer explanations and recovery options. [#13302](#13302) - **Smoother topic switching** β No more full page reloads when switching topics while an agent is responding. [#13309](#13309) - **Faster image uploads** β Large images are now automatically compressed to 1920px before upload, reducing wait times. [#13224](#13224) - **Improved knowledge base** β Documents are now properly parsed before chunking, improving retrieval accuracy. [#13221](#13221) ### Bot Platform - **WeChat Bot support** β You can now connect LobeChat to WeChat, in addition to Discord. [#13191](#13191) - **Richer bot responses** β Bots now support custom markdown rendering and context injection. [#13294](#13294) - **New bot commands** β Added `/new` to start fresh conversations and `/stop` to halt generation. [#13194](#13194) - **Discord stability fixes** β Fixed thread creation issues and Redis connection drops. [#13228](#13228) [#13205](#13205) ### Models & Providers - **GLM-5** is now available in the LobeHub model list. [#13189](#13189) - **Coding Plan providers** β Added support for code planning assistant providers. [#13203](#13203) - **Tencent Hunyuan 3.0 ImageGen** β New image generation model from Tencent. [#13166](#13166) - **Gemini content handling** β Better handling when Gemini blocks content due to safety filters. [#13270](#13270) - **Claude token limits fixed** β Corrected max window tokens for Anthropic Claude models. [#13206](#13206) ### Skills & Tools - **Auto credential injection** β Skills can now automatically request and use required credentials. [#13124](#13124) - **Smarter tool permissions** β Built-in tools skip confirmation for safe paths like `/tmp`. [#13232](#13232) - **Model switcher improvements** β Quick access to provider settings and visual highlight for default model. [#13220](#13220) ### Memory - **Bulk delete memories** β You can now delete all memory entries at once. [#13161](#13161) - **Per-agent memory control** β Memory injection now respects individual agent settings. [#13265](#13265) ### Desktop App - **Gateway connection** β Desktop app can now connect to LobeHub Gateway for enhanced features. [#13234](#13234) - **Connection status indicator** β See gateway connection status in the titlebar. [#13260](#13260) - **Settings persistence** β Gateway toggle state now persists across app restarts. [#13300](#13300) ### CLI - **API key authentication** β CLI now supports API key auth for programmatic access. [#13190](#13190) - **Shell completion** β Tab completion for bash/zsh/fish shells. [#13164](#13164) - **Man pages** β Built-in manual pages for CLI commands. [#13200](#13200) ### Security - **XSS protection** β Sanitized search result image titles to prevent script injection. [#13303](#13303) - **Workflow hardening** β Fixed potential shell injection in release automation. [#13319](#13319) - **Dependency update** β Updated nodemailer to address security advisory. [#13326](#13326) ### Bug Fixes - Fixed skill page not redirecting correctly after import. [#13255](#13255) [#13261](#13261) - Fixed token counting in group chats. [#13247](#13247) - Fixed editor not resetting when switching to empty pages. [#13229](#13229) - Fixed manual tool toggle not working. [#13218](#13218) - Fixed Search1API response parsing. [#13207](#13207) [#13208](#13208) - Fixed mobile topic menus rendering issues. [#12477](#12477) - Fixed history count calculation for accurate context. [#13051](#13051) - Added missing Turkish translations. [#13196](#13196) ### Credits Huge thanks to these contributors: @bakiburakogun @hardy-one @Zhouguanyang @sxjeru @hezhijie0327 @arvinxx @cy948 @CanisMinor @Innei @lijian @lobehubbot @neko @rdmclin2 @rivertwilight @tjx666
π» Change Type
π Related Issue
N/A
π Description of Change
Add a safe-path whitelist (
/tmp,/var/tmp) topathScopeAuditso that file operations targeting these ephemeral directories no longer trigger user intervention confirmation.Previously, any path outside the working directory required a secondary confirmation dialog. This was unnecessarily disruptive for temporary/scratch paths that pose no security risk.
Key behavior:
π§ͺ How to Test
28 tests pass, including new cases for
/tmp,/var/tmp, and mixed-path scenarios.