admin/Moltbot
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(security): bind system.run approvals to exact argv text

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-11 01:25:19 +00:00
parent 8eac939417
commit 7289c19f1a
17 changed files with 241 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/test-utils/system-run-prepare-payload.ts
View File

@@ -1,3 +1,5 @@
import { formatExecCommand } from "../infra/system-run-command.js";
type SystemRunPrepareInput = {
command?: unknown;
rawCommand?: unknown;
@@ -12,13 +14,16 @@ export function buildSystemRunPreparePayload(params: SystemRunPrepareInput) {
typeof params.rawCommand === "string" && params.rawCommand.trim().length > 0
? params.rawCommand
: null;
const formattedArgv = formatExecCommand(argv) || null;
const commandPreview = rawCommand && rawCommand !== formattedArgv ? rawCommand : null;
return {
payload: {
cmdText: rawCommand ?? argv.join(" "),
plan: {
argv,
cwd: typeof params.cwd === "string" ? params.cwd : null,
rawCommand,
rawCommand: formattedArgv,
commandPreview,
agentId: typeof params.agentId === "string" ? params.agentId : null,
sessionKey: typeof params.sessionKey === "string" ? params.sessionKey : null,
},