mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-25 00:51:20 +00:00
feat: add 'View full command' option to dangerous command approval (#887)
When a dangerous command is detected and the user is prompted for approval, long commands are truncated (80 chars in fallback, 70 chars in the TUI). Users had no way to see the full command before deciding. This adds a 'View full command' option across all approval interfaces: - CLI fallback (tools/approval.py): [v]iew option in the prompt menu. Shows the full command and re-prompts for approval decision. - CLI TUI (cli.py): 'Show full command' choice in the arrow-key selection panel. Expands the command display in-place and removes the view option after use. - CLI callbacks (callbacks.py): 'view' choice added to the list when the command exceeds 70 characters. - Gateway (gateway/run.py): 'full', 'show', 'view' responses reveal the complete command while keeping the approval pending. Includes 7 new tests covering view-then-approve, view-then-deny, short command fallthrough, and double-view behavior. Closes community feedback about the 80-char cap on dangerous commands.
This commit is contained in:
parent
e9c3317158
commit
2a62514d17
5 changed files with 129 additions and 34 deletions
19
cli.py
19
cli.py
|
|
@ -3824,7 +3824,17 @@ class HermesCLI:
|
|||
selected = state["selected"]
|
||||
choices = state["choices"]
|
||||
if 0 <= selected < len(choices):
|
||||
state["response_queue"].put(choices[selected])
|
||||
chosen = choices[selected]
|
||||
if chosen == "view":
|
||||
# Toggle full command display without closing the prompt
|
||||
state["show_full"] = True
|
||||
# Remove the "view" option since it's been used
|
||||
state["choices"] = [c for c in choices if c != "view"]
|
||||
if state["selected"] >= len(state["choices"]):
|
||||
state["selected"] = len(state["choices"]) - 1
|
||||
event.app.invalidate()
|
||||
return
|
||||
state["response_queue"].put(chosen)
|
||||
self._approval_state = None
|
||||
event.app.invalidate()
|
||||
return
|
||||
|
|
@ -4372,13 +4382,18 @@ class HermesCLI:
|
|||
description = state["description"]
|
||||
choices = state["choices"]
|
||||
selected = state.get("selected", 0)
|
||||
show_full = state.get("show_full", False)
|
||||
|
||||
cmd_display = command[:70] + '...' if len(command) > 70 else command
|
||||
if show_full or len(command) <= 70:
|
||||
cmd_display = command
|
||||
else:
|
||||
cmd_display = command[:70] + '...'
|
||||
choice_labels = {
|
||||
"once": "Allow once",
|
||||
"session": "Allow for this session",
|
||||
"always": "Add to permanent allowlist",
|
||||
"deny": "Deny",
|
||||
"view": "Show full command",
|
||||
}
|
||||
preview_lines = _wrap_panel_text(description, 60)
|
||||
preview_lines.extend(_wrap_panel_text(cmd_display, 60))
|
||||
|
|
|
|||
|
|
@ -988,6 +988,10 @@ class GatewayRunner:
|
|||
elif user_text in ("no", "n", "deny", "cancel", "nope"):
|
||||
self._pending_approvals.pop(session_key_preview)
|
||||
return "❌ Command denied."
|
||||
elif user_text in ("full", "show", "view", "show full", "view full"):
|
||||
# Show full command without consuming the approval
|
||||
cmd = self._pending_approvals[session_key_preview]["command"]
|
||||
return f"Full command:\n\n```\n{cmd}\n```\n\nReply yes/no to approve or deny."
|
||||
# If it's not clearly an approval/denial, fall through to normal processing
|
||||
|
||||
# Get or create session
|
||||
|
|
|
|||
|
|
@ -105,10 +105,14 @@ def approval_callback(cli, command: str, description: str) -> str:
|
|||
"""Prompt for dangerous command approval through the TUI.
|
||||
|
||||
Shows a selection UI with choices: once / session / always / deny.
|
||||
When the command is longer than 70 characters, a "view" option is
|
||||
included so the user can reveal the full text before deciding.
|
||||
"""
|
||||
timeout = 60
|
||||
response_queue = queue.Queue()
|
||||
choices = ["once", "session", "always", "deny"]
|
||||
if len(command) > 70:
|
||||
choices.append("view")
|
||||
|
||||
cli._approval_state = {
|
||||
"command": command,
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
"""Tests for the dangerous command approval module."""
|
||||
|
||||
from unittest.mock import patch as mock_patch
|
||||
|
||||
from tools.approval import (
|
||||
approve_session,
|
||||
clear_session,
|
||||
|
|
@ -7,6 +9,7 @@ from tools.approval import (
|
|||
has_pending,
|
||||
is_approved,
|
||||
pop_pending,
|
||||
prompt_dangerous_approval,
|
||||
submit_pending,
|
||||
)
|
||||
|
||||
|
|
@ -338,3 +341,63 @@ class TestFindExecFullPathRm:
|
|||
assert dangerous is False
|
||||
assert key is None
|
||||
|
||||
|
||||
class TestViewFullCommand:
|
||||
"""Tests for the 'view full command' option in prompt_dangerous_approval."""
|
||||
|
||||
def test_view_then_once_fallback(self):
|
||||
"""Pressing 'v' shows the full command, then 'o' approves once."""
|
||||
long_cmd = "rm -rf " + "a" * 200
|
||||
inputs = iter(["v", "o"])
|
||||
with mock_patch("builtins.input", side_effect=inputs):
|
||||
result = prompt_dangerous_approval(long_cmd, "recursive delete")
|
||||
assert result == "once"
|
||||
|
||||
def test_view_then_deny_fallback(self):
|
||||
"""Pressing 'v' shows the full command, then 'd' denies."""
|
||||
long_cmd = "rm -rf " + "b" * 200
|
||||
inputs = iter(["v", "d"])
|
||||
with mock_patch("builtins.input", side_effect=inputs):
|
||||
result = prompt_dangerous_approval(long_cmd, "recursive delete")
|
||||
assert result == "deny"
|
||||
|
||||
def test_view_then_session_fallback(self):
|
||||
"""Pressing 'v' shows the full command, then 's' approves for session."""
|
||||
long_cmd = "rm -rf " + "c" * 200
|
||||
inputs = iter(["v", "s"])
|
||||
with mock_patch("builtins.input", side_effect=inputs):
|
||||
result = prompt_dangerous_approval(long_cmd, "recursive delete")
|
||||
assert result == "session"
|
||||
|
||||
def test_view_then_always_fallback(self):
|
||||
"""Pressing 'v' shows the full command, then 'a' approves always."""
|
||||
long_cmd = "rm -rf " + "d" * 200
|
||||
inputs = iter(["v", "a"])
|
||||
with mock_patch("builtins.input", side_effect=inputs):
|
||||
result = prompt_dangerous_approval(long_cmd, "recursive delete")
|
||||
assert result == "always"
|
||||
|
||||
def test_view_not_shown_for_short_command(self):
|
||||
"""Short commands don't offer the view option; 'v' falls through to deny."""
|
||||
short_cmd = "rm -rf /tmp"
|
||||
with mock_patch("builtins.input", return_value="v"):
|
||||
result = prompt_dangerous_approval(short_cmd, "recursive delete")
|
||||
# 'v' is not a valid choice for short commands, should deny
|
||||
assert result == "deny"
|
||||
|
||||
def test_once_without_view(self):
|
||||
"""Directly pressing 'o' without viewing still works."""
|
||||
long_cmd = "rm -rf " + "e" * 200
|
||||
with mock_patch("builtins.input", return_value="o"):
|
||||
result = prompt_dangerous_approval(long_cmd, "recursive delete")
|
||||
assert result == "once"
|
||||
|
||||
def test_view_ignored_after_already_shown(self):
|
||||
"""After viewing once, 'v' on a now-untruncated display falls through to deny."""
|
||||
long_cmd = "rm -rf " + "f" * 200
|
||||
inputs = iter(["v", "v"]) # second 'v' should not match since is_truncated is False
|
||||
with mock_patch("builtins.input", side_effect=inputs):
|
||||
result = prompt_dangerous_approval(long_cmd, "recursive delete")
|
||||
# After first 'v', is_truncated becomes False, so second 'v' -> deny
|
||||
assert result == "deny"
|
||||
|
||||
|
|
|
|||
|
|
@ -184,43 +184,52 @@ def prompt_dangerous_approval(command: str, description: str,
|
|||
|
||||
os.environ["HERMES_SPINNER_PAUSE"] = "1"
|
||||
try:
|
||||
print()
|
||||
print(f" ⚠️ DANGEROUS COMMAND: {description}")
|
||||
print(f" {command[:80]}{'...' if len(command) > 80 else ''}")
|
||||
print()
|
||||
print(f" [o]nce | [s]ession | [a]lways | [d]eny")
|
||||
print()
|
||||
sys.stdout.flush()
|
||||
is_truncated = len(command) > 80
|
||||
while True:
|
||||
print()
|
||||
print(f" ⚠️ DANGEROUS COMMAND: {description}")
|
||||
print(f" {command[:80]}{'...' if is_truncated else ''}")
|
||||
print()
|
||||
view_hint = " | [v]iew full" if is_truncated else ""
|
||||
print(f" [o]nce | [s]ession | [a]lways | [d]eny{view_hint}")
|
||||
print()
|
||||
sys.stdout.flush()
|
||||
|
||||
result = {"choice": ""}
|
||||
result = {"choice": ""}
|
||||
|
||||
def get_input():
|
||||
try:
|
||||
result["choice"] = input(" Choice [o/s/a/D]: ").strip().lower()
|
||||
except (EOFError, OSError):
|
||||
result["choice"] = ""
|
||||
def get_input():
|
||||
try:
|
||||
result["choice"] = input(" Choice [o/s/a/D]: ").strip().lower()
|
||||
except (EOFError, OSError):
|
||||
result["choice"] = ""
|
||||
|
||||
thread = threading.Thread(target=get_input, daemon=True)
|
||||
thread.start()
|
||||
thread.join(timeout=timeout_seconds)
|
||||
thread = threading.Thread(target=get_input, daemon=True)
|
||||
thread.start()
|
||||
thread.join(timeout=timeout_seconds)
|
||||
|
||||
if thread.is_alive():
|
||||
print("\n ⏱ Timeout - denying command")
|
||||
return "deny"
|
||||
if thread.is_alive():
|
||||
print("\n ⏱ Timeout - denying command")
|
||||
return "deny"
|
||||
|
||||
choice = result["choice"]
|
||||
if choice in ('o', 'once'):
|
||||
print(" ✓ Allowed once")
|
||||
return "once"
|
||||
elif choice in ('s', 'session'):
|
||||
print(" ✓ Allowed for this session")
|
||||
return "session"
|
||||
elif choice in ('a', 'always'):
|
||||
print(" ✓ Added to permanent allowlist")
|
||||
return "always"
|
||||
else:
|
||||
print(" ✗ Denied")
|
||||
return "deny"
|
||||
choice = result["choice"]
|
||||
if choice in ('v', 'view') and is_truncated:
|
||||
print()
|
||||
print(" Full command:")
|
||||
print(f" {command}")
|
||||
is_truncated = False # show full on next loop iteration too
|
||||
continue
|
||||
if choice in ('o', 'once'):
|
||||
print(" ✓ Allowed once")
|
||||
return "once"
|
||||
elif choice in ('s', 'session'):
|
||||
print(" ✓ Allowed for this session")
|
||||
return "session"
|
||||
elif choice in ('a', 'always'):
|
||||
print(" ✓ Added to permanent allowlist")
|
||||
return "always"
|
||||
else:
|
||||
print(" ✗ Denied")
|
||||
return "deny"
|
||||
|
||||
except (EOFError, KeyboardInterrupt):
|
||||
print("\n ✗ Cancelled")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue