Skip to content

Commit a1173b9

Browse files
committed
fix: prevent bypassing .rooignore restrictions via terminal commands
- Updated error message when files are blocked by .rooignore to explicitly warn against using terminal commands to bypass restrictions - Added clear instructions in .rooignore system prompt to not attempt bypassing restrictions - Updated tests to verify the new warning messages are included Fixes #7204
1 parent fd3535c commit a1173b9

File tree

5 files changed

+7
-4
lines changed

5 files changed

+7
-4
lines changed

src/core/ignore/RooIgnoreController.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -196,6 +196,6 @@ export class RooIgnoreController {
196196
return undefined
197197
}
198198

199-
return `# .rooignore\n\n(The following is provided by a root-level .rooignore file where the user has specified files and directories that should not be accessed. When using list_files, you'll notice a ${LOCK_TEXT_SYMBOL} next to files that are blocked. Attempting to access the file's contents e.g. through read_file will result in an error.)\n\n${this.rooIgnoreContent}\n.rooignore`
199+
return `# .rooignore\n\n(The following is provided by a root-level .rooignore file where the user has specified files and directories that should not be accessed. When using list_files, you'll notice a ${LOCK_TEXT_SYMBOL} next to files that are blocked. Attempting to access the file's contents e.g. through read_file will result in an error. IMPORTANT: Do NOT attempt to bypass these restrictions by using terminal commands to read the file contents - this violates the user's explicit access restrictions.)\n\n${this.rooIgnoreContent}\n.rooignore`
200200
}
201201
}

src/core/ignore/__tests__/RooIgnoreController.spec.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -368,6 +368,7 @@ describe("RooIgnoreController", () => {
368368
// Verify instruction format
369369
expect(instructions).toContain("# .rooignore")
370370
expect(instructions).toContain(LOCK_TEXT_SYMBOL)
371+
expect(instructions).toContain("Do NOT attempt to bypass these restrictions by using terminal commands")
371372
expect(instructions).toContain("node_modules")
372373
expect(instructions).toContain(".git")
373374
expect(instructions).toContain("secrets/**")

src/core/prompts/__tests__/responses-rooignore.spec.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -55,6 +55,7 @@ describe("RooIgnore Response Formatting", () => {
5555
expect(errorMessage).toContain("Access to secrets/api-keys.json is blocked by the .rooignore file settings")
5656
expect(errorMessage).toContain("continue in the task without using this file")
5757
expect(errorMessage).toContain("ask the user to update the .rooignore file")
58+
expect(errorMessage).toContain("Do NOT attempt to bypass this restriction by using terminal commands")
5859
})
5960

6061
/**
@@ -220,6 +221,7 @@ describe("RooIgnore Response Formatting", () => {
220221
// Verify format and content
221222
expect(instructions).toContain("# .rooignore")
222223
expect(instructions).toContain(LOCK_TEXT_SYMBOL)
224+
expect(instructions).toContain("Do NOT attempt to bypass these restrictions by using terminal commands")
223225
expect(instructions).toContain("node_modules")
224226
expect(instructions).toContain(".git")
225227
expect(instructions).toContain("secrets/**")

src/core/prompts/responses.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ export const formatResponse = {
1616
toolError: (error?: string) => `The tool execution failed with the following error:\n<error>\n${error}\n</error>`,
1717

1818
rooIgnoreError: (path: string) =>
19-
`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file.`,
19+
`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file. IMPORTANT: Do NOT attempt to bypass this restriction by using terminal commands (like cat, head, tail, etc.) to read the file contents - this violates the user's explicit access restrictions.`,
2020

2121
noToolsUsed: () =>
2222
`[ERROR] You did not use a tool in your previous response! Please retry with a tool use.

src/core/tools/__tests__/readFileTool.spec.ts

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ vi.mock("../../prompts/responses", () => ({
9696
),
9797
rooIgnoreError: vi.fn(
9898
(path: string) =>
99-
`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file.`,
99+
`Access to ${path} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file. IMPORTANT: Do NOT attempt to bypass this restriction by using terminal commands (like cat, head, tail, etc.) to read the file contents - this violates the user's explicit access restrictions.`,
100100
),
101101
toolResult: toolResultMock,
102102
imageBlocks: imageBlocksMock,
@@ -1322,7 +1322,7 @@ describe("read_file tool XML output structure", () => {
13221322

13231323
// Verify
13241324
expect(result).toBe(
1325-
`<files>\n<file><path>${testFilePath}</path><error>Access to ${testFilePath} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file.</error></file>\n</files>`,
1325+
`<files>\n<file><path>${testFilePath}</path><error>Access to ${testFilePath} is blocked by the .rooignore file settings. You must try to continue in the task without using this file, or ask the user to update the .rooignore file. IMPORTANT: Do NOT attempt to bypass this restriction by using terminal commands (like cat, head, tail, etc.) to read the file contents - this violates the user's explicit access restrictions.</error></file>\n</files>`,
13261326
)
13271327
})
13281328
})

0 commit comments

Comments
 (0)