Add blacklisted commands feature to settings and command validation

Author: SmartManoj

packages/types/src/global-settings.ts

@@ -45,6 +45,7 @@ export const globalSettingsSchema = z.object({
 	alwaysAllowSubtasks: z.boolean().optional(),
 	alwaysAllowExecute: z.boolean().optional(),
 	allowedCommands: z.array(z.string()).optional(),
+	blacklistedCommands: z.array(z.string()).optional(),
 	allowedMaxRequests: z.number().nullish(),
 	autoCondenseContext: z.boolean().optional(),
 	autoCondenseContextPercent: z.number().optional(),
@@ -131,6 +132,7 @@ export const GLOBAL_SETTINGS_KEYS = keysOf<GlobalSettings>()([
 	"alwaysAllowSubtasks",
 	"alwaysAllowExecute",
 	"allowedCommands",
+	"blacklistedCommands",
 	"allowedMaxRequests",
 	"autoCondenseContext",
 	"autoCondenseContextPercent",

src/core/webview/webviewMessageHandler.ts

@@ -444,6 +444,15 @@ export const webviewMessageHandler = async (provider: ClineProvider, message: We
 				.getConfiguration(Package.name)
 				.update("allowedCommands", message.commands, vscode.ConfigurationTarget.Global)
 
+			break
+		case "blacklistedCommands":
+			await provider.context.globalState.update("blacklistedCommands", message.commands)
+
+			// Also update workspace settings.
+			await vscode.workspace
+				.getConfiguration(Package.name)
+				.update("blacklistedCommands", message.commands, vscode.ConfigurationTarget.Global)
+
 			break
 		case "openCustomModesSettings": {
 			const customModesFilePath = await provider.customModesManager.getCustomModesFilePath()

src/shared/ExtensionMessage.ts

@@ -138,6 +138,7 @@ export type ExtensionState = Pick<
 	| "alwaysAllowSubtasks"
 	| "alwaysAllowExecute"
 	| "allowedCommands"
+	| "blacklistedCommands"
 	| "allowedMaxRequests"
 	| "browserToolEnabled"
 	| "browserViewportSize"

src/shared/WebviewMessage.ts

@@ -23,6 +23,7 @@ export interface WebviewMessage {
 		| "getListApiConfiguration"
 		| "customInstructions"
 		| "allowedCommands"
+		| "blacklistedCommands"
 		| "alwaysAllowReadOnly"
 		| "alwaysAllowReadOnlyOutsideWorkspace"
 		| "alwaysAllowWrite"

webview-ui/src/components/chat/ChatView.tsx

@@ -81,6 +81,7 @@ const ChatViewComponent: React.ForwardRefRenderFunction<ChatViewRef, ChatViewPro
 		alwaysAllowExecute,
 		alwaysAllowMcp,
 		allowedCommands,
+		blacklistedCommands,
 		writeDelayMs,
 		mode,
 		setMode,
@@ -840,9 +841,9 @@ const ChatViewComponent: React.ForwardRefRenderFunction<ChatViewRef, ChatViewPro
 	const isAllowedCommand = useCallback(
 		(message: ClineMessage | undefined): boolean => {
 			if (message?.type !== "ask") return false
-			return validateCommand(message.text || "", allowedCommands || [])
+			return validateCommand(message.text || "", allowedCommands || [], blacklistedCommands || [])
 		},
-		[allowedCommands],
+		[allowedCommands, blacklistedCommands],
 	)
 
 	const isAutoApproved = useCallback(

webview-ui/src/components/settings/AutoApproveSettings.tsx

@@ -25,6 +25,7 @@ type AutoApproveSettingsProps = HTMLAttributes<HTMLDivElement> & {
 	alwaysAllowSubtasks?: boolean
 	alwaysAllowExecute?: boolean
 	allowedCommands?: string[]
+	blacklistedCommands?: string[]
 	setCachedStateField: SetCachedStateField<
 		| "alwaysAllowReadOnly"
 		| "alwaysAllowReadOnlyOutsideWorkspace"
@@ -39,6 +40,7 @@ type AutoApproveSettingsProps = HTMLAttributes<HTMLDivElement> & {
 		| "alwaysAllowSubtasks"
 		| "alwaysAllowExecute"
 		| "allowedCommands"
+		| "blacklistedCommands"
 	>
 }
 
@@ -56,11 +58,13 @@ export const AutoApproveSettings = ({
 	alwaysAllowSubtasks,
 	alwaysAllowExecute,
 	allowedCommands,
+	blacklistedCommands,
 	setCachedStateField,
 	...props
 }: AutoApproveSettingsProps) => {
 	const { t } = useAppTranslation()
 	const [commandInput, setCommandInput] = useState("")
+	const [blacklistCommandInput, setBlacklistCommandInput] = useState("")
 
 	const handleAddCommand = () => {
 		const currentCommands = allowedCommands ?? []
@@ -73,6 +77,17 @@ export const AutoApproveSettings = ({
 		}
 	}
 
+	const handleAddBlacklistCommand = () => {
+		const currentBlacklistedCommands = blacklistedCommands ?? []
+
+		if (blacklistCommandInput && !currentBlacklistedCommands.includes(blacklistCommandInput)) {
+			const newBlacklistedCommands = [...currentBlacklistedCommands, blacklistCommandInput]
+			setCachedStateField("blacklistedCommands", newBlacklistedCommands)
+			setBlacklistCommandInput("")
+			vscode.postMessage({ type: "blacklistedCommands", commands: newBlacklistedCommands })
+		}
+	}
+
 	return (
 		<div {...props}>
 			<SectionHeader description={t("settings:autoApprove.description")}>
@@ -239,6 +254,61 @@ export const AutoApproveSettings = ({
 								</Button>
 							))}
 						</div>
+
+						<div className="mt-4">
+							<label className="block font-medium mb-1" data-testid="blacklisted-commands-heading">
+								{t("settings:autoApprove.execute.blacklistedCommands")}
+							</label>
+							<div className="text-vscode-descriptionForeground text-sm mt-1">
+								{t("settings:autoApprove.execute.blacklistedCommandsDescription")}
+							</div>
+						</div>
+
+						<div className="flex gap-2">
+							<Input
+								value={blacklistCommandInput}
+								onChange={(e: any) => setBlacklistCommandInput(e.target.value)}
+								onKeyDown={(e: any) => {
+									if (e.key === "Enter") {
+										e.preventDefault()
+										handleAddBlacklistCommand()
+									}
+								}}
+								placeholder={t("settings:autoApprove.execute.blacklistCommandPlaceholder")}
+								className="grow"
+								data-testid="blacklist-command-input"
+							/>
+							<Button
+								className="h-8"
+								onClick={handleAddBlacklistCommand}
+								data-testid="add-blacklist-command-button">
+								{t("settings:autoApprove.execute.addBlacklistButton")}
+							</Button>
+						</div>
+
+						<div className="flex flex-wrap gap-2">
+							{(blacklistedCommands ?? []).map((cmd, index) => (
+								<Button
+									key={index}
+									variant="destructive"
+									data-testid={`remove-blacklist-command-${index}`}
+									onClick={() => {
+										const newBlacklistedCommands = (blacklistedCommands ?? []).filter(
+											(_, i) => i !== index,
+										)
+										setCachedStateField("blacklistedCommands", newBlacklistedCommands)
+										vscode.postMessage({
+											type: "blacklistedCommands",
+											commands: newBlacklistedCommands,
+										})
+									}}>
+									<div className="flex flex-row items-center gap-1">
+										<div>{cmd}</div>
+										<X className="text-foreground scale-75" />
+									</div>
+								</Button>
+							))}
+						</div>
 					</div>
 				)}
 			</Section>

webview-ui/src/components/settings/SettingsView.tsx

@@ -122,6 +122,7 @@ const SettingsView = forwardRef<SettingsViewRef, SettingsViewProps>(({ onDone, t
 		alwaysAllowReadOnly,
 		alwaysAllowReadOnlyOutsideWorkspace,
 		allowedCommands,
+		blacklistedCommands,
 		allowedMaxRequests,
 		language,
 		alwaysAllowBrowser,
@@ -256,6 +257,7 @@ const SettingsView = forwardRef<SettingsViewRef, SettingsViewProps>(({ onDone, t
 			vscode.postMessage({ type: "alwaysAllowBrowser", bool: alwaysAllowBrowser })
 			vscode.postMessage({ type: "alwaysAllowMcp", bool: alwaysAllowMcp })
 			vscode.postMessage({ type: "allowedCommands", commands: allowedCommands ?? [] })
+			vscode.postMessage({ type: "blacklistedCommands", commands: blacklistedCommands ?? [] })
 			vscode.postMessage({ type: "allowedMaxRequests", value: allowedMaxRequests ?? undefined })
 			vscode.postMessage({ type: "autoCondenseContext", bool: autoCondenseContext })
 			vscode.postMessage({ type: "autoCondenseContextPercent", value: autoCondenseContextPercent })
@@ -578,6 +580,7 @@ const SettingsView = forwardRef<SettingsViewRef, SettingsViewProps>(({ onDone, t
 							alwaysAllowSubtasks={alwaysAllowSubtasks}
 							alwaysAllowExecute={alwaysAllowExecute}
 							allowedCommands={allowedCommands}
+							blacklistedCommands={blacklistedCommands}
 							setCachedStateField={setCachedStateField}
 						/>
 					)}

webview-ui/src/context/ExtensionStateContext.tsx

@@ -54,6 +54,7 @@ export interface ExtensionStateContextType extends ExtensionState {
 	setShowRooIgnoredFiles: (value: boolean) => void
 	setShowAnnouncement: (value: boolean) => void
 	setAllowedCommands: (value: string[]) => void
+	setBlacklistedCommands: (value: string[]) => void
 	setAllowedMaxRequests: (value: number | undefined) => void
 	setSoundEnabled: (value: boolean) => void
 	setSoundVolume: (value: number) => void
@@ -154,6 +155,7 @@ export const ExtensionStateContextProvider: React.FC<{ children: React.ReactNode
 		taskHistory: [],
 		shouldShowAnnouncement: false,
 		allowedCommands: [],
+		blacklistedCommands: [],
 		soundEnabled: false,
 		soundVolume: 0.5,
 		ttsEnabled: false,
@@ -332,6 +334,7 @@ export const ExtensionStateContextProvider: React.FC<{ children: React.ReactNode
 		setAlwaysAllowSubtasks: (value) => setState((prevState) => ({ ...prevState, alwaysAllowSubtasks: value })),
 		setShowAnnouncement: (value) => setState((prevState) => ({ ...prevState, shouldShowAnnouncement: value })),
 		setAllowedCommands: (value) => setState((prevState) => ({ ...prevState, allowedCommands: value })),
+		setBlacklistedCommands: (value) => setState((prevState) => ({ ...prevState, blacklistedCommands: value })),
 		setAllowedMaxRequests: (value) => setState((prevState) => ({ ...prevState, allowedMaxRequests: value })),
 		setSoundEnabled: (value) => setState((prevState) => ({ ...prevState, soundEnabled: value })),
 		setSoundVolume: (value) => setState((prevState) => ({ ...prevState, soundVolume: value })),

webview-ui/src/i18n/locales/en/settings.json

@@ -106,7 +106,11 @@
 			"allowedCommands": "Allowed Auto-Execute Commands",
 			"allowedCommandsDescription": "Command prefixes that can be auto-executed when \"Always approve execute operations\" is enabled. Add * to allow all commands (use with caution).",
 			"commandPlaceholder": "Enter command prefix (e.g., 'git ')",
-			"addButton": "Add"
+			"addButton": "Add",
+			"blacklistedCommands": "Blacklisted Commands",
+			"blacklistedCommandsDescription": "Command prefixes that will be blocked from execution even when \"Always approve execute operations\" is enabled. These commands will always require manual approval.",
+			"blacklistCommandPlaceholder": "Enter command prefix to block (e.g., 'rm ')",
+			"addBlacklistButton": "Add to Blacklist"
 		},
 		"apiRequestLimit": {
 			"title": "Max Requests",

webview-ui/src/utils/__tests__/command-validation.test.ts

@@ -2,7 +2,12 @@
 
 // npx jest src/utils/__tests__/command-validation.test.ts
 
-import { parseCommand, isAllowedSingleCommand, validateCommand } from "../command-validation"
+import {
+	parseCommand,
+	isAllowedSingleCommand,
+	isBlacklistedSingleCommand,
+	validateCommand,
+} from "../command-validation"
 
 describe("Command Validation", () => {
 	describe("parseCommand", () => {
@@ -68,6 +73,33 @@ describe("Command Validation", () => {
 		})
 	})
 
+	describe("isBlacklistedSingleCommand", () => {
+		const blacklistedCommands = ["rm ", "sudo ", "del "]
+
+		it("matches blacklisted commands case-insensitively", () => {
+			expect(isBlacklistedSingleCommand("RM -rf /", blacklistedCommands)).toBe(true)
+			expect(isBlacklistedSingleCommand("sudo apt install", blacklistedCommands)).toBe(true)
+			expect(isBlacklistedSingleCommand("DEL file.txt", blacklistedCommands)).toBe(true)
+		})
+
+		it("matches blacklisted command prefixes", () => {
+			expect(isBlacklistedSingleCommand("rm -rf /home", blacklistedCommands)).toBe(true)
+			expect(isBlacklistedSingleCommand("sudo rm file", blacklistedCommands)).toBe(true)
+			expect(isBlacklistedSingleCommand("del *.txt", blacklistedCommands)).toBe(true)
+		})
+
+		it("allows non-blacklisted commands", () => {
+			expect(isBlacklistedSingleCommand("npm test", blacklistedCommands)).toBe(false)
+			expect(isBlacklistedSingleCommand("echo hello", blacklistedCommands)).toBe(false)
+			expect(isBlacklistedSingleCommand("git status", blacklistedCommands)).toBe(false)
+		})
+
+		it("handles empty inputs", () => {
+			expect(isBlacklistedSingleCommand("", blacklistedCommands)).toBe(false)
+			expect(isBlacklistedSingleCommand("rm file", [])).toBe(false)
+		})
+	})
+
 	describe("validateCommand", () => {
 		const allowedCommands = ["npm test", "npm run", "echo", "Select-String"]
 
@@ -121,6 +153,33 @@ describe("Command Validation", () => {
 			expect(validateCommand("npm test $(echo dangerous)", wildcardAllowedCommands)).toBe(true)
 			expect(validateCommand("npm test `rm -rf /`", wildcardAllowedCommands)).toBe(true)
 		})
+
+		it("blocks blacklisted commands even if allowed", () => {
+			const allowedWithBlacklisted = ["npm test", "npm run", "echo", "rm "]
+			const blacklistedCommands = ["rm ", "sudo ", "del "]
+			expect(validateCommand("rm -rf /", allowedWithBlacklisted, blacklistedCommands)).toBe(false)
+			expect(validateCommand("sudo apt install", allowedWithBlacklisted, blacklistedCommands)).toBe(false)
+			expect(validateCommand("npm test", allowedWithBlacklisted, blacklistedCommands)).toBe(true)
+		})
+
+		it("validates chained commands with blacklist", () => {
+			const blacklistedCommands = ["rm ", "sudo ", "del "]
+			expect(validateCommand("npm test && npm run build", allowedCommands, blacklistedCommands)).toBe(true)
+			expect(validateCommand("npm test && rm file", allowedCommands, blacklistedCommands)).toBe(false)
+			expect(validateCommand("npm test && dangerous", allowedCommands, blacklistedCommands)).toBe(false)
+		})
+
+		it("handles wildcard allowed commands with blacklist", () => {
+			const blacklistedCommands = ["rm ", "sudo ", "del "]
+			expect(validateCommand("any command", ["*"], blacklistedCommands)).toBe(true)
+			expect(validateCommand("rm -rf /", ["*"], blacklistedCommands)).toBe(false) // Still blocked by blacklist
+			expect(validateCommand("sudo apt install", ["*"], blacklistedCommands)).toBe(false) // Still blocked by blacklist
+		})
+
+		it("works without blacklist parameter (backward compatibility)", () => {
+			expect(validateCommand("npm test", allowedCommands)).toBe(true)
+			expect(validateCommand("dangerous", allowedCommands)).toBe(false)
+		})
 	})
 })