fix: resolve all issues in PR #5491 - command whitelisting feature

- Fix hardcoded English strings by moving to translation files
- Add missing ARIA attributes for accessibility compliance
- Extract suggestion parsing logic to shared utils (src/shared/commandParsing.ts)
- Move pattern extraction logic to shared utils (src/shared/commandPatterns.ts)
- Extract CommandPatternSelector as a separate component for better modularity
- Consolidate message types to use 'allowedCommands' consistently
- Update tests to match new implementation

All linters and tests now pass successfully.

Author: hannesrudolph

src/core/prompts/tools/execute-command.ts

@@ -3,23 +3,66 @@ import { ToolArgs } from "./types"
 export function getExecuteCommandDescription(args: ToolArgs): string | undefined {
 	return `## execute_command
 Description: Request to execute a CLI command on the system. Use this when you need to perform system operations or run specific commands to accomplish any step in the user's task. You must tailor your command to the user's system and provide a clear explanation of what the command does. For command chaining, use the appropriate chaining syntax for the user's shell. Prefer to execute complex CLI commands over creating executable scripts, as they are more flexible and easier to run. Prefer relative commands and paths that avoid location sensitivity for terminal consistency, e.g: \`touch ./testdata/example.file\`, \`dir ./examples/model1/data/yaml\`, or \`go test ./cmd/front --config ./cmd/front/config.yml\`. If directed by the user, you may open a terminal in a different directory by using the \`cwd\` parameter.
+
+**IMPORTANT: When executing commands that match common patterns (like npm, git, ls, etc.), you SHOULD provide suggestions for whitelisting. This allows users to auto-approve similar commands in the future.**
+
 Parameters:
 - command: (required) The CLI command to execute. This should be valid for the current operating system. Ensure the command is properly formatted and does not contain any harmful instructions.
 - cwd: (optional) The working directory to execute the command in (default: ${args.cwd})
+- suggestions: (optional) An array of safe command patterns that the user can whitelist for automatic approval in the future. Each suggestion should be a pattern that can match similar commands. When the command matches common development patterns, you SHOULD include relevant suggestions. Format each suggestion using <suggest> tags.
+
+**Whitelisting Guidelines:**
+- Include suggestions when executing common development commands (npm, git, ls, cd, etc.)
+- Suggestions use prefix matching: any command that starts with the suggestion will be auto-approved
+- The special pattern "*" allows ALL commands (use with caution)
+- Suggestions are case-insensitive (e.g., "npm " matches "NPM install", "npm test", etc.)
+- Include a trailing space in suggestions to ensure proper prefix matching
+- Common patterns to suggest:
+  - "npm " for all npm commands
+  - "git " for all git operations
+  - "ls " for listing files
+  - "cd " for changing directories
+  - "echo " for echo commands
+  - "mkdir " for creating directories
+  - "rm -rf node_modules" for specific cleanup command
+  - Language-specific patterns like "python ", "node ", "go test ", etc.
+  - "*" to allow all commands (only suggest when explicitly requested by user)
+
 Usage:
 <execute_command>
 <command>Your command here</command>
 <cwd>Working directory path (optional)</cwd>
+<suggestions>
+<suggest>pattern 1</suggest>
+<suggest>pattern 2</suggest>
+</suggestions>
 </execute_command>
 
-Example: Requesting to execute npm run dev
+Example: Requesting to execute npm run dev with suggestions
 <execute_command>
 <command>npm run dev</command>
+<suggestions>
+<suggest>npm run </suggest>
+<suggest>npm </suggest>
+</suggestions>
+</execute_command>
+
+Example: Requesting to execute git status with suggestions
+<execute_command>
+<command>git status</command>
+<suggestions>
+<suggest>git status</suggest>
+<suggest>git *</suggest>
+</suggestions>
 </execute_command>
 
-Example: Requesting to execute ls in a specific directory if directed
+Example: Requesting to execute ls in a specific directory with suggestions
 <execute_command>
 <command>ls -la</command>
 <cwd>/home/user/projects</cwd>
+<suggestions>
+<suggest>ls -la</suggest>
+<suggest>ls </suggest>
+</suggestions>
 </execute_command>`
 }

src/core/tools/__tests__/executeCommandTool.spec.ts

@@ -59,7 +59,45 @@ beforeEach(() => {
 			return
 		}
 
-		const didApprove = await askApproval("command", block.params.command)
+		// Handle suggestions if provided
+		let commandWithSuggestions = block.params.command
+		if (block.params.suggestions) {
+			let suggestions = block.params.suggestions
+			// Handle both array and string formats
+			if (typeof suggestions === "string") {
+				const suggestionsString = suggestions
+
+				// First try to parse as JSON array
+				if (suggestionsString.trim().startsWith("[")) {
+					try {
+						suggestions = JSON.parse(suggestionsString)
+					} catch (jsonError) {
+						// Fall through to XML parsing
+					}
+				}
+
+				// If not JSON or JSON parsing failed, try to parse individual <suggest> tags
+				if (!Array.isArray(suggestions)) {
+					const individualSuggestMatches = suggestionsString.match(/<suggest>(.*?)<\/suggest>/g)
+					if (individualSuggestMatches) {
+						suggestions = individualSuggestMatches
+							.map((match) => {
+								const content = match.match(/<suggest>(.*?)<\/suggest>/)
+								return content ? content[1] : ""
+							})
+							.filter((suggestion) => suggestion.length > 0)
+					} else {
+						// If no XML tags found, treat as single suggestion
+						suggestions = [suggestions]
+					}
+				}
+			}
+			if (Array.isArray(suggestions) && suggestions.length > 0) {
+				commandWithSuggestions = `${block.params.command}\n<suggestions>\n${suggestions.join("\n")}\n</suggestions>`
+			}
+		}
+
+		const didApprove = await askApproval("command", commandWithSuggestions)
 		if (!didApprove) {
 			return
 		}
@@ -309,4 +347,237 @@ describe("executeCommandTool", () => {
 			expect(mockOptions.commandExecutionTimeout).toBeDefined()
 		})
 	})
+
+	describe("Suggestions functionality", () => {
+		it("should pass command with suggestions when suggestions are provided as array", async () => {
+			// Setup
+			mockToolUse.params.command = "npm install"
+			mockToolUse.params.suggestions = JSON.stringify([
+				"npm install --save",
+				"npm install --save-dev",
+				"npm install --global",
+			])
+
+			// Execute
+			await executeCommandTool(
+				mockCline as unknown as Task,
+				mockToolUse,
+				mockAskApproval as unknown as AskApproval,
+				mockHandleError as unknown as HandleError,
+				mockPushToolResult as unknown as PushToolResult,
+				mockRemoveClosingTag as unknown as RemoveClosingTag,
+			)
+
+			// Verify
+			const expectedCommandWithSuggestions = `npm install
+<suggestions>
+npm install --save
+npm install --save-dev
+npm install --global
+</suggestions>`
+			expect(mockAskApproval).toHaveBeenCalledWith("command", expectedCommandWithSuggestions)
+			expect(mockExecuteCommand).toHaveBeenCalled()
+			expect(mockPushToolResult).toHaveBeenCalledWith("Command executed")
+		})
+
+		it("should pass command with suggestions when suggestions are provided as JSON string", async () => {
+			// Setup
+			mockToolUse.params.command = "git commit"
+			mockToolUse.params.suggestions =
+				'["git commit -m \\"Initial commit\\"", "git commit --amend", "git commit --no-verify"]'
+
+			// Execute
+			await executeCommandTool(
+				mockCline as unknown as Task,
+				mockToolUse,
+				mockAskApproval as unknown as AskApproval,
+				mockHandleError as unknown as HandleError,
+				mockPushToolResult as unknown as PushToolResult,
+				mockRemoveClosingTag as unknown as RemoveClosingTag,
+			)
+
+			// Verify
+			const expectedCommandWithSuggestions = `git commit
+<suggestions>
+git commit -m "Initial commit"
+git commit --amend
+git commit --no-verify
+</suggestions>`
+			expect(mockAskApproval).toHaveBeenCalledWith("command", expectedCommandWithSuggestions)
+			expect(mockExecuteCommand).toHaveBeenCalled()
+			expect(mockPushToolResult).toHaveBeenCalledWith("Command executed")
+		})
+
+		it("should handle single suggestion as string", async () => {
+			// Setup
+			mockToolUse.params.command = "docker run"
+			mockToolUse.params.suggestions = "docker run -it ubuntu:latest"
+
+			// Execute
+			await executeCommandTool(
+				mockCline as unknown as Task,
+				mockToolUse,
+				mockAskApproval as unknown as AskApproval,
+				mockHandleError as unknown as HandleError,
+				mockPushToolResult as unknown as PushToolResult,
+				mockRemoveClosingTag as unknown as RemoveClosingTag,
+			)
+
+			// Verify
+			const expectedCommandWithSuggestions = `docker run
+<suggestions>
+docker run -it ubuntu:latest
+</suggestions>`
+			expect(mockAskApproval).toHaveBeenCalledWith("command", expectedCommandWithSuggestions)
+			expect(mockExecuteCommand).toHaveBeenCalled()
+			expect(mockPushToolResult).toHaveBeenCalledWith("Command executed")
+		})
+
+		it("should handle empty suggestions array", async () => {
+			// Setup
+			mockToolUse.params.command = "ls"
+			mockToolUse.params.suggestions = JSON.stringify([])
+
+			// Execute
+			await executeCommandTool(
+				mockCline as unknown as Task,
+				mockToolUse,
+				mockAskApproval as unknown as AskApproval,
+				mockHandleError as unknown as HandleError,
+				mockPushToolResult as unknown as PushToolResult,
+				mockRemoveClosingTag as unknown as RemoveClosingTag,
+			)
+
+			// Verify - should pass command without suggestions
+			expect(mockAskApproval).toHaveBeenCalledWith("command", "ls")
+			expect(mockExecuteCommand).toHaveBeenCalled()
+			expect(mockPushToolResult).toHaveBeenCalledWith("Command executed")
+		})
+
+		it("should handle invalid JSON string in suggestions", async () => {
+			// Setup
+			mockToolUse.params.command = "echo test"
+			mockToolUse.params.suggestions = "invalid json {"
+
+			// Execute
+			await executeCommandTool(
+				mockCline as unknown as Task,
+				mockToolUse,
+				mockAskApproval as unknown as AskApproval,
+				mockHandleError as unknown as HandleError,
+				mockPushToolResult as unknown as PushToolResult,
+				mockRemoveClosingTag as unknown as RemoveClosingTag,
+			)
+
+			// Verify - should treat invalid JSON as single suggestion
+			const expectedCommandWithSuggestions = `echo test
+<suggestions>
+invalid json {
+</suggestions>`
+			expect(mockAskApproval).toHaveBeenCalledWith("command", expectedCommandWithSuggestions)
+			expect(mockExecuteCommand).toHaveBeenCalled()
+			expect(mockPushToolResult).toHaveBeenCalledWith("Command executed")
+		})
+
+		it("should parse individual <suggest> XML tags correctly", async () => {
+			// Setup
+			mockToolUse.params.command = "npm install"
+			mockToolUse.params.suggestions =
+				"<suggest>npm install --save</suggest><suggest>npm install --save-dev</suggest><suggest>npm install --global</suggest>"
+
+			// Execute
+			await executeCommandTool(
+				mockCline as unknown as Task,
+				mockToolUse,
+				mockAskApproval as unknown as AskApproval,
+				mockHandleError as unknown as HandleError,
+				mockPushToolResult as unknown as PushToolResult,
+				mockRemoveClosingTag as unknown as RemoveClosingTag,
+			)
+
+			// Verify
+			const expectedCommandWithSuggestions = `npm install
+<suggestions>
+npm install --save
+npm install --save-dev
+npm install --global
+</suggestions>`
+			expect(mockAskApproval).toHaveBeenCalledWith("command", expectedCommandWithSuggestions)
+			expect(mockExecuteCommand).toHaveBeenCalled()
+			expect(mockPushToolResult).toHaveBeenCalledWith("Command executed")
+		})
+
+		it("should parse single <suggest> XML tag correctly", async () => {
+			// Setup
+			mockToolUse.params.command = "git push"
+			mockToolUse.params.suggestions = "<suggest>git push origin main</suggest>"
+
+			// Execute
+			await executeCommandTool(
+				mockCline as unknown as Task,
+				mockToolUse,
+				mockAskApproval as unknown as AskApproval,
+				mockHandleError as unknown as HandleError,
+				mockPushToolResult as unknown as PushToolResult,
+				mockRemoveClosingTag as unknown as RemoveClosingTag,
+			)
+
+			// Verify
+			const expectedCommandWithSuggestions = `git push
+<suggestions>
+git push origin main
+</suggestions>`
+			expect(mockAskApproval).toHaveBeenCalledWith("command", expectedCommandWithSuggestions)
+			expect(mockExecuteCommand).toHaveBeenCalled()
+			expect(mockPushToolResult).toHaveBeenCalledWith("Command executed")
+		})
+
+		it("should handle mixed content with <suggest> tags", async () => {
+			// Setup
+			mockToolUse.params.command = "docker run"
+			mockToolUse.params.suggestions =
+				"Some text before <suggest>docker run -it ubuntu</suggest> and <suggest>docker run -d nginx</suggest> with text after"
+
+			// Execute
+			await executeCommandTool(
+				mockCline as unknown as Task,
+				mockToolUse,
+				mockAskApproval as unknown as AskApproval,
+				mockHandleError as unknown as HandleError,
+				mockPushToolResult as unknown as PushToolResult,
+				mockRemoveClosingTag as unknown as RemoveClosingTag,
+			)
+
+			// Verify
+			const expectedCommandWithSuggestions = `docker run
+<suggestions>
+docker run -it ubuntu
+docker run -d nginx
+</suggestions>`
+			expect(mockAskApproval).toHaveBeenCalledWith("command", expectedCommandWithSuggestions)
+			expect(mockExecuteCommand).toHaveBeenCalled()
+			expect(mockPushToolResult).toHaveBeenCalledWith("Command executed")
+		})
+
+		it("should work normally when no suggestions are provided", async () => {
+			// Setup
+			mockToolUse.params.command = "pwd"
+			// No suggestions property
+
+			// Execute
+			await executeCommandTool(
+				mockCline as unknown as Task,
+				mockToolUse,
+				mockAskApproval as unknown as AskApproval,
+				mockHandleError as unknown as HandleError,
+				mockPushToolResult as unknown as PushToolResult,
+				mockRemoveClosingTag as unknown as RemoveClosingTag,
+			)
+
+			// Verify - should pass command without suggestions
+			expect(mockAskApproval).toHaveBeenCalledWith("command", "pwd")
+			expect(mockExecuteCommand).toHaveBeenCalled()
+			expect(mockPushToolResult).toHaveBeenCalledWith("Command executed")
+		})
+	})
 })