Skip to content

feat(chat): Add validation to fileRead, ListDir and ExecBash tool #6987

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

feat(chat): Add validation to fileRead, ListDir and ExecBash tool #6987

wants to merge 1 commit into from

Conversation

@bywang56
Copy link
Contributor

@bywang56 bywang56 commented Apr 9, 2025
edited
Loading

Problem

We should ask for consensus tools accessing files/dirs outside of workspace

Solution

Add validation step when accessing files/dirs outside of workspace using fsRead or listDirectories tools.

Tests

Tests tools, verified button shows up and workflow continues to finish after "accept".

  • Treat all work as PUBLIC. Private feature/x branches will not be squash-merged at release time.
  • Your code changes must meet the guidelines in CONTRIBUTING.md.
  • License: I confirm that my contribution is made under the terms of the Apache 2.0 license.

@bywang56 bywang56 requested review from a team as code owners April 9, 2025 23:35
@github-actions
Copy link

github-actions bot commented Apr 9, 2025

  • This pull request implements a feat or fix, so it must include a changelog entry (unless the fix is for an unreleased feature). Review the changelog guidelines.
    • Note: beta or "experiment" features that have active users should announce fixes in the changelog.
    • If this is not a feature or fix, use an appropriate type from the title guidelines. For example, telemetry-only changes should use the telemetry type.

@bywang56 bywang56 force-pushed the feature/agentic-chat branch from 36a61be to 77c02ac Compare April 10, 2025 00:04
@bywang56 bywang56 force-pushed the feature/agentic-chat branch from 77c02ac to c7ddadd Compare April 10, 2025 00:20
justinmk3
justinmk3 reviewed Apr 10, 2025
View reviewed changes
packages/core/package.nls.json
Comment on lines +459 to +462
"AWS.amazonq.fsRead.run": "Run",
"AWS.amazonq.fsRead.reject": "Reject",
"AWS.amazonq.listDirectory.run": "Run",
"AWS.amazonq.listDirectory.reject": "Reject",
Copy link
Contributor

@justinmk3 justinmk3 Apr 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nls.json is only necessary if these strings are used in package.json

and for common strings, update packages/core/src/shared/localizedText.ts, don't repeat them with different ids. Why would "fsRead" and "listDirectory" have different words for "Run"? Avoid over-abstracting, that is even more costly than not abstracting at all.

justinmk3
justinmk3 reviewed Apr 10, 2025
View reviewed changes
packages/core/src/codewhispererChat/tools/executeBash.ts
Comment on lines +197 to +199
for (const cmdArgs of allCommands) {
for (const arg of cmdArgs) {
if (this.looksLikePath(arg)) {
Copy link
Contributor

@justinmk3 justinmk3 Apr 10, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is going on here? you have coded a double loop without a comment giving a hint about what it does.

@bywang56 bywang56 closed this Apr 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@justinmk3 justinmk3 justinmk3 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bywang56 @justinmk3