Skip to content

fix: block bash commands in Prometheus mode to respect permission config #1449

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
code-yeongyu merged 1 commit into from
Feb 4, 2026
+34 −2
Merged

fix: block bash commands in Prometheus mode to respect permission config #1449

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/hooks/prometheus-md-only/constants.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ export const ALLOWED_EXTENSIONS = [".md"]

export const ALLOWED_PATH_PREFIX = ".sisyphus"

export const BLOCKED_TOOLS = ["Write", "Edit", "write", "edit"]
export const BLOCKED_TOOLS = ["Write", "Edit", "write", "edit", "bash"]

export const PLANNING_CONSULT_WARNING = `

Expand Down
20 changes: 19 additions & 1 deletion src/hooks/prometheus-md-only/index.test.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,25 @@ describe("prometheus-md-only", () => {
).rejects.toThrow("can only write/edit .md files")
})

test("should not affect non-Write/Edit tools", async () => {
test("should block bash commands from Prometheus", async () => {
// given
const hook = createPrometheusMdOnlyHook(createMockPluginInput())
const input = {
tool: "bash",
sessionID: TEST_SESSION_ID,
callID: "call-1",
}
const output = {
args: { command: "echo test" },
}

// when / #then
await expect(
hook["tool.execute.before"](input, output)
).rejects.toThrow("cannot execute bash commands")
})

test("should not affect non-blocked tools", async () => {
// given
const hook = createPrometheusMdOnlyHook(createMockPluginInput())
const input = {
Expand Down
14 changes: 14 additions & 0 deletions src/hooks/prometheus-md-only/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,20 @@ export function createPrometheusMdOnlyHook(ctx: PluginInput) {
return
}

// Block bash commands completely - Prometheus is read-only
if (toolName === "bash") {
log(`[${HOOK_NAME}] Blocked: Prometheus cannot execute bash commands`, {
sessionID: input.sessionID,
tool: toolName,
agent: agentName,
})
throw new Error(
`[${HOOK_NAME}] ${getAgentDisplayName("prometheus")} cannot execute bash commands. ` +
`${getAgentDisplayName("prometheus")} is a READ-ONLY planner. Use /start-work to execute the plan. ` +
`APOLOGIZE TO THE USER, REMIND OF YOUR PLAN WRITING PROCESSES, TELL USER WHAT YOU WILL GOING TO DO AS THE PROCESS, WRITE THE PLAN`
)
}

const filePath = (output.args.filePath ?? output.args.path ?? output.args.file) as string | undefined
if (!filePath) {
return
Expand Down