Skip to content

make sure only single command starts with "ros2".#68

Merged
fujitatomoya merged 3 commits intorollingfrom
issues/62
Nov 7, 2025
Merged

make sure only single command starts with "ros2".#68
fujitatomoya merged 3 commits intorollingfrom
issues/62

Conversation

@fujitatomoya
Copy link
Owner

@fujitatomoya fujitatomoya commented Nov 7, 2025

closes #62

@fujitatomoya fujitatomoya requested a review from Copilot November 7, 2025 05:41
@fujitatomoya
Copy link
Owner Author

fujitatomoya commented Nov 7, 2025

@Mergifyio rebase

@mergify
Copy link

mergify bot commented Nov 7, 2025

rebase

✅ Branch has been successfully rebased

@fujitatomoya fujitatomoya self-assigned this Nov 7, 2025
fujitatomoya
fujitatomoya commented Nov 7, 2025
View reviewed changes
Copy link
Owner Author

@fujitatomoya fujitatomoya left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not think that this is perfect yet.

To guarantee, we should generate the possible command list and check the generated command by LLM against that table to make sure the command is in the table. but for now, let's leave it there.

Copilot AI reviewed Nov 7, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances command safety and updates default AI model configurations. It adds protection against executing multiple shell commands by introducing a validation function that extracts only the first ros2 command, and updates the default model from 'gpt-4o' to 'gpt-5' along with adding test cases for newer AI models.

Key changes:

  • Adds ros2_single_command() function to prevent execution of chained shell commands
  • Updates default OpenAI model to 'gpt-5' and refines system role prompt
  • Expands test coverage with additional model versions (o3, o4-mini, gemini-2.5-pro)

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File Description
scripts/verification.sh Adds test cases for newer AI models (o3, o4-mini, gpt-5, gemini-2.5-pro) and increases timeout parameter
ros2ai/verb/exec.py Integrates the new command validation function into the exec workflow
ros2ai/api/utils.py Implements ros2_single_command() to validate and sanitize command strings
ros2ai/api/constants.py Updates default model to 'gpt-5' and refines system role prompt to emphasize single command execution

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@fujitatomoya
make sure only single command starts with "ros2".
fd71a9d 
Signed-off-by: Tomoya Fujita <Tomoya.Fujita@sony.com>
@fujitatomoya
update codeslepp whitelist.
67301c3 
Signed-off-by: Tomoya Fujita <Tomoya.Fujita@sony.com>
@fujitatomoya
address suggestions provided by CoPilot.
618d400 
Signed-off-by: Tomoya Fujita <Tomoya.Fujita@sony.com>
@fujitatomoya fujitatomoya merged commit 949ad40 into rolling Nov 7, 2025
6 checks passed
@fujitatomoya fujitatomoya deleted the issues/62 branch November 7, 2025 05:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@fujitatomoya fujitatomoya

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security Risk: Arbitrary Code Execution via LLM Generated Commands

1 participant

@fujitatomoya