feat(security): Add excluded paths configuration for improved security #24
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Add exclude_paths field to ToolsConfig with default exclusions for .infer directory - Implement path exclusion validation in LocalFileService - Add CLI commands for managing excluded paths: - `infer config tools exclude list` - List excluded paths - `infer config tools exclude add <path>` - Add path exclusion - `infer config tools exclude remove <path>` - Remove path exclusion - Update tools list command to show excluded paths - Default exclusions prevent access to infer's own configuration files - Support for directory patterns with wildcards (e.g., .infer/*) - Comprehensive pattern matching for exact paths, directories, and prefixes - Update documentation with new commands and configuration options Addresses all acceptance criteria: - Infer CLI cannot modify its own config by default - Additional excluded paths list under tools configuration - Full documentation of the feature 🤖 Generated with [Claude Code](https://claude.ai/code) Co-authored-by: Eden Reich <[email protected]>
Signed-off-by: Eden Reich <[email protected]>
edenreich
changed the title
Contributor
Author
|
@claude Can you change the sub command to be more explicit |
Contributor
|
Claude finished @edenreich's task —— View job CLI command structure updated successfully! ✅I've successfully changed the subcommand from Completed Tasks:
Changes Made:
New Command Structure:# List excluded paths
infer config tools exclude-path list
# Add path to exclusion list
infer config tools exclude-path add ".github/"
# Remove path from exclusion list
infer config tools exclude-path remove "test.txt"The changes maintain all existing functionality while providing a more explicit and clear command structure. |
- Update CLI command structure from `infer config tools exclude` to `infer config tools exclude-path` - Rename all related command variables and registrations - Update CLAUDE.md documentation to reflect new command structure - Maintain all existing functionality with more explicit command naming Co-authored-by: Eden Reich <[email protected]>
Signed-off-by: Eden Reich <[email protected]>
…or messages The cat, head and tail are optional, removing those from default whitelisting and the Read command does exactly what those commands are doing, easier to maintain security and useability. Let the user decide if they need cat command. Signed-off-by: Eden Reich <[email protected]>
|
🎉 This PR is included in version 0.9.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes #21
This PR implements the excluded paths feature to improve security by preventing the infer CLI from reading sensitive files.
Changes
New Commands
Generated with Claude Code