fix: address code review — security, CLI flags, and memory guard

rubenmarcus · ampcode-com · rubenmarcus · commit be066dce456d · 2026-03-12T15:40:17.000Z
- Fix dangerouslyAllowAll defaulting to true → false (security) - Register --amp-mode flag on auto and template commands - Add maxOutputBytes truncation guard to runAmpCli Amp-Thread-ID: https://ampcode.com/threads/T-019ce298-ab61-760e-b725-803364016be5 Co-authored-by: Amp <amp@ampcode.com>
diff --git a/src/cli.ts b/src/cli.ts
@@ -319,6 +319,10 @@ program
   .option('--dry-run', 'Preview mode - show tasks without executing')
   .option('--skip-pr', 'Skip PR creation (commit only)')
   .option('--agent <name>', 'Specify agent to use')
+  .option(
+    '--amp-mode <mode>',
+    'Amp agent mode: smart (frontier), rush (fast), deep (extended reasoning)'
+  )
   .option('--validate', 'Run validation after each task', true)
   .option('--no-validate', 'Skip validation')
   .option('--max-iterations <n>', 'Max iterations per task (default: 15)')
@@ -412,6 +416,10 @@ program
   .option('--validate', 'Run tests/lint/build after each iteration')
   .option('--max-iterations <n>', 'Maximum loop iterations')
   .option('--agent <name>', 'Specify agent (claude-code, cursor, codex, opencode, openclaw, amp)')
+  .option(
+    '--amp-mode <mode>',
+    'Amp agent mode: smart (frontier), rush (fast), deep (extended reasoning)'
+  )
   .action(async (action: string | undefined, args: string[], options) => {
     await templateCommand(action, args, options);
   });
diff --git a/src/loop/agents.ts b/src/loop/agents.ts
@@ -349,7 +349,7 @@ async function runAmpAgent(
     prompt: options.task,
     options: {
       cwd: options.cwd,
-      dangerouslyAllowAll: options.auto ?? true,
+      dangerouslyAllowAll: options.auto ?? false,
       mode: options.ampMode ?? 'smart',
     },
   };
@@ -425,7 +425,9 @@ function runAmpCli(
     });
 
     let output = '';
+    let outputBytes = 0;
     let stdoutBuffer = '';
+    const maxOutputBytes = options.maxOutputBytes || 50 * 1024 * 1024;
 
     const timeoutMs = options.timeoutMs || 300000;
     const timeout = setTimeout(() => {
@@ -435,6 +437,14 @@ function runAmpCli(
 
     proc.stdout?.on('data', (data: Buffer) => {
       const chunk = data.toString();
+      outputBytes += data.byteLength;
+
+      if (outputBytes > maxOutputBytes) {
+        const keepBytes = Math.floor(maxOutputBytes * 0.8);
+        output = output.slice(-keepBytes);
+        outputBytes = Buffer.byteLength(output);
+      }
+
       output += chunk;
       stdoutBuffer += chunk;
 
