fix(security): allow bare date in default autonomy policy

[YOMXXX]

Summary

• Allows the default runtime autonomy config to run the bare date command.
• Keeps date argument handling conservative: date 2026-05-21 remains blocked by command argument safety checks.
• Adds a regression test for config-derived policy parity with the agent instruction that uses shell date.

Problem

• Refs OpenHuman 不执行命令和无反馈的分析 #2486.
• The default SecurityPolicy allowlist already included date, and the agent harness instructions tell the assistant to use shell with date for date/time questions.
• AutonomyConfig::default() did not include date, so runtime policies created from default config could reject that basic read-only workflow.

Solution

• Add date to default_allowed_commands() in the autonomy config schema.
• Restrict date to no arguments in SecurityPolicy::is_args_safe() so allowing bare date does not also allow date-setting style arguments.
• Add a targeted regression test for config-derived policy allowing bare date.

Submission Checklist

• Tests added or updated (happy path + at least one failure / edge case) per Testing Strategy
• Diff coverage >= 80% — changed lines (Vitest + cargo-llvm-cov merged via diff-cover) meet the gate enforced by .github/workflows/coverage.yml. CI will enforce the merged coverage gate for this Rust-only change.
• Coverage matrix updated — added/removed/renamed feature rows in docs/TEST-COVERAGE-MATRIX.md reflect this change. N/A: behavior-only security policy parity fix, no feature row added/removed/renamed.
• All affected feature IDs from the matrix are listed in the PR description under ## Related. N/A: no coverage-matrix feature ID changed.
• No new external network dependencies introduced (mock backend used per Testing Strategy)
• Manual smoke checklist updated if this touches release-cut surfaces (docs/RELEASE-MANUAL-SMOKE.md). N/A: no release smoke surface changed.
• Linked issue closed via Closes #NNN in the ## Related section. N/A: OpenHuman 不执行命令和无反馈的分析 #2486 has broader remaining scope; this PR references but does not close it.

Impact

• Runtime/security policy impact only.
• Bare date becomes allowed under default config-derived policies.
• date with arguments remains blocked to avoid widening command execution to system-time mutation forms.

Related

• Refs OpenHuman 不执行命令和无反馈的分析 #2486
• Follow-up PR(s)/TODOs: remaining OpenHuman 不执行命令和无反馈的分析 #2486 execution feedback and configurable command policy surfaces.

---

AI Authored PR Metadata (required for Codex/Linear PRs)

Linear Issue

• Key: N/A
• URL: N/A

Commit & Branch

• Branch: fix/2486-allow-date-default
• Commit SHA: 43777cd7

Validation Run

• pnpm --filter openhuman-app format:check — N/A: no frontend files changed.
• pnpm typecheck — N/A: no TypeScript files changed.
• Focused tests: GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml config_default_policy_allows_prompt_date_command --lib; GGML_NATIVE=OFF cargo test --manifest-path Cargo.toml openhuman::security::policy::tests --lib
• Rust fmt/check (if changed): cargo fmt --manifest-path Cargo.toml --all --check; git diff --check; GGML_NATIVE=OFF cargo check --manifest-path Cargo.toml
• Tauri fmt/check (if changed): N/A: no Tauri files changed.

Validation Blocked

• command: N/A
• error: N/A
• impact: N/A

Behavior Changes

• Intended behavior change: default config-derived autonomy policy now permits the bare date command used by agent instructions.
• User-visible effect: basic date/time shell lookup is no longer blocked under default runtime autonomy config.

Parity Contract

• Legacy behavior preserved: default SecurityPolicy already allowed bare date; config-derived policy now matches it.
• Guard/fallback/dispatch parity checks: date 2026-05-21 remains blocked by argument safety tests.

Duplicate / Superseded PR Handling

• Duplicate PR(s): N/A
• Canonical PR: N/A
• Resolution (closed/superseded/updated): N/A

Summary by CodeRabbit

• New Features

  • The date command is now available by default in autonomy configurations.

• Bug Fixes

  • The date command is now restricted to execute without additional arguments for enhanced security enforcement.

• Tests

  • Added test coverage validating the default date command policy behavior.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 72ec425a-c951-4deb-87c9-95cbd2447712

📥 Commits

Reviewing files that changed from the base of the PR and between 7745d58 and 43777cd.

📒 Files selected for processing (3)

• src/openhuman/config/schema/autonomy.rs
• src/openhuman/security/policy.rs
• src/openhuman/security/policy_tests.rs

---

📝 Walkthrough

Walkthrough

The PR enables the date command in the default security policy with a no-arguments constraint. The date command is added to the default allowed commands list in AutonomyConfig, the security policy enforces that date commands must have no arguments, and a test validates this configuration.

Changes

Enable date command with argument restrictions

Layer / File(s)	Summary
Enable date command with argument restrictions src/openhuman/config/schema/autonomy.rs, src/openhuman/security/policy.rs, src/openhuman/security/policy_tests.rs	date is added to default allowed commands, SecurityPolicy::is_args_safe enforces arguments-free execution, and a test validates the default policy permits the command.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

• tinyhumansai/openhuman#2013: Both PRs modify src/openhuman/security/policy.rs, specifically SecurityPolicy::is_args_safe, to tighten argument-safety rules for certain base commands.

Suggested reviewers

• senamakel
• graycyrus

Poem

🐰 A command that tells the time so true,
With safety guards to see it through,
No extra args, just date in plain,
The bunny hops through security's lane! ⏰

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(security): allow bare date in default autonomy policy' directly and clearly describes the main change: adding the date command to the default autonomy policy's allowed commands.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[YOMXXX]

Current red/cancelled checks are CI infrastructure, not the security-policy change.

Observed failures:

• Linux Appium failed before tests because the job container could not log into GHCR from the fork PR token.
• Windows secrets ACL was cancelled on the superseded run.

The shared CI fix is #2535, now green on 88ae50ff across Build/Test/E2E/Coverage. After #2535 lands, this PR should be retriggered or synced to pick up the workflow fix.

[YOMXXX]

CI status note — the two remaining red checks are infrastructure flakes, not test failures from this PR:

1. E2E (Linux / Appium Chromium) — job steps show only cleanup/teardown output, no test was reached or failed. Likely a container startup or build timeout.
2. Rust Core Coverage (cargo-llvm-cov) — the cargo llvm-cov step was terminated before producing any test output (timeout or OOM on the runner).

All substantive checks are green: Rust Core Tests + Quality, TypeScript, Frontend Unit Tests, Rust Quality (fmt + clippy), Coverage Matrix Sync, etc. A re-run should clear these.