From f6adc29014f9227f4b16cb065b25f3e421a47930 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=86=A0=E8=BE=B0?= Date: Sat, 23 May 2026 20:51:55 +0800 Subject: [PATCH] fix(security): allow bare date by default --- src/openhuman/config/schema/autonomy.rs | 1 + src/openhuman/security/policy.rs | 1 + src/openhuman/security/policy_tests.rs | 11 +++++++++++ 3 files changed, 13 insertions(+) diff --git a/src/openhuman/config/schema/autonomy.rs b/src/openhuman/config/schema/autonomy.rs index a1eb49d333..efb953e553 100644 --- a/src/openhuman/config/schema/autonomy.rs +++ b/src/openhuman/config/schema/autonomy.rs @@ -60,6 +60,7 @@ fn default_allowed_commands() -> Vec { "wc".into(), "head".into(), "tail".into(), + "date".into(), "dir".into(), "type".into(), "where".into(), diff --git a/src/openhuman/security/policy.rs b/src/openhuman/security/policy.rs index 3431a548e7..a49357116b 100644 --- a/src/openhuman/security/policy.rs +++ b/src/openhuman/security/policy.rs @@ -722,6 +722,7 @@ impl SecurityPolicy { || arg == "-c" }) } + "date" => args.is_empty(), _ => true, } } diff --git a/src/openhuman/security/policy_tests.rs b/src/openhuman/security/policy_tests.rs index 2a7b07e752..a2dec272cd 100644 --- a/src/openhuman/security/policy_tests.rs +++ b/src/openhuman/security/policy_tests.rs @@ -128,6 +128,17 @@ fn config_default_policy_includes_windows_read_equivalents() { assert!(!p.is_command_allowed("date 2026-05-21")); } +#[test] +fn config_default_policy_allows_prompt_date_command() { + let cfg = crate::openhuman::config::AutonomyConfig::default(); + let p = SecurityPolicy::from_config(&cfg, std::path::Path::new(".")); + + assert!( + p.is_command_allowed("date"), + "agent instructions use `shell date`, so the default runtime policy must allow it" + ); +} + #[test] fn blocked_commands_basic() { let p = default_policy();