From 3ce2377610e6706becdcae65cfa66511e006222c Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Mar 2026 17:01:29 +0000
Subject: [PATCH 1/2] Initial plan


From b1e6f54727e7dbf0090c35f37739e07a2cf65235 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 19 Mar 2026 17:06:06 +0000
Subject: [PATCH 2/2] Restrict builtins in eval fallback path of
 AssertionEvaluator

Co-authored-by: fswair <62549656+fswair@users.noreply.github.com>
---
 src/vowel/evals.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/vowel/evals.py b/src/vowel/evals.py
index 4d7cab4..860c198 100644
--- a/src/vowel/evals.py
+++ b/src/vowel/evals.py
@@ -35,6 +35,7 @@
     "list": list,
     "max": max,
     "min": min,
+    "pow": pow,
     "range": range,
     "round": round,
     "set": set,
@@ -68,8 +69,7 @@
 
 
 def _eval_assertion_restricted(condition: str, inputs: dict[str, typing.Any]) -> bool:
-    env = {"__builtins__": SAFE_ASSERTION_BUILTINS}
-    env.update(inputs)
+    env = {**inputs, "__builtins__": SAFE_ASSERTION_BUILTINS}
     return bool(eval(condition, env, env))
 
 
@@ -271,7 +271,8 @@ def eval_python(self, condition: str, inputs: dict) -> EvaluationReason:
                 error=str(exc),
             )
             with suppress(Exception):
-                if eval(self.condition, inputs, inputs):
+                fallback_env = {**inputs, "__builtins__": SAFE_ASSERTION_BUILTINS}
+                if eval(self.condition, fallback_env, fallback_env):
                     return EvaluationReason(
                         value=True, reason=f"Assertion passed for condition: {condition}"
                     )