Add bash checkpoint support and tool filtering in agent presets#638
Add bash checkpoint support and tool filtering in agent presets#638
Conversation
- Create shared bash_checkpoint module with blacklist evaluation and 800ms timeout - Move tool filtering from install-time to checkpoint-time in all agent presets - Update agent installers to hook all tools (not just file-edit tools) - Add tool classification (FileEdit/Bash/Skip) per agent preset - Add comprehensive tests for all agents and fix existing tests with tool_name in hook_input - Standard code path for bash checkpoints: human pre-command, AI post-command Co-Authored-By: Sasha Varlamov <sasha@sashavarlamov.com>
🤖 Devin AI EngineerI'll be helping with this pull request! Here's what you should know: ✅ I will automatically:
Note: I can only respond to comments from users who have write access to this repository. ⚙️ Control Options:
|
|
|
|
No AI authorship found for these commits. Please install git-ai to start tracking AI generated code in your commits. |
![devin-ai-integration[bot]](https://avatars.githubusercontent.com/in/811515?s=60&v=4){kind=small}
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
…ching, OpenCode tool_input - Add has_output_redirection() to detect > and >> outside quotes before blacklist check, so 'echo foo > file.txt' correctly triggers checkpoint - Remove awk from BLACKLISTED_COMMANDS (can modify files with -i inplace) - Remove dead 'stash list' from GIT_READONLY_SUBCOMMANDS (multi-word string can never match single-token comparison) - Fix OpenCode preset: change tool_input from typed ToolInput struct to raw serde_json::Value so bash command field is not silently dropped - Add tests for redirection detection and awk non-blacklisting Co-Authored-By: Sasha Varlamov <sasha@sashavarlamov.com>
|
All 4 bugs identified have been fixed in 0589d42:
|
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
…n OpenCode pendingEdits - Remove wget from BLACKLISTED_COMMANDS: unlike curl, wget writes files to disk by default so it should trigger checkpoints - Store bashCommand in OpenCode pendingEdits map so the after hook can include it in tool_input for bash command evaluation - Add test_wget_not_blacklisted test Co-Authored-By: Sasha Varlamov <sasha@sashavarlamov.com>
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
- Remove xargs from BLACKLISTED_COMMANDS: it executes arbitrary commands, so pipelines like 'grep -rl pattern | xargs sed -i ...' must checkpoint - Remove find from BLACKLISTED_COMMANDS: it can modify/delete files via -delete, -exec, etc. - Update tests: remove find from readonly list, add test_xargs_not_blacklisted and test_find_not_blacklisted Co-Authored-By: Sasha Varlamov <sasha@sashavarlamov.com>
|
No AI authorship found for these commits. Please install git-ai to start tracking AI generated code in your commits. |
|
closing outdated/superseded |
|
Now superceded by #798 |
3 participants
Add bash checkpoint support and move tool filtering to checkpoint-time
Summary
Previously, git-ai only captured file changes made through explicit file-edit tools (e.g.
Write,edit,write_file). Changes made via bash/shell commands were invisible. This PR:Moves tool filtering from install-time to checkpoint-time: Agent hook installers now register for all tool events. Each agent preset classifies the tool at checkpoint time into
FileEdit,Bash, orSkipvia a newclassify_tool()function.Adds a shared
bash_checkpointmodule (src/commands/checkpoint_agent/bash_checkpoint.rs): Provides tool classification, bash command blacklist evaluation, command extraction from tool input, and scoped path parsing for common shell patterns. Includes an 800ms timeout kill switch.Updates all 6 agent presets (Claude, Gemini, Continue CLI, Droid, Amp, OpenCode) with bash tool handling that follows pre-command → human checkpoint, post-command → AI checkpoint semantics.
Updates the OpenCode TypeScript plugin to forward all tool events (not just file-edit tools) and include
tool_namein hook input.Fixes all tests to include the now-required
tool_namefield inhook_inputJSON, using the correct tool name per agent.Review & Testing Checklist for Human
classify_tool()against each agent's actual documentation — if a mapping is wrong, checkpoints will be silently skipped for that tool. Check: Claude (Write/Edit/MultiEdit/Bash), Gemini (write_file/shell), Continue (edit/terminal), Droid (ApplyPatch/Bash), Amp (Write/Edit/Bash), OpenCode (edit/bash/shell).bash_checkpoint.rs— commands likels,cat,echo,pwdare blacklisted (no checkpoint). Verify this list is complete and doesn't accidentally skip commands that modify files (e.g.sed,awk,teeshould NOT be blacklisted).run()method. Consider whether this should be extracted into a shared helper to reduce maintenance burden."tool_name": "..."to existing hook_input JSON. Verify a few examples use the correct tool name for that agent.echo "foo" > bar.txt) to verify end-to-end checkpoint creation works. CI passing is necessary but insufficient for this type of integration.Notes
bash_checkpoint.rsbut not exercised by tests.filePath, so we fall back tocwdor process cwd when finding the git repo.PresetError("Bash command blacklisted..."), which skips the checkpoint but doesn't fail the tool execution.Link to Devin Session: https://app.devin.ai/sessions/3018cc9b74db4a56a06ed5cc39c42766
Requested by: @svarlamov