Skip to content

feat(security): fill gaps vs Claude Code#23883

Open
excess122 wants to merge 12 commits intoanomalyco:devfrom
excess122:feat/fill-claude-code-gaps
Open

feat(security): fill gaps vs Claude Code#23883
excess122 wants to merge 12 commits intoanomalyco:devfrom
excess122:feat/fill-claude-code-gaps

Conversation

@excess122
Copy link
Copy Markdown

@excess122 excess122 commented Apr 22, 2026
edited
Loading

Issue for this PR

Closes #

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

Fills four functional gaps compared to Claude Code's implementation:

  1. ** ool/bash.ts — Dangerous command static check**: Added DANGEROUS_PATTERNS array (25 rules) and checkDangerous() function that intercepts high-risk commands before execution (e.g.,
    m -rf /, disk format with mkfs/ disk, boot record wipe with dd if=..., history deletion). Inspired by Claude Code's hardcoded blacklist of ~23 dangerous patterns. The check runs synchronously after command parsing, before the permission prompt.

  2. session/system.ts — GitHub Copilot GPT-5 routing: Added a routing branch at the top of the provider() function so that when both providerID contains github-copilot and �pi.id contains gpt-5, the dedicated copilot-gpt-5.txt system prompt is used instead of the default one. The prompt file already existed but was never wired up.

  3. ** ile/protected.ts — Linux sensitive directory protection**: Added LINUX_HOME constant covering ~/.ssh, ~/.gnupg, ~/.aws, ~/.config/gcloud, ~/.kube, ~/.docker, ~/.netrc. Previously,
    ames() and paths() returned empty sets on Linux, leaving sensitive credential and key directories unprotected from file scanning.

  4. worktree/index.ts — Windows shell selection: Replaced hardcoded ["cmd", ["/c", cmd]] with Shell.preferred() so worktree start commands use pwsh/powershell when available on Windows, consistent with how ool/bash.ts selects the shell.

I understand why each change works: (1) pattern matching before execution prevents the dangerous commands from running at all; (2) the routing check mirrors the existing �nthropic/openai routing logic; (3) Linux was simply missing from a platform switch; (4) Shell.preferred() already handles the pwsh vs cmd decision tree.

How did you verify your code works?

  • Ran �un typecheck — passed with no errors
  • Built the Windows x64 binary (�un run script/build.ts --single) — smoke test passed: �.0.0-dev-202604221536

Screenshots / recordings

N/A — no UI changes.

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

rekram1-node and others added 12 commits April 22, 2026 00:35
@rekram1-node
feat: update codex plugin to support 5.5 (anomalyco#23789)
97f3c74
@Hona
chore: bump Bun to 1.3.13 (anomalyco#23791)
69e2f3b
@Brendonovich
fix(app): improve icon override handling in project edit dialog (anom…
a45d9a9 
…alyco#23768)
@opencode-agent
chore: update nix node_modules hashes
ed3d364
@Hona
fix: preserve BOM in text tool round-trips (anomalyco#23797)
bb69648
@opencode-agent
chore: generate
bfb954e
@Hona
test: fix cross-spawn stderr race on Windows CI (anomalyco#23808)
0595c28
@opencode-agent
chore: generate
6aa475f
@Brendonovich
fix: consolidate project avatar source logic (anomalyco#23819)
88c5f6b
@nexxeln
fix(tui): fail fast on invalid session startup (anomalyco#23837)
2a480a9
@opencode-agent
chore: generate
266e965
@excess122
feat(security): fill gaps vs Claude Code
54c41a4 
- bash.ts: add DANGEROUS_PATTERNS static check (25 rules)
- system.ts: add GitHub Copilot GPT-5 model routing
- file/protected.ts: add Linux sensitive dir protection
- worktree/index.ts: use Shell.preferred() on Windows
@github-actions github-actions Bot added needs:compliance This means the issue will auto-close after 2 hours. and removed needs:compliance This means the issue will auto-close after 2 hours. labels Apr 22, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 22, 2026

Thanks for updating your PR! It now meets our contributing guidelines. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adamdotdevin adamdotdevin Awaiting requested review from adamdotdevin adamdotdevin is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@excess122 @rekram1-node @Hona @Brendonovich @nexxeln