fix: add external_directory permission to Plan+ agent #204
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
@@ -337,6 +337,9 @@ def get_agent_config(display_name, filename, subagents=None, model_tier=None): | |||||||||||||||
| # Bash has granular permissions for read-only file discovery commands | ||||||||||||||||
| # Path-based permissions: deny by default, allow specific paths | ||||||||||||||||
| config["permission"] = { | ||||||||||||||||
| # Allow reading from external directories (e.g., ~/.aidevops/agents/) | ||||||||||||||||
| # Required for version check greeting and reading agent documentation | ||||||||||||||||
| "external_directory": "allow", | ||||||||||||||||
|
Comment on lines
+340
to
+342
There was a problem hiding this comment.
While this change fixes the immediate issue, granting a blanket Given the history of security hardening for the Plan+ agent (e.g., path-based write permissions in #112, permission bypass fix in v2.5.3), it would be much safer to use a more granular, path-based permission. The suggested change restricts read access to only the
Suggested change
|
||||||||||||||||
| "bash": { | ||||||||||||||||
| # File discovery commands (fast alternatives to mcp_glob) | ||||||||||||||||
| "git ls-files*": "allow", | ||||||||||||||||
|
|
||||||||||||||||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
external_directory: "allow"removes the user prompt for any external path access, which could unintentionally let Plan+ read sensitive files in$HOME(e.g.,~/.ssh,~/.config). Is it possible/desirable to scope external access to just~/.aidevops/agents/(or the specificVERSIONfile) to keep Plan+ as locked down as intended?🤖 Was this useful? React with 👍 or 👎