Skip to content

fix(tool): evaluate grep permissions on requested path#1227

Merged
Astro-Han merged 3 commits into
devfrom
codex/c2-grep-permission
Jun 10, 2026
Merged

fix(tool): evaluate grep permissions on requested path#1227
Astro-Han merged 3 commits into
devfrom
codex/c2-grep-permission

Conversation

@Astro-Han

@Astro-Han Astro-Han commented Jun 10, 2026

Copy link
Copy Markdown
Owner

Summary

Fix grep external-directory permission evaluation so an allowed requested alias or symlink path is honored while grep still searches the resolved real path.

Why

A grep path can be a user-approved alias that resolves outside the project. Before this change, grep resolved the path before asking for external_directory, so permission rules written for the requested alias could still prompt or deny based on the real path.

Related Issue

Ports the behavior from upstream anomalyco/opencode#26958. There is no local PawWork issue for this narrow upstream-value PR.

Human Review Status

Pending

Review Focus

Please check the permission boundary: only grep opts into requested-path permission patterns, while the default shared helper behavior for shell/read/write remains realpath-based.

Risk Notes

Permissions/path behavior changed for grep. No visible UI changed, so the UI check is not applicable. No docs, release notes, dependencies, credentials, deletion behavior, generated content, or local file changes are included. I considered macOS and Windows path impact; the regression test covers POSIX symlink behavior and the implementation uses the existing Windows path normalizer for the new optional permission path.

How To Verify

RED: bun test test/tool/grep.test.ts failed on the new alias-path permission regression because grep requested external_directory for the real path.
Focused grep tests: bun test test/tool/grep.test.ts -> 10 pass, 0 fail.
Shell symlink guard: bun test test/tool/shell.test.ts --test-name-pattern "asks for real external_directory when bash reads through tmp symlink" -> 1 pass, 53 filtered out, 0 fail.
Typecheck: bun run typecheck in packages/opencode -> passed.
External-directory helper tests: bun test test/tool/external-directory.test.ts -> 14 pass, 0 fail.
Review follow-up guard: bun test test/tool/shell.test.ts --test-name-pattern "asks for real external_directory when bash reads through tmp symlink" -> 1 pass, 53 filtered out, 0 fail.
Diff check: git diff --check -> passed.

Screenshots or Recordings

Not applicable; no visible UI changed.

Checklist

How to use this checklist:

  • Tick a box by replacing [ ] with [x]. Do not edit, add, or remove items.
  • The bot-applied label items can only be honestly ticked AFTER the PR is opened and the labeler / priority-triage bots have run — return to the PR description and tick them then.
  • Most items are required. The few that are conditional are explicitly marked (conditional); for those, leave unticked if they truly do not apply and explain why in Risk Notes. All other items must be ticked before requesting human review.
  • Type label — this PR carries exactly one of bug, enhancement, task, documentation. Type labels are author-added; the labeler bot does NOT assign them. Add the label in the GitHub UI, then tick this.
  • Routing labels — this PR carries at least one of app, ui, platform, harness, ci. The labeler bot assigns these on PR open based on changed paths. Confirm the bot's choice (or override if wrong), then tick this.
  • Priority label — this PR carries exactly one of P0, P1, P2, P3. The priority-triage bot suggests one on PR open. Confirm or override, then tick this.
  • Human Review Status above is set to Pending, Approved by @<reviewer>, or Not required: <reason> (default is Pending; "not required" is restricted to bot-authored low-risk PRs).
  • I linked the related issue, or stated in Summary why there is no issue.
  • I described the review focus and any meaningful risks.
  • I replaced the example block in How To Verify with the real verification steps and the key result for each.
  • I did not introduce unrelated refactors, dependencies, generated files, or file changes beyond the stated scope.
  • (conditional) I manually checked visible UI or copy changes when needed, with screenshots or recordings. Leave unticked only if no visible UI or copy changed.
  • (conditional) I considered macOS and Windows impact for platform, packaging, updater, signing, paths, shell, or permissions changes. Leave unticked only if no platform/packaging surface was touched.
  • (conditional) I called out docs, release notes, dependencies, permissions, credentials, deletion behavior, generated content, or local file changes when relevant. Leave unticked only if none of those surfaces was touched.
  • I reviewed the final diff for unrelated changes and suspicious dependency changes.
  • I am targeting dev, and my PR title and commit messages use Conventional Commits in English.

@Astro-Han Astro-Han added bug Something isn't working P2 Medium priority upstream Tracked upstream or vendor behavior harness Model harness, prompts, tool descriptions, and session mechanics labels Jun 10, 2026
@coderabbitai

coderabbitai Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

@Astro-Han, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 2 minutes and 35 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: e1f0d7a4-4e26-494c-a4cc-24a6a0b9b808

📥 Commits

Reviewing files that changed from the base of the PR and between aff7ce2 and 6506ee5.

📒 Files selected for processing (3)
  • packages/opencode/src/tool/external-directory.ts
  • packages/opencode/src/tool/grep.ts
  • packages/opencode/test/tool/grep.test.ts
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch codex/c2-grep-permission

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested priority: P2 (includes non-doc, non-test paths outside the low-risk bucket).

P1/P0 are reserved for maintainer confirmation. Please relabel manually if this is a release blocker, security issue, data-loss risk, or updater/runtime failure.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request updates the grep tool to use the requested alias path rather than the resolved path when checking external_directory permissions, and adds a corresponding test case. The reviewer suggests simplifying this implementation by replacing the permissionPath string option with a boolean flag checkRequestedPath. This change would allow reusing the already computed and normalized path, eliminating duplicated path resolution logic, and avoiding unnecessary path normalization when classifying permission rule patterns.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread packages/opencode/src/tool/external-directory.ts Outdated
Comment thread packages/opencode/src/tool/external-directory.ts Outdated
Comment thread packages/opencode/src/tool/grep.ts
@Astro-Han

Astro-Han commented Jun 10, 2026

Copy link
Copy Markdown
Owner Author

Addressed the Gemini implementation-shape suggestion in f89677f: assertExternalDirectoryEffect now uses a narrow checkRequestedPath boolean instead of a generic path override, reusing the already-normalized requested path while preserving the default realpath behavior for other callers.

@Astro-Han Astro-Han merged commit b037acb into dev Jun 10, 2026
33 checks passed
@Astro-Han Astro-Han deleted the codex/c2-grep-permission branch June 10, 2026 03:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working harness Model harness, prompts, tool descriptions, and session mechanics P2 Medium priority upstream Tracked upstream or vendor behavior

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant