Skip to content

Harden tool terminal execution with command blocklisting and persistent shell process#558

Merged
Power-Maverick merged 13 commits into
devfrom
copilot/secure-terminal-commands
Jun 15, 2026
Merged

Harden tool terminal execution with command blocklisting and persistent shell process#558
Power-Maverick merged 13 commits into
devfrom
copilot/secure-terminal-commands

Conversation

Copilot AI commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

When PowerShell (and other shells) run in interactive mode with stdin piped rather than a real PTY, they echo commands written to stdin back to stdout. This caused the internal sentinel used for exit-code detection to appear verbatim in the terminal UI:

$__pptb_ok__ = $?; $__pptb_lec__ = $LASTEXITCODE; $__pptb__ = if ($null -ne $__pptb_lec__) { $__pptb_lec__ } elseif ($__pptb_ok__) { 0 } else { 1 }; [Console]::Error.WriteLine("PPTB_CMD_END_..._$__pptb__")

Changes

  • handleStdoutChunk() — replaces the inline stdout handler. When a command is executing, stdout is line-buffered and lines matching the sentinel echo pattern are dropped before display. Pass-through is immediate when no command is in flight.

  • isSentinelEchoLine() — per-shell predicate matching the echoed sentinel:

    • pwsh: $__pptb_ok__ = $?;
    • cmd: echo PPTB_CMD_END_
    • posix: __pptb__=$?;
  • flushStdoutBuffer() — drains the line buffer (with the same filter) when a pending command resolves or fails, shared between resolvePendingCommand and failPendingCommand.

  • Use a meaningful title for the pull request.

  • Follow the guidelines from the CONTRIBUTING.md.

  • Mention the bug or the feature number the PR will be targeting.

  • Test the change in your own code. (Compile and run)

  • Resolve all GH Copilot comments.

Copilot AI changed the title [WIP] Secure terminal to restrict unsafe command execution Harden tool terminal execution with command allowlisting Jun 12, 2026
Copilot AI requested a review from Power-Maverick June 12, 2026 21:10
@Power-Maverick

Copy link
Copy Markdown
Contributor

@copilot allow command "cd", "code","dotnet build" and any other noon-intrusive commands that does not compromise the security. Only maintain the list of blocked command everything else should be allowed

Copilot AI commented Jun 14, 2026

Copy link
Copy Markdown
Contributor Author

@copilot allow command "cd", "code","dotnet build" and any other noon-intrusive commands that does not compromise the security. Only maintain the list of blocked command everything e...

Done in commit refactor: switch terminal security from allowlist to blocklist. The approach is now a blocklist instead of an allowlist:

Blocked (shell interpreters and privilege-escalation tools):

  • Unix/macOS shells: bash, sh, zsh, fish, csh, ksh, dash, tcsh
  • Windows shells: cmd, cmd.exe, powershell, powershell.exe, pwsh, pwsh.exe
  • Privilege escalation: sudo, su, runas, doas, pkexec
  • npm run/exec/start/… and npx --shell/-c (prevent arbitrary script pivot)

Allowed: everything else — cd, code, dotnet build, git, pac, npm install, npx, etc.

Copilot AI changed the title Harden tool terminal execution with command allowlisting Harden tool terminal execution with command blocklisting Jun 14, 2026
Comment thread packages/toolboxAPI.d.ts Outdated
Comment thread src/main/managers/terminalManager.ts
Comment thread src/main/managers/terminalManager.ts
Comment thread src/main/managers/terminalManager.ts Outdated
@Power-Maverick

Copy link
Copy Markdown
Contributor

@copilot Work on the review comments

Copilot AI changed the title Harden tool terminal execution with command blocklisting Harden tool terminal execution with command blocklisting and persistent shell process Jun 14, 2026
@Power-Maverick

Copy link
Copy Markdown
Contributor

@copilot getting error when executing a regular commands Set-Location: A positional parameter cannot be found that accepts argument '&&'. - the command it is trying to execute is cd "/Users/xyz/PPTB_PCF_Test" && npm run build but due to parsing it gets converted into following command cd '/Users/xyz/PPTB_PCF_Test' '&&' 'npm' 'start' and hence the error

Copilot AI commented Jun 14, 2026

Copy link
Copy Markdown
Contributor Author

@copilot getting error when executing a regular commands Set-Location: A positional parameter cannot be found that accepts argument '&&'. - the command it is trying to execute is `...

Fixed in the latest commit. The root cause was that buildShellCommandInput was reconstructing the command from tokenized+quoted arguments, causing && to become the quoted literal '&&' — a positional argument rather than a shell operator.

The fix:

  • Raw command written to stdin: the validated command string is now passed verbatim to the persistent shell process so &&, ||, ;, and | are interpreted natively by the shell.
  • Compound command validation: a new splitCompoundCommand() function splits on those unquoted operators and each segment's executable is individually checked against the blocklist (so ls && bash still gets blocked).
  • Command substitution guard: $(...) and backtick substitution are now explicitly rejected to preserve the security that argument-quoting previously gave us.
  • npm run unblocked: npm run build, npm run start, etc. are no longer in the blocklist — they are legitimate developer commands. npx --shell / npx -c remain blocked as those explicitly spawn a shell interpreter.

With this change cd "/Users/xyz/PPTB_PCF_Test" && npm run build executes correctly.

Copilot AI added 2 commits June 14, 2026 23:23
When PowerShell (and other shells) run in interactive mode with stdin
piped, they echo the commands written to stdin back to stdout. This
caused the internal sentinel command used for exit-code detection to
appear verbatim in the terminal UI.

Fix: buffer stdout by line while a command is executing and drop any
line that matches the per-shell-type sentinel echo pattern before
emitting output to the display. Remaining buffered data is flushed
(with the same filter applied) when the pending command is resolved
or fails.
Copilot AI changed the title Harden tool terminal execution with command blocklisting and persistent shell process fix(terminal): suppress sentinel command echo in terminal display Jun 14, 2026
@Power-Maverick Power-Maverick changed the title fix(terminal): suppress sentinel command echo in terminal display Harden tool terminal execution with command blocklisting and persistent shell process Jun 14, 2026
@github-actions

Copy link
Copy Markdown

Bundle Size Report 📦

Bundle Size
Main Process 970.83 KB
Renderer JS 550.26 KB
Renderer CSS 96.82 KB
Total 1.58 MB

Bundle Analysis Reports

The detailed bundle analysis reports are available in the workflow artifacts:

  • 📊 Main Process: stats-main.html
  • 📊 Renderer Process: stats-renderer.html

Download the artifacts from the workflow run to view interactive visualizations.


Bundle size tracking is now active! This helps prevent bundle bloat.

@Power-Maverick Power-Maverick marked this pull request as ready for review June 15, 2026 13:24
@Power-Maverick Power-Maverick merged commit 0680696 into dev Jun 15, 2026
3 checks passed
@Power-Maverick Power-Maverick deleted the copilot/secure-terminal-commands branch June 15, 2026 13:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Feature]: Make terminal more secured

2 participants