Skip to content

feat(caps): ILO-345 --allow-env flag for env-read capability#680

Merged
danieljohnmorris merged 1 commit into
mainfrom
feature/allow-env-cap
May 22, 2026
Merged

feat(caps): ILO-345 --allow-env flag for env-read capability#680
danieljohnmorris merged 1 commit into
mainfrom
feature/allow-env-cap

Conversation

@danieljohnmorris
Copy link
Copy Markdown
Collaborator

@danieljohnmorris danieljohnmorris commented May 22, 2026

Summary

  • Adds --allow-env=VARS CLI flag gating the env and env-all builtins, following the existing --allow-net/read/write/run pattern from ILO-59 (feat(caps): CLI capability flags — allow-net/read/write/run (ILO-59) #606)
  • Caps::Restricted gains an env: Policy field; new check_env(name) method uses exact-name matching (env-all passes "*" sentinel, which the Policy::All default always permits)
  • Both the tree-walking interpreter and the VM's OP_ENV handler are guarded; env-all routes through the interpreter bridge so its guard is also covered
  • Blocked calls return a soft Err value (consistent with --allow-net behaviour) rather than a hard crash

Test plan

  • cargo test --lib caps — 32 unit tests for Caps including 6 new check_env cases
  • cargo test --bin ilo allow_env — 3 dispatch-level integration tests (permissive, empty-list blocks, specific-var allowed)
  • cargo test — full suite clean (pre-existing verify.rs doctest failure unrelated)
  • ilo run --allow-env=PATH,HOME examples/allow-env-cap.ilo main — manual smoke test

Closes ILO-345. Extends ILO-59 (#606).

🤖 Generated with Claude Code

@claude
feat(caps): ILO-345 --allow-env flag for env-read capability
609cd80 
Add --allow-env CLI flag (Option<String> allowlist) to gate the `env`
and `env-all` builtins. Mirrors the existing --allow-net/read/write/run
pattern from ILO-59: omitting the flag stays permissive; any --allow-*
flag present switches to Caps::Restricted where only listed vars pass.

- caps.rs: add `env: Policy` field to Caps::Restricted; add check_env()
  method (exact-name match; env-all passes "*" sentinel)
- cli/args.rs: add --allow-env=VARS RunArgs field
- main.rs: wire allow_env into build_caps(); update all RunArgs literals
- interpreter/mod.rs: check_env() guard in Builtin::Env and Builtin::EnvAll
- vm/mod.rs: check_env() guard in OP_ENV handler
- tests: caps unit tests, dispatch_run integration tests, example file

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@codecov
Copy link
Copy Markdown

codecov Bot commented May 22, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 97.94872% with 4 lines in your changes missing coverage. Please review.
✅ All tests successful. No failed tests found.

Files with missing lines Patch % Lines
src/interpreter/mod.rs 80.00% 3 Missing ⚠️
src/main.rs 98.92% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

@danieljohnmorris danieljohnmorris merged commit 07f9611 into main May 22, 2026
5 checks passed
@danieljohnmorris danieljohnmorris deleted the feature/allow-env-cap branch May 22, 2026 06:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@danieljohnmorris