Conversation
Security (13 findings): - Risk gate rewrites subshells, process substitutions, and backticks as segments so inner destructive calls no longer bypass the Block gate. - Block whitespace/IFS obfuscation, interpreter -c, decoded-shell pipes, truncate / :>file / cp /dev/null, destructive git plumbing. - Fix rm false positive — only block when rm is a command-position first token; grep rm and find -name 'rm*' are Safe again. - Expand content filter: GitHub fine-grained PATs, Stripe, SendGrid, HF, JWT, Google service account JSON, Azure, URL-embedded credentials. - Codex tempfile -> tempfile::NamedTempFile with O_EXCL + 0600 + auto-drop; prompt passed via stdin instead of argv so it's not visible in ps. - 1 MiB HTTP response size cap on OpenRouter + Anthropic direct API. - Strip ANSI escapes from model/backend output before printing. - hey doctor masks key body to the documented prefix only. UX: - hey doctor / hey init <shell> subcommands. - Stdin prompt: echo ... | hey --yes. - EOF on confirm aborts instead of running. - Warn commands require explicit y; blank Enter aborts. - Refuse silent hangs when stdout is not a TTY. - Edit action copies command to clipboard and reports success/failure. - Richer help + actionable error messages. - Thinking animation erases wrapped lines cleanly on narrow terminals. Breaking: or alias removed; backend matching is case-sensitive lowercase; Warn no longer defaults to Yes; EOF aborts; piped stdout requires --yes or --dry-run. 19 unit tests for the risk gate; clippy -D warnings clean.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
CHANGELOG.md.hey doctor,hey init <shell>, stdin prompts, EOF-aborts-confirm, stricterWarnprompts, stdout-not-TTY refusal, richer help and error messages.Highlights
echo hi $(rm -rf ~)→ Safe (bypass)grep rm logfile→ Block (false positive)hey foo < /dev/null→ runs silently on EOFaborted (no input)hey foo | head→ hangs forever--yes/--dry-runhintsudo rm -rf /wrapped insh -cand$(..)→ Safe/tmp/ait-codex-<pid>.txt(world-readable, symlink-attackable)tempfile::NamedTempFile(O_EXCL, 0600)ps auxwwhey doctormissingBreaking changes
orshorthand foropenrouterremoved (it collided with the English preposition).Risk::Warncommands no longer run on blank Enter; explicityrequired.hey foo | headrefuses without--yes/--dry-run.Test plan
cargo clippy --all-targets -- -D warnings— cleancargo test— 19/19 risk-gate tests passcargo build --release— cleanhey doctorrenders the full diagnostic reporthey init zshemits a valid zsh completion scripthey grep for rm in logs→ Safe (was wrongly Block in v0.3)hey foo | cat→ errors with stdout-not-TTY hintheywith no args → friendly empty-prompt errorsk-or-v1-****key masking confirmed inhey doctorNotes
ai-in-terminal; binary ishey.cargo publish --dry-runsucceeded for 0.4.0.