auto-coder 0.1.390__py3-none-any.whl → 0.1.391__py3-none-any.whl

{auto_coder-0.1.390.dist-info → auto_coder-0.1.391.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: auto-coder
-Version: 0.1.390
+Version: 0.1.391
 Summary: AutoCoder: AutoCoder
 Author: allwefantasy
 Classifier: Programming Language :: Python :: 3.10

{auto_coder-0.1.390.dist-info → auto_coder-0.1.391.dist-info}/RECORD

@@ -11,7 +11,7 @@ autocoder/command_parser.py,sha256=fx1g9E6GaM273lGTcJqaFQ-hoksS_Ik2glBMnVltPCE,1
 autocoder/lang.py,sha256=PFtATuOhHRnfpqHQkXr6p4C893JvpsgwTMif3l-GEi0,14321
 autocoder/models.py,sha256=pD5u6gcMKRwWaLxeVin18g25k-ERyeHOFsRpOgO_Ae0,13788
 autocoder/run_context.py,sha256=IUfSO6_gp2Wt1blFWAmOpN0b0nDrTTk4LmtCYUBIoro,1643
-autocoder/version.py,sha256=cPqQwif1FlW0StEITphmOzbZ77p-tnWBHct7dK_j2hs,25
+autocoder/version.py,sha256=ziiG-zaOKRVuQuJK5CBB3DggynIuAtpa-vKHfvrrY94,25
 autocoder/agent/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 autocoder/agent/agentic_filter.py,sha256=zlInIRhawKIYTJjCiJBWqPCOV5UtMbh5VnvszfTy2vo,39824
 autocoder/agent/auto_demand_organizer.py,sha256=URAq0gSEiHeV_W4zwhOI_83kHz0Ryfj1gcfh5jwCv_w,6501
@@ -60,7 +60,7 @@ autocoder/commands/auto_web.py,sha256=K0Gv7lil5UqmExr_sAJNOcwNxw_q1vhvre1jjQ7tA3
 autocoder/commands/tools.py,sha256=IX_zx5mWAvQDED7wUHTqNtrCmLNo9ztFV1aZ6AflY4o,34292
 autocoder/common/JupyterClient.py,sha256=O-wi6pXeAEYhAY24kDa0BINrLYvKS6rKyWe98pDClS0,2816
 autocoder/common/ShellClient.py,sha256=fM1q8t_XMSbLBl2zkCNC2J9xuyKN3eXzGm6hHhqL2WY,2286
-autocoder/common/__init__.py,sha256=QjsPwSx3cjQzfC3i_Wk6eFMIQal1tj1ENI4Gs7TmZIg,14943
+autocoder/common/__init__.py,sha256=OzjUaZBO1p8cb1f3K-3RylcDn7PAEbtm2cqr3Qz6Y6k,15010
 autocoder/common/action_yml_file_manager.py,sha256=DdF5P1R_B_chCnnqoA2IgogakWLZk_nItiJZUfX0_Wo,17857
 autocoder/common/anything2images.py,sha256=0ILBbWzY02M-CiWB-vzuomb_J1hVdxRcenAfIrAXq9M,25283
 autocoder/common/anything2img.py,sha256=iZQmg8srXlD7N5uGl5b_ONKJMBjYoW8kPmokkG6ISF0,10118
@@ -182,7 +182,8 @@ autocoder/common/v2/agent/agentic_edit_tools/__init__.py,sha256=RbPZZcZg_VnGssL5
 autocoder/common/v2/agent/agentic_edit_tools/ask_followup_question_tool_resolver.py,sha256=-HFXo3RR6CH8xXjDaE2mYV4XasTLAmvXe6WutL7qbwA,3208
 autocoder/common/v2/agent/agentic_edit_tools/attempt_completion_tool_resolver.py,sha256=82ZGKeRBSDKeead_XVBW4FxpiE-5dS7tBOk_3RZ6B5s,1511
 autocoder/common/v2/agent/agentic_edit_tools/base_tool_resolver.py,sha256=Zid2m1uZd-2wVFGc_n_KAViXZyNjbdLSpI5n7ut1RUQ,1036
-autocoder/common/v2/agent/agentic_edit_tools/execute_command_tool_resolver.py,sha256=vXkmNLNaNDWrDHCHMl0UVtDyThXvk1V32BkWqhQny9E,5570
+autocoder/common/v2/agent/agentic_edit_tools/dangerous_command_checker.py,sha256=XeFKuZrxbmSNk04GrL2U_PzIjRbqWYlGvGLhcYv-Jeg,7831
+autocoder/common/v2/agent/agentic_edit_tools/execute_command_tool_resolver.py,sha256=KvwXFrdCsWlAsU15a6mvOnTxrcgysTIViZE2o0TGItM,6139
 autocoder/common/v2/agent/agentic_edit_tools/list_code_definition_names_tool_resolver.py,sha256=8QoMsADUDWliqiDt_dpguz31403syB8eeW0Pcw-qfb8,3842
 autocoder/common/v2/agent/agentic_edit_tools/list_files_tool_resolver.py,sha256=1tJX9RYRU0zRjKZMzFlZzKm-4R32CzRnZ0UQJj4pxAk,8074
 autocoder/common/v2/agent/agentic_edit_tools/list_package_info_tool_resolver.py,sha256=dIdV12VuczHpHuHgx2B1j_3BZYc9PL0jfHCuBk9ryk8,2005
@@ -340,9 +341,9 @@ autocoder/utils/types.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 autocoder/utils/auto_coder_utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 autocoder/utils/auto_coder_utils/chat_stream_out.py,sha256=t902pKxQ5xM7zgIHiAOsTPLwxhE6VuvXAqPy751S7fg,14096
 autocoder/utils/chat_auto_coder_utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-auto_coder-0.1.390.dist-info/LICENSE,sha256=HrhfyXIkWY2tGFK11kg7vPCqhgh5DcxleloqdhrpyMY,11558
-auto_coder-0.1.390.dist-info/METADATA,sha256=2_uomCWWJjP0IK0hnWla42dCdcAliKBgSIwz2NIygN0,2796
-auto_coder-0.1.390.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-auto_coder-0.1.390.dist-info/entry_points.txt,sha256=0nzHtHH4pNcM7xq4EBA2toS28Qelrvcbrr59GqD_0Ak,350
-auto_coder-0.1.390.dist-info/top_level.txt,sha256=Jqc0_uJSw2GwoFQAa9iJxYns-2mWla-9ok_Y3Gcznjk,10
-auto_coder-0.1.390.dist-info/RECORD,,
+auto_coder-0.1.391.dist-info/LICENSE,sha256=HrhfyXIkWY2tGFK11kg7vPCqhgh5DcxleloqdhrpyMY,11558
+auto_coder-0.1.391.dist-info/METADATA,sha256=sR4t9Ydv7vshE7YwjlIm_2lqRu3xT6Vd34irhHfWfTk,2796
+auto_coder-0.1.391.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+auto_coder-0.1.391.dist-info/entry_points.txt,sha256=0nzHtHH4pNcM7xq4EBA2toS28Qelrvcbrr59GqD_0Ak,350
+auto_coder-0.1.391.dist-info/top_level.txt,sha256=Jqc0_uJSw2GwoFQAa9iJxYns-2mWla-9ok_Y3Gcznjk,10
+auto_coder-0.1.391.dist-info/RECORD,,

autocoder/common/__init__.py

@@ -276,6 +276,7 @@ class AutoCoderArgs(pydantic.BaseModel):
     enable_agentic_filter: Optional[bool] = False
     enable_agentic_edit: Optional[bool] = True
     enable_agentic_auto_approve: Optional[bool] = False
+    enable_agentic_dangerous_command_check: Optional[bool] = False
     
 
     index_filter_level: Optional[int] = 0

autocoder/common/v2/agent/agentic_edit_tools/dangerous_command_checker.py

@@ -0,0 +1,191 @@
+import re
+from typing import List, Tuple, Optional
+from loguru import logger
+
+
+class DangerousCommandChecker:
+    """危险命令检查器，用于检测和防止执行潜在危险的系统命令"""
+    
+    def __init__(self):
+        # 危险命令模式列表
+        self.dangerous_patterns = [
+            # 文件删除相关
+            (r'\brm\s+.*-[rf]', "删除文件命令"),
+            (r'\brm\s+-[rf]', "删除文件命令"),
+            (r'\bunlink\b', "删除文件命令"),
+            
+            # 系统格式化和分区操作
+            (r'\bmkfs\b', "格式化文件系统命令"),
+            (r'\bfdisk\b', "磁盘分区命令"),
+            (r'\bparted\b', "磁盘分区命令"),
+            (r'\bdd\s+.*if=.*of=', "数据复制命令，可能覆盖系统文件"),
+            
+            # 权限修改
+            (r'\bchmod\s+777\b', "危险权限修改"),
+            (r'\bchmod\s+\d*7\d*7\b', "危险权限修改"),
+            (r'\bchown\s+.*root\b', "更改文件所有者为root"),
+            
+            # 提权相关
+            (r'\bsudo\s+.*rm\b', "使用sudo执行删除命令"),
+            (r'\bsu\s+-\b', "切换到root用户"),
+            (r'\bsu\s+root\b', "切换到root用户"),                  
+            
+            # 系统服务相关
+            (r'\bsystemctl\s+stop\b', "停止系统服务"),
+            (r'\bsystemctl\s+disable\b', "禁用系统服务"),
+            (r'\bservice\s+.*stop\b', "停止系统服务"),
+            
+            # 进程操作
+            (r'\bkill\s+-9\s+1\b', "强制终止init进程"),
+            (r'\bkillall\s+-9\b', "强制终止所有进程"),
+            (r'\bpkill\s+-9\b', "强制终止进程"),
+            
+            # 系统关机重启
+            (r'\bshutdown\b', "系统关机命令"),
+            (r'\breboot\b', "系统重启命令"),
+            (r'\bhalt\b', "系统停机命令"),
+            (r'\bpoweroff\b', "系统断电命令"),
+            
+            # 环境变量和系统配置
+            (r'\bexport\s+PATH=', "修改PATH环境变量"),
+            (r'\bunset\s+PATH\b', "删除PATH环境变量"),
+            (r'>\s*/etc/', "重定向写入系统配置文件"),
+            (r'\becho\s+.*>\s*/etc/', "写入系统配置文件"),
+            
+            # 系统文件编辑
+            (r'\bvi\s+/etc/', "编辑系统配置文件"),
+            (r'\bnano\s+/etc/', "编辑系统配置文件"),
+            (r'\bemacs\s+/etc/', "编辑系统配置文件"),
+            
+            # 历史和日志清理
+            (r'\bhistory\s+-c\b', "清空命令历史"),
+            (r'>\s*/dev/null\s+2>&1', "重定向所有输出到null"),
+            (r'\brm\s+.*\.log\b', "删除日志文件"),
+            
+            # 安装和包管理（可能安装恶意软件）
+            (r'\bapt\s+install\s+.*--force\b', "强制安装软件包"),
+            (r'\byum\s+install\s+.*--assumeyes\b', "自动确认安装软件包"),
+            (r'\bpip\s+install\s+.*--force\b', "强制安装Python包"),
+        ]
+        
+        # 危险字符模式
+        self.dangerous_chars = [
+            (r';', "命令分隔符，可能执行多个命令"),
+            (r'`.*`', "命令替换，可能执行隐藏命令"),
+            (r'\$\(.*\)', "命令替换，可能执行隐藏命令"),
+            (r'\|(?!\s*head\b|\s*tail\b|\s*grep\b|\s*sort\b|\s*uniq\b|\s*wc\b|\s*cat\b)', "管道符，可能传递敏感数据"),
+            (r'&&(?!\s*echo\b)', "逻辑与操作符，可能链式执行命令"),
+            (r'\|\|', "逻辑或操作符，可能条件执行命令"),
+            (r'<\(', "进程替换"),
+            (r'>\(', "进程替换"),
+        ]
+        
+        # 允许的安全命令前缀（白名单）
+        self.safe_command_prefixes = [
+            'ls', 'pwd', 'whoami', 'date', 'echo', 'cat', 'head', 'tail',
+            'grep', 'find', 'which', 'man', 'help', 'cd', 'mkdir', 'touch',
+            'cp', 'mv', 'wc', 'sort', 'uniq', 'diff', 'tree', 'file',
+            'stat', 'du', 'df', 'ps', 'top', 'history', 'env', 'printenv'
+        ]
+
+    def is_command_dangerous(self, command: str) -> Tuple[bool, Optional[str]]:
+        """
+        检查命令是否危险
+        
+        Args:
+            command: 要检查的命令字符串
+            
+        Returns:
+            Tuple[bool, Optional[str]]: (是否危险, 危险原因)
+        """
+        command = command.strip()
+        
+        # 空命令不危险
+        if not command:
+            return False, None
+            
+        # 检查危险命令模式
+        for pattern, reason in self.dangerous_patterns:
+            if re.search(pattern, command, re.IGNORECASE):
+                logger.warning(f"检测到危险命令模式: {pattern} in command: {command}")
+                return True, f"危险命令: {reason}"
+        
+        # 检查危险字符
+        for pattern, reason in self.dangerous_chars:
+            if re.search(pattern, command):
+                # 对于 && 的特殊处理，允许 cd 命令链
+                if pattern == r'&&(?!\s*echo\b)' and command.strip().startswith('cd '):
+                    continue
+                logger.warning(f"检测到危险字符: {pattern} in command: {command}")
+                return True, f"包含危险字符: {reason}"
+        
+        return False, None
+    
+    def is_command_in_whitelist(self, command: str) -> bool:
+        """
+        检查命令是否在安全白名单中
+        
+        Args:
+            command: 要检查的命令字符串
+            
+        Returns:
+            bool: 是否在白名单中
+        """
+        command = command.strip()
+        if not command:
+            return False
+            
+        # 获取命令的第一个词（命令名）
+        first_word = command.split()[0]
+        
+        return first_word.lower() in self.safe_command_prefixes
+    
+    def check_command_safety(self, command: str, allow_whitelist_bypass: bool = True) -> Tuple[bool, Optional[str]]:
+        """
+        综合检查命令安全性
+        
+        Args:
+            command: 要检查的命令字符串
+            allow_whitelist_bypass: 是否允许白名单命令绕过危险检查
+            
+        Returns:
+            Tuple[bool, Optional[str]]: (是否安全, 不安全的原因)
+        """
+        # 首先检查是否危险
+        is_dangerous, danger_reason = self.is_command_dangerous(command)
+        
+        if not is_dangerous:
+            return True, None
+            
+        # 如果允许白名单绕过，且命令在白名单中，则认为安全
+        if allow_whitelist_bypass and self.is_command_in_whitelist(command):
+            logger.info(f"命令在白名单中，允许执行: {command}")
+            return True, None
+            
+        return False, danger_reason
+    
+    def get_safety_recommendations(self, command: str) -> List[str]:
+        """
+        为不安全的命令提供安全建议
+        
+        Args:
+            command: 要检查的命令字符串
+            
+        Returns:
+            List[str]: 安全建议列表
+        """
+        recommendations = []
+        
+        if 'rm' in command:
+            recommendations.append("使用 'rm -i' 进行交互式删除")
+            recommendations.append("在删除前使用 'ls' 确认要删除的文件")
+            
+        if 'chmod 777' in command:
+            recommendations.append("避免使用 '777' 权限，考虑更安全的权限设置")
+            recommendations.append("使用 'chmod 755' 或 'chmod 644' 等更安全的权限")
+            
+        if 'sudo' in command:
+            recommendations.append("确认您真的需要root权限")
+            recommendations.append("考虑使用更具体的权限而不是sudo")  
+            
+        return recommendations 

autocoder/common/v2/agent/agentic_edit_tools/execute_command_tool_resolver.py

@@ -4,6 +4,7 @@ from typing import Dict, Any, Optional
 from autocoder.common.run_cmd import run_cmd_subprocess
 from autocoder.common.v2.agent.agentic_edit_tools.base_tool_resolver import BaseToolResolver
 from autocoder.common.v2.agent.agentic_edit_types import ExecuteCommandTool, ToolResult # Import ToolResult from types
+from autocoder.common.v2.agent.agentic_edit_tools.dangerous_command_checker import DangerousCommandChecker
 from autocoder.common import shells
 from autocoder.common.printer import Printer
 from loguru import logger
@@ -26,6 +27,8 @@ class ExecuteCommandToolResolver(BaseToolResolver):
             args=self.args,
             llm=self.agent.context_prune_llm
         )
+        # 初始化危险命令检查器
+        self.danger_checker = DangerousCommandChecker()
 
     def _prune_file_content(self, content: str, file_path: str) -> str:
         """对文件内容进行剪枝处理"""
@@ -60,14 +63,21 @@ class ExecuteCommandToolResolver(BaseToolResolver):
         command = self.tool.command
         requires_approval = self.tool.requires_approval
         source_dir = self.args.source_dir or "."
-
-        # Basic security check (can be expanded)
-        if ";" in command or "&&" in command or "|" in command or "`" in command:
-             # Allow && for cd chaining, but be cautious
-             if not command.strip().startswith("cd ") and " && " in command:
-                 pass # Allow cd chaining like 'cd subdir && command'
-             else:
-                return ToolResult(success=False, message=f"Command '{command}' contains potentially unsafe characters.")
+        
+        if self.args.enable_agentic_dangerous_command_check:
+            # 使用新的危险命令检查器进行安全检查
+            is_safe, danger_reason = self.danger_checker.check_command_safety(command, allow_whitelist_bypass=True)
+            
+            if not is_safe:
+                # 获取安全建议
+                recommendations = self.danger_checker.get_safety_recommendations(command)
+                
+                error_message = f"检测到危险命令: {danger_reason}"
+                if recommendations:
+                    error_message += f"\n安全建议:\n" + "\n".join(f"- {rec}" for rec in recommendations)
+                
+                logger.warning(f"阻止执行危险命令: {command}, 原因: {danger_reason}")
+                return ToolResult(success=False, message=error_message)
 
         # Approval mechanism (simplified)
         if not self.args.enable_agentic_auto_approve and requires_approval:

autocoder/version.py

@@ -1,2 +1,2 @@
 
-__version__ = "0.1.390"
+__version__ = "0.1.391"