Skip to content

Add safe readonly commands to terminal auto approve defaults #259669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 5, 2025
Merged

Add safe readonly commands to terminal auto approve defaults #259669

merged 5 commits into from
Aug 5, 2025

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Aug 4, 2025
edited
Loading

This PR adds a comprehensive set of safe and common readonly commands to the terminal auto approve defaults, improving the user experience by automatically approving commonly used commands that don't modify system state.

Changes Made

Added Safe Commands (Auto-approved by default)

Unix/Linux commands (16):

  • echo, ls, pwd, cat, head, tail, grep, find, which, whoami, date, hostname, ps, wc, sort, uniq

PowerShell commands (7):

  • Get-ChildItem, Get-Content, Get-Location, Get-Date, Get-Host, Get-Process, Get-Service

PowerShell commands use case-insensitive regex patterns (e.g., /^Get-ChildItem\\b/i) to match variations like get-childitem or GET-CHILDITEM.

Preserved Security

All existing dangerous commands remain denied by default:

  • rm, rmdir, del, kill, curl, wget, eval, chmod, chown, Remove-Item

Testing

Added comprehensive test suite covering:

  • All new safe commands with various arguments
  • Case-insensitive PowerShell command matching
  • Dangerous command denial behavior
  • Configuration override functionality

Example Usage

With these defaults, users will no longer need explicit approval for common operations like:

# These commands are now auto-approved
echo "Hello world"
ls -la
pwd
cat README.md
grep "TODO" *.js
Get-ChildItem C:\
Get-Content file.txt

While still requiring approval for potentially dangerous operations:

# These still require explicit approval
rm important-file.txt
del *.exe
kill 1234
Remove-Item folder -Recurse

Users can still override any default by explicitly setting commands to true or false in their chat.tools.terminal.autoApprove configuration.

Fixes #259668.

Warning

Firewall rules blocked me from connecting to one or more addresses

I tried to connect to the following addresses, but was blocked by firewall rules:

  • electronjs.org
    • Triggering command: node-gyp (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

@Copilot Copilot AI assigned Copilot and Tyriar Aug 4, 2025
@Copilot Copilot AI changed the title [WIP] Add a set of safe and common readonly commands to terminal auto approve Add safe readonly commands to terminal auto approve defaults Aug 4, 2025
@Copilot Copilot AI requested a review from Tyriar August 4, 2025 21:12
Copilot finished work on behalf of Tyriar August 4, 2025 21:12
@Tyriar Tyriar added this to the August 2025 milestone Aug 5, 2025
@Tyriar Tyriar marked this pull request as ready for review August 5, 2025 12:08
@Tyriar Tyriar enabled auto-merge August 5, 2025 12:08
@Tyriar Tyriar disabled auto-merge August 5, 2025 12:10
@Tyriar Tyriar marked this pull request as draft August 5, 2025 12:10
@Tyriar Tyriar marked this pull request as ready for review August 5, 2025 12:13
@Tyriar Tyriar enabled auto-merge August 5, 2025 12:13
@Tyriar Tyriar merged commit 065f528 into main Aug 5, 2025
18 checks passed
@Tyriar Tyriar deleted the copilot/fix-259668 branch August 5, 2025 13:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tyriar Tyriar Tyriar approved these changes

@lszomoru lszomoru lszomoru approved these changes

Assignees

@Tyriar Tyriar

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
August 2025
Development

Successfully merging this pull request may close these issues.

Add a set of safe and common readonly commands to terminal auto approve
3 participants
@Copilot @Tyriar @lszomoru