docs: sync runtime env and security documentation
This commit is contained in:
@@ -7,8 +7,8 @@ This middleware provides a first-pass hardening layer for agent-executed shell c
|
||||
## Components
|
||||
|
||||
- `src/security/shell-parser.ts`
|
||||
- Uses `bash-parser` to parse shell scripts and extract command-level data from `Command` and `Word` nodes.
|
||||
- Traverses nested constructs (logical operators, pipelines, subshells, command expansions) so chained commands are fully visible to policy checks.
|
||||
- Uses async `sh-syntax` (mvdan/sh parser) as a hard parser gate before validation.
|
||||
- Performs fail-closed token-level command extraction and blocks unsupported expansions/subshell constructs.
|
||||
- `src/security/schemas.ts`
|
||||
- Zod schemas for shell policies, tool clearance policies, execution env policy, and security violation handling mode.
|
||||
- `src/security/rules-engine.ts`
|
||||
|
||||
Reference in New Issue
Block a user