• Your recent searches
Claude-Agent
2 results

 view release on metacpan or  search on metacpan

examples/04-permissions.pl  view on Meta::CPAN 

        my $command = $input->{command} // '';

        # Auto-allow safe read-only commands
        if ($command =~ /^(ls|pwd|echo|cat|head|tail|wc|date|whoami)(\s|$)/) {
            return Claude::Agent::Permission->allow(
                updated_input => $input,
            );
        }

        # Deny dangerous commands
        if ($command =~ /rm|sudo|chmod|chown|mv|cp.*-f/) {
            return Claude::Agent::Permission->deny(
                message => "Command '$command' is not allowed for safety reasons.",
            );
        }

        # Ask for other commands (in a real app, prompt the user)
        say "\n[PERMISSION] Bash command requested: $command";
        say "[PERMISSION] Auto-approving for demo purposes...";

        $approved_tools{$tool_name} = 1;

lib/Claude/Agent/DryRun.pm  view on Meta::CPAN 

        # WARNING: Always print security notice to STDERR for Bash commands
        # This ensures users are aware of limitations even if callbacks suppress output
        if (!$ENV{CLAUDE_AGENT_DRY_RUN_QUIET}) {
            state $dry_run_warned = 0;
            warn "[DRY-RUN WARNING] Bash command detection is bypassable. "
                . "Set CLAUDE_AGENT_DRY_RUN_STRICT=1 for stricter protection.\n"
                unless $dry_run_warned++;
        }
        # More precise command detection: check if dangerous command is at start or after pipe/semicolon/&&
        # This avoids false positives like 'grep rm file.txt' or 'echo rm > log.txt'
        my @dangerous_cmds = qw(rm rmdir mv cp mkdir touch chmod chown dd truncate install ln patch rsync shred);
        for my $cmd (@dangerous_cmds) {
            return 1 if $command =~ /^\s*$cmd\b/ || $command =~ /[;|&]\s*$cmd\b/;
        }
        # Handle wget and curl with output flags separately (more complex patterns)
        return 1 if $command =~ /^\s*wget\b/ || $command =~ /[;|&]\s*wget\b/;
        return 1 if $command =~ /^\s*curl\s+.*-[oO]/ || $command =~ /[;|&]\s*curl\s+.*-[oO]/;
        return 1 if $command =~ /<<[<]?/;  # Heredoc redirects
        return 1 if $command =~ /\b(perl|python|ruby|sh|bash)\s+(-[ec]|-.*[ec])/i;  # Inline scripts that could write
        return 1 if $command =~ /\beval\b/;  # eval command
        return 1 if $command =~ /\b(source|\.)\s+/;  # source command



( run in 0.526 second using v1.01-cache-2.11-cpan-71847e10f99 )