7b6d14e62a
The gateway approval system previously intercepted bare 'yes'/'no' text from the user's next message to approve/deny dangerous commands. This was fragile and dangerous — if the agent asked a clarify question and the user said 'yes' to answer it, the gateway would execute the pending dangerous command instead. (Fixes #1888) Changes: - Remove bare text matching ('yes', 'y', 'approve', 'ok', etc.) from _handle_message approval check - Add /approve and /deny as gateway-only slash commands in the command registry - /approve supports scoping: /approve (one-time), /approve session, /approve always (permanent) - Add 5-minute timeout for stale approvals - Gateway appends structured instructions to the agent response when a dangerous command is pending, telling the user exactly how to respond - 9 tests covering approve, deny, timeout, scoping, and verification that bare 'yes' no longer triggers execution Credit to @solo386 and @FlyByNight69420 for identifying and reporting this security issue in PR #1971 and issue #1888. Co-authored-by: Test <test@test.com>
24 KiB
24 KiB