From 5dc238c7efe54d3693a247aa0ecded1d98c7af6e Mon Sep 17 00:00:00 2001 From: Xubin Ren Date: Sun, 12 Apr 2026 08:28:38 +0000 Subject: [PATCH] fix(shell): allow read-only copies from internal state files Keep the new exec guard focused on writes to history.jsonl and .dream_cursor while still allowing read-only copy operations out of those files. Made-with: Cursor --- nanobot/agent/tools/shell.py | 2 +- tests/tools/test_exec_security.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/nanobot/agent/tools/shell.py b/nanobot/agent/tools/shell.py index 729afa60b..aa8ca67b1 100644 --- a/nanobot/agent/tools/shell.py +++ b/nanobot/agent/tools/shell.py @@ -66,7 +66,7 @@ class ExecTool(Tool): # direct writes corrupt the cursor format and crash /dream. r">>?\s*\S*(?:history\.jsonl|\.dream_cursor)", # > / >> redirect r"\btee\b[^|;&<>]*(?:history\.jsonl|\.dream_cursor)", # tee / tee -a - r"\b(?:cp|mv)\b[^|;&<>]*(?:history\.jsonl|\.dream_cursor)", # cp/mv target + r"\b(?:cp|mv)\b(?:\s+[^\s|;&<>]+)+\s+\S*(?:history\.jsonl|\.dream_cursor)", # cp/mv target r"\bdd\b[^|;&<>]*\bof=\S*(?:history\.jsonl|\.dream_cursor)", # dd of= r"\bsed\s+-i[^|;&<>]*(?:history\.jsonl|\.dream_cursor)", # sed -i ] diff --git a/tests/tools/test_exec_security.py b/tests/tools/test_exec_security.py index 9f001aaff..20687dcbf 100644 --- a/tests/tools/test_exec_security.py +++ b/tests/tools/test_exec_security.py @@ -104,6 +104,7 @@ def test_exec_blocks_writes_to_history_jsonl(command): "wc -l history.jsonl", "tail -n 5 history.jsonl", "grep foo history.jsonl", + "cp history.jsonl /tmp/history.backup", "ls memory/", "echo history.jsonl", ],