Fix: agent hooks usage example for blocking dangerous commands not working#9675
Fix: agent hooks usage example for blocking dangerous commands not working#9675painfulexistence wants to merge 1 commit intomicrosoft:mainfrom
Conversation
ntrogh
left a comment
ntrogh
left a comment
There was a problem hiding this comment.
@painfulexistence Thanks for the PR. Can you revert the exit code?
| if echo "$COMMAND" | grep -qE '(rm\s+-rf|DROP\s+TABLE|DELETE\s+FROM)'; then | ||
| echo '{"hookSpecificOutput":{"permissionDecision":"deny","permissionDecisionReason":"Destructive command blocked by security policy"}}' | ||
| exit 0 | ||
| exit 2 |
There was a problem hiding this comment.
The user would get a generic "unexpected error" with exit code 2. With the exit code 0, the command is denied and the provided reason is shown. Can you revert back to exit code 0?
There was a problem hiding this comment.
Hi @ntrogh, thanks for the review!
I did try exit code 0 and it didn't work. The command did not be blocked when exit code is either 0 or 1.
(I've double checked one minutes ago)
There was a problem hiding this comment.
@painfulexistence Ok, let me check if this is a bug. Thanks for looking into this!
There was a problem hiding this comment.
@painfulexistence I can't repro with exit code 0. The hook blocks the command from executing. I do notice that the regex in the sample only blocks rm -rf and not plan rm. Can you check in the agent debug logs (... > Show Agent Debug Logs) which command is being run by the LLM?
There was a problem hiding this comment.
Actually I tested it with git add command.
FYI, I ran in autopilot mode. I can still reproduce this issue with exit code 0. Could you try it with autopilot mode?
There was a problem hiding this comment.
Hm, this might actually be a side-effect of Autopilot, which auto-approves all tool calls.
I'll create an issue in the vscode repo.
Can you confirm the hook works with exit code 0 when you use default permissions?
There was a problem hiding this comment.
Okay, I tried Default Approvals mode, but exit code 0 still did not block specified commands. Only exit code 2 works for me.
There was a problem hiding this comment.
@painfulexistence This seems to be a product issue. Can you log an issue in the microsoft/vscode repo and provide the repro steps for the scenario that doesn't work with exit code 2?
2 participants
The block-dangerous-commands usage example doesn't work because the tool_name check in the script doesn't match the actual tool name, which should be "run_in_terminal".
VSCode version: 1.116.0
OS: Darwin arm64 24.6.0
Steps to reproduce:
rm -rf ${some_test_file}