Merge bd2c2bfca6 into a38e2f0048

2026-04-21 13:37:17 +00:00 · 2026-04-21 04:32:47 +00:00 · 2026-04-21 04:32:47 +00:00 · 6696dfd204
commit 6696dfd204
parent a38e2f0048 bd2c2bfca6
3 changed files with 64 additions and 9 deletions
--- a/packages/cli/src/config/config.ts
+++ b/packages/cli/src/config/config.ts
@ -718,8 +718,9 @@ export async function loadCliConfig(

  // Force approval mode to default if the folder is not trusted.
  if (!trustedFolder && approvalMode !== ApprovalMode.DEFAULT) {
-    debugLogger.warn(
-      `Approval mode overridden to "default" because the current folder is not trusted.`,
+    coreEvents.emitConsoleLog(
+      'warn',
+      `Approval mode "${approvalMode}" overridden to "default" because the current folder is not trusted. To enable it, trust this folder first or use it in a trusted location.`,
    );
    approvalMode = ApprovalMode.DEFAULT;
  }
--- a/packages/core/src/policy/policy-engine.test.ts
+++ b/packages/core/src/policy/policy-engine.test.ts
@ -448,6 +448,58 @@ describe('PolicyEngine', () => {
      const { decision } = await engine.check({ name: 'test-tool' }, undefined);
      expect(decision).toBe(PolicyDecision.DENY);
    });
+
+    it('should ALLOW dangerous command in YOLO mode even with Noop sandbox (regression)', async () => {
+      engine = new PolicyEngine({
+        approvalMode: ApprovalMode.YOLO,
+        sandboxManager: new NoopSandboxManager(),
+        rules: [
+          {
+            toolName: '*',
+            decision: PolicyDecision.ALLOW,
+            priority: PRIORITY_YOLO_ALLOW_ALL,
+            modes: [ApprovalMode.YOLO],
+          },
+        ],
+      });
+
+      // On Windows, 'powershell' is dangerous
+      const result = await engine.check(
+        {
+          name: 'run_shell_command',
+          args: { command: 'powershell -c "echo hello"' },
+        },
+        undefined,
+      );
+
+      expect(result.decision).toBe(PolicyDecision.ALLOW);
+    });
+
+    it('should ALLOW redirection in YOLO mode even with Noop sandbox (regression)', async () => {
+      engine = new PolicyEngine({
+        approvalMode: ApprovalMode.YOLO,
+        sandboxManager: new NoopSandboxManager(),
+        rules: [
+          {
+            toolName: '*',
+            decision: PolicyDecision.ALLOW,
+            priority: PRIORITY_YOLO_ALLOW_ALL,
+            modes: [ApprovalMode.YOLO],
+          },
+        ],
+      });
+
+      // With Noop sandbox, shouldDowngradeForRedirection would return true if not in YOLO
+      const result = await engine.check(
+        {
+          name: 'run_shell_command',
+          args: { command: 'echo hello > out.txt' },
+        },
+        undefined,
+      );
+
+      expect(result.decision).toBe(PolicyDecision.ALLOW);
+    });
  });

  describe('addRule', () => {
--- a/packages/core/src/policy/policy-engine.ts
+++ b/packages/core/src/policy/policy-engine.ts
@ -286,13 +286,14 @@ export class PolicyEngine {
    if (allowRedirection) return false;
    if (!hasRedirection(command)) return false;

-    // Do not downgrade (do not ask user) if sandboxing is enabled and in AUTO_EDIT or YOLO
+    // Do not downgrade (do not ask user) if in YOLO mode
+    if (this.approvalMode === ApprovalMode.YOLO) {
+      return false;
+    }
+
+    // Do not downgrade (do not ask user) if sandboxing is enabled and in AUTO_EDIT
    const sandboxEnabled = !(this.sandboxManager instanceof NoopSandboxManager);
-    if (
-      sandboxEnabled &&
-      (this.approvalMode === ApprovalMode.AUTO_EDIT ||
-        this.approvalMode === ApprovalMode.YOLO)
-    ) {
+    if (sandboxEnabled && this.approvalMode === ApprovalMode.AUTO_EDIT) {
      return false;
    }

@ -597,7 +598,8 @@ export class PolicyEngine {
          isShellCommand &&
          command &&
          !('commandPrefix' in rule) &&
-          !rule.argsPattern
+          !rule.argsPattern &&
+          this.approvalMode !== ApprovalMode.YOLO
        ) {
          ruleDecision = await this.applyShellHeuristics(command, ruleDecision);
        }