Open
Conversation
Add a dedicated pwsh tool alongside the existing bash tool for Windows PowerShell support. The tool uses tree-sitter-powershell for AST-based permission analysis, mirrors bash tool patterns for truncation and external_directory checks, and spawns pwsh with -NoProfile -NonInteractive -Command. Core tool: - pwsh.ts: full tool with tree-sitter parsing, path resolution, permission patterns, and auto-approval logic - pwsh.txt: tool description template - pwsh-arity.ts: PowerShell-specific arity table for permission patterns - shell.ts: pwsh detection via Bun.which - registry.ts: conditional PwshTool registration behind feature flag Windows security (pwsh-windows.ts): - Bypass detection: encoded commands, execution policy bypass, download-and-execute cradles, hidden windows, remoting, scheduled tasks, AMSI bypass, Add-Type/assembly loading - cmd.exe nested command analysis with destructive pattern checks - Registry protection: critical path block list, provider-aware read/write checks for HKCU/HKLM/Cert/WSMan/Env - Decision model: BLOCK > ASK > ALLOW, fail-closed on parse ambiguity UI support: - TUI: route pwsh tool through bash-style rendering - UI: PowerShell syntax highlighting for pwsh tool output - Web: handle pwsh in share view - i18n: add pwsh tool label across all 15 locales Fixes anomalyco#8924 Refs anomalyco#6703
Tests: - pwsh tool: execution, permissions, external_directory, Set-Location, redirections, path forms, tilde/$HOME, MSYS paths, truncation - pwsh-windows: bypass techniques, cmd.exe patterns, registry/provider path checks, evaluate precedence (173 tests total) - pwsh-arity: cmdlet, alias, and external tool arity tables Fix test infrastructure: close SQLite database in preload afterAll before deleting temp directory. The lazy Database singleton holds file locks on .db/.db-shm/.db-wal which cause EBUSY on Windows cleanup.
ilude
force-pushed
the
feat/pwsh-tool-pr
branch
from
751869b to
4022843
Compare
|
"It seems like the CI has been running for a while. Is it stuck? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a dedicated
pwshtool alongside the existing bash tool. Works on any platform where PowerShell Core is installed. Uses tree-sitter-powershell for AST-based permission analysis and spawnspwsh -NoProfile -NonInteractive -Command.What changed
pwsh tool (
pwsh.ts): tree-sitter parsing, path resolution, permission/auto-approval logicWindows security (
pwsh-windows.ts): Windows-only hardening gated behindprocess.platform === "win32"— encoded command detection, execution policy bypass, download-and-execute cradles, registry critical-path blocking, provider-aware read/write checks,BLOCK > ASK > ALLOWdecision modelPermission analysis (
pwsh-arity.ts): PowerShell-specific arity table for cmdlets, aliases, and external toolsUI wiring: routes pwsh through existing bash rendering paths in TUI, web share view, and i18n labels across 15 locales
Verification
From
packages/opencode:bun test test/tool/pwsh.test.ts— 32 pass, 0 failbun test test/tool/pwsh-windows.test.ts— 82 pass, 0 failbun test test/permission/pwsh-arity.test.ts— 12 pass, 0 failbun run typecheck— cleanFixes #8924
Fixes #6703
Refs #8136
Refs #4683
Refs #11288
If the linked issues aren't sufficient to justify this feature, happy to open a design discussion first, just let me know.