feat: Read .gooseignore to Restrict access to files or Directories#1199
feat: Read .gooseignore to Restrict access to files or Directories#1199
Conversation
ZhenLian
force-pushed
the
zhen_file_acl_1
branch
from
e1888f5 to
41b5665
Compare
ZhenLian
changed the title
| } | ||
|
|
||
| // Only use default patterns if no .gooseignore files were found | ||
| // If the file is empty, we will not ignore any file |
There was a problem hiding this comment.
needs a check if the file is actually empty
There was a problem hiding this comment.
Yes, we had previously included two checks: if global_ignore_path.is_file() and if local_ignore_path.is_file(). If any of these files are empty, they won't be read. In the description section, I've added a screenshot of the program running without any ignore files, and it functions just as it did before.
| // Helper method to check if a shell command might access ignored files | ||
| fn check_command_for_ignored_files(&self, command: &str) -> Option<String> { | ||
| // Common file reading/writing commands to check | ||
| let file_commands = ["cat", "less", "more", "head", "tail", "grep", "awk", "sed"]; |
There was a problem hiding this comment.
I'm hesitant to include hard-coded commands
| } | ||
|
|
||
| // If it's a known file-accessing command, check the arguments | ||
| if file_commands.contains(&cmd_parts[0]) { |
There was a problem hiding this comment.
would it be possible to change the implementation slightly: when a file is in is_ignored, just skip any bash call for it entirely
There was a problem hiding this comment.
Yeah that sounds like a much better solution, updated the code!
wendytang
left a comment
wendytang
left a comment
There was a problem hiding this comment.
Would it be possible to change the implementation slightly: when a file is in is_ignored, just skip any bash call for it entirely? That way, we don't have to include all the hardcoded bash commands
|
@wendytang Hey Wendy, thanks a lot for the review! I've updated the code - would you mind taking a look again? Thank you! |
|
|
||
| // Helper method to check if a path should be ignored | ||
| fn is_ignored(&self, path: &Path) -> bool { | ||
| self.ignore_patterns.matched(path, false).is_ignore() |
There was a problem hiding this comment.
nit: make sure to account for upper and lower case
for example:
README.md
readme.md
There was a problem hiding this comment.
Ah, I see what you mean. The actual ignore logic is managed by the Gitignore crate, and users are responsible for defining the rules in their gooseignore file.
In this example, the rules might look like "**/[Re][Ee][Aa][Dd][Mm][Ee].md". You can find more about the rules here: https://www.atlassian.com/git/tutorials/saving-changes/gitignore.
There was a problem hiding this comment.
I've added a new screenshot in the description section to showcase that Goose can work in this scenario
|
@wendytang Hey Wendy, I am going to merge this, but if you spot anything that we need to address, feel free to let me know. I am happy to take a look! :) |
* origin/main: (26 commits) feat: Read .gooseignore to Restrict access to files or Directories (#1199) docs: adding update command to cli command guide (#1411) docs: Adding YT short for Computer Controller Tutorial (#1420) feat(cli): support arbitrary path for sessions (#1414) feat: remove the disable state from chat input box (#1341) feat: Add extra details to prompt for gui (#1387) style: added launch text and styling (#1406) fix(docs): update default session location (#1412) feat: moved extension add button and updated label (#1408) draft: use rust messages in typescript (#1393) fix: detect read only tool when only mode is approve (#1398) docs: Add Puppeteer Extension Tutorial (#1396) chore(release): release version v1.0.10 (#1404) chore(release): release 1.10.0 (#1385) feat: wip on ConfigProvider and integration in settings_v2 (#1395) feat: Add command `goose update` to update goose CLI version (#1308) fix: update approve prompt (#1383) feat: interactive after run (#1377) docs: Tutorial extension (#1379) feat: allow setting openai base path (#1369) ...
* main: feat: allow user to turn off smart approve (#1407) feat: Read .gooseignore to Restrict access to files or Directories (#1199) docs: adding update command to cli command guide (#1411) docs: Adding YT short for Computer Controller Tutorial (#1420) feat(cli): support arbitrary path for sessions (#1414) feat: remove the disable state from chat input box (#1341) feat: Add extra details to prompt for gui (#1387) style: added launch text and styling (#1406) fix(docs): update default session location (#1412) feat: moved extension add button and updated label (#1408) draft: use rust messages in typescript (#1393) fix: detect read only tool when only mode is approve (#1398) docs: Add Puppeteer Extension Tutorial (#1396) chore(release): release version v1.0.10 (#1404) chore(release): release 1.10.0 (#1385) feat: wip on ConfigProvider and integration in settings_v2 (#1395) feat: Add command `goose update` to update goose CLI version (#1308)
2 participants
Description
This aims to implement the feature described in issue #1065, enabling Goose's developer tool to read a .gooseignore file, which can be defined globally or locally (similar to how the .goosehints file is read). The tool will prevent text_editor or bash from opening any files or directories specified in .gooseignore. The naming conventions for .gooseignore align with those defined in Gitignore documentation.
testing
cargo test------------------screenshots for the 3rd round of review
goose can take case-insensitive scenarios into account:
------------------screenshots for the second round of review
the bash tool ignoring feature still works as expected:
and if we remove all ignore files, things will behave normal:
------------------screenshots for initial commit
and here is my
.gooseignorefile used for testing: