diff --git a/docs/plugins/sdk-entrypoints.md b/docs/plugins/sdk-entrypoints.md index 25ebc050e2e..b671fc44d88 100644 --- a/docs/plugins/sdk-entrypoints.md +++ b/docs/plugins/sdk-entrypoints.md @@ -43,7 +43,7 @@ export default definePluginEntry({ }); ``` -### Options +### Channel entry options | Field | Type | Required | Default | | -------------- | ---------------------------------------------------------------- | -------- | ------------------- | diff --git a/docs/tools/exec-approvals.md b/docs/tools/exec-approvals.md index f8d499108b4..9f4325a6de9 100644 --- a/docs/tools/exec-approvals.md +++ b/docs/tools/exec-approvals.md @@ -179,14 +179,14 @@ Long options are validated fail-closed in safe-bin mode: unknown flags and ambig abbreviations are rejected. Denied flags by safe-bin profile: -[//]: # "SAFE_BIN_DENIED_FLAGS:START" + - `grep`: `--dereference-recursive`, `--directories`, `--exclude-from`, `--file`, `--recursive`, `-R`, `-d`, `-f`, `-r` - `jq`: `--argfile`, `--from-file`, `--library-path`, `--rawfile`, `--slurpfile`, `-L`, `-f` - `sort`: `--compress-program`, `--files0-from`, `--output`, `--random-source`, `--temporary-directory`, `-T`, `-o` - `wc`: `--files0-from` -[//]: # "SAFE_BIN_DENIED_FLAGS:END" + Safe bins also force argv tokens to be treated as **literal text** at execution time (no globbing and no `$VARS` expansion) for stdin-only segments, so patterns like `*` or `$HOME/...` cannot be @@ -216,9 +216,12 @@ multiplexer cannot be safely unwrapped, no allowlist entry is persisted automati If you allowlist interpreters like `python3` or `node`, prefer `tools.exec.strictInlineEval=true` so inline eval still requires an explicit approval. Default safe bins: -[//]: # "SAFE_BIN_DEFAULTS:START" + + + `cut`, `uniq`, `head`, `tail`, `tr`, `wc` -[//]: # "SAFE_BIN_DEFAULTS:END" + + `grep` and `sort` are not in the default list. If you opt in, keep explicit allowlist entries for their non-stdin workflows.