-
Notifications
You must be signed in to change notification settings - Fork 14.1k
Warn users about suspicious policies #21596
Copy link
Copy link
Closed as not planned
Labels
area/enterpriseIssues related to Telemetry, Policy, Quota / LicensingIssues related to Telemetry, Policy, Quota / Licensingeffort/small1 day or less: trivial logic, UI adjustments, docs1 day or less: trivial logic, UI adjustments, docskind/bugkind/customer-issueIssues that were reported by customersIssues that were reported by customerspriority/p3Backlog - a good idea but not currently a priority.Backlog - a good idea but not currently a priority.status/bot-triagedstatus/need-informationworkstream-rollupLabel used to tag epics and features that are associated with one of the three primary workstreamsLabel used to tag epics and features that are associated with one of the three primary workstreams🔒 maintainer only⛔ Do not contribute. Internal roadmap item.⛔ Do not contribute. Internal roadmap item.
Description
Metadata
Metadata
Assignees
Labels
area/enterpriseIssues related to Telemetry, Policy, Quota / LicensingIssues related to Telemetry, Policy, Quota / Licensingeffort/small1 day or less: trivial logic, UI adjustments, docs1 day or less: trivial logic, UI adjustments, docskind/bugkind/customer-issueIssues that were reported by customersIssues that were reported by customerspriority/p3Backlog - a good idea but not currently a priority.Backlog - a good idea but not currently a priority.status/bot-triagedstatus/need-informationworkstream-rollupLabel used to tag epics and features that are associated with one of the three primary workstreamsLabel used to tag epics and features that are associated with one of the three primary workstreams🔒 maintainer only⛔ Do not contribute. Internal roadmap item.⛔ Do not contribute. Internal roadmap item.
Type
Fields
Give feedbackNo fields configured for Task.
Projects
StatusShow more project fields
Closed
We need to warn users if their policy has obviously unwise things.
A few times I've accidentally auto-approved editing files and rm.
An average user will have no idea what went wrong if
[[rule]] toolName = "run_shell_command" decision = "allow" priority = 100 commandPrefix = [ "rm" ]if in their policy. To mitigate this I'd suggest we warn if the default policy allows rm or editing files.
If users want to approve rm in their policy when in accept-edits mode that is fine.
Similarly the UI option to approve RM for the session should only offer approving it for accept edits mode although even that might be too far as even when accepting edits you generally don't want the model to
rm -rfto remove all the tests it just added.