Problem
When two commands are individually in commands.allow (e.g. curl and python3), piping them together (curl ... | python3 ...) still triggers an ASK prompt instead of allowing the compound command.
Expected behavior
If both segments of a pipe are individually allowed, the compound command should also be allowed.
Repro
- Config has
curl and python3 in [commands] allow
- Run:
curl -s https://statsapi.mlb.com/api/v1/... | python3 -m json.tool
- cc-toolgate triggers ASK despite both commands being allowed individually
Context
Reported during fantrax-mcp development (butterflyskies/fantrax-mcp#14). Vesper's cc-toolgate instance on macOS. The pipe evaluation code path likely doesn't check each segment against the allow list independently.
Suggested fix
When evaluating compound commands (pipes, &&, ;), check each segment against commands.allow individually. If all segments pass, allow the compound.
Problem
When two commands are individually in
commands.allow(e.g.curlandpython3), piping them together (curl ... | python3 ...) still triggers an ASK prompt instead of allowing the compound command.Expected behavior
If both segments of a pipe are individually allowed, the compound command should also be allowed.
Repro
curlandpython3in[commands] allowcurl -s https://statsapi.mlb.com/api/v1/... | python3 -m json.toolContext
Reported during fantrax-mcp development (butterflyskies/fantrax-mcp#14). Vesper's cc-toolgate instance on macOS. The pipe evaluation code path likely doesn't check each segment against the allow list independently.
Suggested fix
When evaluating compound commands (pipes,
&&,;), check each segment againstcommands.allowindividually. If all segments pass, allow the compound.