Skip to content

feat(modes): add regex scoped read permissions per mode + orchestrator skills read allowlist #10411

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hannesrudolph wants to merge 4 commits into
base: main
Choose a base branch
from
Open

feat(modes): add regex scoped read permissions per mode + orchestrator skills read allowlist #10411

hannesrudolph wants to merge 4 commits into from
+300 −34

Conversation

@hannesrudolph
Copy link
Collaborator

@hannesrudolph hannesrudolph commented Dec 30, 2025
edited
Loading

Summary

  • Enforce fileRegex on the read group for the read_file tool (native { files: [...] } payloads).
  • Update FileRestrictionError to support read vs edit wording.
  • Restrict built-in Orchestrator mode so it can only read skill definition SKILL.md files, supporting both:
    • workspace-relative: .roo/skills(-<mode>)/<skill>/SKILL.md
    • absolute/global paths (and Windows-style separators): /Users/<user>/.roo/skills(-<mode>)/<skill>/SKILL.md / C:\\Users\\<user>\\.roo\\skills(-<mode>)\\<skill>\\SKILL.md

Key changes

  • Native args used for tool validation: src/core/assistant-message/presentAssistantMessage.ts
  • Read restriction enforcement: src/core/tools/validateToolUse.ts
  • Skills <location> uses absolute paths: src/core/prompts/sections/skills.ts
  • Orchestrator allowlist (absolute + relative): packages/types/src/mode.ts

Tests

  • cd src && npx vitest run shared/__tests__/modes.spec.ts

Notes

  • Behavior is unchanged unless a mode sets fileRegex on the read group.
  • Orchestrator remains constrained to skill definition reads only; this update makes the allowlist compatible with absolute skill paths.

@dosubot dosubot bot added size:L This PR changes 100-499 lines, ignoring generated files. Enhancement New feature or request labels Dec 30, 2025
@roomote
Copy link
Contributor

roomote bot commented Dec 30, 2025
edited
Loading

Oroocle Clock   Follow along on Roo Cloud

Re-review complete. No outstanding issues found.

  • Ensure read_file fileRegex enforcement also handles cases where toolParams.files is a JSON string (not an array) so restrictions cannot be skipped.
Previous reviews

Mention @roomote in a comment to request specific changes to this pull request or fix all unresolved issues.

@hannesrudolph hannesrudolph added the Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. label Dec 30, 2025
roomote[bot]
roomote bot reviewed Dec 30, 2025
View reviewed changes
@hannesrudolph
Copy link
Collaborator Author

hannesrudolph commented Dec 30, 2025

Fixed: read_file fileRegex enforcement now also validates when toolParams.files is a JSON string. Added tests for both allowed/blocked JSON-string payloads.\n\nChanges:\n- src/core/tools/validateToolUse.ts\n- src/core/tools/tests/validateToolUse.spec.ts

@hannesrudolph hannesrudolph force-pushed the feat/mode-read-regex-skills branch from 4e46243 to 2490135 Compare December 30, 2025 22:41
@hannesrudolph hannesrudolph changed the title feat(modes): restrict read_file with fileRegex + orchestrator skills read allowlist feat(modes): add regex scoped read permissions per mode + orchestrator skills read allowlist Dec 30, 2025
mrubens
mrubens reviewed Dec 30, 2025
View reviewed changes
src/core/tools/validateToolUse.ts
}
}

function tryParseJson(value: string): unknown | undefined {
Copy link
Collaborator

@mrubens mrubens Dec 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This feels like a lot - is this what we do for the edit file regex too? Could we just share that code?

Copy link
Collaborator Author

@hannesrudolph hannesrudolph Dec 31, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@roomote follow this suggestion

Copy link
Contributor

@roomote roomote bot Dec 31, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixaroo Clock   See task on Roo Cloud

Refactored XML path extraction into shared extractPathsFromXmlArgs() function used by both edit and read file regex validation. All local checks passed.

View commit | Revert commit

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrubens mrubens mrubens left review comments

@roomote roomote[bot] roomote[bot] approved these changes

@cte cte Awaiting requested review from cte cte is a code owner

@jr jr Awaiting requested review from jr jr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Enhancement New feature or request Issue/PR - Triage New issue. Needs quick review to confirm validity and assign labels. size:L This PR changes 100-499 lines, ignoring generated files.

Projects

Roo Code Roadmap
Status: Triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@hannesrudolph @mrubens @roomote