Problem
Currently, Qoder Agent executes all user-provided commands without restrictions. This creates potential security and compliance issues, as unsafe or unintended commands might be executed. Administrators lack fine-grained control over which commands should be explicitly allowed (whitelisted) or blocked (blacklisted).
What problem does this solve?
-
Prevents execution of harmful or non-compliant commands.
-
Allows administrators to enforce organizational policies.
-
Reduces risk of accidental or malicious usage.
Solution
Introduce a command filtering mechanism where administrators can configure two lists within Qoder Agent settings:
-
Whitelisted Commands → Only these commands are allowed, all others are blocked.
-
Blacklisted Commands → These commands are denied even if not explicitly disallowed elsewhere.
The system should:
-
Support both exact matches and regex-based patterns.
-
Provide a clear error message to the user when a command is blocked.
-
Allow dynamic updates to the lists without restarting the agent.
Use Case
- An enterprise admin wants to ensure Qoder Agent only executes safe database queries and blocks all destructive commands like
DROP,DELETE, orSHUTDOWN. - A developer environment where only a subset of commands is required, and everything else must be restricted to reduce risk.
Priority
-
High - Blocking issue
Additional Info
- Suggested configuration could be stored in a YAML/JSON file or in the Qoder Agent dashboard.
- Example whitelist:
["SELECT", "SHOW", "DESCRIBE"] - Example blacklist:
["DROP", "DELETE", "ALTER"]