Add default allowlist patterns for read-only operations

[basre-velocity]

Summary

• Add read: **, grep: * in *, and glob: * to default security allowlist
• Fixes issue where grep commands were being prompted despite approval

Problem

Users who approved grep: * were still being prompted because grep commands are actually formatted as grep: <pattern> in <path>, so the pattern didn't match.

Solution

Update default allowlist in useSettingsStore.ts to include properly formatted patterns for common read-only operations:

• read: ** - all file reads
• grep: * in * - all grep searches (with correct format)
• glob: * - all glob file pattern searches

Impact

• New Hive installs will have these patterns pre-approved by default
• Existing users are not affected (they keep their current settings)
• Users who "Reset to Defaults" will get these new defaults

Test plan

• Fresh install: verify grep/glob/read commands auto-approve when security is enabled
• Existing install: verify settings are unchanged
• Reset to defaults: verify new patterns appear in allowlist

🤖 Generated with Claude Code

[greptile-apps]

Greptile Summary

This PR extends the default commandFilter allowlist in useSettingsStore.ts to include read: **, grep: ** in **, and glob: **, pre-approving common read-only AI tool calls for users who enable security filtering and for anyone who resets to defaults.

• The ** wildcard is used for all three new patterns, which is correct: command-filter-service.ts maps ** to .* (slash-inclusive), ensuring paths like grep: pattern in /some/dir and glob: src/**/*.ts match as expected.
• edit: ** and write: ** (existing defaults) have matching blocklist entries for .env, *.key, and credentials* files; the new read: ** pattern has no analogous blocklist protection, meaning sensitive file reads are auto-approved when security filtering is enabled.
• The overall security filter remains enabled: false by default, so these new patterns only take effect when a user explicitly enables the feature or resets to defaults after enabling it.

Confidence Score: 4/5

Safe to merge with awareness of the read-allowlist asymmetry: read: ** auto-approves all file reads when security filtering is on, while edit:/write: have blocklist entries protecting sensitive files — read: does not.

The wildcard fix (** instead of *) is correct and the new patterns work as intended in the regex engine. The open concern is that read: ** allows an AI session to silently read .env, *.key, and credentials* files without prompting when security filtering is enabled, because the blocklist has no read: guards — unlike the symmetrical protection already in place for edit: and write:.

src/renderer/src/stores/useSettingsStore.ts — specifically the absence of read: blocklist entries to mirror the .env/*.key/credentials* protection that exists for edit: and write:.

Important Files Changed

Filename	Overview
src/renderer/src/stores/useSettingsStore.ts	Adds read: **, grep: ** in **, and glob: ** to the default commandFilter allowlist; the ** wildcards are correctly matched to .* in the regex engine for non-bash patterns, but read: ** has no corresponding blocklist entries protecting sensitive files (unlike edit:/write:).

_{Reviews (2): Last reviewed commit: "Add default allowlist patterns for read-..." | Re-trigger Greptile}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2c9eea5fba

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Use slash-aware wildcards for grep/glob defaults

The new default patterns grep: * in * and glob: * do not actually auto-approve many common commands because the matcher treats * as [^/]* for non-bash tools (matchPattern), so any grep path like /workspace/hive or glob pattern like src/**/*.ts will miss the allowlist and still prompt. Since formatCommandString for grep/glob includes path/pattern text that often contains /, this change does not fulfill its stated goal for real-world inputs when command filtering is enabled; use ** where slash-containing arguments are expected.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fda4f28f19

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

[chatgpt-codex-connector]

Keep sensitive files out of read allowlist

When a user enables the command filter with the default ask behavior, this new broad read: ** allowlist entry auto-approves reads of every path, but the default blocklist only covers edit: and write: secrets such as .env, *.key, and credentials*. Since CommandFilterService.formatCommandString() emits reads as read: <path> and blocklist checks only help when a matching read: block exists, a request like read: /workspace/project/.env is silently allowed instead of prompting; add matching sensitive-file blocks for read (and any read-like defaults such as grep if intended) or narrow this default.

Useful? React with 👍 / 👎.