Skip to content

fix: support trailing wildcards in auto-approve command matching#11759

Draft
roomote[bot] wants to merge 1 commit intomainfrom
fix/auto-approve-trailing-wildcard
Draft

fix: support trailing wildcards in auto-approve command matching#11759
roomote[bot] wants to merge 1 commit intomainfrom
fix/auto-approve-trailing-wildcard

Conversation

@roomote
Copy link
Contributor

@roomote roomote bot commented Feb 26, 2026
edited
Loading

Related GitHub Issue

Closes: #11756

Description

This PR attempts to address Issue #11756. Feedback and guidance are welcome.

The auto-approve system already uses prefix matching -- adding git to allowed commands matches git commit -m "...", git push, etc. However, users naturally try glob-style wildcards like git* or git *, which failed because the trailing * was treated as a literal character.

Changes:

  1. findLongestPrefixMatch() (src/core/auto-approval/commands.ts): Strip trailing * characters from prefixes before the startsWith check. The original prefix length (including *) is preserved for longest-prefix-match comparisons, so git* (4 chars) still beats a standalone * (1 char).

  2. isAutoApprovedSingleCommand() (src/core/auto-approval/commands.ts): Same trailing-wildcard normalization applied to the inline allowlist check (used when no denylist is provided).

  3. UI description (webview-ui/src/i18n/locales/en/settings.json): Updated the allowed commands description to clarify that entries work as prefixes and that trailing wildcards like git* are supported.

Behavior:

  • git* normalizes to git and matches any command starting with git (including gitk)
  • git * normalizes to git (with space) and matches git commit but NOT gitk
  • Standalone * (match-all) behavior remains unchanged
  • Deny list interaction is unaffected -- longest prefix match still resolves conflicts

Test Procedure

  • Added 17 new test cases in src/core/auto-approval/__tests__/commands.spec.ts covering:
    • git* matching git commit -m "..." and gitk
    • git * matching git commit but not gitk
    • Multiple trailing * characters being stripped
    • Longer trailing-wildcard prefix preferred over shorter one
    • Specific trailing-wildcard prefix preferred over standalone *
    • Standalone * fallback when no other prefix matches
    • isAutoApprovedSingleCommand with trailing wildcards
    • getCommandDecision with trailing wildcards interacting with deny list
  • All 46 existing + new tests pass
  • Lint and type checks pass across the entire monorepo

Pre-Submission Checklist

  • Issue Linked: This PR is linked to an approved GitHub Issue.
  • Scope: Changes are focused on the linked issue.
  • Self-Review: I have performed a thorough self-review of my code.
  • Testing: New tests have been added to cover the changes.
  • Documentation Impact: No external documentation updates required -- UI description updated inline.
  • Contribution Guidelines: I have read and agree to the Contributor Guidelines.

Documentation Updates

No external documentation updates are required. The UI description for allowed commands has been updated inline to clarify prefix and wildcard behavior.

Additional Notes

This is a minimal, backward-compatible change. Existing prefix entries (without *) continue to work exactly as before. The only new behavior is that trailing * characters are now stripped before matching, which aligns with user expectations.

Interactively review PR in Roo Code Cloud

@roomote
fix: support trailing wildcards in auto-approve command matching
ab259d0 
Strip trailing asterisk(s) from command prefixes before performing
startsWith checks. This allows patterns like "git*" and "git *" to
work as users expect when configuring allowed auto-execute commands.

- "git*" normalizes to "git" and matches any command starting with "git"
- "git *" normalizes to "git " and matches "git commit" but not "gitk"
- Standalone "*" (match-all) behavior remains unchanged
- Original prefix length preserved for longest-prefix-match comparisons
- Updated UI description to clarify prefix and wildcard behavior
- Added comprehensive tests for trailing wildcard patterns

Fixes #11756
@roomote roomote bot mentioned this pull request Feb 26, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mrubens mrubens Awaiting requested review from mrubens mrubens will be requested when the pull request is marked ready for review mrubens is a code owner

@cte cte Awaiting requested review from cte cte will be requested when the pull request is marked ready for review cte is a code owner

@jr jr Awaiting requested review from jr jr will be requested when the pull request is marked ready for review jr is a code owner

@hannesrudolph hannesrudolph Awaiting requested review from hannesrudolph hannesrudolph will be requested when the pull request is marked ready for review hannesrudolph is a code owner

@daniel-lxs daniel-lxs Awaiting requested review from daniel-lxs daniel-lxs will be requested when the pull request is marked ready for review daniel-lxs is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Issue with Auto-Approve - Wildcards

1 participant

@roomote