feat: 🎸 add allow patterns to config file

[candywater]

📝 Description

🗣️ Type of Change

• 🐞 Bug fix (non-breaking change which fixes an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 📖 Documentation update
• ⚡ Code refactoring (no functional changes, no api changes)

🤖 AI Code Generation

• 🤖 Fully AI-generated (100% AI, 0% Human)
• 🛠️ Mostly AI-generated (AI draft, Human verified/modified)
• 👨‍💻 Mostly Human-written (Human lead, AI assisted or none)

🔗 Linked Issue

📚 Technical Context (Skip for Docs)

• Reference: [Feature] Allow patterns is not configurable for ExecTool #373
• Reasoning: want to make picoclaw run few commands but do not want to lose control.

PS: should set restrict_to_workspace = false , otherwise it would get error
eg.

error=Command blocked by safety guard (path outside working dir): rel="../../../../curl"}

🧪 Test Environment & Hardware

• Hardware: VirtualBox Version 7.2.6 r172322 (Qt6.8.0 on windows)
• OS: Fedora Linux 43
• Model/Provider: minimax-m2.5
• Channels: Agent Message

📸 Proof of Work (Optional for Docs)

log

[INFO] agent: LLM requested tool calls {tools=[exec], count=1, iteration=1}
[INFO] agent: Tool call: exec({"command":"curl -s \"wttr.in/Paris?format=3\""}) {tool=exec, iteration=1}
[INFO] tool: Tool execution started {tool=exec, args=map[command:curl -s "wttr.in/Paris?format=3"]}
[INFO] tool: Tool execution completed {result_length=21, tool=exec, duration_ms=2987}

☑️ Checklist

• My code/docs follow the style of this project.
• I have performed a self-review of my own changes.
• I have updated the documentation accordingly.

[Copilot]

Pull request overview

This PR adds configurable allow patterns for the ExecTool to provide fine-grained control over which shell commands the agent can execute. This enhances security by allowing administrators to restrict the agent to only execute specific whitelisted commands while still maintaining control. The feature addresses issue #373.

Changes:

• Added allow_patterns configuration field to agent defaults, supporting regex-based command whitelisting
• Updated ExecTool and CronTool constructors to accept and compile allow patterns
• Added migration logic to preserve allow_patterns during config conversions
• Added comprehensive documentation in English, Chinese, and Japanese READMEs

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
pkg/tools/shell.go	Modified NewExecTool to accept optional allowPatterns parameter and compile them into regex
pkg/tools/cron.go	Updated NewCronTool to forward allowPatterns to ExecTool
pkg/config/config.go	Added AllowPatterns field to AgentDefaults struct with JSON and env tag support
pkg/agent/loop.go	Passed configured allow patterns from config to ExecTool during tool registry creation
cmd/picoclaw/main.go	Updated setupCronTool signature and call to include allowPatterns from config
pkg/migrate/config.go	Added logic to convert and merge allow_patterns during config migration
pkg/migrate/migrate_test.go	Added tests for allow_patterns conversion and merging behavior
config/config.example.json	Added allow_patterns example and fixed missing provider/duckduckgo fields
README.md	Added Security Sandbox section documenting allow_patterns configuration and usage
README.zh.md	Added Chinese documentation for Security Sandbox with allow_patterns
README.ja.md	Added Japanese documentation for Security Sandbox with allow_patterns

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Invalid regex patterns in allowPatterns will cause a panic when regexp.MustCompile is called with an invalid pattern. The existing SetAllowPatterns method (lines 230-240) handles this properly by returning an error, but the constructor does not. Consider handling compilation errors gracefully, either by logging and skipping invalid patterns or returning an error from the constructor.

Suggested change

	allowRegex = append(allowRegex, regexp.MustCompile(p))
	re, err := regexp.Compile(p)
	if err != nil {
	fmt.Fprintf(os.Stderr, "NewExecTool: invalid allow pattern %q: %v\n", p, err)
	continue
	}
	allowRegex = append(allowRegex, re)

[Copilot]

The allow_patterns feature lacks test coverage in pkg/tools/shell_test.go. The existing test file has comprehensive tests for other shell tool features (timeout, workspace restriction, dangerous commands, etc.), but there are no tests verifying that allow_patterns work correctly. Consider adding tests for: (1) commands matching allowlist patterns should execute, (2) commands not matching any allowlist pattern should be blocked, and (3) empty allowlist should allow all commands.

[Copilot]

The Security Sandbox section is inserted between the Heartbeat heading (line 464) and its content (line 508), which breaks the document structure. The Heartbeat section starts at line 464 but its actual content doesn't begin until line 508. This makes the documentation confusing. Consider moving the Security Sandbox section to appear before or after the complete Heartbeat section.