From eafc8f789a25ca4ff85605d1a92ff14df9c5d5da Mon Sep 17 00:00:00 2001
From: matri <matri@users.noreply.github.com>
Date: Sat, 13 Jun 2026 21:41:03 +0800
Subject: [PATCH] fix(bash): narrow su-do deny pattern to actual command
 invocations

The previous regex matched the word anywhere in the command string,
including inside quoted arguments passed to other commands (e.g.
`git log -S "su-do"`, `grep su-do file.txt`). This caused read-only
commands to be rejected.

Change the pattern to only match when it appears at the start of a
command or after a command separator (;, &&, ||, |). Commands that
merely reference the string as an argument or search term are no
longer blocked.
---
 src/tool/builtin/bash/permissions.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/tool/builtin/bash/permissions.ts b/src/tool/builtin/bash/permissions.ts
index 4d41de77..5b8673ec 100644
--- a/src/tool/builtin/bash/permissions.ts
+++ b/src/tool/builtin/bash/permissions.ts
@@ -3,7 +3,8 @@ import type { PermissionResult } from "../../../permission/index.js";
 const DENY_PATTERNS: RegExp[] = [
   // Unix
   /\brm\s+-[^&|;]*r[^&|;]*f\s+\//,
-  /\bsudo\b/,
+  // sudo as a command (not inside quotes, e.g. `git log -S "sudo"`)
+  /(?:^|[;&|]\s*)sudo\b/,
   /\bchmod\s+-R\s+777\b/,
   /\bchown\s+-R\b/,
   /\bdd\s+if=/,