Merge PR #600: fix(security): use in-memory set for permanent allowlist save

Authored by alireza78a. Uses _permanent_approved directly instead of re-reading from disk, preventing potential data loss if a previous save failed.
2026-03-10 04:12:11 -07:00 · 2026-03-10 04:12:11 -07:00 · 67fc6bc4e9
commit 67fc6bc4e9
parent cbca0225f6 40bc7216e1
1 changed files with 1 additions and 1 deletions
--- a/tools/approval.py
+++ b/tools/approval.py
@ -295,6 +295,6 @@ def check_dangerous_command(command: str, env_type: str,
    elif choice == "always":
        approve_session(session_key, pattern_key)
        approve_permanent(pattern_key)
-        save_permanent_allowlist(load_permanent_allowlist() | {pattern_key})
+        save_permanent_allowlist(_permanent_approved)

    return {"approved": True, "message": None}