[Feature]: Add Support for shellInputRegex for Auggie File Operations #86
Description
What would you like to be added?
It would be very beneficial from a security standpoint if theshellInputRegex field could be used with file operations tool permissions, specifically view, str-replace-editor, and grep-search. The shellInputRegex field for launch-process permissions is very useful to fine-tune permissions to maximize efficiency while maintaining least-privilege.
Why is this needed?
My team has found that Augment rules are not always strictly followed by various models. I don't think that security guardrails should be interpreted by agents--they should be enforced by settings. I am hesitant (and unlikely) to use agentic workflows in production environments if I cannot fine-tune file permissions.
Possible solution or alternatives
- We currently use rules, but they do not seem to be a guarantee that an agent does not have access to files.
- We use .gitignore/.augmentignore for sensitive files, but it only prevents them from being indexed.
Additional context
No response