From c06e2ab792e50db71434c5f85e1bf4bbe21c35e6 Mon Sep 17 00:00:00 2001
From: kumavis <aaron@kumavis.me>
Date: Sat, 26 Oct 2024 18:16:44 -1000
Subject: [PATCH] fix: remove obsolete coder code safety check

---
 src/agent/coder.js  |  8 --------
 src/utils/safety.js | 38 --------------------------------------
 2 files changed, 46 deletions(-)
 delete mode 100644 src/utils/safety.js

diff --git a/src/agent/coder.js b/src/agent/coder.js
index 7098ca4..d232ab7 100644
--- a/src/agent/coder.js
+++ b/src/agent/coder.js
@@ -1,5 +1,4 @@
 import { writeFile, readFile, mkdirSync } from 'fs';
-import { checkSafe } from '../utils/safety.js';
 import settings from '../../settings.js';
 import { makeCompartment } from './library/lockdown.js';
 import * as skills from './library/skills.js';
@@ -145,13 +144,6 @@ export class Coder {
             }
             code = res.substring(res.indexOf('```')+3, res.lastIndexOf('```'));
 
-            if (!checkSafe(code)) {
-                console.warn(`Detected insecure generated code, not executing. Insecure code: \n\`${code}\``);
-                const message = 'Error: Code insecurity detected. Do not import, read/write files, execute dynamic code, or access the internet. Please try again:';
-                messages.push({ role: 'system', content: message });
-                continue;
-            }
-
             let codeStagingResult;
             try {
                 codeStagingResult = await this.stageCode(code);
diff --git a/src/utils/safety.js b/src/utils/safety.js
deleted file mode 100644
index 864263e..0000000
--- a/src/utils/safety.js
+++ /dev/null
@@ -1,38 +0,0 @@
-export function checkSafe(code) {
-    const dangerousPatterns = [
-        // Dynamic imports
-        /\bimport\s*\(/,
-        // Access to process and global
-        /\bprocess\b/,
-        /\bglobal\b/,
-        // Module manipulation
-        /\bmodule\b/,
-        /\bexports\b/,
-        // Require usage
-        /\brequire\s*\(/,
-        // Function constructors
-        /\bFunction\s*\(/,
-        /\beval\s*\(/,
-        // Access to __dirname and __filename
-        /\b__dirname\b/,
-        /\b__filename\b/,
-
-        // fetch
-        /\bfetch\s*\(/,
-        // XMLHttpRequest
-        /\bXMLHttpRequest\b/,
-        // Websockets
-        /\bWebSocket\b/,
-    ];
-
-    for (const pattern of dangerousPatterns) {
-        if (pattern.test(code)) {
-            return false;
-        }
-    }
-    return true;
-}
-
-// generated by o1
-// Basic check for malicious code like dynamic imports, code exec, disk access, internet access, etc.
-// Will not catch all, and can be bypassed by obfuscation.
\ No newline at end of file