Allow jq and ls in review, steer JSON queries to jq#31
Merged
Conversation
Reviews of JSON-heavy repos (survey/connection-flow definitions) kept reaching for `python -c "import json; ..."` to parse and query deeply nested files. python is denied — it is arbitrary code execution, against this review's read-only contract — so each attempt cost a turn plus a retry, and with python blocked the model fell back to many granular cat/grep calls, inflating turn usage on exactly the files that need structural queries. jq is the right tool for that need: a read-only JSON query language that cannot execute code, so it fits the contract. Add it (and `ls`) to the allow-list, list both in the environment note, and tell the model to use jq for JSON and that python/node are unavailable so it stops probing for them. python stays denied.
LandonS23
approved these changes
Jul 9, 2026
LandonS23
left a comment
Contributor
There was a problem hiding this comment.
Approve — clean addition.
jq is the right tool for JSON-heavy repos: read-only query language, no arbitrary code execution, fits the review contract. The allow-list addition (Bash(jq:*), Bash(ls:*)) and the prompt steer ("use jq for JSON, python/node NOT available") are minimal and well-targeted. 34→22 turns is a solid improvement.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Reviews of JSON-heavy repos (survey / connection-flow definitions) kept reaching for
python -c "import json; ..."to parse and query deeply nested files.pythonis denied — it's arbitrary code execution, against this review's read-only contract — so each attempt cost a turn plus a retry, and withpythonblocked the model fell back to many granularcat/grepcalls, inflating turn usage on exactly the files that most need structural queries.jqis the right tool for that need: a read-only JSON query language that can't execute code, so it fits the contract. This addsjq(andls) to the allow-list, lists both in the environment note, and tells the model to usejqfor JSON and thatpython/nodeare unavailable so it stops probing for them.pythonstays denied.Evidence: reproducing a connection-flow review (
.cf.json, deeply nested) with the current allow-list took ~34 turns ofcat/grepthrash; withjqavailable and the steer in place, the same review usedjq17 times, made 0pythonattempts, 0 denials, and finished in 22 turns.Type of Change
Testing Done
Prompt + allow-list change to the shared review workflow; no functional/schema change. Validated the workflow YAML parses.
jq/lsare read-only and re-expose nothing beyond what the Read/Grep tools already permit; builds/tests/installs/edits/network/pythonremain denied. Turn-count effect confirmed by local reproduction (above); will confirm on live reviews.Checklist