Merge fb35d46f9d9842aa85185a0c135dd6e94ff0db35 into 598f1826d8b2bc969aace2c6459824737667218c

2026-03-20 23:15:33 -04:00 · 2026-03-20 23:15:33 -04:00 · 0f82a5b7b0
commit 0f82a5b7b0
parent 598f1826d8 fb35d46f9d
1 changed files with 18 additions and 0 deletions
--- a/src/gateway/server-methods/exec-approval.ts
+++ b/src/gateway/server-methods/exec-approval.ts
@ -316,6 +316,24 @@ export function createExecApprovalHandlers(
      }
      const approvalId = resolvedId.id;
      const snapshot = manager.getSnapshot(approvalId);
+      // Security: prevent self-approval — the connection that submitted the request
+      // cannot also resolve it. This blocks prompt-injected agents from immediately
+      // approving their own dangerous command requests without human oversight.
+      if (
+        snapshot?.requestedByConnId != null &&
+        client?.connId != null &&
+        client.connId === snapshot.requestedByConnId
+      ) {
+        respond(
+          false,
+          undefined,
+          errorShape(
+            ErrorCodes.INVALID_REQUEST,
+            "requester cannot approve their own exec request",
+          ),
+        );
+        return;
+      }
      const resolvedBy = client?.connect?.client?.displayName ?? client?.connect?.client?.id;
      const ok = manager.resolve(approvalId, decision, resolvedBy ?? null);
      if (!ok) {