Automations for Cap Desktop#1922
Merged
Merged
Conversation
|
Paragon Review Skipped Hi @richiemcilroy! Your Polarity credit balance is insufficient to complete this review. Please visit https://app.paragon.run to finish your review. |
![tembo[bot]](https://avatars.githubusercontent.com/in/1223475?s=60&v=4){kind=small}
![superagent-security[bot]](https://avatars.githubusercontent.com/in/3287076?s=60&v=4){kind=small}
| open_path_or_url(&path.to_string_lossy()) | ||
| } | ||
|
|
||
| async fn run_command( |
There was a problem hiding this comment.
P0: Automation rules loaded from writable store enable arbitrary command execution
Run command action executes programs from user-writable store without integrity protection.
Sign automation rules or sandbox command execution to prevent unauthorized persistent execution.
AI prompt
Check if this security scanner issue is valid. If so, understand the root cause and fix it. If appropriate, update or add tests. Keep the change focused and preserve intended behavior.
<file name="apps/cli/src/automation.rs">
<violation number="1" location="apps/cli/src/automation.rs:233">
<priority>P0</priority>
<title>Automation rules loaded from writable store enable arbitrary command execution</title>
<evidence>run_command executes arbitrary programs and shell commands from automation rules loaded from dirs::data_dir()/so.cap.desktop/store, an unencrypted user-writable JSON file. Any process with user filesystem access can modify rules to persistently execute commands triggered by screenshots and recordings.</evidence>
<recommendation>Add cryptographic signatures or integrity checks for automation rules, sandbox command execution, or require interactive user confirmation before running shell commands from stored rules.</recommendation>
</violation>
</file>
superagent-security
Bot
added
the
pr:flagged
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
superagent-security
Bot
removed
the
pr:flagged
Member
Author
|
@greptileai please re-review |
Member
Author
|
hey @greptileai please re-review the pr |
Member
Author
|
hey @greptileai please re-review the pr |
| organizationIs: "Organization is", | ||
| }; | ||
|
|
||
| export const DANGEROUS_ACTIONS: ActionType[] = ["runCommand", "webhook"]; |
There was a problem hiding this comment.
P2: deleteLocalFiles omitted from dangerous-action warning in automation editor
DANGEROUS_ACTIONS only lists runCommand and webhook, omitting deleteLocalFiles which permanently deletes directories.
Add "deleteLocalFiles" to DANGEROUS_ACTIONS so users see a warning before creating destructive rules.
AI prompt
Check if this security scanner issue is valid. If so, understand the root cause and fix it. If appropriate, update or add tests. Keep the change focused and preserve intended behavior.
<file name="apps/desktop/src/utils/automations.ts">
<violation number="1" location="apps/desktop/src/utils/automations.ts:87">
<priority>P2</priority>
<title>`deleteLocalFiles` omitted from dangerous-action warning in automation editor</title>
<evidence>export const DANGEROUS_ACTIONS: ActionType[] = ["runCommand", "webhook"]; excludes "deleteLocalFiles", even though that action calls remove_dir_all on project_path in both the desktop host (tokio::fs::remove_dir_all) and the CLI host (std::fs::remove_dir_all). The editor only shows the amber dangerous-action banner when an action type is in this array, so adding a delete-files rule produces no warning.</evidence>
<recommendation>Add "deleteLocalFiles" to the DANGEROUS_ACTIONS array in apps/desktop/src/utils/automations.ts so the destructive action is surfaced to users alongside runCommand and webhook.</recommendation>
</violation>
</file>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Users can define automation rules in Cap Desktop (Settings → Automations) that run automatically when something happens in Cap — no manual steps after each capture.
Each rule is when this happens → optionally if these conditions match → do these actions. For example: after a screenshot, save a copy to
~/Shotsand POST a webhook; after a studio recording finishes, export an MP4 and upload it; skip opening the editor for headless screenshot workflows.Triggers: screenshot taken, recording started/finished (studio or instant), upload completed, video imported, recording deleted.
Conditions (optional): capture target (display/window/area), recording mode, duration min/max, window title contains, organization.
Actions: copy to clipboard, save to folder, export, upload + copy link, reveal/open file, run a shell command, send a webhook, OCR to clipboard, notify, open/skip editor, apply a preset, delete local files.
Rules are stored once and shared with the CLI —
cap screenshot,cap record, andcap uploadhonor the same automations (desktop-only actions like clipboard, OCR, notifications, and open editor are skipped on CLI). Inspect active rules withcap automations list.Greptile Summary
This PR introduces a full automation engine for Cap Desktop: users define trigger → conditions → actions rules in Settings → Automations, and the same rules are honored by the
capCLI. The sharedcap_automationcrate owns the data model, evaluation logic, and sanitization helpers; platform-specificAutomationHostimpls (desktop and CLI) carry out the actual I/O.crates/automation): rule types, engine (evaluate/run), template helpers,sanitize_filename_component(strips path separators and{/}to close the previously-reported window-title injection vector).apps/desktop/src-tauri/src/automation.rs): all 13 capabilities implemented;open_filenow usestauri_plugin_opener(notreveal_path);notifynow calls bothapply_filename_templateandapply_body_template(fixes the previously-reported unsubstituted template variable issue).apps/cli/src/automation.rs): nine headless-compatible capabilities; shares the rule store from Cap Desktop's Tauri plugin-store file;cap automations listadded.Confidence Score: 5/5
Safe to merge; all previously flagged blocking issues are addressed and the new automation engine is well-tested.
All three previously reported issues (desktop open_file calling reveal_path, notify ignoring template context, and window-title template injection) are now fixed. The automation engine has a comprehensive 827-line test suite, the shared data model is clean, and the lifecycle hook placements in recording.rs are correct with no double-trigger paths. The one remaining finding — the CLI reveal_in_file_manager calling the same helper as open_file on macOS — is a behavior mismatch rather than a data-loss or security concern.
apps/cli/src/automation.rs — reveal_in_file_manager and open_file share open_path_or_url, making them identical on macOS.
Important Files Changed
Reviews (4): Last reviewed commit: "style(automation): use char-array patter..." | Re-trigger Greptile