From d83040478e2a78ae19e608a1d664dbf9c3c8c455 Mon Sep 17 00:00:00 2001
From: null <null>
Date: Sat, 17 May 2025 16:58:07 +0000
Subject: [PATCH] feat: add validation for commands with arbitrary arguments

---
 validate_command_access.sh | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/validate_command_access.sh b/validate_command_access.sh
index 93894e1..215d3c4 100644
--- a/validate_command_access.sh
+++ b/validate_command_access.sh
@@ -7,19 +7,18 @@ validate_command() {
   local tokens=("$@")
   local yaml="access.yml"
 
-  # Check if fixedArgsCommands.<cmd> exists
-  local is_fixed
+  # Check for fixed, multi, or arbitrary args commands
+  local is_fixed is_multi is_arbit
   is_fixed="$(yq e ".\"$PERSON\".fixedArgsCommands | has(\"$cmd\")" "$yaml")"
-  # Check if multiArgsCommands.<cmd> exists
-  local is_multi
   is_multi="$(yq e ".\"$PERSON\".multiArgsCommands | has(\"$cmd\")" "$yaml")"
+  is_arbit="$(yq e ".\"$PERSON\".arbitArgsCommands[]" "$yaml" | grep -qx "$cmd" && echo true || echo false)"
 
-  if [[ "$is_fixed" != "true" && "$is_multi" != "true" ]]; then
+  if [[ "$is_fixed" != "true" && "$is_multi" != "true" && "$is_arbit" != "true" ]]; then
     echo "ERROR: Command '$cmd' not allowed for $PERSON" >&2
     return 1
   fi
 
-  # Exclude flags from positional args
+  # Exclude flags from positional args for fixed/multi; pass all for arbit
   local args=()
   for tok in "${tokens[@]}"; do
     [[ "$tok" == -* ]] && continue
@@ -80,4 +79,9 @@ validate_command() {
     done
     return 0
   fi
+
+  if [[ "$is_arbit" == "true" ]]; then
+    # Arbitrary arguments allowed, always valid
+    return 0
+  fi
 }