refactor(infra): dedupe exec allowlist analysis failure

2026-04-03 03:03:24 -04:00 · 2026-02-15 16:05:49 +00:00
parent 7323953ab0
commit e7f65b4aac
1 changed files with 10 additions and 14 deletions
--- a/src/infra/exec-approvals-allowlist.ts
+++ b/src/infra/exec-approvals-allowlist.ts
@@ -256,6 +256,14 @@ export function evaluateShellAllowlist(params: {
  autoAllowSkills?: boolean;
  platform?: string | null;
 }): ExecAllowlistAnalysis {
+  const analysisFailure = (): ExecAllowlistAnalysis => ({
+    analysisOk: false,
+    allowlistSatisfied: false,
+    allowlistMatches: [],
+    segments: [],
+    segmentSatisfiedBy: [],
+  });
+
  const chainParts = isWindowsPlatform(params.platform) ? null : splitCommandChain(params.command);
  if (!chainParts) {
    const analysis = analyzeShellCommand({
@@ -265,13 +273,7 @@ export function evaluateShellAllowlist(params: {
      platform: params.platform,
    });
    if (!analysis.ok) {
-      return {
-        analysisOk: false,
-        allowlistSatisfied: false,
-        allowlistMatches: [],
-        segments: [],
-        segmentSatisfiedBy: [],
-      };
+      return analysisFailure();
    }
    const evaluation = evaluateExecAllowlist({
      analysis,
@@ -302,13 +304,7 @@ export function evaluateShellAllowlist(params: {
      platform: params.platform,
    });
    if (!analysis.ok) {
-      return {
-        analysisOk: false,
-        allowlistSatisfied: false,
-        allowlistMatches: [],
-        segments: [],
-        segmentSatisfiedBy: [],
-      };
+      return analysisFailure();
    }

    segments.push(...analysis.segments);