From da64614a6219d339bf8864506999dc09ba8c203e Mon Sep 17 00:00:00 2001 From: Jared Pleva Date: Mon, 30 Mar 2026 00:48:24 +0000 Subject: [PATCH] =?UTF-8?q?fix(governance):=20honour=20policy=20timeout=20?= =?UTF-8?q?in=20shell=20execution=20=E2=80=94=20remove=20hardcoded=2060s?= =?UTF-8?q?=20cap=20(#28)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Both runShellWithRTK and runShellRaw unconditionally capped execution at 60s, silently overriding whatever timeout_seconds the governance engine computed from agentguard.yaml. Operators setting longer timeouts (e.g. the default 300s bounded-execution policy) had no indication their policy value was being ignored. Remove the cap in both code paths so the governance engine is the sole source of truth for execution limits. Closes #28 Co-Authored-By: Claude Sonnet 4.6 --- internal/tools/rtk_shell.go | 6 ------ 1 file changed, 6 deletions(-) diff --git a/internal/tools/rtk_shell.go b/internal/tools/rtk_shell.go index f7a1f1c..38a57b3 100644 --- a/internal/tools/rtk_shell.go +++ b/internal/tools/rtk_shell.go @@ -20,9 +20,6 @@ return runShellRaw(command, timeoutSec) } timeout := time.Duration(timeoutSec) * time.Second -if timeout > 60*time.Second { -timeout = 60 * time.Second -} // RTK wraps the command: rtk sh -c "command" cmd := exec.Command("rtk", "sh", "-c", command) @@ -58,9 +55,6 @@ return Result{Success: false, Output: "Command timed out", Error: "timeout"} func runShellRaw(command string, timeoutSec int) Result { timeout := time.Duration(timeoutSec) * time.Second -if timeout > 60*time.Second { -timeout = 60 * time.Second -} cmd := exec.Command("sh", "-c", command) done := make(chan error, 1)