Please see the disclaimer at the bottom of this comment prior to reading the remainder of this comment.

I read the conversations in Issue #165 and in this Pull Request.

I think one compromise could be to add a switch (e.g. a checkbox or pair of radio buttons) to the agent, that the user can toggle between two states: (A) Normal mode and (B) Dangerous mode (required for special configurations) (someone else can choose the actual wording).

When mode (A) is selected, the agent would only issue commands that exist in some white list (e.g. the one @matteosuppo included in this PR). That white list may cover the most common use cases; but not all use cases, due to the maintenance burden (which @facchinm pointed out) of keeping the white list up-to-date with new use cases. This would be the default mode.

On the other hand, when mode (B) is selected, the agent would issue any arbitrary command (that's my understanding of its current behavior, after having read the conversation in Issue #165). That would cover the remaining use cases.

The act of switching the mode from (A) to (B) could involve reading a warning and agreeing to it. For example:

WARNING: By enabling Dangerous Mode, you are allowing Arduino Create to issue
arbitrary commands on your computer.

Click CONTINUE to enable Dangerous Mode or click CANCEL to remain in Normal Mode.

I think this approach would make updating a white list (over time) less urgent than if the agent would only run commands that are on the white list. At the same time, I think it would keep more users safer by default.

* Disclaimer: I haven't used the agent yet (I was evaluating it when I came across Issue #165 and subsequently decided not to install it).

@matteosuppo Can you please tell me what the status of this pull request is? @mastrolinux pointed me to this pull request as something I can help with. Do you need something specific, or do you want me to try and take this over from you?

@hannobraun we're still evaluating our options.

The problem is that there are a lot of different commandlines. Another option would be to whitelist the programs that can be ran (which are basically avrdude, bossac, and few others) and keep the rest of the commandline free. Keep in mind that bashisms such as && or ; or $() wouldn't work, so it should be pretty safe.

@gitname in extremes cases we could do that, but I'm not really a fan of adding complexity to the ui

@matteosuppo we do have a working experiment that solves the issue to override config. I will show you more later today, we can probably make a PR about that and add what @gitname is proposing, which I think is a really good approach.