From 48eb1d1f30476b0fb8bb0b1eb738dda6097450d3 Mon Sep 17 00:00:00 2001
From: YubinghanBai <baiyubinghan@gmail.com>
Date: Wed, 18 Feb 2026 18:18:39 -0600
Subject: [PATCH] fix(agent): inject full datetime into system prompt and allow
 date command

Three related agent UX issues found during MiniMax channel testing:

1. DateTimeSection injected only timezone, not the actual date/time.
   Models have no reliable way to know the current date from training
   data alone, causing wrong or hallucinated dates in responses.
   Fix: include full timestamp (YYYY-MM-DD HH:MM:SS TZ) in the prompt.

2. The `date` shell command was absent from the security policy
   allowed_commands default list. When a model tried to call
   shell("date") to get the current time, it received a policy
   rejection and told the user it was "blocked by security policy".
   Fix: add "date" to the default allowed_commands list. The command
   is read-only, side-effect-free, and carries no security risk.

3. (Context) The datetime prompt fix makes the date command fallback
   largely unnecessary, but the allowlist addition ensures the tool
   works correctly if models choose to call it anyway.

Non-goals:
- Not changing the autonomy model or risk classification
- Not adding new config keys

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 src/agent/prompt.rs    | 3 ++-
 src/security/policy.rs | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/agent/prompt.rs b/src/agent/prompt.rs
index 0b85119..d1d93aa 100644
--- a/src/agent/prompt.rs
+++ b/src/agent/prompt.rs
@@ -215,7 +215,8 @@ impl PromptSection for DateTimeSection {
     fn build(&self, _ctx: &PromptContext<'_>) -> Result<String> {
         let now = Local::now();
         Ok(format!(
-            "## Current Date & Time\n\nTimezone: {}",
+            "## Current Date & Time\n\n{} ({})",
+            now.format("%Y-%m-%d %H:%M:%S"),
             now.format("%Z")
         ))
     }
diff --git a/src/security/policy.rs b/src/security/policy.rs
index bf799ef..fda45c5 100644
--- a/src/security/policy.rs
+++ b/src/security/policy.rs
@@ -111,6 +111,7 @@ impl Default for SecurityPolicy {
                 "wc".into(),
                 "head".into(),
                 "tail".into(),
+                "date".into(),
             ],
             forbidden_paths: vec![
                 // System directories (blocked even when workspace_only=false)