fix: adding confirmation prompt prior to execution of algokit generat…

…ors (#366)

* fix: adding confirmation prompt prior to execution of algokit generators

* chore: adding force flag

docs/features/generate.md

@@ -168,3 +168,7 @@ $ algokit generate smart-contract
 
 $ algokit generate smart-contract -a contract_name "MyCoolContract"
 ```
+
+#### Third Party Generators
+
+It is important to understand that by default, AlgoKit will always prompt you before executing a generator to ensure it's from a trusted source. If you are confident about the source of the generator, you can use the `--force` or `-f` option to execute the generator without this confirmation prompt. Be cautious while using this option and ensure the generator is from a trusted source. At the moment, a trusted source for a generator is defined as _a generator that is included in the official AlgoKit templates (e.g. `smart-contract` generator in `algokit-beaker-default-template`)_

src/algokit/cli/generate.py

@@ -43,7 +43,21 @@ def _load_custom_generate_commands(project_dir: Path) -> dict[str, click.Command
             type=click.Path(exists=True),
             default=generator.path,
         )
-        def command(answers: list[tuple[str, str]], path: Path) -> None:
+        @click.option(
+            "--force",
+            "-f",
+            is_flag=True,
+            required=False,
+            default=False,
+            type=click.BOOL,
+            help="Executes generator without confirmation. Use with trusted sources only.",
+        )
+        def command(
+            *,
+            answers: list[tuple[str, str]],
+            path: Path,
+            force: bool,
+        ) -> None:
             if not shutil.which("git"):
                 raise click.ClickException(
                     "Git not found; please install git and add to path.\n"
@@ -52,6 +66,14 @@ def command(answers: list[tuple[str, str]], path: Path) -> None:
 
             answers_dict = dict(answers)
 
+            if not force and not click.confirm(
+                "You are about to run a generator. Please make sure it's from a "
+                "trusted source (for example, official AlgoKit Templates). Do you want to proceed?",
+                default=False,
+            ):
+                logger.warning("Generator execution cancelled.")
+                return None
+
             return run_generator(answers_dict, path)
 
         commands_table[generator.name] = command

src/algokit/core/generate.py

@@ -44,6 +44,7 @@ def run_generator(answers: dict, path: Path) -> None:
         dst_path=cwd,
         data=answers,
         quiet=True,
+        unsafe=True,
     ) as copier_worker:
         logger.debug(f"Running generator in {copier_worker.src_path}")
         copier_worker.run_copy()

tests/generate/test_generate_custom_generate_commands.py

@@ -113,7 +113,7 @@ def test_generate_custom_generate_commands_valid_generator_run(
     mock_copier_worker_cls = mocker.patch("copier.main.Worker")
     mock_copier_worker_cls.return_value.__enter__.return_value.src_path = str(cwd / "smart_contract")
 
-    result = invoke("generate smart-contract", cwd=cwd)
+    result = invoke("generate smart-contract", cwd=cwd, input="y\n")
 
     assert result.exit_code == 0
     assert mock_copier_worker_cls.call_args.kwargs["src_path"] == str(cwd / "smart_contract")

tests/generate/test_generate_custom_generate_commands.test_generate_custom_generate_commands_valid_generator_run.approved.txt

@@ -1,2 +1,3 @@
 DEBUG: Attempting to load project config from {current_working_directory}/.algokit.toml
+You are about to run a generator. Please make sure it's from a trusted source (for example, official AlgoKit Templates). Do you want to proceed? [y/N]: y
 DEBUG: Running generator in {current_working_directory}/smart_contract