tui-td 0.2.11 → 0.2.12

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 07ef26981840d9171eb2082a6c638c6f43869c05ffdb11c7fff857b058ce87e7
-  data.tar.gz: 47d8dd453c1a393ad2f838b67226f92d50b97d5647fb775e36e95f9e381105e9
+  metadata.gz: 98d74d9d7481eabaca77e302ae6e86e1c0467222ebeabb26320fc4668c96af72
+  data.tar.gz: a666b663abf34a08b08c31e57b0348ae00020f304a6296012a027a26fbbb69a9
 SHA512:
-  metadata.gz: 94ce617f9370428126bf1b565ca67787a455f6d64cd6273fc69c2cecc83ca293b07272cf3f227787ba4e56ae4bf914447752689115979d1d19863fd5d1e17545
-  data.tar.gz: fdc72eaff712400c026469730cce5fe88daf65b2cca7fa25a071d79a1a2d53b648f5cd80dc8f2b11fe952ce1c9b4aeed9dde5e372715c22d877487d1db25cb52
+  metadata.gz: 22485763c32cac98cb98f8a2b4f2aaf8656c4955c97a28ff7cfdc3a3c2f82252c0b079c75630bb6d0e1ebd21a5c65d5f042be4c20e566502b6d747b88304a95d
+  data.tar.gz: e3d209ca2706c701efaf6e98af5d46af21ce7f1772aa0fe1a2ddbe9858442380f866883ac5c8948bb66d447843987e7ba7bfb77a6cc2aa08a6363d09deaa0320

data/CHANGELOG.md

@@ -1,6 +1,24 @@
 # CHANGELOG
 
-# CHANGELOG
+## 0.2.12
+
+### Security
+
+- Command injection prevention: use Shellwords.shellsplit + array form of PTY.spawn
+- Environment variable sanitization: block dangerous vars (PATH, LD_PRELOAD, etc.)
+- Path traversal prevention: validate output paths for screenshot/HTML
+- ReDoS prevention: add regex timeout in find_text
+
+### Fixed
+
+- ANSI erase operations (ED/EL) now reset all cell attributes (fg, bg, bold, italic,
+  underline), not just the character — colors and styles no longer leak across lines
+
+### Architecture
+
+- Extract ANSIParser, ANSIUtils, and State into standalone tans-parser gem (v0.1.0)
+- Add tans-parser as a runtime dependency (~>0.1)
+- Replace extracted unit tests with forwarder integration smoke tests
 
 ## 0.2.11
 

data/lib/tui_td/ansi_parser.rb

@@ -1,731 +1,7 @@
 # frozen_string_literal: true
 
-module TUITD
-  # Parses raw terminal output (ANSI escape sequences + text) into a
-  # structured state representation.
-  #
-  # Handles:
-  # - SGR (Select Graphic Rendition) — colors, bold, italic, underline
-  # - Cursor movement (CUU, CUD, CUF, CUB, CUP)
-  # - Erase (ED, EL)
-  # - Line feed, carriage return, backspace, tab
-  #
-  # Output: {rows: [[{char, fg, bg, bold, italic, underline}]], cursor: {row, col}, size: {rows, cols}}
-  #
-  # rubocop:disable Metrics/ModuleLength
-  module ANSIParser
-    SGR_COLORS = {
-      0 => :reset,
-      1 => :bold,
-      3 => :italic,
-      4 => :underline,
-      5 => :blink,
-      7 => :reverse,
-      22 => :normal,
-      23 => :no_italic,
-      24 => :no_underline,
-      30 => :black,
-      31 => :red,
-      32 => :green,
-      33 => :yellow,
-      34 => :blue,
-      35 => :magenta,
-      36 => :cyan,
-      37 => :white,
-      38 => :xterm_fg,  # 38;5;N or 38;2;R;G;B
-      39 => :default_fg,
-      40 => :bg_black,
-      41 => :bg_red,
-      42 => :bg_green,
-      43 => :bg_yellow,
-      44 => :bg_blue,
-      45 => :bg_magenta,
-      46 => :bg_cyan,
-      47 => :bg_white,
-      48 => :xterm_bg,  # 48;5;N or 48;2;R;G;B
-      49 => :default_bg,
-      90 => :bright_black,
-      91 => :bright_red,
-      92 => :bright_green,
-      93 => :bright_yellow,
-      94 => :bright_blue,
-      95 => :bright_magenta,
-      96 => :bright_cyan,
-      97 => :bright_white,
-      100 => :bg_bright_black,
-      101 => :bg_bright_red,
-      102 => :bg_bright_green,
-      103 => :bg_bright_yellow,
-      104 => :bg_bright_blue,
-      105 => :bg_bright_magenta,
-      106 => :bg_bright_cyan,
-      107 => :bg_bright_white,
-    }.freeze
-
-    SGR_16_TO_NAME = {
-      0 => "black",
-      1 => "red",
-      2 => "green",
-      3 => "yellow",
-      4 => "blue",
-      5 => "magenta",
-      6 => "cyan",
-      7 => "white",
-      8 => "bright_black",
-      9 => "bright_red",
-      10 => "bright_green",
-      11 => "bright_yellow",
-      12 => "bright_blue",
-      13 => "bright_magenta",
-      14 => "bright_cyan",
-      15 => "bright_white",
-    }.freeze
-
-    DEC_MAP = {
-      "`" => "◆",
-      "a" => "▒",
-      "b" => "\u2409",
-      "c" => "\u240C",
-      "d" => "\u240D",
-      "e" => "\u240A",
-      "f" => "°",
-      "g" => "±",
-      "h" => "\u2424",
-      "i" => "\u240B",
-      "j" => "┘",
-      "k" => "┐",
-      "l" => "┌",
-      "m" => "└",
-      "n" => "┼",
-      "o" => "⎺",
-      "p" => "⎻",
-      "q" => "─",
-      "r" => "⎼",
-      "s" => "⎽",
-      "t" => "├",
-      "u" => "┤",
-      "v" => "┴",
-      "w" => "┬",
-      "x" => "│",
-      "y" => "≤",
-      "z" => "≥",
-      "{" => "π",
-      "|" => "≠",
-      "}" => "£",
-      "~" => "·",
-    }.freeze
-
-    # Parse raw terminal output into a structured state Hash
-    # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/BlockNesting
-    def self.parse(raw, rows = 40, cols = 120)
-      grid = Array.new(rows) do
-        Array.new(cols) { default_cell.dup }
-      end
-
-      cursor = { row: 0, col: 0 }
-      attrs = { fg: "default", bg: "default", bold: false, italic: false, underline: false, blink: false }
-      saved_cursor = nil
-      scroll_region = { top: 0, bottom: rows - 1 }
-      pending_dsr = false
-
-      normal_grid = grid
-      alt_grid = nil
-
-      normal_cursor = cursor
-      alt_cursor = { row: 0, col: 0 }
-
-      normal_saved_cursor = nil
-      alt_saved_cursor = nil
-
-      use_alt_screen = false
-
-      cursor_visible = true
-      cursor_style = 1 # 1 = blinking block (default)
-
-      g0_charset = :ascii
-      g1_charset = :dec
-      active_charset = :g0
-
-      mouse_mode = :none
-      mouse_format = :normal
-
-      # Strip everything before the last full clear (if any)
-      # to avoid accumulated garbage
-      processed = raw
-
-      i = 0
-      while i < processed.length
-        if processed[i] == "\e" && processed[i + 1] == "["
-          # Find end of CSI sequence
-          j = i + 2
-          j += 1 while j < processed.length && !processed[j].match?(/[A-HJ-KP-SX@`fhlmnRrsuq]/)
-          seq = processed[i..j]
-
-          dsr, new_saved, action = _apply_csi(seq, cursor, attrs, grid, rows, cols, saved_cursor, scroll_region)
-          pending_dsr ||= dsr
-
-          if new_saved
-            if use_alt_screen
-              alt_saved_cursor = new_saved
-              saved_cursor = alt_saved_cursor
-            else
-              normal_saved_cursor = new_saved
-              saved_cursor = normal_saved_cursor
-            end
-          end
-
-          if action.key?(:alt_screen)
-            new_alt = action[:alt_screen]
-            code = action[:alt_screen_code]
-            if new_alt != use_alt_screen
-              if new_alt
-                # Switch to Alternate Screen
-                # Save normal cursor
-                normal_cursor = { row: cursor[:row], col: cursor[:col] }
-
-                # Lazy initialize alt grid
-                alt_grid ||= Array.new(rows) do
-                  Array.new(cols) { default_cell.dup }
-                end
-
-                # For \e[?1049h, clear alternate screen and reset cursor to 0,0
-                if code == 1049
-                  alt_grid = Array.new(rows) do
-                    Array.new(cols) { default_cell.dup }
-                  end
-                  alt_cursor = { row: 0, col: 0 }
-                end
-
-                grid = alt_grid
-                cursor = alt_cursor
-                saved_cursor = alt_saved_cursor
-                use_alt_screen = true
-              else
-                # Switch to Normal Screen
-                # Save alt cursor
-                alt_cursor = { row: cursor[:row], col: cursor[:col] }
-
-                grid = normal_grid
-                cursor = normal_cursor
-                saved_cursor = normal_saved_cursor
-                use_alt_screen = false
-              end
-            end
-          end
-
-          cursor_visible = action[:cursor_visible] if action.key?(:cursor_visible)
-
-          cursor_style = action[:cursor_style] if action.key?(:cursor_style)
-
-          mouse_mode = action[:mouse_mode] if action.key?(:mouse_mode)
-
-          mouse_format = action[:mouse_format] if action.key?(:mouse_format)
-
-          i = j + 1
-        elsif ["\n", "\r\n"].include?(processed[i])
-          cursor[:row] += 1
-          cursor[:col] = 0
-          i += processed[i..(i + 1)] == "\r\n" ? 2 : 1
-        elsif processed[i] == "\r"
-          cursor[:col] = 0
-          i += 1
-        elsif processed[i] == "\t"
-          cursor[:col] = ((cursor[:col] / 8) + 1) * 8
-          cursor[:col] = cols - 1 if cursor[:col] >= cols
-          i += 1
-        elsif processed[i] == "\b"
-          cursor[:col] -= 1 if cursor[:col].positive?
-          i += 1
-        elsif processed[i] == "\a"
-          # Bell — ignore
-          i += 1
-        elsif processed[i] == "\x0e"
-          active_charset = :g1
-          i += 1
-        elsif processed[i] == "\x0f"
-          active_charset = :g0
-          i += 1
-        elsif processed[i] == "\e"
-          # Handle non-CSI escape sequences
-          if processed[i + 1] == "7"
-            # DECSC — Save Cursor
-            if use_alt_screen
-              alt_saved_cursor = { row: cursor[:row], col: cursor[:col] }
-              saved_cursor = alt_saved_cursor
-            else
-              normal_saved_cursor = { row: cursor[:row], col: cursor[:col] }
-              saved_cursor = normal_saved_cursor
-            end
-            i += 2
-          elsif processed[i + 1] == "8"
-            # DECRC — Restore Cursor
-            if saved_cursor
-              cursor[:row] = saved_cursor[:row]
-              cursor[:col] = saved_cursor[:col]
-            end
-            i += 2
-          elsif processed[i + 1] == "(" && %w[0 B].include?(processed[i + 2])
-            g0_charset = (processed[i + 2] == "0" ? :dec : :ascii)
-            i += 3
-          elsif processed[i + 1] == ")" && %w[0 B].include?(processed[i + 2])
-            g1_charset = (processed[i + 2] == "0" ? :dec : :ascii)
-            i += 3
-          elsif processed[i + 1]&.match?(%r{[()*+\-./]})
-            # Other ISO 2022 charset sequences (e.g. G2/G3 or other charsets)
-            i += 3
-          else
-            i += 1
-          end
-        elsif (char, char_len = _utf8_char_at(processed, i))
-          # Printable character (including multi-byte UTF-8)
-          if cursor[:row] < rows && cursor[:col] < cols
-            cell = grid[cursor[:row]][cursor[:col]]
-            current_charset = (active_charset == :g1 ? g1_charset : g0_charset)
-            mapped_char = char
-            mapped_char = DEC_MAP[char] if current_charset == :dec && DEC_MAP.key?(char)
-            cell[:char] = mapped_char
-            cell.merge!(attrs)
-            cursor[:col] += 1
-            cursor[:col] = cols - 1 if cursor[:col] >= cols
-          end
-          i += char_len
-        else # rubocop:disable Lint/DuplicateBranch
-          i += 1
-        end
-
-        # Handle scrolling within the defined scroll region
-        region_top = scroll_region[:top]
-        region_bottom = scroll_region[:bottom]
-
-        next unless cursor[:row] > region_bottom
-
-        scroll_lines = [cursor[:row] - region_bottom, rows].min
-        # Shift lines within the scroll region up
-        (region_top..(region_bottom - scroll_lines)).each do |ri|
-          src = ri + scroll_lines
-          grid[ri] = src <= region_bottom ? grid[src] : Array.new(cols) { default_cell.dup }
-        end
-        # Fill bottom of scroll region with blank lines
-        ((region_bottom - scroll_lines + 1)..region_bottom).each do |ri|
-          grid[ri] = Array.new(cols) { default_cell.dup }
-        end
-        cursor[:row] = region_bottom
-      end
-
-      {
-        size: { rows: rows, cols: cols },
-        cursor: {
-          row: cursor[:row],
-          col: cursor[:col],
-          visible: cursor_visible,
-          style: cursor_style,
-        },
-        rows: grid,
-        pending_dsr: pending_dsr,
-        cursor_visible: cursor_visible,
-        cursor_style: cursor_style,
-        mouse_mode: mouse_mode,
-        mouse_format: mouse_format,
-      }
-    end
-    # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/BlockNesting
-
-    # Rebuild ANSI output from a state hash (for rendering/screenshot)
-    # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
-    def self.build_frame(state)
-      rows = state.dig(:size, :rows) || state["size"]["rows"]
-      state.dig(:size, :cols) || state["size"]["cols"]
-      grid = state[:rows] || state["rows"]
-      cursor = state[:cursor] || state["cursor"]
-      mouse_mode = state[:mouse_mode] || state["mouse_mode"] || :none
-      mouse_format = state[:mouse_format] || state["mouse_format"] || :normal
-
-      out = +""
-      out << "\e[0m"
-      out << "\e[2J\e[H"
-
-      grid.each_with_index do |row, ri|
-        row.each_with_index do |cell, _ci|
-          char = cell[:char] || cell["char"] || " "
-          fg = cell[:fg] || cell["fg"] || "default"
-          bg = cell[:bg] || cell["bg"] || "default"
-          bold = cell[:bold] || cell["bold"] || false
-          italic = cell[:italic] || cell["italic"] || false
-          underline = cell[:underline] || cell["underline"] || false
-          blink = cell[:blink] || cell["blink"] || false
-
-          codes = []
-          codes << "1" if bold
-          codes << "3" if italic
-          codes << "4" if underline
-          codes << "5" if blink
+require "tans-parser"
 
-          fg_code = _color_code(fg, "38")
-          bg_code = _color_code(bg, "48")
-
-          codes << fg_code if fg_code
-          codes << bg_code if bg_code
-
-          out << "\e[#{codes.join(";")}m" unless codes.empty?
-          out << char
-        end
-        out << "\n" if ri < rows - 1
-      end
-
-      # Reconstruct cursor visibility
-      cursor_vis = true
-      cursor_vis = cursor[:visible] != false && cursor["visible"] != false if cursor.is_a?(Hash)
-      out << (cursor_vis ? "\e[?25h" : "\e[?25l")
-
-      # Reconstruct cursor style
-      if cursor.is_a?(Hash)
-        style = cursor[:style] || cursor["style"]
-        out << "\e[#{style} q" if style
-      end
-
-      # Reconstruct mouse mode and format
-      out << case mouse_mode
-             when :normal
-               "\e[?1000h"
-             when :drag
-               "\e[?1002h"
-             when :all
-               "\e[?1003h"
-             else
-               "\e[?1000l\e[?1002l\e[?1003l"
-             end
-
-      out << if mouse_format == :sgr
-               "\e[?1006h"
-             else
-               "\e[?1006l"
-             end
-
-      out << "\e[0m"
-      out
-    end
-    # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
-
-    # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/ParameterLists
-    def self._apply_csi(seq, cursor, attrs, grid, rows, cols, saved_cursor, scroll_region)
-      # Strip leading escape char if present
-      cleaned = seq.sub(/^\e/, "")
-      match = cleaned.match(/^\[(\??)([\d;]*)( ?)([A-HJ-KP-SX@`fhlmnRrsuq])$/)
-      return [false, nil, {}] unless match
-
-      is_private = (match[1] == "?")
-      params = match[2].split(";").map(&:to_i)
-      space = match[3]
-      command = match[4]
-
-      new_saved = nil
-      action = {}
-
-      case command
-      when "m"
-        _apply_sgr(params, attrs)
-      when "A" # CUU — Cursor Up
-        n = params[0] || 1
-        n = 1 if n.zero?
-        cursor[:row] = [cursor[:row] - n, 0].max
-      when "B" # CUD — Cursor Down
-        n = params[0] || 1
-        n = 1 if n.zero?
-        cursor[:row] = [cursor[:row] + n, rows - 1].min
-      when "C" # CUF — Cursor Forward
-        n = params[0] || 1
-        n = 1 if n.zero?
-        cursor[:col] = [cursor[:col] + n, cols - 1].min
-      when "D" # CUB — Cursor Back
-        n = params[0] || 1
-        n = 1 if n.zero?
-        cursor[:col] = [cursor[:col] - n, 0].max
-      when "H", "f" # CUP — Cursor Position
-        r = (params[0] || 1) - 1
-        c = (params[1] || 1) - 1
-        cursor[:row] = r.clamp(0, rows - 1)
-        cursor[:col] = c.clamp(0, cols - 1)
-      when "J" # ED — Erase in Display
-        case params[0]
-        when nil, 0
-          _erase_down(cursor, grid, rows, cols)
-        when 1
-          _erase_up(cursor, grid, cols)
-        when 2, 3
-          _erase_all(grid, rows, cols)
-          cursor[:row] = 0
-          cursor[:col] = 0
-        end
-      when "K" # EL — Erase in Line
-        case params[0]
-        when nil, 0
-          _erase_line_right(cursor, grid, cols)
-        when 1
-          _erase_line_left(cursor, grid, cols)
-        when 2
-          _erase_line(cursor, grid, cols)
-        end
-      when "X" # Erase Characters
-        n = params[0] || 1
-        n.times do |i|
-          next unless cursor[:row] < rows && cursor[:col] + i < cols
-
-          grid[cursor[:row]][cursor[:col] + i][:char] = " "
-        end
-      when "s" # DECSC — Save Cursor (CSI variant)
-        new_saved = { row: cursor[:row], col: cursor[:col] }
-      when "u" # DECRC — Restore Cursor (CSI variant)
-        if saved_cursor
-          cursor[:row] = saved_cursor[:row]
-          cursor[:col] = saved_cursor[:col]
-        end
-      when "r" # DECSTBM — Set Scroll Region
-        top = (params[0] || 1) - 1
-        bottom = (params[1] || rows) - 1
-        top = top.clamp(0, rows - 1)
-        bottom = bottom.clamp(0, rows - 1)
-        if top < bottom
-          scroll_region[:top] = top
-          scroll_region[:bottom] = bottom
-        else
-          scroll_region[:top] = 0
-          scroll_region[:bottom] = rows - 1
-        end
-        cursor[:row] = 0
-        cursor[:col] = 0
-      when "h"
-        if is_private
-          params.each do |p|
-            case p
-            when 47, 1047, 1049
-              action[:alt_screen] = true
-              action[:alt_screen_code] = p
-            when 25
-              action[:cursor_visible] = true
-            when 1000
-              action[:mouse_mode] = :normal
-            when 1002
-              action[:mouse_mode] = :drag
-            when 1003
-              action[:mouse_mode] = :all
-            when 1006
-              action[:mouse_format] = :sgr
-            end
-          end
-        end
-      when "l"
-        if is_private
-          params.each do |p|
-            case p
-            when 47, 1047, 1049
-              action[:alt_screen] = false
-              action[:alt_screen_code] = p
-            when 25
-              action[:cursor_visible] = false
-            when 1000, 1002, 1003
-              action[:mouse_mode] = :none
-            when 1006
-              action[:mouse_format] = :normal
-            end
-          end
-        end
-      when "q"
-        if space == " "
-          style_val = params[0] || 0
-          action[:cursor_style] = style_val
-        end
-      when "n" # DSR — Device Status Report request
-        return [params[0] == 6, nil, {}]
-      when "R" # DSR response (from terminal side) or CPR — ignore
-        nil
-      end
-
-      [false, new_saved, action]
-    end
-    # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity, Metrics/ParameterLists
-
-    # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
-    def self._apply_sgr(params, attrs)
-      if params.empty? || params == [0]
-        return attrs.merge!(fg: "default", bg: "default", bold: false, italic: false, underline: false,
-                            blink: false,)
-      end
-
-      i = 0
-      while i < params.length
-        p = params[i]
-        case p
-        when 0
-          attrs.merge!(fg: "default", bg: "default", bold: false, italic: false, underline: false, blink: false)
-        when 1
-          attrs[:bold] = true
-        when 3
-          attrs[:italic] = true
-        when 4
-          attrs[:underline] = true
-        when 5, 6
-          attrs[:blink] = true
-        when 22
-          attrs[:bold] = false
-        when 23
-          attrs[:italic] = false
-        when 24
-          attrs[:underline] = false
-        when 25
-          attrs[:blink] = false
-        when 7, 27
-          # Reverse — swap fg and bg
-          attrs[:fg], attrs[:bg] = attrs[:bg], attrs[:fg]
-        when 30..37
-          attrs[:fg] = SGR_16_TO_NAME[p - 30] || "color#{p - 30}"
-        when 38
-          # Extended foreground
-          if params[i + 1] == 5
-            color = params[i + 2]
-            attrs[:fg] = "color#{color}"
-            i += 2
-          elsif params[i + 1] == 2
-            r = params[i + 2]
-            g = params[i + 3]
-            b = params[i + 4]
-            attrs[:fg] = format("#%<r>02x%<g>02x%<b>02x", r: r, g: g, b: b)
-            i += 4
-          end
-        when 39
-          attrs[:fg] = "default"
-        when 40..47
-          attrs[:bg] = SGR_16_TO_NAME[p - 40] || "bg_color#{p - 40}"
-        when 48
-          # Extended background
-          if params[i + 1] == 5
-            color = params[i + 2]
-            attrs[:bg] = "color#{color}"
-            i += 2
-          elsif params[i + 1] == 2
-            r = params[i + 2]
-            g = params[i + 3]
-            b = params[i + 4]
-            attrs[:bg] = format("#%<r>02x%<g>02x%<b>02x", r: r, g: g, b: b)
-            i += 4
-          end
-        when 49
-          attrs[:bg] = "default"
-        when 90..97
-          attrs[:fg] = "bright_#{SGR_16_TO_NAME[p - 90] || "color#{p - 90 + 8}"}"
-        when 100..107
-          attrs[:bg] = "bright_#{SGR_16_TO_NAME[p - 100] || "color#{p - 100 + 8}"}"
-        end
-        i += 1
-      end
-    end
-    # rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
-
-    def self._erase_down(cursor, grid, rows, cols)
-      r = cursor[:row]
-      c = cursor[:col]
-
-      # Erase from cursor to end of line
-      (c...cols).each { |ci| grid[r][ci][:char] = " " if r < rows }
-
-      # Erase remaining lines
-      ((r + 1)...rows).each do |ri|
-        cols.times { |ci| grid[ri][ci][:char] = " " }
-      end
-    end
-
-    def self._erase_up(cursor, grid, cols)
-      r = cursor[:row]
-      c = cursor[:col]
-
-      # Erase lines above cursor
-      (0...r).each do |ri|
-        cols.times { |ci| grid[ri][ci][:char] = " " }
-      end
-
-      # Erase from start of line to cursor
-      (0..c).each { |ci| grid[r][ci][:char] = " " }
-    end
-
-    def self._erase_all(grid, rows, cols)
-      rows.times do |ri|
-        cols.times { |ci| grid[ri][ci][:char] = " " }
-      end
-    end
-
-    def self._erase_line_right(cursor, grid, cols)
-      r = cursor[:row]
-      c = cursor[:col]
-      (c...cols).each { |ci| grid[r][ci][:char] = " " if r < grid.length }
-    end
-
-    def self._erase_line_left(cursor, grid, _cols)
-      r = cursor[:row]
-      c = cursor[:col]
-      (0..c).each { |ci| grid[r][ci][:char] = " " if r < grid.length }
-    end
-
-    def self._erase_line(cursor, grid, cols)
-      r = cursor[:row]
-      cols.times { |ci| grid[r][ci][:char] = " " if r < grid.length }
-    end
-
-    # rubocop:disable Metrics/CyclomaticComplexity
-    def self._color_code(name, prefix)
-      case name
-      when "default" then nil
-      when /^#([0-9a-fA-F]{6})$/
-        r = ::Regexp.last_match(1)[0..1].to_i(16)
-        g = ::Regexp.last_match(1)[2..3].to_i(16)
-        b = ::Regexp.last_match(1)[4..5].to_i(16)
-        "#{prefix};2;#{r};#{g};#{b}"
-      when /^(bright_)?(.+)$/
-        base_name = ::Regexp.last_match(2)
-        index = SGR_16_TO_NAME.key(base_name)
-        index += 8 if ::Regexp.last_match(1) && index && index < 8
-        index ? "#{prefix};5;#{index}" : nil
-      end
-    end
-    # rubocop:enable Metrics/CyclomaticComplexity
-
-    def self.default_cell
-      { char: " ", fg: "default", bg: "default", bold: false, italic: false, underline: false, blink: false }
-    end
-
-    # Extract a single UTF-8 character at position i in a binary string.
-    # Returns [char_string, byte_length] or nil if the byte is not printable/valid.
-    # rubocop:disable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Naming/MethodParameterName
-    def self._utf8_char_at(str, i)
-      byte = str.getbyte(i)
-      return nil unless byte
-
-      if byte < 0x80
-        # Single-byte ASCII
-        return nil unless byte >= 0x20 # only printable, skip control chars
-
-        return [byte.chr, 1]
-      end
-
-      # Multi-byte UTF-8
-      len = if byte & 0xE0 == 0xC0
-              2
-            elsif byte & 0xF0 == 0xE0
-              3
-            elsif byte & 0xF8 == 0xF0
-              4
-            else
-              return nil # continuation byte or invalid — let main loop advance
-            end
-      return nil if i + len > str.bytesize
-
-      bytes = str.byteslice(i, len)
-      char = bytes.dup.force_encoding("UTF-8")
-      return nil unless char.valid_encoding?
-
-      [char, len]
-    rescue StandardError
-      nil
-    end
-    # rubocop:enable Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Naming/MethodParameterName
-  end
-  # rubocop:enable Metrics/ModuleLength
+module TUITD
+  ANSIParser = TansParser::ANSIParser
 end

data/lib/tui_td/ansi_utils.rb

@@ -1,77 +1,7 @@
 # frozen_string_literal: true
 
-module TUITD
-  # Shared ANSI color constants and helpers.
-  # Used by Screenshot, HtmlRenderer, and other color-aware renderers.
-  module ANSIUtils
-    ANSI_RGB = {
-      "black" => [0x00, 0x00, 0x00],
-      "red" => [0xAA, 0x00, 0x00],
-      "green" => [0x00, 0xAA, 0x00],
-      "yellow" => [0xAA, 0x55, 0x00],
-      "blue" => [0x00, 0x00, 0xAA],
-      "magenta" => [0xAA, 0x00, 0xAA],
-      "cyan" => [0x00, 0xAA, 0xAA],
-      "white" => [0xAA, 0xAA, 0xAA],
-      "bright_black" => [0x55, 0x55, 0x55],
-      "bright_red" => [0xFF, 0x55, 0x55],
-      "bright_green" => [0x55, 0xFF, 0x55],
-      "bright_yellow" => [0xFF, 0xFF, 0x55],
-      "bright_blue" => [0x55, 0x55, 0xFF],
-      "bright_magenta" => [0xFF, 0x55, 0xFF],
-      "bright_cyan" => [0x55, 0xFF, 0xFF],
-      "bright_white" => [0xFF, 0xFF, 0xFF],
-    }.freeze
-
-    CUBE = [0x00, 0x5F, 0x87, 0xAF, 0xD7, 0xFF].freeze
-
-    ANSI_INDEX = %w[
-      black red green yellow blue magenta cyan white
-      bright_black bright_red bright_green bright_yellow
-      bright_blue bright_magenta bright_cyan bright_white
-    ].freeze
-
-    DEFAULT_FG = [0xC0, 0xC0, 0xC0].freeze
-    DEFAULT_BG = [0x00, 0x00, 0x00].freeze
+require "tans-parser"
 
-    def resolve_color(name, fallback)
-      case name
-      when "default"
-        fallback
-      when /^#([0-9a-fA-F]{6})$/
-        [::Regexp.last_match(1)[0..1].to_i(16), ::Regexp.last_match(1)[2..3].to_i(16),
-         ::Regexp.last_match(1)[4..5].to_i(16),]
-      when /\Acolor(\d+)\z/
-        xterm_256(::Regexp.last_match(1).to_i)
-      when /\Abright_(.+)\z/
-        ANSI_RGB[name] || fallback
-      else # rubocop:disable Lint/DuplicateBranch
-        ANSI_RGB[name] || fallback
-      end
-    end
-
-    def xterm_256(index) # rubocop:disable Naming/VariableNumber
-      if index < 16
-        name = ANSI_INDEX[index]
-        ANSI_RGB[name] || DEFAULT_FG
-      elsif index < 232
-        r = CUBE[((index - 16) / 36) % 6]
-        g = CUBE[((index - 16) / 6) % 6]
-        b = CUBE[(index - 16) % 6]
-        [r, g, b]
-      else
-        v = 8 + ((index - 232) * 10)
-        [v, v, v]
-      end
-    end
-
-    def _dig(hash, *keys)
-      keys.each do |k|
-        return nil unless hash
-
-        hash = hash[k] || hash[k.to_s]
-      end
-      hash
-    end
-  end
+module TUITD
+  ANSIUtils = TansParser::ANSIUtils
 end

data/lib/tui_td/driver.rb

@@ -6,6 +6,7 @@
 require "pty"
 require "io/console"
 require "json"
+require "shellwords"
 
 module TUITD
   # Drives a TUI application in a pseudo-terminal (PTY).
@@ -20,6 +21,9 @@ module TUITD
   #   driver.close
   #
   class Driver
+    FORBIDDEN_ENV = %w[PATH LD_PRELOAD LD_LIBRARY_PATH DYLD_INSERT_LIBRARIES
+                       DYLD_FRAMEWORK_PATH RUBYOPT HOME RUBYLIB GEM_HOME GEM_PATH].freeze
+
     attr_reader :command, :state
 
     def initialize(command, rows: 40, cols: 120, timeout: 30, chdir: nil, env: {})
@@ -28,7 +32,7 @@ module TUITD
       @cols = cols
       @timeout = timeout
       @chdir = chdir
-      @env = env
+      @env = sanitize_env(env)
       @state = nil
       @stdin = nil
       @stdout = nil
@@ -46,7 +50,8 @@ module TUITD
       spawn_opts = {}
       spawn_opts[:chdir] = @chdir if @chdir
 
-      @stdout, @stdin, @pid = PTY.spawn(env, @command, spawn_opts)
+      cmd_args = Shellwords.shellsplit(@command)
+      @stdout, @stdin, @pid = PTY.spawn(env, *cmd_args, spawn_opts)
       @stdout.winsize = [@rows, @cols] # Set PTY window size for TUIs that check winsize
       @wait_thr = Process.detach(@pid)
 
@@ -246,6 +251,10 @@ module TUITD
       @reader_thread = nil
     end
 
+    def sanitize_env(env)
+      env.reject { |k, _| FORBIDDEN_ENV.include?(k.to_s.upcase) }
+    end
+
     def ensure_running!
       raise Error, "Driver not started. Call #start first." if @stdin.nil?
       raise Error, "Process exited (status: #{@wait_thr&.value&.exitstatus})" unless @wait_thr&.alive?

data/lib/tui_td/mcp/server.rb

@@ -60,6 +60,8 @@ module TUITD
         @driver&.close
       end
 
+      ALLOWED_OUTPUT_DIRS = ["/tmp"].freeze
+
       private
 
       def handle_request(request)
@@ -433,7 +435,7 @@ module TUITD
 
       def call_tui_screenshot(args)
         ensure_driver!
-        path = args["path"] || "/tmp/tui_td_#{Time.now.to_i}.png"
+        path = safe_path(args["path"], ext: "png")
         result = @driver.screenshot(path)
         "OK: Screenshot saved to #{result}"
       end
@@ -444,8 +446,9 @@ module TUITD
         renderer = HtmlRenderer.new(@driver.state_data)
 
         if path
-          renderer.render(path)
-          "OK: HTML saved to #{path}"
+          safe = safe_path(path, ext: "html")
+          renderer.render(safe)
+          "OK: HTML saved to #{safe}"
         else
           renderer.to_html
         end
@@ -493,6 +496,17 @@ module TUITD
 
       # --- Helpers ---
 
+      def safe_path(user_path, ext:)
+        default = File.join("/tmp", "tui_td_#{Time.now.to_i}.#{ext}")
+        resolved = File.expand_path(user_path || default)
+
+        unless ALLOWED_OUTPUT_DIRS.any? { |dir| resolved.start_with?(File.expand_path(dir)) }
+          raise TUITD::Error, "Output path must be under one of: #{ALLOWED_OUTPUT_DIRS.join(", ")}"
+        end
+
+        resolved
+      end
+
       def ensure_driver!
         raise Error, "No TUI session active. Call tui_start first." if @driver.nil?
       end

data/lib/tui_td/state.rb

@@ -1,128 +1,7 @@
 # frozen_string_literal: true
 
-# rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity
+require "tans-parser"
 
 module TUITD
-  # Represents the parsed state of a terminal screen.
-  # Provides high-level query methods for AI consumption.
-  class State
-    attr_reader :rows, :cols, :grid, :cursor, :cursor_visible, :cursor_style, :mouse_mode, :mouse_format
-
-    def initialize(data)
-      raise ArgumentError, "State data must include :size key" unless data[:size]
-      raise ArgumentError, "State data must include :rows key" unless data[:rows]
-
-      @rows = data[:size][:rows]
-      @cols = data[:size][:cols]
-      @grid = data[:rows]
-      @cursor = data[:cursor]
-
-      cursor_info = data[:cursor].is_a?(Hash) ? data[:cursor] : {}
-      @cursor_visible = data.key?(:cursor_visible) ? data[:cursor_visible] : (cursor_info[:visible] != false)
-      @cursor_style = data.key?(:cursor_style) ? data[:cursor_style] : (cursor_info[:style] || 1)
-
-      @mouse_mode = data[:mouse_mode] || :none
-      @mouse_format = data[:mouse_format] || :normal
-    end
-
-    # Get plain text of the entire terminal (no ANSI)
-    def plain_text
-      @grid.map { |row| row.map { |c| c[:char] }.join.rstrip }.join("\n")
-    end
-
-    # Get text at a specific position
-    def text_at(row, col, length = @cols - col)
-      return "" if row >= @rows || col >= @cols
-
-      @grid[row][col, length].map { |c| c[:char] }.join
-    end
-
-    # Search for text across the entire terminal
-    def find_text(pattern)
-      results = []
-      @grid.each_with_index do |row, ri|
-        text = row.map { |c| c[:char] }.join
-        pos = 0
-        while (match = text.index(pattern, pos))
-          results << { row: ri, col: match, text: pattern, full_line: text }
-          pos = match + 1
-        end
-      end
-      results
-    end
-
-    # Get the color at a specific cell
-    def foreground_at(row, col)
-      return nil if row >= @rows || col >= @cols
-
-      @grid[row][col][:fg]
-    end
-
-    def background_at(row, col)
-      return nil if row >= @rows || col >= @cols
-
-      @grid[row][col][:bg]
-    end
-
-    def style_at(row, col)
-      return nil if row >= @rows || col >= @cols
-
-      cell = @grid[row][col]
-      { bold: cell[:bold], italic: cell[:italic], underline: cell[:underline] }
-    end
-
-    def to_ai_json
-      h = extract_highlights
-      cursor_info = @cursor.is_a?(Hash) ? @cursor : {}
-      r = cursor_info[:row] || cursor_info["row"] || 0
-      c = cursor_info[:col] || cursor_info["col"] || 0
-      styled_count = h.count { |hl| hl[:bold] || hl[:italic] || hl[:underline] || hl[:fg] || hl[:bg] }
-
-      summary = "Cursor at [#{r},#{c}]. "
-      summary << "#{styled_count} styled row#{"s" unless styled_count == 1}"
-      fgs = h.flat_map { |hl| hl[:fg] }.compact.uniq
-      bgs = h.flat_map { |hl| hl[:bg] }.compact.uniq
-      summary << ", colors: fg=#{fgs.sort.join(",")}" unless fgs.empty?
-      summary << ", bg=#{bgs.sort.join(",")}" unless bgs.empty?
-      summary << "."
-
-      {
-        size: { rows: @rows, cols: @cols },
-        cursor: cursor_info,
-        text: plain_text,
-        highlights: h,
-        summary: summary,
-      }
-    end
-
-    private
-
-    def extract_highlights
-      highlights = []
-      @grid.each_with_index do |row, ri|
-        row_text = row.map { |c| c[:char] }.join
-        next if row_text.strip.empty?
-
-        fgs = row.map { |c| c[:fg] || c["fg"] || "default" }
-                 .uniq.reject { |c| c == "default" }
-        bgs = row.map { |c| c[:bg] || c["bg"] || "default" }
-                 .uniq.reject { |c| c == "default" }
-        bold = row.any? { |c| c[:bold] || c["bold"] }
-        italic = row.any? { |c| c[:italic] || c["italic"] }
-        underline = row.any? { |c| c[:underline] || c["underline"] }
-
-        next if fgs.empty? && bgs.empty? && !bold && !italic && !underline
-
-        h = { row: ri, text: row_text }
-        h[:bold] = true if bold
-        h[:italic] = true if italic
-        h[:underline] = true if underline
-        h[:fg] = fgs.size == 1 ? fgs.first : fgs unless fgs.empty?
-        h[:bg] = bgs.size == 1 ? bgs.first : bgs unless bgs.empty?
-        highlights << h
-      end
-      highlights
-    end
-  end
+  State = TansParser::State
 end
-# rubocop:enable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity

data/lib/tui_td/test_runner.rb

@@ -1,8 +1,9 @@
 # frozen_string_literal: true
 
-# rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/BlockLength
+# rubocop:disable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/BlockLength, Metrics/ClassLength
 
 require "json"
+require "shellwords"
 
 module TUITD
   # Executes TUI tests defined in JSON format.
@@ -124,13 +125,13 @@ module TUITD
 
                 when "screenshot"
                   ensure_driver!(driver)
-                  path = value.is_a?(String) ? value : "/tmp/tui_td_#{Time.now.to_i}.png"
+                  path = safe_output_path(value, "png")
                   driver.screenshot(path)
                   Result.new(step: action, passed: true, message: "Saved: #{path}")
 
                 when "html"
                   ensure_driver!(driver)
-                  path = value.is_a?(String) ? value : "/tmp/tui_td_#{Time.now.to_i}.html"
+                  path = safe_output_path(value, "html")
                   HtmlRenderer.new(driver.state_data).render(path)
                   Result.new(step: action, passed: true, message: "Saved: #{path}")
 
@@ -194,8 +195,21 @@ module TUITD
       }
     end
 
+    ALLOWED_OUTPUT_DIRS = ["/tmp"].freeze
+
     private
 
+    def safe_output_path(value, ext)
+      default = File.join("/tmp", "tui_td_#{Time.now.to_i}.#{ext}")
+      resolved = File.expand_path(value.is_a?(String) ? value : default)
+
+      unless ALLOWED_OUTPUT_DIRS.any? { |dir| resolved.start_with?(File.expand_path(dir)) }
+        raise TUITD::Error, "Output path must be under one of: #{ALLOWED_OUTPUT_DIRS.join(", ")}"
+      end
+
+      resolved
+    end
+
     def ensure_driver!(driver)
       raise Error, "No session. Add a 'start' step first." if driver.nil?
     end
@@ -265,4 +279,4 @@ module TUITD
     end
   end
 end
-# rubocop:enable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/BlockLength
+# rubocop:enable Metrics/MethodLength, Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/PerceivedComplexity, Metrics/BlockLength, Metrics/ClassLength

data/lib/tui_td/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module TUITD
-  VERSION = "0.2.11"
+  VERSION = "0.2.12"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: tui-td
 version: !ruby/object:Gem::Version
-  version: 0.2.11
+  version: 0.2.12
 platform: ruby
 authors:
 - Haluk Durmus
@@ -65,6 +65,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: tans-parser
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.1'
 - !ruby/object:Gem::Dependency
   name: bundler-audit
   requirement: !ruby/object:Gem::Requirement