@aigencydev/cli 0.1.0

package/dist/config/settings.js

@@ -0,0 +1,80 @@
+/**
+ * AIGENCY CLI — ayar okuma ve birleştirme.
+ *
+ * Öncelik sırası (yüksekten düşüğe):
+ *   1. CLI argümanları (--mode plan vs.)
+ *   2. <cwd>/.aigency/settings.json (proje)
+ *   3. ~/.aigency/config.json (kullanıcı)
+ *   4. Kod'daki DEFAULT_SETTINGS
+ */
+import fs from "node:fs/promises";
+import path from "node:path";
+import { DEFAULT_SETTINGS, SettingsSchema, } from "./defaults.js";
+import { getProjectSettingsFile, getUserAigencyDir, getUserConfigFile, } from "./paths.js";
+import { log } from "../utils/logger.js";
+async function readJsonSafe(filePath) {
+    try {
+        const raw = await fs.readFile(filePath, "utf8");
+        return JSON.parse(raw);
+    }
+    catch (err) {
+        const code = err?.code;
+        if (code === "ENOENT")
+            return null;
+        log.debug(`JSON okuma hatası ${filePath}: ${err.message}`);
+        return null;
+    }
+}
+async function writeJsonSafe(filePath, data) {
+    await fs.mkdir(path.dirname(filePath), { recursive: true });
+    await fs.writeFile(filePath, JSON.stringify(data, null, 2) + "\n", "utf8");
+}
+/**
+ * Partial → tam Settings birleşimi.
+ * Zod safeParse kullanır; hata olursa default döner ve uyarı yazar.
+ */
+function mergeSettings(base, override, source) {
+    if (!override)
+        return base;
+    const merged = { ...base, ...override };
+    const parsed = SettingsSchema.safeParse(merged);
+    if (!parsed.success) {
+        log.warn(`${source} bozuk, varsayılan kullanılıyor: ${parsed.error.message.slice(0, 120)}`);
+        return base;
+    }
+    return parsed.data;
+}
+/**
+ * Tüm kaynakları birleştirip tam Settings döndürür.
+ * CLI argümanları ayrıca `overrideArgs` parametresinden enjekte edilebilir.
+ */
+export async function loadSettings(options) {
+    const cwd = options?.cwd || process.cwd();
+    // Kullanıcı config'i (~/.aigency/config.json)
+    const userRaw = (await readJsonSafe(getUserConfigFile()));
+    let settings = mergeSettings(DEFAULT_SETTINGS, userRaw, "~/.aigency/config.json");
+    // Proje ayarı (<cwd>/.aigency/settings.json)
+    const projectRaw = (await readJsonSafe(getProjectSettingsFile(cwd)));
+    settings = mergeSettings(settings, projectRaw, ".aigency/settings.json");
+    // CLI argüman override (en yüksek öncelik)
+    if (options?.overrideArgs) {
+        settings = mergeSettings(settings, options.overrideArgs, "CLI args");
+    }
+    return settings;
+}
+export async function saveUserConfig(patch) {
+    const current = (await readJsonSafe(getUserConfigFile()));
+    const merged = mergeSettings(DEFAULT_SETTINGS, { ...(current || {}), ...patch }, "~/.aigency/config.json");
+    await writeJsonSafe(getUserConfigFile(), merged);
+    return merged;
+}
+export async function saveProjectSettings(patch, cwd = process.cwd()) {
+    const current = (await readJsonSafe(getProjectSettingsFile(cwd)));
+    const merged = mergeSettings(DEFAULT_SETTINGS, { ...(current || {}), ...patch }, ".aigency/settings.json");
+    await writeJsonSafe(getProjectSettingsFile(cwd), merged);
+    return merged;
+}
+export async function ensureUserAigencyDir() {
+    await fs.mkdir(getUserAigencyDir(), { recursive: true });
+}
+//# sourceMappingURL=settings.js.map

package/dist/config/settings.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"settings.js","sourceRoot":"","sources":["../../src/config/settings.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAClC,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EACL,gBAAgB,EAChB,cAAc,GAEf,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,sBAAsB,EACtB,iBAAiB,EACjB,iBAAiB,GAClB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AAEzC,KAAK,UAAU,YAAY,CAAC,QAAgB;IAC1C,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAAC,OAAO,GAAY,EAAE,CAAC;QACtB,MAAM,IAAI,GAAI,GAA6B,EAAE,IAAI,CAAC;QAClD,IAAI,IAAI,KAAK,QAAQ;YAAE,OAAO,IAAI,CAAC;QACnC,GAAG,CAAC,KAAK,CAAC,qBAAqB,QAAQ,KAAM,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,QAAgB,EAAE,IAAa;IAC1D,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5D,MAAM,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;AAC7E,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CACpB,IAAc,EACd,QAAwC,EACxC,MAAc;IAEd,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3B,MAAM,MAAM,GAAG,EAAE,GAAG,IAAI,EAAE,GAAG,QAAQ,EAAE,CAAC;IACxC,MAAM,MAAM,GAAG,cAAc,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAChD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,GAAG,CAAC,IAAI,CAAC,GAAG,MAAM,oCAAoC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC;QAC5F,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC;AACrB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,OAGlC;IACC,MAAM,GAAG,GAAG,OAAO,EAAE,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;IAE1C,8CAA8C;IAC9C,MAAM,OAAO,GAAG,CAAC,MAAM,YAAY,CAAC,iBAAiB,EAAE,CAAC,CAEhD,CAAC;IACT,IAAI,QAAQ,GAAG,aAAa,CAAC,gBAAgB,EAAE,OAAO,EAAE,wBAAwB,CAAC,CAAC;IAElF,6CAA6C;IAC7C,MAAM,UAAU,GAAG,CAAC,MAAM,YAAY,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAE3D,CAAC;IACT,QAAQ,GAAG,aAAa,CAAC,QAAQ,EAAE,UAAU,EAAE,wBAAwB,CAAC,CAAC;IAEzE,2CAA2C;IAC3C,IAAI,OAAO,EAAE,YAAY,EAAE,CAAC;QAC1B,QAAQ,GAAG,aAAa,CACtB,QAAQ,EACR,OAAO,CAAC,YAAuC,EAC/C,UAAU,CACX,CAAC;IACJ,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,KAAwB;IAC3D,MAAM,OAAO,GAAG,CAAC,MAAM,YAAY,CAAC,iBAAiB,EAAE,CAAC,CAEhD,CAAC;IACT,MAAM,MAAM,GAAG,aAAa,CAAC,gBAAgB,EAAE,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,EAAE,EAAE,wBAAwB,CAAC,CAAC;IAC3G,MAAM,aAAa,CAAC,iBAAiB,EAAE,EAAE,MAAM,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAwB,EACxB,MAAc,OAAO,CAAC,GAAG,EAAE;IAE3B,MAAM,OAAO,GAAG,CAAC,MAAM,YAAY,CAAC,sBAAsB,CAAC,GAAG,CAAC,CAAC,CAExD,CAAC;IACT,MAAM,MAAM,GAAG,aAAa,CAC1B,gBAAgB,EAChB,EAAE,GAAG,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,GAAG,KAAK,EAAE,EAChC,wBAAwB,CACzB,CAAC;IACF,MAAM,aAAa,CAAC,sBAAsB,CAAC,GAAG,CAAC,EAAE,MAAM,CAAC,CAAC;IACzD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,oBAAoB;IACxC,MAAM,EAAE,CAAC,KAAK,CAAC,iBAAiB,EAAE,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;AAC3D,CAAC"}

package/dist/index.js

@@ -0,0 +1,36 @@
+#!/usr/bin/env node
+/**
+ * AIGENCY CLI — entry point.
+ *
+ * Bu dosya binary tarafından shebang ile çalıştırılır. Komut dispatcher'a
+ * argv iletir ve çıkış kodunu döner.
+ */
+import { runCli } from "./cli.js";
+import { log } from "./utils/logger.js";
+// process.title — Windows Credential Manager ve taskmgr'de görünüm için
+try {
+    process.title = "aigency";
+}
+catch {
+    // Bazı sandbox ortamlarında başarısız olabilir
+}
+// Uncaught exception handler — son çare yakalama
+process.on("uncaughtException", (err) => {
+    log.error(`Beklenmeyen hata: ${err.message}`);
+    if (process.env.AIGENCY_CLI_DEBUG === "1") {
+        log.dim(err.stack || "");
+    }
+    process.exit(2);
+});
+process.on("unhandledRejection", (reason) => {
+    const message = reason instanceof Error ? reason.message : String(reason);
+    log.error(`İşlenmeyen promise reddi: ${message}`);
+    process.exit(2);
+});
+// İlk iki arg: node ve script dosyası
+const argv = process.argv.slice(2);
+runCli(argv).then((code) => process.exit(code), (err) => {
+    log.error(`CLI hata: ${err.message}`);
+    process.exit(2);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AACA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,EAAE,MAAM,UAAU,CAAC;AAClC,OAAO,EAAE,GAAG,EAAE,MAAM,mBAAmB,CAAC;AAExC,wEAAwE;AACxE,IAAI,CAAC;IACH,OAAO,CAAC,KAAK,GAAG,SAAS,CAAC;AAC5B,CAAC;AAAC,MAAM,CAAC;IACP,+CAA+C;AACjD,CAAC;AAED,iDAAiD;AACjD,OAAO,CAAC,EAAE,CAAC,mBAAmB,EAAE,CAAC,GAAG,EAAE,EAAE;IACtC,GAAG,CAAC,KAAK,CAAC,qBAAqB,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;IAC9C,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,GAAG,EAAE,CAAC;QAC1C,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IAC3B,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,OAAO,CAAC,EAAE,CAAC,oBAAoB,EAAE,CAAC,MAAM,EAAE,EAAE;IAC1C,MAAM,OAAO,GAAG,MAAM,YAAY,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC1E,GAAG,CAAC,KAAK,CAAC,6BAA6B,OAAO,EAAE,CAAC,CAAC;IAClD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC;AAEH,sCAAsC;AACtC,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAEnC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CACf,CAAC,IAAI,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,EAC5B,CAAC,GAAG,EAAE,EAAE;IACN,GAAG,CAAC,KAAK,CAAC,aAAc,GAAa,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CACF,CAAC"}

package/dist/security/command-filter.js

@@ -0,0 +1,121 @@
+/**
+ * AIGENCY CLI — Shell komut filtresi.
+ *
+ * bash_execute tool'u çalıştırmadan önce komut bu filtreden geçer.
+ * Block list (regex) + allow list (prefix) hibrit yaklaşım:
+ *   - Block regex eşleşirse: kesinlikle reddet
+ *   - Allow prefix eşleşirse: hızlı kabul (Auto mode'da promosyon)
+ *   - Ne block ne allow: normal izin akışına bırak
+ */
+// ── Block regex listesi ──
+// Büyük-küçük harf duyarsız. Komutun herhangi bir yerinde eşleşirse reddedilir.
+const BLOCK_PATTERNS = [
+    // Destructive rm / del
+    { pattern: /\brm\s+(-rf?|--recursive|--force)\s+[/"'~]/i, reason: "rm -rf kök/home" },
+    { pattern: /\brm\s+-[a-z]*r[a-z]*\s+\//i, reason: "rm -r kök" },
+    { pattern: /\bdel\s+\/[sfq]/i, reason: "Windows del /s /f /q" },
+    { pattern: /\brmdir\s+\/s/i, reason: "Windows rmdir /s" },
+    // Yetki yükseltme
+    { pattern: /\bsudo\b/i, reason: "sudo yasak" },
+    { pattern: /\bsu\s+-/i, reason: "su - yasak" },
+    { pattern: /\bchmod\s+([0-7]*7[0-7]*|a\+[rwx])/i, reason: "chmod 777/a+rwx yasak" },
+    { pattern: /\bchown\b/i, reason: "chown yasak" },
+    // Remote code exec
+    { pattern: /\bcurl\b[^|]*\|\s*(bash|sh|zsh|pwsh|powershell)/i, reason: "curl | sh" },
+    { pattern: /\bwget\b[^|]*\|\s*(bash|sh|zsh)/i, reason: "wget | sh" },
+    { pattern: /\bInvoke-Expression\b/i, reason: "PowerShell Invoke-Expression" },
+    { pattern: /\biex\s*\(/i, reason: "PowerShell iex()" },
+    { pattern: /\beval\s*[(\"']/i, reason: "eval()" },
+    // Disk/sistem
+    { pattern: /\bformat\s+[a-z]:/i, reason: "format disk" },
+    { pattern: /\bdd\s+if=/i, reason: "dd if=" },
+    { pattern: /\bmkfs\b/i, reason: "mkfs filesystem" },
+    { pattern: /\bshutdown\b/i, reason: "shutdown" },
+    { pattern: /\breboot\b/i, reason: "reboot" },
+    { pattern: /\bpoweroff\b/i, reason: "poweroff" },
+    { pattern: /\bhalt\b/i, reason: "halt" },
+    { pattern: /\bkill\s+-9\s+1\b/i, reason: "kill init" },
+    { pattern: />\s*\/dev\/(sda|nvme|disk|hda)/i, reason: "block device'a yazma" },
+    // Windows registry ve network
+    { pattern: /\breg\s+(add|delete)\b/i, reason: "registry düzenleme" },
+    { pattern: /\bnet\s+user\b/i, reason: "net user" },
+    { pattern: /\bnet\s+localgroup\b/i, reason: "net localgroup" },
+    { pattern: /\bnetsh\b[^]*firewall/i, reason: "firewall düzenleme" },
+    // DB destructive
+    { pattern: /\bprisma\s+migrate\s+reset\b/i, reason: "prisma migrate reset YASAK" },
+    { pattern: /\bprisma\s+db\s+push\s+--force/i, reason: "prisma db push --force" },
+    { pattern: /\bDROP\s+DATABASE\b/i, reason: "DROP DATABASE" },
+    { pattern: /\bTRUNCATE\b/i, reason: "TRUNCATE" },
+    // SSH key üretimi / self-revoke
+    { pattern: /\bssh-keygen\b/i, reason: "ssh-keygen" },
+    { pattern: /\baigency\s+(logout|revoke)\b/i, reason: "kendi oturumunu revoke etme" },
+    // Fork bomb / devasa çıktı
+    { pattern: /:\(\)\s*\{/i, reason: "fork bomb şüphesi" },
+    { pattern: /\byes\b[^|]*\|/i, reason: "yes | komutu büyük çıktı üretir" },
+];
+// ── Allow list (prefix whitelist) ──
+// Komut ilk kelimesi (veya ilk iki kelime) bu listedeyse Auto mode'da
+// promosyonla "safe" kabul edilir. Default mode'da etkisi yok.
+const ALLOW_PREFIXES = new Set([
+    // Node ekosistemi
+    "node", "npm", "npx", "pnpm", "yarn", "bun", "tsc", "ts-node", "tsx",
+    "eslint", "prettier", "biome", "jest", "vitest", "playwright", "cypress",
+    // Python ekosistemi
+    "python", "python3", "pip", "pip3", "pipx", "poetry", "uv",
+    "pytest", "ruff", "black", "mypy", "pyright",
+    // Go / Rust / Java
+    "go", "gofmt", "cargo", "rustc", "rustup", "java", "javac", "mvn", "gradle",
+    // Git
+    "git",
+    // Dosya keşfi
+    "ls", "dir", "cat", "type", "head", "tail", "grep", "rg", "fd", "find",
+    "echo", "pwd", "mkdir", "touch", "cp", "mv", "which", "where", "file", "stat",
+    // Docker (build/run OK ama compose destructive olabilir)
+    "docker", "podman", "make",
+]);
+function firstWord(command) {
+    const trimmed = command.trim();
+    const match = trimmed.match(/^(\S+)/);
+    return (match?.[1] || "").toLowerCase();
+}
+export function checkCommand(command) {
+    if (!command || typeof command !== "string") {
+        return { verdict: "block", reason: "Boş komut" };
+    }
+    const trimmed = command.trim();
+    if (trimmed.length === 0) {
+        return { verdict: "block", reason: "Boş komut" };
+    }
+    if (trimmed.length > 4000) {
+        return { verdict: "block", reason: "Komut çok uzun (>4000 karakter)" };
+    }
+    // 1) Block kontrolü
+    for (const { pattern, reason } of BLOCK_PATTERNS) {
+        if (pattern.test(trimmed)) {
+            return {
+                verdict: "block",
+                reason,
+                matchedPattern: pattern.source,
+            };
+        }
+    }
+    // 2) Allow list kontrolü (ilk kelime)
+    const first = firstWord(trimmed);
+    if (ALLOW_PREFIXES.has(first)) {
+        return { verdict: "allow", reason: `bilinen güvenli komut: ${first}` };
+    }
+    return { verdict: "neutral" };
+}
+/**
+ * Auto mode için kısa karar — classifier yerine hızlı heuristic.
+ * Block → reject, Allow → approve, Neutral → prompt.
+ */
+export function autoModeDecision(command) {
+    const result = checkCommand(command);
+    if (result.verdict === "block")
+        return "reject";
+    if (result.verdict === "allow")
+        return "approve";
+    return "prompt";
+}
+//# sourceMappingURL=command-filter.js.map

package/dist/security/command-filter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command-filter.js","sourceRoot":"","sources":["../../src/security/command-filter.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAUH,4BAA4B;AAC5B,gFAAgF;AAChF,MAAM,cAAc,GAA+C;IACjE,uBAAuB;IACvB,EAAE,OAAO,EAAE,6CAA6C,EAAE,MAAM,EAAE,iBAAiB,EAAE;IACrF,EAAE,OAAO,EAAE,6BAA6B,EAAE,MAAM,EAAE,WAAW,EAAE;IAC/D,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,sBAAsB,EAAE;IAC/D,EAAE,OAAO,EAAE,gBAAgB,EAAE,MAAM,EAAE,kBAAkB,EAAE;IAEzD,kBAAkB;IAClB,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE;IAC9C,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,YAAY,EAAE;IAC9C,EAAE,OAAO,EAAE,qCAAqC,EAAE,MAAM,EAAE,uBAAuB,EAAE;IACnF,EAAE,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,aAAa,EAAE;IAEhD,mBAAmB;IACnB,EAAE,OAAO,EAAE,kDAAkD,EAAE,MAAM,EAAE,WAAW,EAAE;IACpF,EAAE,OAAO,EAAE,kCAAkC,EAAE,MAAM,EAAE,WAAW,EAAE;IACpE,EAAE,OAAO,EAAE,wBAAwB,EAAE,MAAM,EAAE,8BAA8B,EAAE;IAC7E,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,kBAAkB,EAAE;IACtD,EAAE,OAAO,EAAE,kBAAkB,EAAE,MAAM,EAAE,QAAQ,EAAE;IAEjD,cAAc;IACd,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,aAAa,EAAE;IACxD,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC5C,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,iBAAiB,EAAE;IACnD,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ,EAAE;IAC5C,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAChD,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,EAAE;IACxC,EAAE,OAAO,EAAE,oBAAoB,EAAE,MAAM,EAAE,WAAW,EAAE;IACtD,EAAE,OAAO,EAAE,iCAAiC,EAAE,MAAM,EAAE,sBAAsB,EAAE;IAE9E,8BAA8B;IAC9B,EAAE,OAAO,EAAE,yBAAyB,EAAE,MAAM,EAAE,oBAAoB,EAAE;IACpE,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,UAAU,EAAE;IAClD,EAAE,OAAO,EAAE,uBAAuB,EAAE,MAAM,EAAE,gBAAgB,EAAE;IAC9D,EAAE,OAAO,EAAE,wBAAwB,EAAE,MAAM,EAAE,oBAAoB,EAAE;IAEnE,iBAAiB;IACjB,EAAE,OAAO,EAAE,+BAA+B,EAAE,MAAM,EAAE,4BAA4B,EAAE;IAClF,EAAE,OAAO,EAAE,iCAAiC,EAAE,MAAM,EAAE,wBAAwB,EAAE;IAChF,EAAE,OAAO,EAAE,sBAAsB,EAAE,MAAM,EAAE,eAAe,EAAE;IAC5D,EAAE,OAAO,EAAE,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE;IAEhD,gCAAgC;IAChC,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,YAAY,EAAE;IACpD,EAAE,OAAO,EAAE,gCAAgC,EAAE,MAAM,EAAE,6BAA6B,EAAE;IAEpF,2BAA2B;IAC3B,EAAE,OAAO,EAAE,aAAa,EAAE,MAAM,EAAE,mBAAmB,EAAE;IACvD,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,EAAE,iCAAiC,EAAE;CAC1E,CAAC;AAEF,sCAAsC;AACtC,sEAAsE;AACtE,+DAA+D;AAC/D,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC;IAC7B,kBAAkB;IAClB,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK;IACpE,QAAQ,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS;IACxE,oBAAoB;IACpB,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,IAAI;IAC1D,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS;IAC5C,mBAAmB;IACnB,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ;IAC3E,MAAM;IACN,KAAK;IACL,cAAc;IACd,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM;IACtE,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM;IAC7E,yDAAyD;IACzD,QAAQ,EAAE,QAAQ,EAAE,MAAM;CAC3B,CAAC,CAAC;AAEH,SAAS,SAAS,CAAC,OAAe;IAChC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IACtC,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,OAAe;IAC1C,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACnD,CAAC;IAED,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;IACnD,CAAC;IACD,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;QAC1B,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,iCAAiC,EAAE,CAAC;IACzE,CAAC;IAED,oBAAoB;IACpB,KAAK,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QACjD,IAAI,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,OAAO,EAAE,OAAO;gBAChB,MAAM;gBACN,cAAc,EAAE,OAAO,CAAC,MAAM;aAC/B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,sCAAsC;IACtC,MAAM,KAAK,GAAG,SAAS,CAAC,OAAO,CAAC,CAAC;IACjC,IAAI,cAAc,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,0BAA0B,KAAK,EAAE,EAAE,CAAC;IACzE,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC;AAChC,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,OAAe;IAC9C,MAAM,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,CAAC;IACrC,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO;QAAE,OAAO,QAAQ,CAAC;IAChD,IAAI,MAAM,CAAC,OAAO,KAAK,OAAO;QAAE,OAAO,SAAS,CAAC;IACjD,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/security/sandbox.js

@@ -0,0 +1,182 @@
+/**
+ * AIGENCY CLI — Sandbox path guard.
+ *
+ * Tool'ların eriştiği her path bu fonksiyondan geçer. Symlink resolve edilir,
+ * cwd altında mı kontrol edilir, yasak segmentler (.git, .env, node_modules vb.)
+ * reddedilir, kullanıcı home altındaki hassas klasörler (~/.ssh, ~/.aigency, ...)
+ * engellenir.
+ *
+ * Tüm path guard sonuçları PathCheckResult olarak döner — hata mesajı kullanıcıya
+ * gösterilebilir, reason kodu audit log'a yazılabilir.
+ */
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+// ── Yasak path segmentleri (regex) ──
+// Dosya adı veya dizin adı eşleşmesi — tam path değil.
+const BLOCKED_SEGMENTS = [
+    /^\.git$/,
+    /^\.env(\..*)?$/, // .env, .env.local, .env.production ...
+    /^\.env$/,
+    /^node_modules$/,
+    /^\.next$/,
+    /^\.turbo$/,
+    /^\.vscode$/,
+    /^\.idea$/,
+    /^\.svn$/,
+    /^\.hg$/,
+];
+// ── Home altında kesinlikle erişilemeyecek klasörler ──
+const BLOCKED_HOME_DIRS = [
+    ".ssh",
+    ".aigency",
+    ".aws",
+    ".azure",
+    ".docker",
+    ".kube",
+    ".gnupg",
+    ".gcp",
+    ".google",
+    ".config/gcloud",
+    ".netrc",
+    ".pypirc",
+    ".npmrc",
+];
+function normalizePath(p) {
+    // Windows backslash → forward slash, case-insensitive karşılaştırma için lowercase
+    return p.replace(/\\/g, "/").toLowerCase();
+}
+function isUnderDir(target, parent) {
+    const t = normalizePath(target);
+    const p = normalizePath(parent).replace(/\/$/, "");
+    return t === p || t.startsWith(p + "/");
+}
+/**
+ * Bir path'in sandbox kurallarına uyup uymadığını kontrol eder.
+ * cwd dışına çıkma, yasak segment, home gizli dizini, symlink hedefi kontrol edilir.
+ *
+ * Dönüş:
+ *   - ok: true → realPath kullanılabilir
+ *   - ok: false → reason ve message ile açıklama
+ */
+export function checkPath(rawPath, cwd, options = {}) {
+    if (!rawPath || typeof rawPath !== "string") {
+        return {
+            ok: false,
+            reason: "bos_path",
+            message: "Boş yol",
+        };
+    }
+    // 1) cwd ile resolve et (göreli → mutlak)
+    let resolved;
+    try {
+        resolved = path.isAbsolute(rawPath)
+            ? path.resolve(rawPath)
+            : path.resolve(cwd, rawPath);
+    }
+    catch (err) {
+        return {
+            ok: false,
+            reason: "cozumlenemedi",
+            message: `Yol çözümlenemedi: ${err.message}`,
+        };
+    }
+    // 2) Symlink resolve (gerçek dosya varsa)
+    let realPath = resolved;
+    try {
+        realPath = fs.realpathSync(resolved);
+    }
+    catch (err) {
+        // Dosya/dizin henüz yoksa (write_file senaryosu) parent dizini kontrol et
+        const parent = path.dirname(resolved);
+        try {
+            const parentReal = fs.realpathSync(parent);
+            realPath = path.join(parentReal, path.basename(resolved));
+        }
+        catch {
+            if (options.mustExist) {
+                return {
+                    ok: false,
+                    reason: "cozumlenemedi",
+                    message: `Yol bulunamadı: ${rawPath}`,
+                };
+            }
+            // Parent da yoksa resolved'i kullan (ileride mkdir yapılacak belki)
+            realPath = resolved;
+        }
+    }
+    // 3) cwd altında mı?
+    // Windows: path.relative başka disk için "D:\..." döner → isAbsolute true → reddet
+    const relative = path.relative(cwd, realPath);
+    if (relative === "" ||
+        relative === "." ||
+        (!relative.startsWith("..") && !path.isAbsolute(relative))) {
+        // OK — cwd'nin kendisi veya alt
+    }
+    else {
+        return {
+            ok: false,
+            reason: "cwd_disi",
+            realPath,
+            displayPath: rawPath,
+            message: `Yol çalışma dizininin dışında: ${rawPath}`,
+        };
+    }
+    // 4) Yasak segmentler (path'in herhangi bir parçası)
+    const segments = realPath.split(/[\\/]/).filter(Boolean);
+    for (const seg of segments) {
+        for (const pattern of BLOCKED_SEGMENTS) {
+            if (pattern.test(seg)) {
+                return {
+                    ok: false,
+                    reason: "yasak_dizin",
+                    realPath,
+                    displayPath: rawPath,
+                    message: `Yasak dizin segmenti: ${seg}`,
+                };
+            }
+        }
+    }
+    // 5) Home altındaki gizli klasörler
+    const home = os.homedir();
+    for (const blocked of BLOCKED_HOME_DIRS) {
+        const full = path.join(home, blocked);
+        if (isUnderDir(realPath, full)) {
+            return {
+                ok: false,
+                reason: "home_gizli",
+                realPath,
+                displayPath: rawPath,
+                message: `Hassas klasöre erişim yasak: ~/${blocked}`,
+            };
+        }
+    }
+    return {
+        ok: true,
+        realPath,
+        displayPath: path.relative(cwd, realPath) || ".",
+    };
+}
+/**
+ * Write/edit gibi yazma işlemleri için extra kontrol —
+ * symlink hedefi dışarı çıkıyorsa reddet.
+ */
+export function checkWritePath(rawPath, cwd) {
+    const base = checkPath(rawPath, cwd);
+    if (!base.ok || !base.realPath)
+        return base;
+    // Parent dizin cwd içinde olmalı
+    const parent = path.dirname(base.realPath);
+    const parentCheck = checkPath(parent, cwd);
+    if (!parentCheck.ok) {
+        return {
+            ok: false,
+            reason: parentCheck.reason,
+            realPath: base.realPath,
+            displayPath: base.displayPath,
+            message: parentCheck.message,
+        };
+    }
+    return base;
+}
+//# sourceMappingURL=sandbox.js.map

package/dist/security/sandbox.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sandbox.js","sourceRoot":"","sources":["../../src/security/sandbox.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAmB7B,uCAAuC;AACvC,uDAAuD;AACvD,MAAM,gBAAgB,GAAa;IACjC,SAAS;IACT,gBAAgB,EAAS,wCAAwC;IACjE,SAAS;IACT,gBAAgB;IAChB,UAAU;IACV,WAAW;IACX,YAAY;IACZ,UAAU;IACV,SAAS;IACT,QAAQ;CACT,CAAC;AAEF,yDAAyD;AACzD,MAAM,iBAAiB,GAAG;IACxB,MAAM;IACN,UAAU;IACV,MAAM;IACN,QAAQ;IACR,SAAS;IACT,OAAO;IACP,QAAQ;IACR,MAAM;IACN,SAAS;IACT,gBAAgB;IAChB,QAAQ;IACR,SAAS;IACT,QAAQ;CACT,CAAC;AAEF,SAAS,aAAa,CAAC,CAAS;IAC9B,mFAAmF;IACnF,OAAO,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,CAAC;AAC7C,CAAC;AAED,SAAS,UAAU,CAAC,MAAc,EAAE,MAAc;IAChD,MAAM,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IAChC,MAAM,CAAC,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;;GAOG;AACH,MAAM,UAAU,SAAS,CACvB,OAAe,EACf,GAAW,EACX,UAAmC,EAAE;IAErC,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;QAC5C,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,UAAU;YAClB,OAAO,EAAE,SAAS;SACnB,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,IAAI,QAAgB,CAAC;IACrB,IAAI,CAAC;QACH,QAAQ,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;YACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC;YACvB,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACjC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,eAAe;YACvB,OAAO,EAAE,sBAAuB,GAAa,CAAC,OAAO,EAAE;SACxD,CAAC;IACJ,CAAC;IAED,0CAA0C;IAC1C,IAAI,QAAQ,GAAG,QAAQ,CAAC;IACxB,IAAI,CAAC;QACH,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,0EAA0E;QAC1E,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACtC,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;YAC3C,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC5D,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,OAAO,CAAC,SAAS,EAAE,CAAC;gBACtB,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,eAAe;oBACvB,OAAO,EAAE,mBAAmB,OAAO,EAAE;iBACtC,CAAC;YACJ,CAAC;YACD,oEAAoE;YACpE,QAAQ,GAAG,QAAQ,CAAC;QACtB,CAAC;IACH,CAAC;IAED,qBAAqB;IACrB,mFAAmF;IACnF,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC9C,IACE,QAAQ,KAAK,EAAE;QACf,QAAQ,KAAK,GAAG;QAChB,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,EAC1D,CAAC;QACD,gCAAgC;IAClC,CAAC;SAAM,CAAC;QACN,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,UAAU;YAClB,QAAQ;YACR,WAAW,EAAE,OAAO;YACpB,OAAO,EAAE,kCAAkC,OAAO,EAAE;SACrD,CAAC;IACJ,CAAC;IAED,qDAAqD;IACrD,MAAM,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACzD,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE,CAAC;QAC3B,KAAK,MAAM,OAAO,IAAI,gBAAgB,EAAE,CAAC;YACvC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;gBACtB,OAAO;oBACL,EAAE,EAAE,KAAK;oBACT,MAAM,EAAE,aAAa;oBACrB,QAAQ;oBACR,WAAW,EAAE,OAAO;oBACpB,OAAO,EAAE,yBAAyB,GAAG,EAAE;iBACxC,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC;IAC1B,KAAK,MAAM,OAAO,IAAI,iBAAiB,EAAE,CAAC;QACxC,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QACtC,IAAI,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,EAAE,CAAC;YAC/B,OAAO;gBACL,EAAE,EAAE,KAAK;gBACT,MAAM,EAAE,YAAY;gBACpB,QAAQ;gBACR,WAAW,EAAE,OAAO;gBACpB,OAAO,EAAE,kCAAkC,OAAO,EAAE;aACrD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO;QACL,EAAE,EAAE,IAAI;QACR,QAAQ;QACR,WAAW,EAAE,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC,IAAI,GAAG;KACjD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAe,EACf,GAAW;IAEX,MAAM,IAAI,GAAG,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IACrC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,QAAQ;QAAE,OAAO,IAAI,CAAC;IAE5C,iCAAiC;IACjC,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3C,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC3C,IAAI,CAAC,WAAW,CAAC,EAAE,EAAE,CAAC;QACpB,OAAO;YACL,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,OAAO,EAAE,WAAW,CAAC,OAAO;SAC7B,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/security/sanitize.js

@@ -0,0 +1,59 @@
+/**
+ * AIGENCY CLI — UI tarafı mesaj sanitize katmanı.
+ *
+ * Sunucu tarafı `lib/cli/sanitize.ts` zaten tool output'larını geçiriyor;
+ * bu CLI tarafı ek bir güvenlik ağı — agent mesajları, hata mesajları ve
+ * tool sonuçları kullanıcıya gösterilmeden önce:
+ *   - 3. parti sağlayıcı/model isimleri AIGENCY ile değiştirilir
+ *   - Zero-width ve bidi override Unicode karakterleri strip edilir
+ */
+// Sağlayıcı adları base64 encoded sözlük — kaynak dosyada literal olarak
+// hiçbir sağlayıcı adı geçmesin diye. Runtime'da decode edilip regex üretilir.
+const PROVIDER_DICT_B64 = [
+    "b3BlbmFp",
+    "Y2hhdGdwdA==",
+    "Z3B0LTQ=",
+    "Z3B0LTM=",
+    "ZGFsbC1l",
+    "ZGFsbGU=",
+    "YW50aHJvcGlj",
+    "Y2xhdWRl",
+    "Z2VtaW5p",
+    "YmFyZA==",
+    "bGxhbWE=",
+    "Y29waWxvdA==",
+    "ZGVlcHNlZWs=",
+    "bWlzdHJhbA==",
+];
+let _providerRegex = null;
+function getProviderRegex() {
+    if (_providerRegex)
+        return _providerRegex;
+    const terms = PROVIDER_DICT_B64.map((b) => Buffer.from(b, "base64").toString("utf8"));
+    _providerRegex = new RegExp(`\\b(${terms.join("|")})[\\w\\-.]*`, "gi");
+    return _providerRegex;
+}
+const ZERO_WIDTH_UNICODE = /[\u200B-\u200F\u202A-\u202E\u2060-\u206F\uFEFF]/g;
+/**
+ * String içindeki tüm LLM sağlayıcı/model isimlerini "AIGENCY" ile değiştirir.
+ */
+export function stripProviderMentions(input) {
+    if (!input || typeof input !== "string")
+        return "";
+    return input.replace(getProviderRegex(), "AIGENCY");
+}
+/**
+ * Gizli Unicode karakterlerini strip eder.
+ */
+export function stripHiddenUnicode(input) {
+    if (!input || typeof input !== "string")
+        return "";
+    return input.replace(ZERO_WIDTH_UNICODE, "");
+}
+/**
+ * UI'da gösterilecek her mesaj için tek satır sanitize.
+ */
+export function sanitizeForDisplay(input) {
+    return stripHiddenUnicode(stripProviderMentions(input));
+}
+//# sourceMappingURL=sanitize.js.map

package/dist/security/sanitize.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitize.js","sourceRoot":"","sources":["../../src/security/sanitize.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,yEAAyE;AACzE,+EAA+E;AAC/E,MAAM,iBAAiB,GAAG;IACxB,UAAU;IACV,cAAc;IACd,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,cAAc;IACd,UAAU;IACV,UAAU;IACV,UAAU;IACV,UAAU;IACV,cAAc;IACd,cAAc;IACd,cAAc;CACf,CAAC;AAEF,IAAI,cAAc,GAAkB,IAAI,CAAC;AAEzC,SAAS,gBAAgB;IACvB,IAAI,cAAc;QAAE,OAAO,cAAc,CAAC;IAC1C,MAAM,KAAK,GAAG,iBAAiB,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CACxC,MAAM,CAAC,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAC1C,CAAC;IACF,cAAc,GAAG,IAAI,MAAM,CAAC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IACvE,OAAO,cAAc,CAAC;AACxB,CAAC;AAED,MAAM,kBAAkB,GAAG,kDAAkD,CAAC;AAE9E;;GAEG;AACH,MAAM,UAAU,qBAAqB,CAAC,KAAa;IACjD,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACnD,OAAO,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,EAAE,SAAS,CAAC,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,EAAE,CAAC;IACnD,OAAO,KAAK,CAAC,OAAO,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;AAC/C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,KAAa;IAC9C,OAAO,kBAAkB,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC;AAC1D,CAAC"}