npm - @aria-cli/tools - Versions diffs - 1.0.9 → 1.0.11 - Mend

@aria-cli/tools 1.0.9 → 1.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (241) hide show

package/package.json +9 -5
package/src/__tests__/web-fetch-download.test.ts +0 -433
package/src/__tests__/web-tools.test.ts +0 -619
package/src/ask-user-interaction.ts +0 -33
package/src/cache/web-cache.ts +0 -110
package/src/definitions/arion.ts +0 -118
package/src/definitions/browser/browser.ts +0 -502
package/src/definitions/browser/index.ts +0 -5
package/src/definitions/browser/pw-downloads.ts +0 -142
package/src/definitions/browser/pw-interactions.ts +0 -282
package/src/definitions/browser/pw-responses.ts +0 -98
package/src/definitions/browser/pw-session.ts +0 -405
package/src/definitions/browser/pw-shared.ts +0 -85
package/src/definitions/browser/pw-snapshot.ts +0 -383
package/src/definitions/browser/pw-state.ts +0 -101
package/src/definitions/browser/types.ts +0 -203
package/src/definitions/code-intelligence.ts +0 -526
package/src/definitions/core.ts +0 -118
package/src/definitions/delegation.ts +0 -567
package/src/definitions/deploy.ts +0 -73
package/src/definitions/filesystem.ts +0 -217
package/src/definitions/frg.ts +0 -67
package/src/definitions/index.ts +0 -28
package/src/definitions/memory.ts +0 -150
package/src/definitions/messaging.ts +0 -734
package/src/definitions/meta.ts +0 -392
package/src/definitions/network.ts +0 -179
package/src/definitions/outlook.ts +0 -318
package/src/definitions/patch/apply-patch.ts +0 -235
package/src/definitions/patch/fuzzy-match.ts +0 -217
package/src/definitions/patch/index.ts +0 -1
package/src/definitions/patch/patch-parser.ts +0 -297
package/src/definitions/patch/sandbox-paths.ts +0 -129
package/src/definitions/process/index.ts +0 -5
package/src/definitions/process/process-registry.ts +0 -303
package/src/definitions/process/process.ts +0 -456
package/src/definitions/process/pty-keys.ts +0 -298
package/src/definitions/process/session-slug.ts +0 -147
package/src/definitions/quip.ts +0 -225
package/src/definitions/search.ts +0 -67
package/src/definitions/session-history.ts +0 -79
package/src/definitions/shell.ts +0 -202
package/src/definitions/slack.ts +0 -211
package/src/definitions/web.ts +0 -119
package/src/executors/apply-patch.ts +0 -1035
package/src/executors/arion.ts +0 -199
package/src/executors/code-intelligence.ts +0 -1179
package/src/executors/deploy.ts +0 -1066
package/src/executors/filesystem.ts +0 -1428
package/src/executors/frg-freshness.ts +0 -743
package/src/executors/frg.ts +0 -394
package/src/executors/index.ts +0 -280
package/src/executors/learning-meta.ts +0 -1367
package/src/executors/lsp-client.ts +0 -355
package/src/executors/memory.ts +0 -978
package/src/executors/meta.ts +0 -293
package/src/executors/process-registry.ts +0 -570
package/src/executors/pty-session-store.ts +0 -43
package/src/executors/pty.ts +0 -342
package/src/executors/restart.ts +0 -133
package/src/executors/search-freshness.ts +0 -249
package/src/executors/search-types.ts +0 -98
package/src/executors/search.ts +0 -89
package/src/executors/self-diagnose.ts +0 -552
package/src/executors/session-history.ts +0 -435
package/src/executors/shell-safety.ts +0 -519
package/src/executors/shell.ts +0 -1243
package/src/executors/utils.ts +0 -40
package/src/executors/web.ts +0 -786
package/src/extraction/content-extraction.ts +0 -281
package/src/extraction/index.ts +0 -5
package/src/headless-control-contract.ts +0 -1149
package/src/index.ts +0 -788
package/src/local-control-http-auth.ts +0 -2
package/src/mcp/client.ts +0 -218
package/src/mcp/connection.ts +0 -568
package/src/mcp/index.ts +0 -11
package/src/mcp/jsonrpc.ts +0 -195
package/src/mcp/types.ts +0 -199
package/src/network-control-adapter.ts +0 -88
package/src/network-runtime/address-types.ts +0 -218
package/src/network-runtime/db-owner-fencing.ts +0 -91
package/src/network-runtime/delivery-receipts.ts +0 -372
package/src/network-runtime/direct-endpoint-authority.ts +0 -35
package/src/network-runtime/index.ts +0 -316
package/src/network-runtime/local-control-contract.ts +0 -784
package/src/network-runtime/node-store-contract.ts +0 -46
package/src/network-runtime/pair-route-contract.ts +0 -97
package/src/network-runtime/peer-capabilities.ts +0 -48
package/src/network-runtime/peer-principal-ref.ts +0 -20
package/src/network-runtime/peer-state-machine.ts +0 -160
package/src/network-runtime/protocol-schemas.ts +0 -265
package/src/network-runtime/runtime-bootstrap-contract.ts +0 -83
package/src/outlook/desktop-session.ts +0 -409
package/src/policy.ts +0 -171
package/src/providers/brave.ts +0 -80
package/src/providers/duckduckgo.ts +0 -199
package/src/providers/exa.ts +0 -85
package/src/providers/firecrawl.ts +0 -77
package/src/providers/index.ts +0 -8
package/src/providers/jina.ts +0 -70
package/src/providers/router.ts +0 -121
package/src/providers/search-provider.ts +0 -74
package/src/providers/tavily.ts +0 -74
package/src/quip/desktop-session.ts +0 -435
package/src/registry/index.ts +0 -1
package/src/registry/registry.ts +0 -905
package/src/runtime-socket-local-control-client.ts +0 -632
package/src/security/dns-normalization.ts +0 -34
package/src/security/dns-pinning.ts +0 -138
package/src/security/external-content.ts +0 -129
package/src/security/ssrf.ts +0 -207
package/src/slack/desktop-session.ts +0 -493
package/src/tool-factory.ts +0 -91
package/src/types.ts +0 -1341
package/src/utils/retry.ts +0 -163
package/src/utils/safe-parse-json.ts +0 -176
package/src/utils/url.ts +0 -20
package/tests/benchmarks/registry.bench.ts +0 -57
package/tests/cache/web-cache.test.ts +0 -147
package/tests/critical-integration.test.ts +0 -1465
package/tests/definitions/apply-patch.test.ts +0 -586
package/tests/definitions/browser.test.ts +0 -495
package/tests/definitions/delegation-pause-resume.test.ts +0 -758
package/tests/definitions/execution.test.ts +0 -671
package/tests/definitions/messaging-inbox-scope.test.ts +0 -229
package/tests/definitions/messaging.test.ts +0 -1468
package/tests/definitions/outlook.test.ts +0 -30
package/tests/definitions/process.test.ts +0 -469
package/tests/definitions/slack.test.ts +0 -28
package/tests/definitions/tool-inventory.test.ts +0 -218
package/tests/e2e/delegation-quest-orchestration.e2e.test.ts +0 -433
package/tests/e2e/memory-tool-discovery-contract.e2e.test.ts +0 -81
package/tests/executors/apply-patch.test.ts +0 -538
package/tests/executors/arion.test.ts +0 -309
package/tests/executors/conversation-primitives.test.ts +0 -250
package/tests/executors/deploy.test.ts +0 -746
package/tests/executors/filesystem-tools.test.ts +0 -357
package/tests/executors/filesystem.test.ts +0 -959
package/tests/executors/frg-freshness.test.ts +0 -136
package/tests/executors/frg-merge.test.ts +0 -70
package/tests/executors/frg-session-content.test.ts +0 -40
package/tests/executors/frg.test.ts +0 -56
package/tests/executors/memory-bugfixes.test.ts +0 -257
package/tests/executors/memory-real-memoria.integration.test.ts +0 -316
package/tests/executors/memory.test.ts +0 -853
package/tests/executors/meta-tools.test.ts +0 -411
package/tests/executors/meta.test.ts +0 -683
package/tests/executors/path-containment.test.ts +0 -51
package/tests/executors/process-registry.test.ts +0 -505
package/tests/executors/pty.test.ts +0 -664
package/tests/executors/quest-security.test.ts +0 -249
package/tests/executors/read-file-media.test.ts +0 -230
package/tests/executors/recall-knowledge-schema.test.ts +0 -209
package/tests/executors/recall-tags.test.ts +0 -278
package/tests/executors/remember-null-safety.contract.test.ts +0 -41
package/tests/executors/restart.test.ts +0 -67
package/tests/executors/search-unified.test.ts +0 -381
package/tests/executors/session-history.test.ts +0 -340
package/tests/executors/session-transcript.test.ts +0 -561
package/tests/executors/shell-abort.test.ts +0 -416
package/tests/executors/shell-env-blocklist.test.ts +0 -648
package/tests/executors/shell-env-process.test.ts +0 -245
package/tests/executors/shell-process-registry.test.ts +0 -334
package/tests/executors/shell-tools.test.ts +0 -393
package/tests/executors/shell.test.ts +0 -690
package/tests/executors/web-abort-vs-timeout.test.ts +0 -213
package/tests/executors/web-integration.test.ts +0 -633
package/tests/executors/web-symlink.test.ts +0 -18
package/tests/executors/web.test.ts +0 -1400
package/tests/executors/write-stdin.test.ts +0 -145
package/tests/extraction/content-extraction.test.ts +0 -153
package/tests/guards/tools-default-test-lane.integration.test.ts +0 -21
package/tests/guards/tools-package-test-commands.e2e.test.ts +0 -43
package/tests/guards/tools-test-lane-manifest.contract.test.ts +0 -76
package/tests/guards/tools-vitest-workspace-alias.contract.test.ts +0 -63
package/tests/helpers/async-waits.ts +0 -53
package/tests/integration/headless-control-contract.integration.test.ts +0 -153
package/tests/integration/memory-tool-schema-parity.integration.test.ts +0 -67
package/tests/integration/meta-tools-round-trip.integration.test.ts +0 -506
package/tests/integration/quest-round-trip.test.ts +0 -303
package/tests/integration/registry-executor-flow.test.ts +0 -85
package/tests/integration.test.ts +0 -177
package/tests/loading-tier.test.ts +0 -126
package/tests/mcp/client-reconnect.test.ts +0 -267
package/tests/mcp/connection.test.ts +0 -846
package/tests/mcp/injectable-logger.test.ts +0 -83
package/tests/mcp/jsonrpc.test.ts +0 -109
package/tests/mcp/lifecycle.test.ts +0 -879
package/tests/network-runtime/address-types.contract.test.ts +0 -143
package/tests/network-runtime/continuity-bind-schema.contract.test.ts +0 -203
package/tests/network-runtime/local-control-contract.test.ts +0 -869
package/tests/network-runtime/local-control-invite-token.contract.test.ts +0 -146
package/tests/network-runtime/node-store-contract.test.ts +0 -11
package/tests/network-runtime/pair-protocol-nodeid.contract.test.ts +0 -15
package/tests/network-runtime/peer-state-machine.contract.test.ts +0 -148
package/tests/network-runtime/protocol-schemas.contract.test.ts +0 -512
package/tests/network-runtime/relay-pending-nodeid.contract.test.ts +0 -62
package/tests/network-runtime/runtime-bootstrap-contract.test.ts +0 -227
package/tests/network-runtime/runtime-socket-local-control-client.test.ts +0 -621
package/tests/network-runtime/wait-for-message-script.test.ts +0 -288
package/tests/parallel.test.ts +0 -71
package/tests/policy.test.ts +0 -184
package/tests/print-default-test-lane.ts +0 -14
package/tests/print-test-lane-manifest.ts +0 -22
package/tests/providers/brave.test.ts +0 -159
package/tests/providers/duckduckgo.test.ts +0 -207
package/tests/providers/exa.test.ts +0 -175
package/tests/providers/firecrawl.test.ts +0 -168
package/tests/providers/jina.test.ts +0 -144
package/tests/providers/router.test.ts +0 -328
package/tests/providers/tavily.test.ts +0 -165
package/tests/registry/discovery.test.ts +0 -154
package/tests/registry/injectable-logger.test.ts +0 -230
package/tests/registry/input-validation.test.ts +0 -361
package/tests/registry/interface-completeness.test.ts +0 -85
package/tests/registry/mcp-integration.test.ts +0 -103
package/tests/registry/mcp-read-only-hint.test.ts +0 -60
package/tests/registry/memoria-discovery.test.ts +0 -390
package/tests/registry/nested-validation.test.ts +0 -283
package/tests/registry/pseudo-tool-filtering.test.ts +0 -258
package/tests/registry/registration-lifecycle.test.ts +0 -133
package/tests/registry-validation.test.ts +0 -424
package/tests/registry.test.ts +0 -460
package/tests/security/dns-pinning.test.ts +0 -162
package/tests/security/external-content.test.ts +0 -144
package/tests/security/ssrf.test.ts +0 -118
package/tests/shell-safety-integration.test.ts +0 -32
package/tests/shell-safety.test.ts +0 -365
package/tests/slack/desktop-session.test.ts +0 -50
package/tests/test-lane-manifest.ts +0 -440
package/tests/test-utils.ts +0 -27
package/tests/tool-factory.test.ts +0 -188
package/tests/utils/retry.test.ts +0 -231
package/tests/utils/url.test.ts +0 -63
package/tsconfig.cjs.json +0 -24
package/tsconfig.json +0 -12
package/vitest.config.ts +0 -55
package/vitest.e2e.config.ts +0 -24
package/vitest.integration.config.ts +0 -24
package/vitest.native.config.ts +0 -24

package/tests/executors/shell-env-blocklist.test.ts DELETED Viewed

@@ -1,648 +0,0 @@
-/**
- * @aria/tools - Shell env var blocklist tests (C1 + I1)
- *
- * Verifies that dangerous environment variables are stripped from both
- * inputEnv and ctx.env before being passed to child processes.
- */
-import { describe, it, expect, beforeEach, afterEach } from "vitest";
-import * as fs from "node:fs/promises";
-import * as path from "node:path";
-import * as os from "node:os";
-import type { ToolContext } from "../../src/types.js";
-import { executeBash } from "../../src/executors/shell.js";
-// Uses realpath to resolve symlinks (e.g., /tmp -> /private/tmp on macOS)
-const createTempDir = async (): Promise<string> => {
-  const tempDir = await fs.mkdtemp(path.join(os.tmpdir(), "aria-blocklist-test-"));
-  return fs.realpath(tempDir);
-};
-const cleanupTempDir = async (dir: string): Promise<void> => {
-  await fs.rm(dir, { recursive: true, force: true });
-};
-const createContext = (workingDir: string, env: Record<string, string> = {}): ToolContext => ({
-  workingDir,
-  env,
-  confirm: async () => true,
-});
-/**
- * Complete list of all blocked environment variables.
- * Must stay in sync with BLOCKED_INPUT_ENV_VARS in shell.ts.
- */
-const ALL_BLOCKED_VARS = [
-  // Original blocklist
-  "LD_PRELOAD",
-  "LD_LIBRARY_PATH",
-  "DYLD_INSERT_LIBRARIES",
-  "DYLD_FRAMEWORK_PATH",
-  "DYLD_LIBRARY_PATH",
-  "BASH_ENV",
-  "ENV",
-  "CDPATH",
-  "GLOBIGNORE",
-  "PROMPT_COMMAND",
-  "SHELLOPTS",
-  "BASHOPTS",
-  // Git context hijacks
-  "GIT_DIR",
-  "GIT_WORK_TREE",
-  "GIT_INDEX_FILE",
-  "GIT_OBJECT_DIRECTORY",
-  "GIT_ALTERNATE_OBJECT_DIRECTORIES",
-  "GIT_COMMON_DIR",
-  "GIT_PREFIX",
-  "GIT_INTERNAL_SUPER_PREFIX",
-  "GIT_CONFIG",
-  "GIT_CONFIG_GLOBAL",
-  "GIT_CONFIG_SYSTEM",
-  "GIT_CONFIG_COUNT",
-  "GIT_CEILING_DIRECTORIES",
-  // Expanded blocklist (aria-mx5)
-  "PATH",
-  "NODE_OPTIONS",
-  "NODE_PATH",
-  "PYTHONPATH",
-  "IFS",
-  "HOME",
-  "SHELL",
-  "EDITOR",
-  "VISUAL",
-  // Java runtime hijacks (aria-skg)
-  "JAVA_TOOL_OPTIONS",
-  "_JAVA_OPTIONS",
-  "CLASSPATH",
-  // Ruby runtime hijacks (aria-skg)
-  "RUBYOPT",
-  "GEM_HOME",
-  "GEM_PATH",
-  // Perl runtime hijacks (aria-skg)
-  "PERL5OPT",
-  "PERL5LIB",
-  // Python startup hijack (aria-skg)
-  "PYTHONSTARTUP",
-];
-describe("Shell env var blocklist", () => {
-  let tempDir: string;
-  beforeEach(async () => {
-    tempDir = await createTempDir();
-  });
-  afterEach(async () => {
-    await cleanupTempDir(tempDir);
-  });
-  describe("inputEnv filtering", () => {
-    it("should strip LD_PRELOAD from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        { command: "echo LD_PRELOAD=$LD_PRELOAD", env: { LD_PRELOAD: "/evil/lib.so" } },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("LD_PRELOAD=");
-    });
-    it("should strip BASH_ENV from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        { command: "echo BASH_ENV=$BASH_ENV", env: { BASH_ENV: "/evil/script.sh" } },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("BASH_ENV=");
-    });
-    it("should strip indexed git config vars from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        {
-          command: "env | grep -Ec '^GIT_CONFIG_(KEY|VALUE)_0=' || true",
-          env: {
-            GIT_CONFIG_KEY_0: "core.bare",
-            GIT_CONFIG_VALUE_0: "true",
-          },
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-    it("should strip DYLD_INSERT_LIBRARIES from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        {
-          command: "echo DYLD=$DYLD_INSERT_LIBRARIES",
-          env: { DYLD_INSERT_LIBRARIES: "/evil/dylib.dylib" },
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("DYLD=");
-    });
-    it("should strip GIT_DIR from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        {
-          command: "echo GIT_DIR=$GIT_DIR",
-          env: { GIT_DIR: "/tmp/not-repo" },
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("GIT_DIR=");
-    });
-    it("should strip GIT_CONFIG_KEY_* prefix vars from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        {
-          command: "env | grep -c '^GIT_CONFIG_KEY_0=' || true",
-          env: {
-            GIT_CONFIG_COUNT: "1",
-            GIT_CONFIG_KEY_0: "user.name",
-            GIT_CONFIG_VALUE_0: "poisoned",
-          },
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-    it("should strip NODE_OPTIONS from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        {
-          command: "echo NODE_OPTIONS=$NODE_OPTIONS",
-          env: { NODE_OPTIONS: "--require /evil/payload.js" },
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("NODE_OPTIONS=");
-    });
-    it("should strip NODE_PATH from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      // NODE_PATH may be set by vitest in process.env, so check that the evil value is not present
-      const result = await executeBash(
-        {
-          command: "env | grep -c '^NODE_PATH=/evil/modules$' || true",
-          env: { NODE_PATH: "/evil/modules" },
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-    it("should strip PYTHONPATH from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        { command: "echo PYTHONPATH=$PYTHONPATH", env: { PYTHONPATH: "/evil/python" } },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("PYTHONPATH=");
-    });
-    it("should strip IFS from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash({ command: "echo IFS=$IFS", env: { IFS: "EVIL" } }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      // IFS is not set to "EVIL" — it should be whatever the shell default is
-      expect(data.stdout.trim()).not.toContain("EVIL");
-    });
-    it("should strip EDITOR from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        { command: "echo EDITOR=$EDITOR", env: { EDITOR: "/evil/editor" } },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).not.toContain("/evil/editor");
-    });
-    it("should strip VISUAL from inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        { command: "echo VISUAL=$VISUAL", env: { VISUAL: "/evil/visual" } },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).not.toContain("/evil/visual");
-    });
-    it("should handle case-insensitive blocking (lowercase)", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        { command: "echo $ld_preload", env: { ld_preload: "/evil/lib.so" } },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      // Variable should be stripped; output should be empty
-      expect(data.stdout.trim()).toBe("");
-    });
-    it("should handle case-insensitive blocking (mixed case)", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        { command: "echo $Bash_Env", env: { Bash_Env: "/evil/script.sh" } },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("");
-    });
-    it("should handle case-insensitive blocking for new vars (mixed case Node_Options)", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        { command: "echo $Node_Options", env: { Node_Options: "--require /evil/payload.js" } },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("");
-    });
-    it("should pass through non-blocked variables", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        { command: "echo $SAFE_VAR", env: { SAFE_VAR: "safe_value" } },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("safe_value");
-    });
-    it("should strip blocked vars while passing non-blocked vars simultaneously", async () => {
-      const ctx = createContext(tempDir);
-      const result = await executeBash(
-        {
-          command: 'echo "safe=$MY_SAFE ld=$LD_PRELOAD"',
-          env: {
-            MY_SAFE: "hello",
-            LD_PRELOAD: "/evil/lib.so",
-          },
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("safe=hello ld=");
-    });
-    it("should strip all known blocked variables from inputEnv", async () => {
-      const blockedVars: Record<string, string> = {};
-      for (const varName of ALL_BLOCKED_VARS) {
-        blockedVars[varName] = `evil_${varName.toLowerCase()}`;
-      }
-      // Add a canary that should survive
-      blockedVars["CANARY"] = "canary_value";
-      const ctx = createContext(tempDir);
-      const result = await executeBash({ command: "echo $CANARY", env: blockedVars }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      // The non-blocked CANARY should still be available
-      expect(data.stdout.trim()).toBe("canary_value");
-    });
-    it.each([
-      ["GIT_DIR", "/evil/.git"],
-      ["GIT_WORK_TREE", "/evil/worktree"],
-      ["GIT_CONFIG_GLOBAL", "/evil/gitconfig"],
-      ["PATH", "/evil/bin"],
-      ["NODE_OPTIONS", "--require /evil/payload.js"],
-      ["NODE_PATH", "/evil/node_modules"],
-      ["PYTHONPATH", "/evil/python"],
-      ["IFS", "EVIL"],
-      ["HOME", "/evil/home"],
-      ["SHELL", "/evil/shell"],
-      ["EDITOR", "/evil/editor"],
-      ["VISUAL", "/evil/visual"],
-      // Java (aria-skg)
-      ["JAVA_TOOL_OPTIONS", "-javaagent:/evil/agent.jar"],
-      ["_JAVA_OPTIONS", "-Xbootclasspath:/evil/boot.jar"],
-      ["CLASSPATH", "/evil/classes"],
-      // Ruby (aria-skg)
-      ["RUBYOPT", "-r/evil/payload"],
-      ["GEM_HOME", "/evil/gems"],
-      ["GEM_PATH", "/evil/gem_path"],
-      // Perl (aria-skg)
-      ["PERL5OPT", "-M/evil/module"],
-      ["PERL5LIB", "/evil/perl_lib"],
-      // Python (aria-skg)
-      ["PYTHONSTARTUP", "/evil/startup.py"],
-    ])("should strip %s from inputEnv (parametric)", async (varName, evilValue) => {
-      const ctx = createContext(tempDir);
-      // Use env command + grep to check if the variable is present in the child env
-      const result = await executeBash(
-        {
-          command: `env | grep -c '^${varName}=${evilValue.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}' || true`,
-          env: { [varName]: evilValue },
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      // grep -c should return 0 (no matches) — the evil value was not passed through
-      expect(data.stdout.trim()).toBe("0");
-    });
-  });
-  describe("ctx.env filtering (I1 fix)", () => {
-    it("should strip LD_PRELOAD from ctx.env", async () => {
-      const ctx = createContext(tempDir, { LD_PRELOAD: "/evil/lib.so" });
-      const result = await executeBash({ command: "echo LD_PRELOAD=$LD_PRELOAD" }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("LD_PRELOAD=");
-    });
-    it("should strip BASH_ENV from ctx.env", async () => {
-      const ctx = createContext(tempDir, { BASH_ENV: "/evil/script.sh" });
-      const result = await executeBash({ command: "echo BASH_ENV=$BASH_ENV" }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("BASH_ENV=");
-    });
-    it("should strip GIT_WORK_TREE from ctx.env", async () => {
-      const ctx = createContext(tempDir, { GIT_WORK_TREE: "/tmp/not-repo" });
-      const result = await executeBash({ command: "echo GIT_WORK_TREE=$GIT_WORK_TREE" }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("GIT_WORK_TREE=");
-    });
-    it("should strip indexed git config vars from ctx.env", async () => {
-      const ctx = createContext(tempDir, {
-        GIT_CONFIG_KEY_0: "core.bare",
-        GIT_CONFIG_VALUE_0: "true",
-      });
-      const result = await executeBash(
-        { command: "env | grep -Ec '^GIT_CONFIG_(KEY|VALUE)_0=' || true" },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-    it("should strip DYLD_INSERT_LIBRARIES from ctx.env", async () => {
-      const ctx = createContext(tempDir, { DYLD_INSERT_LIBRARIES: "/evil/dylib.dylib" });
-      const result = await executeBash({ command: "echo DYLD=$DYLD_INSERT_LIBRARIES" }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("DYLD=");
-    });
-    it("should strip NODE_OPTIONS from ctx.env", async () => {
-      const ctx = createContext(tempDir, { NODE_OPTIONS: "--require /evil/payload.js" });
-      const result = await executeBash({ command: "echo NODE_OPTIONS=$NODE_OPTIONS" }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("NODE_OPTIONS=");
-    });
-    it("should strip NODE_PATH from ctx.env", async () => {
-      const ctx = createContext(tempDir, { NODE_PATH: "/evil/modules" });
-      // NODE_PATH may be set by vitest in process.env, so check that the evil value is not present
-      const result = await executeBash(
-        { command: "env | grep -c '^NODE_PATH=/evil/modules$' || true" },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-    it("should strip PYTHONPATH from ctx.env", async () => {
-      const ctx = createContext(tempDir, { PYTHONPATH: "/evil/python" });
-      const result = await executeBash({ command: "echo PYTHONPATH=$PYTHONPATH" }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("PYTHONPATH=");
-    });
-    it("should strip HOME from ctx.env", async () => {
-      const ctx = createContext(tempDir, { HOME: "/evil/home" });
-      const result = await executeBash(
-        { command: "env | grep -c '^HOME=/evil/home' || true" },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-    it("should strip SHELL from ctx.env", async () => {
-      const ctx = createContext(tempDir, { SHELL: "/evil/shell" });
-      const result = await executeBash(
-        { command: "env | grep -c '^SHELL=/evil/shell' || true" },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-    it("should handle case-insensitive blocking on ctx.env", async () => {
-      const ctx = createContext(tempDir, { ld_preload: "/evil/lib.so" });
-      const result = await executeBash({ command: "echo $ld_preload" }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("");
-    });
-    it("should handle case-insensitive blocking on ctx.env for new vars", async () => {
-      const ctx = createContext(tempDir, { node_options: "--require /evil/payload.js" });
-      const result = await executeBash({ command: "echo $node_options" }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("");
-    });
-    it("should pass through non-blocked ctx.env variables", async () => {
-      const ctx = createContext(tempDir, {
-        SAFE_CTX_VAR: "ctx_safe_value",
-        LD_PRELOAD: "/evil/lib.so",
-      });
-      const result = await executeBash(
-        { command: 'echo "safe=$SAFE_CTX_VAR ld=$LD_PRELOAD"' },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("safe=ctx_safe_value ld=");
-    });
-    it.each([
-      ["GIT_DIR", "/evil/.git"],
-      ["GIT_WORK_TREE", "/evil/worktree"],
-      ["GIT_CONFIG_GLOBAL", "/evil/gitconfig"],
-      ["PATH", "/evil/bin"],
-      ["NODE_OPTIONS", "--require /evil/payload.js"],
-      ["NODE_PATH", "/evil/node_modules"],
-      ["PYTHONPATH", "/evil/python"],
-      ["IFS", "EVIL"],
-      ["HOME", "/evil/home"],
-      ["SHELL", "/evil/shell"],
-      ["EDITOR", "/evil/editor"],
-      ["VISUAL", "/evil/visual"],
-      // Java (aria-skg)
-      ["JAVA_TOOL_OPTIONS", "-javaagent:/evil/agent.jar"],
-      ["_JAVA_OPTIONS", "-Xbootclasspath:/evil/boot.jar"],
-      ["CLASSPATH", "/evil/classes"],
-      // Ruby (aria-skg)
-      ["RUBYOPT", "-r/evil/payload"],
-      ["GEM_HOME", "/evil/gems"],
-      ["GEM_PATH", "/evil/gem_path"],
-      // Perl (aria-skg)
-      ["PERL5OPT", "-M/evil/module"],
-      ["PERL5LIB", "/evil/perl_lib"],
-      // Python (aria-skg)
-      ["PYTHONSTARTUP", "/evil/startup.py"],
-    ])("should strip %s from ctx.env (parametric)", async (varName, evilValue) => {
-      const ctx = createContext(tempDir, { [varName]: evilValue });
-      const result = await executeBash(
-        {
-          command: `env | grep -c '^${varName}=${evilValue.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")}' || true`,
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-  });
-  describe("end-to-end: blocked vars not visible in child process", () => {
-    it("should not leak LD_PRELOAD to child process env via inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      // Use env command to dump all environment, then grep for LD_PRELOAD
-      const result = await executeBash(
-        {
-          command: "env | grep -c '^LD_PRELOAD=' || true",
-          env: { LD_PRELOAD: "/evil/lib.so" },
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      // grep -c should return 0 (no matches)
-      expect(data.stdout.trim()).toBe("0");
-    });
-    it("should not leak LD_PRELOAD to child process env via ctx.env", async () => {
-      const ctx = createContext(tempDir, { LD_PRELOAD: "/evil/lib.so" });
-      const result = await executeBash({ command: "env | grep -c '^LD_PRELOAD=' || true" }, ctx);
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-    it("should not leak any expanded blocklist vars via inputEnv", async () => {
-      const ctx = createContext(tempDir);
-      const evilEnv: Record<string, string> = {
-        NODE_OPTIONS: "--require /evil/payload.js",
-        NODE_PATH: "/evil/modules",
-        PYTHONPATH: "/evil/python",
-        EDITOR: "/evil/editor",
-        VISUAL: "/evil/visual",
-      };
-      const result = await executeBash(
-        {
-          command: ["env | grep -c '^NODE_OPTIONS=--require /evil' || true"].join("; "),
-          env: evilEnv,
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-    it("should not leak any expanded blocklist vars via ctx.env", async () => {
-      const ctx = createContext(tempDir, {
-        NODE_OPTIONS: "--require /evil/payload.js",
-        NODE_PATH: "/evil/modules",
-        PYTHONPATH: "/evil/python",
-        EDITOR: "/evil/editor",
-        VISUAL: "/evil/visual",
-      });
-      const result = await executeBash(
-        {
-          command: "env | grep -c '^NODE_OPTIONS=--require /evil' || true",
-        },
-        ctx,
-      );
-      expect(result.success).toBe(true);
-      const data = result.data as { stdout: string };
-      expect(data.stdout.trim()).toBe("0");
-    });
-  });
-});