@firstpick/pi-package-webui 0.3.7 → 0.3.9

package/index.ts

@@ -391,14 +391,25 @@ function commandLooksLikeWebui(command: string, options: StartWebuiOptions): boo
   return new RegExp(`(?:^|\\s)--port\\s+${escapedPort}(?:\\s|$)`).test(command);
 }
 
-async function findWebuiPidsByCommand(options: StartWebuiOptions): Promise<number[]> {
-  if (process.platform === "win32") return [];
+async function listProcessCommandLines(): Promise<string> {
+  if (process.platform === "win32") {
+    // tasklist has no command lines; CIM is the reliable way to find pi-webui.mjs --port matches.
+    const result = await runCommand(
+      "powershell.exe",
+      ["-NoProfile", "-NonInteractive", "-Command", 'Get-CimInstance Win32_Process | ForEach-Object { "$($_.ProcessId) $($_.CommandLine)" }'],
+      5_000,
+    );
+    return result.exitCode === 0 ? result.stdout : "";
+  }
   let result = await runCommand("ps", ["-Ao", "pid=,args="], 1_500);
   if (result.exitCode !== 0) result = await runCommand("ps", ["-eo", "pid=,args="], 1_500);
-  if (result.exitCode !== 0) return [];
+  return result.exitCode === 0 ? result.stdout : "";
+}
 
+async function findWebuiPidsByCommand(options: StartWebuiOptions): Promise<number[]> {
+  const processList = await listProcessCommandLines();
   const pids: number[] = [];
-  for (const line of result.stdout.split(/\r?\n/)) {
+  for (const line of processList.split(/\r?\n/)) {
     const match = line.match(/^\s*(\d+)\s+(.+)$/);
     if (!match) continue;
     const pid = Number.parseInt(match[1], 10);

package/lib/auth-actions.mjs

@@ -0,0 +1,81 @@
+import { AuthStorage, ModelRegistry } from "@earendil-works/pi-coding-agent";
+
+export function createAuthContext() {
+  const authStorage = AuthStorage.create();
+  const modelRegistry = ModelRegistry.create(authStorage);
+  return { authStorage, modelRegistry };
+}
+
+export function listLoginProviderOptions(modelRegistry) {
+  const authStorage = modelRegistry.authStorage;
+  const byId = new Map();
+  for (const provider of authStorage.getOAuthProviders()) {
+    byId.set(provider.id, {
+      id: provider.id,
+      name: provider.name,
+      authType: "oauth",
+      removable: authStorage.has(provider.id),
+      status: modelRegistry.getProviderAuthStatus(provider.id),
+    });
+  }
+  for (const model of modelRegistry.getAll()) {
+    if (byId.has(model.provider)) continue;
+    byId.set(model.provider, {
+      id: model.provider,
+      name: modelRegistry.getProviderDisplayName(model.provider),
+      authType: "api_key",
+      removable: authStorage.has(model.provider),
+      status: modelRegistry.getProviderAuthStatus(model.provider),
+    });
+  }
+  return [...byId.values()].sort((left, right) => left.name.localeCompare(right.name));
+}
+
+export function listLogoutProviderOptions(modelRegistry) {
+  const authStorage = modelRegistry.authStorage;
+  const options = [];
+  for (const providerId of authStorage.list()) {
+    const credential = authStorage.get(providerId);
+    if (!credential) continue;
+    options.push({
+      id: providerId,
+      name: modelRegistry.getProviderDisplayName(providerId),
+      authType: credential.type,
+      status: modelRegistry.getProviderAuthStatus(providerId),
+    });
+  }
+  return options.sort((left, right) => left.name.localeCompare(right.name));
+}
+
+export function authProvidersPayload(modelRegistry) {
+  const loginProviders = listLoginProviderOptions(modelRegistry);
+  const logoutProviders = listLogoutProviderOptions(modelRegistry);
+  return {
+    loginProviders,
+    logoutProviders,
+    storedProviderCount: logoutProviders.length,
+    browserLoginSupported: false,
+    guidance: [
+      "OAuth and API-key login flows still require the Pi TUI /login command.",
+      "Web UI logout only removes credentials stored in auth.json by /login.",
+      "Environment variables and models.json credentials are not removable from the Web UI.",
+    ].join("\n"),
+  };
+}
+
+export function logoutStoredProvider(modelRegistry, providerId) {
+  const id = String(providerId || "").trim();
+  if (!id) throw new Error("provider is required");
+  const authStorage = modelRegistry.authStorage;
+  if (!authStorage.has(id)) {
+    throw new Error(`No stored credentials found for provider: ${id}`);
+  }
+  const credential = authStorage.get(id);
+  authStorage.logout(id);
+  modelRegistry.refresh();
+  const name = modelRegistry.getProviderDisplayName(id);
+  const message = credential?.type === "oauth"
+    ? `Logged out of ${name}.`
+    : `Removed stored API key for ${name}. Environment variables and models.json config are unchanged.`;
+  return { provider: id, providerName: name, authType: credential?.type, message };
+}

package/lib/native-command-adapter.mjs

@@ -0,0 +1,220 @@
+import { evaluateTrustGuards, guardsForNativeCommand, isLocalRequest, trustBlockMessage } from "./trust-boundaries.mjs";
+
+export const NATIVE_COMMAND_STATUSES = new Set([
+  "succeeded",
+  "degraded",
+  "unavailable",
+  "confirmation_required",
+  "blocked",
+]);
+
+export const NATIVE_RESPONSE_LEVELS = new Set(["info", "warn", "error"]);
+export const NATIVE_REFRESH_TARGETS = new Set(["state", "tabs", "commands", "themes", "workspace"]);
+
+export function nativeParitySurfaces(matrix) {
+  return Array.isArray(matrix?.surfaces) ? matrix.surfaces : [];
+}
+
+export function nativeSlashCommandEntries(matrix) {
+  return nativeParitySurfaces(matrix)
+    .filter((surface) => surface?.kind === "slash-command")
+    .map((surface) => {
+      const name = String(surface.command?.name || surface.id || "").replace(/^\//, "").trim();
+      return {
+        name,
+        description: String(surface.command?.description || surface.title || `/${name}`),
+        source: "native",
+        location: "Pi",
+        nativeParity: {
+          status: surface.webStatus || "unsupported",
+          priority: surface.priority || "P2",
+          guards: Array.isArray(surface.guards) ? surface.guards : [],
+          sensitive: surface.sensitive === true,
+        },
+      };
+    })
+    .filter((command) => command.name);
+}
+
+export function nativeParitySurfaceForCommand(name, matrix) {
+  return nativeParitySurfaces(matrix).find((surface) => surface.kind === "slash-command" && surface.command?.name === name) || null;
+}
+
+export function parseSlashCommand(message, nativeSlashCommandNames) {
+  const allowed = nativeSlashCommandNames instanceof Set ? nativeSlashCommandNames : new Set(nativeSlashCommandNames || []);
+  const text = String(message || "").trim();
+  if (!text.startsWith("/") || text.includes("\n")) return undefined;
+  const match = text.match(/^\/([^\s]+)(?:\s+([\s\S]*))?$/);
+  if (!match) return undefined;
+  const name = match[1].toLowerCase();
+  if (!allowed.has(name)) return undefined;
+  return { name, args: (match[2] || "").trim(), text };
+}
+
+export function rpcSuccess(command, data = {}) {
+  return { type: "response", command, success: true, data };
+}
+
+function defaultStatusForSurface(surface) {
+  if (!surface) return "unavailable";
+  if (surface.webStatus === "implemented") return "succeeded";
+  if (surface.webStatus === "degraded") return "degraded";
+  return "unavailable";
+}
+
+function defaultLevelForStatus(status) {
+  if (status === "succeeded") return "info";
+  if (status === "confirmation_required") return "warn";
+  if (status === "blocked") return "error";
+  return "warn";
+}
+
+function normalizeCards(data = {}) {
+  const cards = [];
+  if (Array.isArray(data.cards)) {
+    for (const card of data.cards) {
+      if (!card || typeof card !== "object") continue;
+      const content = String(card.content || card.message || "").trim();
+      if (!content) continue;
+      cards.push({
+        kind: String(card.kind || "transcript"),
+        title: card.title ? String(card.title) : undefined,
+        content,
+        level: NATIVE_RESPONSE_LEVELS.has(card.level) ? card.level : "info",
+      });
+    }
+  }
+  if (!cards.length && data.message) {
+    cards.push({
+      kind: "transcript",
+      title: data.command ? `/${data.command}` : undefined,
+      content: String(data.message),
+      level: NATIVE_RESPONSE_LEVELS.has(data.level) ? data.level : defaultLevelForStatus(data.status),
+    });
+  }
+  return cards;
+}
+
+function normalizeToasts(data = {}) {
+  const toasts = [];
+  if (Array.isArray(data.toasts)) {
+    for (const toast of data.toasts) {
+      if (!toast || typeof toast !== "object") continue;
+      const message = String(toast.message || "").trim();
+      if (!message) continue;
+      toasts.push({
+        level: NATIVE_RESPONSE_LEVELS.has(toast.level) ? toast.level : "info",
+        message,
+      });
+    }
+  }
+  return toasts;
+}
+
+function normalizeWarnings(data = {}) {
+  const warnings = [];
+  if (Array.isArray(data.warnings)) {
+    for (const warning of data.warnings) if (warning) warnings.push(String(warning));
+  }
+  if (data.safetyRestriction) warnings.push(String(data.safetyRestriction));
+  return [...new Set(warnings.filter(Boolean))];
+}
+
+function normalizeRefresh(data = {}) {
+  const refresh = [];
+  if (Array.isArray(data.refresh)) {
+    for (const target of data.refresh) {
+      if (NATIVE_REFRESH_TARGETS.has(target)) refresh.push(target);
+    }
+  }
+  if (!refresh.length) {
+    if (data.tab) refresh.push("tabs");
+    if (data.result || data.copyText || data.download || data.serverPath) refresh.push("state");
+  }
+  return [...new Set(refresh)];
+}
+
+function nativeParityMeta(surface) {
+  if (!surface) return undefined;
+  return {
+    webStatus: surface.webStatus,
+    priority: surface.priority,
+    sensitive: surface.sensitive === true,
+    guards: Array.isArray(surface.guards) ? surface.guards : [],
+  };
+}
+
+export function nativeCommandResponse(command, data = {}, matrix) {
+  const surface = nativeParitySurfaceForCommand(command, matrix);
+  const status = NATIVE_COMMAND_STATUSES.has(data.status) ? data.status : defaultStatusForSurface(surface);
+  const level = NATIVE_RESPONSE_LEVELS.has(data.level) ? data.level : defaultLevelForStatus(status);
+  const cards = normalizeCards({ ...data, command, status, level });
+  const toasts = normalizeToasts(data);
+  const warnings = normalizeWarnings(data);
+  const refresh = normalizeRefresh(data);
+  const message = data.message || cards[0]?.content || "";
+
+  const payload = {
+    command,
+    status,
+    level,
+    message,
+    nativeParity: nativeParityMeta(surface),
+    cards,
+    toasts,
+    warnings,
+    refresh,
+  };
+
+  for (const [key, value] of Object.entries(data)) {
+    if (["status", "level", "message", "cards", "toasts", "warnings", "refresh"].includes(key)) continue;
+    if (value !== undefined) payload[key] = value;
+  }
+
+  return rpcSuccess("native_slash_command", payload);
+}
+
+export function nativeCommandUnavailable(command, details = {}, matrix) {
+  const surface = nativeParitySurfaceForCommand(command, matrix);
+  const guards = Array.isArray(surface?.guards) ? surface.guards.filter((guard) => guard !== "none") : [];
+  const reason = details.reason || surface?.currentBehavior || "This native Pi TUI command is not implemented in the Web UI yet.";
+  const nextActions = details.nextActions || [
+    surface?.targetBehavior ? `Planned Web UI behavior: ${surface.targetBehavior}` : "Use the Pi TUI for this command until Web UI parity is implemented.",
+  ];
+  return nativeCommandResponse(
+    command,
+    {
+      status: "unavailable",
+      level: "warn",
+      reason,
+      safetyRestriction: details.safetyRestriction || (guards.length ? `Guarded by: ${guards.join(", ")}.` : undefined),
+      nextActions,
+      message: details.message || [`/${command} is not available in the Web UI yet.`, reason, ...nextActions].filter(Boolean).join("\n"),
+      refresh: details.refresh,
+      ...details,
+    },
+    matrix,
+  );
+}
+
+export function nativeCommandBlocked(command, req, matrix, options = {}) {
+  const guards = guardsForNativeCommand(command, matrix);
+  const evaluation = evaluateTrustGuards(guards, {
+    isLocal: isLocalRequest(req),
+    confirmed: options.confirmed === true,
+    networkOpen: options.networkOpen === true,
+  });
+  return nativeCommandResponse(
+    command,
+    {
+      status: "blocked",
+      level: "error",
+      reason: trustBlockMessage(command, evaluation.blocked),
+      safetyRestriction: evaluation.blocked.length ? `Blocked guards: ${evaluation.blocked.join(", ")}.` : undefined,
+      warnings: evaluation.warnings,
+      message: trustBlockMessage(command, evaluation.blocked),
+      refresh: [],
+    },
+    matrix,
+  );
+}

package/lib/session-actions.mjs

@@ -0,0 +1,134 @@
+import { spawnSync } from "node:child_process";
+import { existsSync, realpathSync } from "node:fs";
+import { stat, unlink } from "node:fs/promises";
+import path from "node:path";
+import { SessionManager } from "@earendil-works/pi-coding-agent";
+
+const SESSION_DIR_BLOCK_MESSAGE = "sessionPath must stay inside the Pi session directory";
+
+export function normalizeSessionFilePath(value) {
+  const text = String(value || "").trim();
+  return text ? path.resolve(text) : "";
+}
+
+/** Resolve symlinks where possible so confinement checks compare canonical paths. */
+function canonicalSessionPath(value) {
+  const resolved = normalizeSessionFilePath(value);
+  if (!resolved) return "";
+  try {
+    return realpathSync(resolved);
+  } catch {
+    return resolved;
+  }
+}
+
+/** Empty/missing allowedDirs means no confinement is configured for this call. */
+export function isSessionPathAllowed(sessionPath, allowedDirs = []) {
+  const dirs = (allowedDirs || []).map((dir) => canonicalSessionPath(dir)).filter(Boolean);
+  if (!dirs.length) return true;
+  const target = canonicalSessionPath(sessionPath);
+  if (!target) return false;
+  return dirs.some((dir) => {
+    const relative = path.relative(dir, target);
+    return Boolean(relative) && !relative.startsWith("..") && !path.isAbsolute(relative);
+  });
+}
+
+export function collectOpenSessionFiles(tabs = []) {
+  const files = new Set();
+  for (const tab of tabs) {
+    for (const candidate of [tab?.lastState?.sessionFile, tab?.sessionFile]) {
+      const normalized = normalizeSessionFilePath(candidate);
+      if (normalized) files.add(normalized);
+    }
+  }
+  return files;
+}
+
+export function validateSessionDelete(sessionPath, { openSessionFiles, currentSessionFile, confirmed, allowedDirs } = {}) {
+  if (confirmed !== true) {
+    return {
+      allowed: false,
+      reason: "confirmation_required",
+      message: "Session delete requires explicit confirmation (confirmed: true).",
+    };
+  }
+
+  const target = normalizeSessionFilePath(sessionPath);
+  if (!target) {
+    return { allowed: false, reason: "invalid_path", message: "sessionPath is required" };
+  }
+  if (!target.endsWith(".jsonl")) {
+    return { allowed: false, reason: "invalid_path", message: "sessionPath must point to a .jsonl session file" };
+  }
+  if (!isSessionPathAllowed(target, allowedDirs)) {
+    return { allowed: false, reason: "outside_session_dir", message: SESSION_DIR_BLOCK_MESSAGE };
+  }
+  if (openSessionFiles?.has(target)) {
+    return {
+      allowed: false,
+      reason: "session_in_use",
+      message: "Cannot delete a session that is open in a Web UI tab. Close that tab first.",
+    };
+  }
+  const activePath = normalizeSessionFilePath(currentSessionFile);
+  if (activePath && activePath === target) {
+    return {
+      allowed: false,
+      reason: "active_session",
+      message: "Cannot delete the active session for this tab. Switch to another session first.",
+    };
+  }
+  return { allowed: true, sessionPath: target };
+}
+
+export async function renameSessionMetadata(sessionPath, name, sessionDir, { allowedDirs } = {}) {
+  const trimmed = String(name || "").trim();
+  if (!trimmed) throw new Error("name is required");
+  const targetPath = normalizeSessionFilePath(sessionPath);
+  if (!targetPath.endsWith(".jsonl")) throw new Error("sessionPath must point to a .jsonl session file");
+  if (!isSessionPathAllowed(targetPath, allowedDirs)) throw new Error(SESSION_DIR_BLOCK_MESSAGE);
+  const targetStats = await stat(targetPath).catch(() => null);
+  if (!targetStats?.isFile()) throw new Error(`Session file not found: ${targetPath}`);
+
+  const manager = SessionManager.open(targetPath, sessionDir);
+  const previousName = manager.getSessionName();
+  const entryId = manager.appendSessionInfo(trimmed);
+  return {
+    sessionPath: manager.getSessionFile() || targetPath,
+    name: trimmed,
+    entryId,
+    previousName,
+  };
+}
+
+export async function deleteSessionFile(sessionPath, { allowedDirs } = {}) {
+  const targetPath = normalizeSessionFilePath(sessionPath);
+  if (!targetPath) throw new Error("sessionPath is required");
+  if (!isSessionPathAllowed(targetPath, allowedDirs)) throw new Error(SESSION_DIR_BLOCK_MESSAGE);
+  const targetStats = await stat(targetPath).catch(() => null);
+  if (!targetStats?.isFile()) throw new Error(`Session file not found: ${targetPath}`);
+
+  const trashArgs = targetPath.startsWith("-") ? ["--", targetPath] : [targetPath];
+  const trashResult = spawnSync("trash", trashArgs, { encoding: "utf8" });
+  const trashHint = () => {
+    const parts = [];
+    if (trashResult.error) parts.push(trashResult.error.message);
+    const stderr = String(trashResult.stderr || "").trim();
+    if (stderr) parts.push(stderr.split("\n")[0] || stderr);
+    return parts.length ? `trash: ${parts.join(" · ").slice(0, 200)}` : "";
+  };
+
+  if (trashResult.status === 0 || !existsSync(targetPath)) {
+    return { sessionPath: targetPath, method: "trash" };
+  }
+
+  try {
+    await unlink(targetPath);
+    return { sessionPath: targetPath, method: "unlink" };
+  } catch (error) {
+    const unlinkError = error instanceof Error ? error.message : String(error);
+    const hint = trashHint();
+    throw new Error(hint ? `${unlinkError} (${hint})` : unlinkError);
+  }
+}

package/lib/temp-artifacts.mjs

@@ -0,0 +1,34 @@
+import { readdir, rm, stat } from "node:fs/promises";
+import path from "node:path";
+
+/**
+ * Remove direct children (files or directories) of dir whose mtime is older
+ * than ttlMs. Used to reclaim pi-webui upload/native-export temp artifacts;
+ * a missing dir or racing removals are not errors.
+ *
+ * @returns {Promise<string[]>} absolute paths that were removed
+ */
+export async function sweepStaleTempEntries(dir, { ttlMs, now = Date.now() } = {}) {
+  const removed = [];
+  if (!Number.isFinite(ttlMs) || ttlMs < 0) return removed;
+
+  let entries;
+  try {
+    entries = await readdir(dir);
+  } catch {
+    return removed;
+  }
+
+  for (const name of entries) {
+    const entryPath = path.join(dir, name);
+    try {
+      const stats = await stat(entryPath);
+      if (now - stats.mtimeMs <= ttlMs) continue;
+      await rm(entryPath, { recursive: true, force: true });
+      removed.push(entryPath);
+    } catch {
+      // Entry vanished mid-sweep or is not removable; leave it for the next pass.
+    }
+  }
+  return removed;
+}

package/lib/trust-boundaries.mjs

@@ -0,0 +1,141 @@
+export const TRUST_GUARD_TYPES = new Set([
+  "none",
+  "confirmation",
+  "localhost",
+  "trusted-context",
+  "feature-flag",
+  "upstream-rpc",
+  "read-only",
+]);
+
+/** HTTP POST routes that mutate server state and require a localhost client. */
+export const LOCALHOST_ONLY_POST_ROUTES = new Map([
+  ["/api/network/open", "Opening to the network is only allowed from localhost"],
+  ["/api/network/close", "Closing network access is only allowed from localhost"],
+  ["/api/restart", "Restart is only allowed from localhost"],
+  ["/api/update", "Updating Pi from the Web UI is only allowed from localhost"],
+  ["/api/shutdown", "Shutdown is only allowed from localhost"],
+  ["/api/optional-feature-install", "Installing optional Web UI features is only allowed from localhost"],
+  ["/api/skill-file", "Saving skill files is only allowed from localhost"],
+  ["/api/session-delete", "Deleting sessions is only allowed from localhost"],
+  ["/api/auth-logout", "Removing stored provider credentials is only allowed from localhost"],
+]);
+
+export const REMOTE_SHELL_WARNING =
+  "This Web UI client is not on localhost. Shell commands run on the server as the Web UI process user.";
+
+/** Guards enforced before native slash commands run; confirmation stays handler-specific. */
+export const DISPATCH_TRUST_GUARDS = new Set(["localhost", "trusted-context"]);
+
+export function isLocalAddress(address = "") {
+  const normalized = String(address || "").trim().toLowerCase();
+  if (!normalized) return false;
+  if (normalized === "::1" || normalized === "localhost") return true;
+  if (normalized.startsWith("127.")) return true;
+  if (normalized.startsWith("::ffff:127.")) return true;
+  return normalized === "::ffff:127.0.0.1";
+}
+
+export function isLocalRequest(req) {
+  return isLocalAddress(req?.socket?.remoteAddress);
+}
+
+export function makeTrustError(statusCode, message, details = {}) {
+  const error = new Error(message);
+  error.statusCode = statusCode;
+  error.trust = details;
+  return error;
+}
+
+export function requireLocalhost(req, message = "This action is only allowed from localhost") {
+  if (!isLocalRequest(req)) throw makeTrustError(403, message, { guard: "localhost" });
+}
+
+export function requireLocalhostRoute(req, pathname) {
+  const message = LOCALHOST_ONLY_POST_ROUTES.get(pathname);
+  if (message) requireLocalhost(req, message);
+}
+
+export function nativeParitySurfaces(matrix) {
+  return Array.isArray(matrix?.surfaces) ? matrix.surfaces : [];
+}
+
+export function guardsForNativeCommand(commandName, matrix) {
+  const surface = nativeParitySurfaces(matrix).find(
+    (item) => item?.kind === "slash-command" && item.command?.name === commandName,
+  );
+  return Array.isArray(surface?.guards) ? surface.guards : ["none"];
+}
+
+export function evaluateDispatchTrustGuards(guards, context = {}) {
+  const relevant = (guards || []).filter((guard) => DISPATCH_TRUST_GUARDS.has(guard));
+  if (!relevant.length) return { allowed: true, blocked: [], warnings: [] };
+  return evaluateTrustGuards(relevant, context);
+}
+
+export function evaluateTrustGuards(guards, context = {}) {
+  const blocked = [];
+  const warnings = [];
+  const isLocal = context.isLocal === true;
+  const confirmed = context.confirmed === true;
+  const networkOpen = context.networkOpen === true;
+
+  for (const guard of guards || []) {
+    if (!TRUST_GUARD_TYPES.has(guard)) continue;
+    switch (guard) {
+      case "none":
+      case "read-only":
+      case "upstream-rpc":
+      case "feature-flag":
+        break;
+      case "localhost":
+        if (!isLocal) blocked.push(guard);
+        break;
+      case "trusted-context":
+        if (!isLocal) blocked.push(guard);
+        break;
+      case "confirmation":
+        if (!confirmed) blocked.push(guard);
+        break;
+      default:
+        break;
+    }
+  }
+
+  if (!isLocal && networkOpen && (guards || []).some((guard) => guard === "trusted-context" || guard === "localhost")) {
+    warnings.push(REMOTE_SHELL_WARNING);
+  }
+
+  return { allowed: blocked.length === 0, blocked, warnings };
+}
+
+export function trustBlockMessage(commandName, blockedGuards = []) {
+  if (blockedGuards.includes("localhost") || blockedGuards.includes("trusted-context")) {
+    return `/${commandName} is blocked for non-localhost browser clients. Connect via localhost or use the Pi TUI.`;
+  }
+  if (blockedGuards.includes("confirmation")) {
+    return `/${commandName} requires explicit confirmation before it can run from the Web UI.`;
+  }
+  return `/${commandName} is blocked by Web UI trust policy.`;
+}
+
+export function assertNativeCommandTrust(req, commandName, matrix, options = {}) {
+  const guards = guardsForNativeCommand(commandName, matrix);
+  const evaluation = evaluateDispatchTrustGuards(guards, {
+    isLocal: isLocalRequest(req),
+    confirmed: options.confirmed === true,
+    networkOpen: options.networkOpen === true,
+  });
+  if (evaluation.allowed) return evaluation;
+  throw makeTrustError(403, trustBlockMessage(commandName, evaluation.blocked), {
+    guard: evaluation.blocked[0],
+    command: commandName,
+    blocked: evaluation.blocked,
+    warnings: evaluation.warnings,
+  });
+}
+
+export function remoteShellTrustWarning(req, networkOpen = false) {
+  if (isLocalRequest(req) || !networkOpen) return undefined;
+  return REMOTE_SHELL_WARNING;
+}