npm - @google/gemini-cli-core - Versions diffs - 0.39.0-preview.2 → 0.40.0-preview.0 - Mend

@google/gemini-cli-core 0.39.0-preview.2 → 0.40.0-preview.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (259) hide show

package/dist/docs/changelogs/index.md +21 -0
package/dist/docs/changelogs/latest.md +253 -407
package/dist/docs/changelogs/preview.md +236 -247
package/dist/docs/cli/auto-memory.md +143 -0
package/dist/docs/cli/enterprise.md +1 -1
package/dist/docs/cli/plan-mode.md +3 -1
package/dist/docs/cli/settings.md +29 -25
package/dist/docs/cli/system-prompt.md +6 -6
package/dist/docs/cli/telemetry.md +18 -11
package/dist/docs/cli/tutorials/memory-management.md +2 -0
package/dist/docs/get-started/{authentication.md → authentication.mdx} +139 -93
package/dist/docs/get-started/index.md +3 -2
package/dist/docs/get-started/installation.mdx +201 -0
package/dist/docs/index.md +2 -2
package/dist/docs/reference/configuration.md +88 -12
package/dist/docs/reference/policy-engine.md +18 -12
package/dist/docs/reference/tools.md +22 -0
package/dist/docs/sidebar.json +13 -1
package/dist/docs/tools/mcp-resources.md +44 -0
package/dist/docs/tools/mcp-server.md +2 -1
package/dist/docs/tools/tracker.md +61 -0
package/dist/src/agents/agent-tool.js +1 -0
package/dist/src/agents/agent-tool.js.map +1 -1
package/dist/src/agents/agentLoader.d.ts +4 -4
package/dist/src/agents/generalist-agent.js +3 -2
package/dist/src/agents/generalist-agent.js.map +1 -1
package/dist/src/agents/local-executor.js +4 -1
package/dist/src/agents/local-executor.js.map +1 -1
package/dist/src/agents/registry.js +0 -8
package/dist/src/agents/registry.js.map +1 -1
package/dist/src/agents/skill-extraction-agent.d.ts +3 -2
package/dist/src/agents/skill-extraction-agent.js +72 -67
package/dist/src/agents/skill-extraction-agent.js.map +1 -1
package/dist/src/agents/skill-extraction-agent.test.js +54 -0
package/dist/src/agents/skill-extraction-agent.test.js.map +1 -0
package/dist/src/config/config.d.ts +21 -6
package/dist/src/config/config.js +103 -19
package/dist/src/config/config.js.map +1 -1
package/dist/src/config/config.test.js +262 -6
package/dist/src/config/config.test.js.map +1 -1
package/dist/src/config/constants.d.ts +1 -0
package/dist/src/config/constants.js +2 -0
package/dist/src/config/constants.js.map +1 -1
package/dist/src/config/memory.js +1 -1
package/dist/src/config/memory.js.map +1 -1
package/dist/src/config/path-validation.test.js +15 -6
package/dist/src/config/path-validation.test.js.map +1 -1
package/dist/src/config/projectRegistry.js +113 -32
package/dist/src/config/projectRegistry.js.map +1 -1
package/dist/src/config/projectRegistry.test.js +51 -0
package/dist/src/config/projectRegistry.test.js.map +1 -1
package/dist/src/config/storage.d.ts +3 -1
package/dist/src/config/storage.js +6 -0
package/dist/src/config/storage.js.map +1 -1
package/dist/src/config/storage.test.js +12 -0
package/dist/src/config/storage.test.js.map +1 -1
package/dist/src/core/contentGenerator.d.ts +8 -1
package/dist/src/core/contentGenerator.js +46 -4
package/dist/src/core/contentGenerator.js.map +1 -1
package/dist/src/core/contentGenerator.test.js +174 -8
package/dist/src/core/contentGenerator.test.js.map +1 -1
package/dist/src/core/geminiChat.test.js +1 -0
package/dist/src/core/geminiChat.test.js.map +1 -1
package/dist/src/core/geminiChat_network_retry.test.js +42 -0
package/dist/src/core/geminiChat_network_retry.test.js.map +1 -1
package/dist/src/core/localLiteRtLmClient.js +2 -0
package/dist/src/core/localLiteRtLmClient.js.map +1 -1
package/dist/src/core/localLiteRtLmClient.test.js +7 -0
package/dist/src/core/localLiteRtLmClient.test.js.map +1 -1
package/dist/src/core/loggingContentGenerator.js +3 -0
package/dist/src/core/loggingContentGenerator.js.map +1 -1
package/dist/src/core/loggingContentGenerator.test.js +1 -0
package/dist/src/core/loggingContentGenerator.test.js.map +1 -1
package/dist/src/core/prompts.d.ts +1 -1
package/dist/src/core/prompts.js +2 -2
package/dist/src/core/prompts.js.map +1 -1
package/dist/src/core/prompts.test.js +2 -2
package/dist/src/core/prompts.test.js.map +1 -1
package/dist/src/generated/git-commit.d.ts +2 -2
package/dist/src/generated/git-commit.js +2 -2
package/dist/src/ide/ide-client.js +3 -4
package/dist/src/ide/ide-client.js.map +1 -1
package/dist/src/policy/policies/read-only.toml +4 -1
package/dist/src/policy/policy-engine.js +4 -0
package/dist/src/policy/policy-engine.js.map +1 -1
package/dist/src/policy/policy-engine.test.js +25 -0
package/dist/src/policy/policy-engine.test.js.map +1 -1
package/dist/src/policy/toml-loader.test.js +5 -0
package/dist/src/policy/toml-loader.test.js.map +1 -1
package/dist/src/prompts/promptProvider.d.ts +1 -1
package/dist/src/prompts/promptProvider.js +15 -7
package/dist/src/prompts/promptProvider.js.map +1 -1
package/dist/src/prompts/promptProvider.test.js +31 -1
package/dist/src/prompts/promptProvider.test.js.map +1 -1
package/dist/src/prompts/snippets-memory-v2.test.js +94 -0
package/dist/src/prompts/snippets-memory-v2.test.js.map +1 -0
package/dist/src/prompts/snippets.d.ts +19 -1
package/dist/src/prompts/snippets.js +24 -3
package/dist/src/prompts/snippets.js.map +1 -1
package/dist/src/prompts/snippets.legacy.d.ts +6 -1
package/dist/src/prompts/snippets.legacy.js +10 -3
package/dist/src/prompts/snippets.legacy.js.map +1 -1
package/dist/src/sandbox/linux/LinuxSandboxManager.js +16 -2
package/dist/src/sandbox/linux/LinuxSandboxManager.js.map +1 -1
package/dist/src/sandbox/linux/bwrapArgsBuilder.js +64 -36
package/dist/src/sandbox/linux/bwrapArgsBuilder.js.map +1 -1
package/dist/src/sandbox/linux/bwrapArgsBuilder.test.js +3 -3
package/dist/src/sandbox/linux/bwrapArgsBuilder.test.js.map +1 -1
package/dist/src/sandbox/macos/MacOsSandboxManager.js +13 -1
package/dist/src/sandbox/macos/MacOsSandboxManager.js.map +1 -1
package/dist/src/sandbox/macos/seatbeltArgsBuilder.js +61 -42
package/dist/src/sandbox/macos/seatbeltArgsBuilder.js.map +1 -1
package/dist/src/sandbox/windows/WindowsSandboxManager.js +12 -1
package/dist/src/sandbox/windows/WindowsSandboxManager.js.map +1 -1
package/dist/src/scheduler/policy.js +1 -2
package/dist/src/scheduler/policy.js.map +1 -1
package/dist/src/scheduler/policy.test.js +35 -2
package/dist/src/scheduler/policy.test.js.map +1 -1
package/dist/src/scheduler/scheduler.js +1 -0
package/dist/src/scheduler/scheduler.js.map +1 -1
package/dist/src/scheduler/scheduler.test.js +2 -0
package/dist/src/scheduler/scheduler.test.js.map +1 -1
package/dist/src/scheduler/scheduler_hooks.test.js +1 -0
package/dist/src/scheduler/scheduler_hooks.test.js.map +1 -1
package/dist/src/scheduler/scheduler_parallel.test.js +1 -0
package/dist/src/scheduler/scheduler_parallel.test.js.map +1 -1
package/dist/src/scheduler/tool-executor.js +1 -0
package/dist/src/scheduler/tool-executor.js.map +1 -1
package/dist/src/services/chatRecordingService.d.ts +1 -0
package/dist/src/services/chatRecordingService.js +48 -19
package/dist/src/services/chatRecordingService.js.map +1 -1
package/dist/src/services/memoryService.d.ts +15 -1
package/dist/src/services/memoryService.js +276 -57
package/dist/src/services/memoryService.js.map +1 -1
package/dist/src/services/memoryService.test.js +296 -2
package/dist/src/services/memoryService.test.js.map +1 -1
package/dist/src/services/sandboxManager.integration.test.js +204 -0
package/dist/src/services/sandboxManager.integration.test.js.map +1 -1
package/dist/src/services/sandboxManager.js +16 -0
package/dist/src/services/sandboxManager.js.map +1 -1
package/dist/src/services/sessionSummaryUtils.d.ts +1 -1
package/dist/src/services/sessionSummaryUtils.js +111 -38
package/dist/src/services/sessionSummaryUtils.js.map +1 -1
package/dist/src/services/sessionSummaryUtils.test.js +204 -51
package/dist/src/services/sessionSummaryUtils.test.js.map +1 -1
package/dist/src/services/shellExecutionService.js +7 -1
package/dist/src/services/shellExecutionService.js.map +1 -1
package/dist/src/telemetry/config.js +3 -0
package/dist/src/telemetry/config.js.map +1 -1
package/dist/src/telemetry/conseca-logger.test.js +1 -0
package/dist/src/telemetry/conseca-logger.test.js.map +1 -1
package/dist/src/telemetry/loggers.test.js +72 -4
package/dist/src/telemetry/loggers.test.js.map +1 -1
package/dist/src/telemetry/memory-monitor.d.ts +1 -0
package/dist/src/telemetry/memory-monitor.js +8 -1
package/dist/src/telemetry/memory-monitor.js.map +1 -1
package/dist/src/telemetry/memory-monitor.test.js +6 -1
package/dist/src/telemetry/memory-monitor.test.js.map +1 -1
package/dist/src/telemetry/trace.d.ts +1 -0
package/dist/src/telemetry/trace.js +33 -13
package/dist/src/telemetry/trace.js.map +1 -1
package/dist/src/telemetry/trace.test.js +50 -10
package/dist/src/telemetry/trace.test.js.map +1 -1
package/dist/src/telemetry/types.js +11 -4
package/dist/src/telemetry/types.js.map +1 -1
package/dist/src/tools/definitions/base-declarations.d.ts +2 -0
package/dist/src/tools/definitions/base-declarations.js +3 -0
package/dist/src/tools/definitions/base-declarations.js.map +1 -1
package/dist/src/tools/definitions/coreTools.d.ts +3 -1
package/dist/src/tools/definitions/coreTools.js +13 -1
package/dist/src/tools/definitions/coreTools.js.map +1 -1
package/dist/src/tools/definitions/model-family-sets/default-legacy.js +29 -1
package/dist/src/tools/definitions/model-family-sets/default-legacy.js.map +1 -1
package/dist/src/tools/definitions/model-family-sets/gemini-3.js +29 -1
package/dist/src/tools/definitions/model-family-sets/gemini-3.js.map +1 -1
package/dist/src/tools/definitions/types.d.ts +2 -0
package/dist/src/tools/get-internal-docs.js +5 -2
package/dist/src/tools/get-internal-docs.js.map +1 -1
package/dist/src/tools/list-mcp-resources.d.ts +24 -0
package/dist/src/tools/list-mcp-resources.js +74 -0
package/dist/src/tools/list-mcp-resources.js.map +1 -0
package/dist/src/tools/list-mcp-resources.test.d.ts +6 -0
package/dist/src/tools/list-mcp-resources.test.js +79 -0
package/dist/src/tools/list-mcp-resources.test.js.map +1 -0
package/dist/src/tools/mcp-client-manager.d.ts +3 -1
package/dist/src/tools/mcp-client-manager.js +24 -1
package/dist/src/tools/mcp-client-manager.js.map +1 -1
package/dist/src/tools/mcp-client-manager.test.js +43 -0
package/dist/src/tools/mcp-client-manager.test.js.map +1 -1
package/dist/src/tools/memoryTool.d.ts +2 -1
package/dist/src/tools/memoryTool.js +42 -13
package/dist/src/tools/memoryTool.js.map +1 -1
package/dist/src/tools/memoryTool.test.js +23 -3
package/dist/src/tools/memoryTool.test.js.map +1 -1
package/dist/src/tools/read-mcp-resource.d.ts +25 -0
package/dist/src/tools/read-mcp-resource.js +120 -0
package/dist/src/tools/read-mcp-resource.js.map +1 -0
package/dist/src/tools/read-mcp-resource.test.d.ts +6 -0
package/dist/src/tools/read-mcp-resource.test.js +110 -0
package/dist/src/tools/read-mcp-resource.test.js.map +1 -0
package/dist/src/tools/ripGrep.d.ts +3 -2
package/dist/src/tools/ripGrep.js +25 -54
package/dist/src/tools/ripGrep.js.map +1 -1
package/dist/src/tools/ripGrep.test.js +73 -131
package/dist/src/tools/ripGrep.test.js.map +1 -1
package/dist/src/tools/shell.js +38 -12
package/dist/src/tools/shell.js.map +1 -1
package/dist/src/tools/shell.test.js +410 -25
package/dist/src/tools/shell.test.js.map +1 -1
package/dist/src/tools/tool-error.d.ts +1 -0
package/dist/src/tools/tool-error.js +1 -0
package/dist/src/tools/tool-error.js.map +1 -1
package/dist/src/tools/tool-names.d.ts +4 -4
package/dist/src/tools/tool-names.js +6 -2
package/dist/src/tools/tool-names.js.map +1 -1
package/dist/src/tools/tool-registry.js +8 -1
package/dist/src/tools/tool-registry.js.map +1 -1
package/dist/src/utils/filesearch/fileSearch.d.ts +2 -0
package/dist/src/utils/filesearch/fileSearch.js +97 -6
package/dist/src/utils/filesearch/fileSearch.js.map +1 -1
package/dist/src/utils/filesearch/fileSearch.test.js +54 -0
package/dist/src/utils/filesearch/fileSearch.test.js.map +1 -1
package/dist/src/utils/filesearch/fileWatcher.d.ts +25 -0
package/dist/src/utils/filesearch/fileWatcher.js +86 -0
package/dist/src/utils/filesearch/fileWatcher.js.map +1 -0
package/dist/src/utils/filesearch/fileWatcher.test.d.ts +6 -0
package/dist/src/utils/filesearch/fileWatcher.test.js +142 -0
package/dist/src/utils/filesearch/fileWatcher.test.js.map +1 -0
package/dist/src/utils/gitIgnoreParser.js +1 -1
package/dist/src/utils/gitIgnoreParser.js.map +1 -1
package/dist/src/utils/ignoreFileParser.js +1 -1
package/dist/src/utils/ignoreFileParser.js.map +1 -1
package/dist/src/utils/memoryDiscovery.js +15 -5
package/dist/src/utils/memoryDiscovery.js.map +1 -1
package/dist/src/utils/retry.js +18 -6
package/dist/src/utils/retry.js.map +1 -1
package/dist/src/utils/retry.test.js +30 -0
package/dist/src/utils/retry.test.js.map +1 -1
package/dist/src/utils/shell-utils.d.ts +1 -0
package/dist/src/utils/shell-utils.js +106 -0
package/dist/src/utils/shell-utils.js.map +1 -1
package/dist/tsconfig.tsbuildinfo +1 -1
package/package.json +5 -3
package/vendor/ripgrep/rg-darwin-arm64 +0 -0
package/vendor/ripgrep/rg-darwin-x64 +0 -0
package/vendor/ripgrep/rg-linux-arm64 +0 -0
package/vendor/ripgrep/rg-linux-x64 +0 -0
package/vendor/ripgrep/rg-win32-x64.exe +0 -0
package/dist/docs/get-started/installation.md +0 -181
package/dist/google-gemini-cli-core-0.39.0-preview.1.tgz +0 -0
package/dist/src/agents/memory-manager-agent.d.ts +0 -25
package/dist/src/agents/memory-manager-agent.js +0 -138
package/dist/src/agents/memory-manager-agent.js.map +0 -1
package/dist/src/agents/memory-manager-agent.test.js +0 -123
package/dist/src/agents/memory-manager-agent.test.js.map +0 -1
package/dist/src/prompts/snippets-memory-manager.test.js +0 -31
package/dist/src/prompts/snippets-memory-manager.test.js.map +0 -1
/package/dist/src/agents/{memory-manager-agent.test.d.ts → skill-extraction-agent.test.d.ts} +0 -0
/package/dist/src/prompts/{snippets-memory-manager.test.d.ts → snippets-memory-v2.test.d.ts} +0 -0

package/dist/src/tools/shell.test.js CHANGED Viewed

@@ -61,6 +61,7 @@ describe('ShellTool', () => {
     let mockShellOutputCallback;
     let resolveExecutionPromise;
     let tempRootDir;
+    let extractedTmpFile;
     beforeEach(() => {
         vi.clearAllMocks();
         tempRootDir = fs.mkdtempSync(path.join(os.tmpdir(), 'shell-test-'));
@@ -146,9 +147,14 @@ describe('ShellTool', () => {
         vi.mocked(crypto.randomBytes).mockReturnValue(Buffer.from('abcdef', 'hex'));
         process.env['ComSpec'] =
             'C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe';
+        extractedTmpFile = '';
         // Capture the output callback to simulate streaming events from the service
-        mockShellExecutionService.mockImplementation((_cmd, _cwd, callback) => {
+        mockShellExecutionService.mockImplementation((cmd, _cwd, callback) => {
             mockShellOutputCallback = callback;
+            const match = cmd.match(/pgrep -g 0 >([^ ]+)/);
+            if (match) {
+                extractedTmpFile = match[1].replace(/['"]/g, '');
+            }
             return {
                 pid: 12345,
                 result: new Promise((resolve) => {
@@ -227,38 +233,32 @@ describe('ShellTool', () => {
         it('should wrap command on linux and parse pgrep output', async () => {
             const invocation = shellTool.build({ command: 'my-command &' });
             const promise = invocation.execute({ abortSignal: mockAbortSignal });
-            resolveShellExecution({ pid: 54321 });
             // Simulate pgrep output file creation by the shell command
-            const tmpFile = path.join(os.tmpdir(), 'shell_pgrep_abcdef.tmp');
-            fs.writeFileSync(tmpFile, `54321${os.EOL}54322${os.EOL}`);
+            fs.writeFileSync(extractedTmpFile, `54321${os.EOL}54322${os.EOL}`);
+            resolveShellExecution({ pid: 54321 });
             const result = await promise;
-            const wrappedCommand = `(\n${'my-command &'}\n); __code=$?; pgrep -g 0 >${tmpFile} 2>&1; exit $__code;`;
-            expect(mockShellExecutionService).toHaveBeenCalledWith(wrappedCommand, tempRootDir, expect.any(Function), expect.any(AbortSignal), false, expect.objectContaining({
+            expect(mockShellExecutionService).toHaveBeenCalledWith(expect.stringMatching(/pgrep -g 0 >.*gemini-shell-.*[/\\]pgrep\.tmp/), tempRootDir, expect.any(Function), expect.any(AbortSignal), false, expect.objectContaining({
                 pager: 'cat',
                 sanitizationConfig: {},
                 sandboxManager: expect.any(Object),
             }));
             expect(result.llmContent).toContain('Background PIDs: 54322');
             // The file should be deleted by the tool
-            expect(fs.existsSync(tmpFile)).toBe(false);
+            expect(fs.existsSync(extractedTmpFile)).toBe(false);
         });
         it('should add a space when command ends with a backslash to prevent escaping newline', async () => {
             const invocation = shellTool.build({ command: 'ls\\' });
             const promise = invocation.execute({ abortSignal: mockAbortSignal });
             resolveShellExecution();
             await promise;
-            const tmpFile = path.join(os.tmpdir(), 'shell_pgrep_abcdef.tmp');
-            const wrappedCommand = `(\nls\\ \n); __code=$?; pgrep -g 0 >${tmpFile} 2>&1; exit $__code;`;
-            expect(mockShellExecutionService).toHaveBeenCalledWith(wrappedCommand, tempRootDir, expect.any(Function), expect.any(AbortSignal), false, expect.any(Object));
+            expect(mockShellExecutionService).toHaveBeenCalledWith(expect.stringMatching(/pgrep -g 0 >.*gemini-shell-.*[/\\]pgrep\.tmp/), tempRootDir, expect.any(Function), expect.any(AbortSignal), false, expect.any(Object));
         });
         it('should handle trailing comments correctly by placing them on their own line', async () => {
             const invocation = shellTool.build({ command: 'ls # comment' });
             const promise = invocation.execute({ abortSignal: mockAbortSignal });
             resolveShellExecution();
             await promise;
-            const tmpFile = path.join(os.tmpdir(), 'shell_pgrep_abcdef.tmp');
-            const wrappedCommand = `(\nls # comment\n); __code=$?; pgrep -g 0 >${tmpFile} 2>&1; exit $__code;`;
-            expect(mockShellExecutionService).toHaveBeenCalledWith(wrappedCommand, tempRootDir, expect.any(Function), expect.any(AbortSignal), false, expect.any(Object));
+            expect(mockShellExecutionService).toHaveBeenCalledWith(expect.stringMatching(/pgrep -g 0 >.*gemini-shell-.*[/\\]pgrep\.tmp/), tempRootDir, expect.any(Function), expect.any(AbortSignal), false, expect.any(Object));
         });
         it('should use the provided absolute directory as cwd', async () => {
             const subdir = path.join(tempRootDir, 'subdir');
@@ -269,9 +269,7 @@ describe('ShellTool', () => {
             const promise = invocation.execute({ abortSignal: mockAbortSignal });
             resolveShellExecution();
             await promise;
-            const tmpFile = path.join(os.tmpdir(), 'shell_pgrep_abcdef.tmp');
-            const wrappedCommand = `(\n${'ls'}\n); __code=$?; pgrep -g 0 >${tmpFile} 2>&1; exit $__code;`;
-            expect(mockShellExecutionService).toHaveBeenCalledWith(wrappedCommand, subdir, expect.any(Function), expect.any(AbortSignal), false, expect.objectContaining({
+            expect(mockShellExecutionService).toHaveBeenCalledWith(expect.stringMatching(/pgrep -g 0 >.*gemini-shell-.*[/\\]pgrep\.tmp/), subdir, expect.any(Function), expect.any(AbortSignal), false, expect.objectContaining({
                 pager: 'cat',
                 sanitizationConfig: {},
                 sandboxManager: expect.any(Object),
@@ -285,9 +283,7 @@ describe('ShellTool', () => {
             const promise = invocation.execute({ abortSignal: mockAbortSignal });
             resolveShellExecution();
             await promise;
-            const tmpFile = path.join(os.tmpdir(), 'shell_pgrep_abcdef.tmp');
-            const wrappedCommand = `(\n${'ls'}\n); __code=$?; pgrep -g 0 >${tmpFile} 2>&1; exit $__code;`;
-            expect(mockShellExecutionService).toHaveBeenCalledWith(wrappedCommand, path.join(tempRootDir, 'subdir'), expect.any(Function), expect.any(AbortSignal), false, expect.objectContaining({
+            expect(mockShellExecutionService).toHaveBeenCalledWith(expect.stringMatching(/pgrep -g 0 >.*gemini-shell-.*[/\\]pgrep\.tmp/), path.join(tempRootDir, 'subdir'), expect.any(Function), expect.any(AbortSignal), false, expect.objectContaining({
                 pager: 'cat',
                 sanitizationConfig: {},
                 sandboxManager: expect.any(Object),
@@ -328,6 +324,17 @@ describe('ShellTool', () => {
                 sandboxManager: expect.any(NoopSandboxManager),
             }));
         }, 20000);
+        it('should correctly wrap heredoc commands', async () => {
+            const command = `cat << 'EOF'
+hello world
+EOF`;
+            const invocation = shellTool.build({ command });
+            const promise = invocation.execute({ abortSignal: mockAbortSignal });
+            resolveShellExecution();
+            await promise;
+            expect(mockShellExecutionService).toHaveBeenCalledWith(expect.stringMatching(/pgrep -g 0 >.*gemini-shell-.*[/\\]pgrep\.tmp/), tempRootDir, expect.any(Function), expect.any(AbortSignal), false, expect.any(Object));
+            expect(mockShellExecutionService.mock.calls[0][0]).toMatch(/\nEOF\n\)\n/);
+        });
         it('should format error messages correctly', async () => {
             const error = new Error('wrapped command failed');
             const invocation = shellTool.build({ command: 'user-command' });
@@ -403,16 +410,18 @@ describe('ShellTool', () => {
         });
         it('should clean up the temp file on synchronous execution error', async () => {
             const error = new Error('sync spawn error');
-            mockShellExecutionService.mockImplementation(() => {
-                // Create the temp file before throwing to simulate it being left behind
-                const tmpFile = path.join(os.tmpdir(), 'shell_pgrep_abcdef.tmp');
-                fs.writeFileSync(tmpFile, '');
+            mockShellExecutionService.mockImplementation((cmd) => {
+                const match = cmd.match(/pgrep -g 0 >([^ ]+)/);
+                if (match) {
+                    extractedTmpFile = match[1].replace(/['"]/g, ''); // remove any quotes if present
+                    // Create the temp file before throwing to simulate it being left behind
+                    fs.writeFileSync(extractedTmpFile, '');
+                }
                 throw error;
             });
             const invocation = shellTool.build({ command: 'a-command' });
             await expect(invocation.execute({ abortSignal: mockAbortSignal })).rejects.toThrow(error);
-            const tmpFile = path.join(os.tmpdir(), 'shell_pgrep_abcdef.tmp');
-            expect(fs.existsSync(tmpFile)).toBe(false);
+            expect(fs.existsSync(extractedTmpFile)).toBe(false);
         });
         it('should not log "missing pgrep output" when process is backgrounded', async () => {
             vi.useFakeTimers();
@@ -881,5 +890,381 @@ describe('ShellTool', () => {
             expect(schema.description).toMatchSnapshot();
         });
     });
+    describe('command injection detection', () => {
+        it('should block $() command substitution', async () => {
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo $(whoami)' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).toContain('Blocked');
+        });
+        it('should block backtick command substitution', async () => {
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo `whoami`' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).toContain('Blocked');
+        });
+        it('should allow normal commands without substitution', async () => {
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: 'hello',
+                    rawOutput: Buffer.from('hello'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo hello' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should allow single quoted strings with special chars', async () => {
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: '$(not substituted)',
+                    rawOutput: Buffer.from('$(not substituted)'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({
+                command: "echo '$(not substituted)'",
+            });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should allow escaped backtick outside double quotes', async () => {
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: 'hello',
+                    rawOutput: Buffer.from('hello'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo \\`hello\\`' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should block $() inside double quotes', async () => {
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo "$(whoami)"' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).toContain('Blocked');
+        });
+        it('should block >() process substitution', async () => {
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo >(whoami)' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).toContain('Blocked');
+        });
+        it('should allow $() inside single quotes', async () => {
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: '$(whoami)',
+                    rawOutput: Buffer.from('$(whoami)'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({
+                command: "echo '$(whoami)'",
+            });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should block PowerShell @() array subexpression', async () => {
+            mockPlatform.mockReturnValue('win32');
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo @(whoami)' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).toContain('Blocked');
+        });
+        it('should block PowerShell $() subexpression', async () => {
+            mockPlatform.mockReturnValue('win32');
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo $(whoami)' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).toContain('Blocked');
+        });
+        it('should allow PowerShell single quoted strings', async () => {
+            mockPlatform.mockReturnValue('win32');
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: '$(whoami)',
+                    rawOutput: Buffer.from('$(whoami)'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({
+                command: "echo '$(whoami)'",
+            });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should allow escaped substitution outside quotes', async () => {
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: '$(whoami)',
+                    rawOutput: Buffer.from('$(whoami)'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo \\$(whoami)' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should allow process substitution inside double quotes', async () => {
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: '<(whoami)',
+                    rawOutput: Buffer.from('<(whoami)'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo "<(whoami)"' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should block process substitution without quotes', async () => {
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo <(whoami)' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).toContain('Blocked');
+        });
+        it('should allow escaped $() outside double quotes', async () => {
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: '$(whoami)',
+                    rawOutput: Buffer.from('$(whoami)'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo \\$(whoami)' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should allow output process substitution inside double quotes', async () => {
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: '<(whoami)',
+                    rawOutput: Buffer.from('<(whoami)'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo "<(whoami)"' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should block <() process substitution without quotes', async () => {
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo <(whoami)' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).toContain('Blocked');
+        });
+        it('should block PowerShell bare () grouping operator', async () => {
+            mockPlatform.mockReturnValue('win32');
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo (whoami)' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).toContain('Blocked');
+        });
+        it('should allow escaped $() inside double quotes', async () => {
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: '$(whoami)',
+                    rawOutput: Buffer.from('$(whoami)'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo "\\$(whoami)"' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should allow escaped substitution inside double quotes', async () => {
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: '$(whoami)',
+                    rawOutput: Buffer.from('$(whoami)'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({ command: 'echo "\\$(whoami)"' });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should allow PowerShell keyword with flag e.g. switch -regex ($x)', async () => {
+            mockPlatform.mockReturnValue('win32');
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: 'result',
+                    rawOutput: Buffer.from('result'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({
+                command: 'switch -regex ($x) { "a" { 1 } }',
+            });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+        it('should allow PowerShell nested parentheses e.g. if ((condition))', async () => {
+            mockPlatform.mockReturnValue('win32');
+            mockShellExecutionService.mockImplementation((_cmd, _cwd, _callback) => ({
+                pid: 12345,
+                result: Promise.resolve({
+                    output: 'result',
+                    rawOutput: Buffer.from('result'),
+                    exitCode: 0,
+                    signal: null,
+                    error: null,
+                    aborted: false,
+                    pid: 12345,
+                    executionMethod: 'child_process',
+                    backgrounded: false,
+                }),
+            }));
+            const tool = new ShellTool(mockConfig, createMockMessageBus());
+            const invocation = tool.build({
+                command: 'if ((condition)) { Write-Host ok }',
+            });
+            const result = await invocation.execute({
+                abortSignal: new AbortController().signal,
+            });
+            expect(result.returnDisplay).not.toContain('Blocked');
+        });
+    });
 });
 //# sourceMappingURL=shell.test.js.map