npm - @hasna/terminal - Versions diffs - 1.2.0 → 1.2.2 - Mend

@hasna/terminal 1.2.0 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/ai.js CHANGED Viewed

@@ -40,6 +40,9 @@ const IRREVERSIBLE_PATTERNS = [
     /\bkill\b/, /\bkillall\b/, /\bpkill\b/,
     // Git push/force operations
     /\bgit\s+push\b/, /\bgit\s+reset\s+--hard\b/, /\bgit\s+force\b/,
+    // Code modification / package installation (security risk)
+    /\bnpx\s+\S+/, /\bnpm\s+install\b/, /\bbun\s+add\b/, /\bpip\s+install\b/,
+    /\bcodemod\b/, /\bsed\s+-i\b/, /\bawk\s.*>/, /\bperl\s+-[pi]\b/,
 ];
 export function isIrreversible(command) {
     return IRREVERSIBLE_PATTERNS.some((r) => r.test(command));
@@ -106,12 +109,12 @@ function detectProjectContext() {
         // Top-level dirs
         const topLevel = execSync("ls -1", { cwd, encoding: "utf8", timeout: 2000 }).trim();
         parts.push(`Top-level: ${topLevel.split("\n").join(", ")}`);
-        // src/ structure (2 levels deep, most important for path resolution)
+        // src/ structure — include FILES so AI knows exact filenames + extensions
         for (const srcDir of ["src", "lib", "app"]) {
             if (existsSync(join(cwd, srcDir))) {
-                const tree = execSync(`find ${srcDir} -maxdepth 2 -type d -not -path '*/node_modules/*' 2>/dev/null | head -30`, { cwd, encoding: "utf8", timeout: 2000 }).trim();
+                const tree = execSync(`find ${srcDir} -maxdepth 3 -not -path '*/node_modules/*' -not -path '*/dist/*' -not -name '*.test.*' -not -name '*.spec.*' 2>/dev/null | sort | head -60`, { cwd, encoding: "utf8", timeout: 2000 }).trim();
                 if (tree)
-                    parts.push(`Directories in ${srcDir}/:\n${tree}`);
+                    parts.push(`Files in ${srcDir}/:\n${tree}`);
                 break;
             }
         }
@@ -160,6 +163,11 @@ RULES:
 - For text search in code, use grep -rn, NOT nm or objdump (those are for compiled binaries)
 - On macOS: for memory use vm_stat or top -l 1, for disk use df -h, for processes use ps aux
 - NEVER invent commands that don't exist. Stick to standard Unix/macOS commands.
+- NEVER install packages (npx, npm install, pip install, brew install). This is a READ-ONLY terminal.
+- NEVER modify source code (sed -i, codemod, awk with redirect). Only observe, never change.
+- Search src/ directory, NOT dist/ or node_modules/ for code queries.
+- For compound questions ("how many X and are they Y"), prefer ONE command that captures all info. Do NOT chain with &&.
+- Use exact file paths from the project context below. Do NOT guess paths.
 cwd: ${process.cwd()}
 shell: zsh / macOS${projectContext}${restrictionBlock}${contextBlock}`;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hasna/terminal",
-  "version": "1.2.0",
+  "version": "1.2.2",
   "description": "Smart terminal wrapper for AI agents and humans — structured output, token compression, MCP server, natural language",
   "type": "module",
   "bin": {

package/src/ai.ts CHANGED Viewed

@@ -48,6 +48,9 @@ const IRREVERSIBLE_PATTERNS = [
   /\bkill\b/, /\bkillall\b/, /\bpkill\b/,
   // Git push/force operations
   /\bgit\s+push\b/, /\bgit\s+reset\s+--hard\b/, /\bgit\s+force\b/,
+  // Code modification / package installation (security risk)
+  /\bnpx\s+\S+/, /\bnpm\s+install\b/, /\bbun\s+add\b/, /\bpip\s+install\b/,
+  /\bcodemod\b/, /\bsed\s+-i\b/, /\bawk\s.*>/, /\bperl\s+-[pi]\b/,
 ];
 export function isIrreversible(command: string): boolean {
@@ -135,14 +138,14 @@ function detectProjectContext(): string {
     const topLevel = execSync("ls -1", { cwd, encoding: "utf8", timeout: 2000 }).trim();
     parts.push(`Top-level: ${topLevel.split("\n").join(", ")}`);
-    // src/ structure (2 levels deep, most important for path resolution)
+    // src/ structure — include FILES so AI knows exact filenames + extensions
     for (const srcDir of ["src", "lib", "app"]) {
       if (existsSync(join(cwd, srcDir))) {
         const tree = execSync(
-          `find ${srcDir} -maxdepth 2 -type d -not -path '*/node_modules/*' 2>/dev/null | head -30`,
+          `find ${srcDir} -maxdepth 3 -not -path '*/node_modules/*' -not -path '*/dist/*' -not -name '*.test.*' -not -name '*.spec.*' 2>/dev/null | sort | head -60`,
           { cwd, encoding: "utf8", timeout: 2000 }
         ).trim();
-        if (tree) parts.push(`Directories in ${srcDir}/:\n${tree}`);
+        if (tree) parts.push(`Files in ${srcDir}/:\n${tree}`);
         break;
       }
     }
@@ -195,6 +198,11 @@ RULES:
 - For text search in code, use grep -rn, NOT nm or objdump (those are for compiled binaries)
 - On macOS: for memory use vm_stat or top -l 1, for disk use df -h, for processes use ps aux
 - NEVER invent commands that don't exist. Stick to standard Unix/macOS commands.
+- NEVER install packages (npx, npm install, pip install, brew install). This is a READ-ONLY terminal.
+- NEVER modify source code (sed -i, codemod, awk with redirect). Only observe, never change.
+- Search src/ directory, NOT dist/ or node_modules/ for code queries.
+- For compound questions ("how many X and are they Y"), prefer ONE command that captures all info. Do NOT chain with &&.
+- Use exact file paths from the project context below. Do NOT guess paths.
 cwd: ${process.cwd()}
 shell: zsh / macOS${projectContext}${restrictionBlock}${contextBlock}`;
 }