npm - @mako10k/shell-server - Versions diffs - 0.1.0 - Mend

@mako10k/shell-server 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (175) hide show

package/LICENSE +21 -0
package/README.md +114 -0
package/dist/backoffice/index.d.ts +2 -0
package/dist/backoffice/index.d.ts.map +1 -0
package/dist/backoffice/index.js +47 -0
package/dist/backoffice/index.js.map +1 -0
package/dist/backoffice/server.d.ts +45 -0
package/dist/backoffice/server.d.ts.map +1 -0
package/dist/backoffice/server.js +610 -0
package/dist/backoffice/server.js.map +1 -0
package/dist/cli.d.ts +3 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +525 -0
package/dist/cli.js.map +1 -0
package/dist/core/config-manager.d.ts +80 -0
package/dist/core/config-manager.d.ts.map +1 -0
package/dist/core/config-manager.js +218 -0
package/dist/core/config-manager.js.map +1 -0
package/dist/core/enhanced-history-manager.d.ts +84 -0
package/dist/core/enhanced-history-manager.d.ts.map +1 -0
package/dist/core/enhanced-history-manager.js +319 -0
package/dist/core/enhanced-history-manager.js.map +1 -0
package/dist/core/file-manager.d.ts +79 -0
package/dist/core/file-manager.d.ts.map +1 -0
package/dist/core/file-manager.js +338 -0
package/dist/core/file-manager.js.map +1 -0
package/dist/core/file-storage-subscriber.d.ts +38 -0
package/dist/core/file-storage-subscriber.d.ts.map +1 -0
package/dist/core/file-storage-subscriber.js +132 -0
package/dist/core/file-storage-subscriber.js.map +1 -0
package/dist/core/monitoring-manager.d.ts +32 -0
package/dist/core/monitoring-manager.d.ts.map +1 -0
package/dist/core/monitoring-manager.js +296 -0
package/dist/core/monitoring-manager.js.map +1 -0
package/dist/core/process-manager.d.ts +105 -0
package/dist/core/process-manager.d.ts.map +1 -0
package/dist/core/process-manager.js +1374 -0
package/dist/core/process-manager.js.map +1 -0
package/dist/core/realtime-stream-subscriber.d.ts +93 -0
package/dist/core/realtime-stream-subscriber.d.ts.map +1 -0
package/dist/core/realtime-stream-subscriber.js +200 -0
package/dist/core/realtime-stream-subscriber.js.map +1 -0
package/dist/core/remote-http-client.d.ts +15 -0
package/dist/core/remote-http-client.d.ts.map +1 -0
package/dist/core/remote-http-client.js +60 -0
package/dist/core/remote-http-client.js.map +1 -0
package/dist/core/remote-process-service.d.ts +50 -0
package/dist/core/remote-process-service.d.ts.map +1 -0
package/dist/core/remote-process-service.js +20 -0
package/dist/core/remote-process-service.js.map +1 -0
package/dist/core/server-manager.d.ts +71 -0
package/dist/core/server-manager.d.ts.map +1 -0
package/dist/core/server-manager.js +680 -0
package/dist/core/server-manager.js.map +1 -0
package/dist/core/stream-publisher.d.ts +75 -0
package/dist/core/stream-publisher.d.ts.map +1 -0
package/dist/core/stream-publisher.js +127 -0
package/dist/core/stream-publisher.js.map +1 -0
package/dist/core/streaming-pipeline-reader.d.ts +67 -0
package/dist/core/streaming-pipeline-reader.d.ts.map +1 -0
package/dist/core/streaming-pipeline-reader.js +191 -0
package/dist/core/streaming-pipeline-reader.js.map +1 -0
package/dist/core/terminal-manager.d.ts +96 -0
package/dist/core/terminal-manager.d.ts.map +1 -0
package/dist/core/terminal-manager.js +515 -0
package/dist/core/terminal-manager.js.map +1 -0
package/dist/daemon/server.d.ts +8 -0
package/dist/daemon/server.d.ts.map +1 -0
package/dist/daemon/server.js +416 -0
package/dist/daemon/server.js.map +1 -0
package/dist/daemon/uds-transport.d.ts +31 -0
package/dist/daemon/uds-transport.d.ts.map +1 -0
package/dist/daemon/uds-transport.js +149 -0
package/dist/daemon/uds-transport.js.map +1 -0
package/dist/executor/server.d.ts +20 -0
package/dist/executor/server.d.ts.map +1 -0
package/dist/executor/server.js +375 -0
package/dist/executor/server.js.map +1 -0
package/dist/index.d.ts +2 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +73 -0
package/dist/index.js.map +1 -0
package/dist/runtime/daemon-runtime.d.ts +4 -0
package/dist/runtime/daemon-runtime.d.ts.map +1 -0
package/dist/runtime/daemon-runtime.js +4 -0
package/dist/runtime/daemon-runtime.js.map +1 -0
package/dist/runtime/index.d.ts +3 -0
package/dist/runtime/index.d.ts.map +1 -0
package/dist/runtime/index.js +3 -0
package/dist/runtime/index.js.map +1 -0
package/dist/runtime/tool-runtime.d.ts +52 -0
package/dist/runtime/tool-runtime.d.ts.map +1 -0
package/dist/runtime/tool-runtime.js +161 -0
package/dist/runtime/tool-runtime.js.map +1 -0
package/dist/security/chat-completion-adapter.d.ts +443 -0
package/dist/security/chat-completion-adapter.d.ts.map +1 -0
package/dist/security/chat-completion-adapter.js +475 -0
package/dist/security/chat-completion-adapter.js.map +1 -0
package/dist/security/enhanced-evaluator.d.ts +139 -0
package/dist/security/enhanced-evaluator.d.ts.map +1 -0
package/dist/security/enhanced-evaluator.js +1208 -0
package/dist/security/enhanced-evaluator.js.map +1 -0
package/dist/security/evaluator-types.d.ts +614 -0
package/dist/security/evaluator-types.d.ts.map +1 -0
package/dist/security/evaluator-types.js +124 -0
package/dist/security/evaluator-types.js.map +1 -0
package/dist/security/manager.d.ts +76 -0
package/dist/security/manager.d.ts.map +1 -0
package/dist/security/manager.js +445 -0
package/dist/security/manager.js.map +1 -0
package/dist/security/security-llm-prompt-generator.d.ts +105 -0
package/dist/security/security-llm-prompt-generator.d.ts.map +1 -0
package/dist/security/security-llm-prompt-generator.js +323 -0
package/dist/security/security-llm-prompt-generator.js.map +1 -0
package/dist/security/security-tools.d.ts +174 -0
package/dist/security/security-tools.d.ts.map +1 -0
package/dist/security/security-tools.js +159 -0
package/dist/security/security-tools.js.map +1 -0
package/dist/security/validator-criteria-manager.d.ts +47 -0
package/dist/security/validator-criteria-manager.d.ts.map +1 -0
package/dist/security/validator-criteria-manager.js +169 -0
package/dist/security/validator-criteria-manager.js.map +1 -0
package/dist/tools/shell-tools.d.ts +474 -0
package/dist/tools/shell-tools.d.ts.map +1 -0
package/dist/tools/shell-tools.js +861 -0
package/dist/tools/shell-tools.js.map +1 -0
package/dist/types/enhanced-security.d.ts +529 -0
package/dist/types/enhanced-security.d.ts.map +1 -0
package/dist/types/enhanced-security.js +286 -0
package/dist/types/enhanced-security.js.map +1 -0
package/dist/types/index.d.ts +282 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +158 -0
package/dist/types/index.js.map +1 -0
package/dist/types/quick-schemas.d.ts +177 -0
package/dist/types/quick-schemas.d.ts.map +1 -0
package/dist/types/quick-schemas.js +113 -0
package/dist/types/quick-schemas.js.map +1 -0
package/dist/types/response-schemas.d.ts +41 -0
package/dist/types/response-schemas.d.ts.map +1 -0
package/dist/types/response-schemas.js +41 -0
package/dist/types/response-schemas.js.map +1 -0
package/dist/types/schemas.d.ts +578 -0
package/dist/types/schemas.d.ts.map +1 -0
package/dist/types/schemas.js +498 -0
package/dist/types/schemas.js.map +1 -0
package/dist/utils/criteria-manager.d.ts +47 -0
package/dist/utils/criteria-manager.d.ts.map +1 -0
package/dist/utils/criteria-manager.js +228 -0
package/dist/utils/criteria-manager.js.map +1 -0
package/dist/utils/errors.d.ts +27 -0
package/dist/utils/errors.d.ts.map +1 -0
package/dist/utils/errors.js +67 -0
package/dist/utils/errors.js.map +1 -0
package/dist/utils/helpers.d.ts +85 -0
package/dist/utils/helpers.d.ts.map +1 -0
package/dist/utils/helpers.js +400 -0
package/dist/utils/helpers.js.map +1 -0
package/dist/utils/json-repair.d.ts +23 -0
package/dist/utils/json-repair.d.ts.map +1 -0
package/dist/utils/json-repair.js +208 -0
package/dist/utils/json-repair.js.map +1 -0
package/dist/utils/process-utils.d.ts +31 -0
package/dist/utils/process-utils.d.ts.map +1 -0
package/dist/utils/process-utils.js +217 -0
package/dist/utils/process-utils.js.map +1 -0
package/dist/utils/server-helpers.d.ts +4 -0
package/dist/utils/server-helpers.d.ts.map +1 -0
package/dist/utils/server-helpers.js +10 -0
package/dist/utils/server-helpers.js.map +1 -0
package/dist/utils/sse.d.ts +2 -0
package/dist/utils/sse.d.ts.map +1 -0
package/dist/utils/sse.js +6 -0
package/dist/utils/sse.js.map +1 -0
package/package.json +47 -0

package/dist/security/evaluator-types.js ADDED Viewed

@@ -0,0 +1,124 @@
+import { z } from 'zod';
+// Zod schemas for enhanced evaluator type definitions
+export const MessageContentSchema = z.object({
+    type: z.literal('text'),
+    text: z.string()
+});
+export const ToolCallSchema = z.object({
+    id: z.string(),
+    type: z.literal('function'),
+    function: z.object({
+        name: z.string(),
+        arguments: z.string()
+    })
+});
+export const ToolChoiceSchema = z.union([
+    z.literal('auto'),
+    z.literal('none'),
+    z.object({ type: z.literal('function'), function: z.object({ name: z.string() }) }),
+    z.object({ type: z.literal('tool'), name: z.string() })
+]);
+export const CreateMessageRequestSchema = z.object({
+    messages: z.array(z.object({
+        role: z.enum(['user', 'assistant', 'tool']),
+        content: MessageContentSchema,
+        tool_call_id: z.string().optional()
+    })),
+    maxTokens: z.number().optional(),
+    temperature: z.number().optional(),
+    systemPrompt: z.string().optional(),
+    includeContext: z.enum(['none', 'thisServer', 'allServers']).optional(),
+    stopSequences: z.array(z.string()).optional(),
+    metadata: z.record(z.unknown()).optional(),
+    modelPreferences: z.record(z.unknown()).optional(),
+    tools: z.array(z.object({
+        type: z.literal('function'),
+        function: z.object({
+            name: z.string(),
+            description: z.string(),
+            parameters: z.record(z.unknown())
+        })
+    })).optional(),
+    tool_choice: ToolChoiceSchema.optional()
+});
+export const CreateMessageResponseSchema = z.object({
+    content: MessageContentSchema,
+    model: z.string().optional(),
+    stopReason: z.string().optional(),
+    tool_calls: z.array(z.object({
+        id: z.string(),
+        type: z.literal('function'),
+        function: z.object({
+            name: z.string(),
+            arguments: z.string()
+        })
+    })).optional()
+});
+export const ElicitationPropertySchema = z.object({
+    type: z.string(),
+    title: z.string().optional(),
+    description: z.string().optional(),
+    minimum: z.number().optional(),
+    maximum: z.number().optional(),
+    enum: z.array(z.string()).optional()
+}).catchall(z.unknown());
+export const ElicitationSchemaSchema = z.object({
+    type: z.literal('object'),
+    properties: z.record(ElicitationPropertySchema),
+    required: z.array(z.string()).optional()
+});
+export const ElicitationResponseSchema = z.object({
+    action: z.enum(['accept', 'decline', 'cancel']),
+    content: z.record(z.unknown()).optional()
+});
+export const RequiresAdditionalContextSchema = z.object({
+    command_history_depth: z.number(),
+    execution_results_count: z.number(),
+    user_intent_search_keywords: z.array(z.string()).nullable(),
+    user_intent_question: z.string().nullable(),
+    assistant_request_message: z.string().nullable().optional()
+});
+export const LLMEvaluationResultSchema = z.object({
+    evaluation_result: z.enum(['allow', 'deny', 'add_more_history', 'user_confirm', 'ai_assistant_confirm']),
+    reasoning: z.string(),
+    command_history_depth: z.number().optional(),
+    execution_results_count: z.number().optional(),
+    user_intent_search_keywords: z.array(z.string()).optional(),
+    confirmation_question: z.string().optional(),
+    assistant_request_message: z.string().optional(),
+    suggested_alternatives: z.array(z.string()).optional(),
+    requires_additional_context: RequiresAdditionalContextSchema.optional(),
+    next_steps: z.array(z.string()).optional()
+});
+export const UserIntentDataSchema = z.object({
+    intent: z.string(),
+    justification: z.string(),
+    timestamp: z.string(),
+    confidence_level: z.enum(['low', 'medium', 'high']),
+    elicitation_id: z.string()
+});
+export const NextActionSchema = z.object({
+    instruction: z.string(),
+    method: z.string(),
+    expected_outcome: z.string(),
+    executable_commands: z.array(z.string()).optional()
+});
+export const SafetyEvaluationSchema = z.object({
+    evaluation_result: z.enum(['allow', 'deny', 'add_more_history', 'user_confirm', 'ai_assistant_confirm']),
+    basic_classification: z.string(),
+    reasoning: z.string(),
+    requires_confirmation: z.boolean(),
+    suggested_alternatives: z.array(z.string()),
+    llm_evaluation_used: z.boolean(),
+    user_confirmation_required: z.boolean().optional(),
+    user_response: z.record(z.unknown()).optional(),
+    confirmation_message: z.string().optional(),
+    elicitation_response: ElicitationResponseSchema.nullable().optional(),
+    next_action: NextActionSchema.optional(),
+    next_steps: z.array(z.string()).optional()
+});
+export const MCPServerRequestSchema = z.object({
+    method: z.string(),
+    params: z.record(z.unknown()).optional()
+});
+//# sourceMappingURL=evaluator-types.js.map

package/dist/security/evaluator-types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"evaluator-types.js","sourceRoot":"","sources":["../../src/security/evaluator-types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,sDAAsD;AAEtD,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACvB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;CACjB,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,cAAc,GAAG,CAAC,CAAC,MAAM,CAAC;IACrC,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IAC3B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;QACjB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;QAChB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;KACtB,CAAC;CACH,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC;IACtC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACjB,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACjB,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,EAAE,CAAC;IACnF,CAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC;CACxD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,0BAA0B,GAAG,CAAC,CAAC,MAAM,CAAC;IACjD,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;QACzB,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;QAC3C,OAAO,EAAE,oBAAoB;QAC7B,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KACpC,CAAC,CAAC;IACH,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,YAAY,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,cAAc,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,YAAY,EAAE,YAAY,CAAC,CAAC,CAAC,QAAQ,EAAE;IACvE,aAAa,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC7C,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC1C,gBAAgB,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAClD,KAAK,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;QACtB,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;QAC3B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;YACjB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;YAChB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;YACvB,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC;SAClC,CAAC;KACH,CAAC,CAAC,CAAC,QAAQ,EAAE;IACd,WAAW,EAAE,gBAAgB,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC,MAAM,CAAC;IAClD,OAAO,EAAE,oBAAoB;IAC7B,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,UAAU,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACjC,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC;QAC3B,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;QACd,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;QAC3B,QAAQ,EAAE,CAAC,CAAC,MAAM,CAAC;YACjB,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;YAChB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;SACtB,CAAC;KACH,CAAC,CAAC,CAAC,QAAQ,EAAE;CACf,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE;IAChB,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;AAEzB,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC9C,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IACzB,UAAU,EAAE,CAAC,CAAC,MAAM,CAAC,yBAAyB,CAAC;IAC/C,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;IAC/C,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC1C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,+BAA+B,GAAG,CAAC,CAAC,MAAM,CAAC;IACtD,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE;IACjC,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE;IACnC,2BAA2B,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3D,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3C,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;CAC5D,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,yBAAyB,GAAG,CAAC,CAAC,MAAM,CAAC;IAChD,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,cAAc,EAAE,sBAAsB,CAAC,CAAC;IACxG,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5C,uBAAuB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9C,2BAA2B,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC3D,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5C,yBAAyB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAChD,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtD,2BAA2B,EAAE,+BAA+B,CAAC,QAAQ,EAAE;IACvE,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,oBAAoB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC3C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE;IACzB,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,gBAAgB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;IACnD,cAAc,EAAE,CAAC,CAAC,MAAM,EAAE;CAC3B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,gBAAgB,GAAG,CAAC,CAAC,MAAM,CAAC;IACvC,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE;IACvB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,gBAAgB,EAAE,CAAC,CAAC,MAAM,EAAE;IAC5B,mBAAmB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACpD,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,kBAAkB,EAAE,cAAc,EAAE,sBAAsB,CAAC,CAAC;IACxG,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE;IAChC,SAAS,EAAE,CAAC,CAAC,MAAM,EAAE;IACrB,qBAAqB,EAAE,CAAC,CAAC,OAAO,EAAE;IAClC,sBAAsB,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IAC3C,mBAAmB,EAAE,CAAC,CAAC,OAAO,EAAE;IAChC,0BAA0B,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClD,aAAa,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC/C,oBAAoB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3C,oBAAoB,EAAE,yBAAyB,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE;IACrE,WAAW,EAAE,gBAAgB,CAAC,QAAQ,EAAE;IACxC,UAAU,EAAE,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC3C,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CACzC,CAAC,CAAC"}

package/dist/security/manager.d.ts ADDED Viewed

@@ -0,0 +1,76 @@
+import { SecurityRestrictions } from '../types/index.js';
+import { EnhancedSecurityConfig, CommandClassification, BasicSafetyRule } from '../types/enhanced-security.js';
+import { type CreateMessageCallback } from './chat-completion-adapter.js';
+import type { ElicitationHandler } from './evaluator-types.js';
+import { CommandHistoryManager } from '../core/enhanced-history-manager.js';
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import type { SafetyEvaluationResult } from '../types/index.js';
+export declare class SecurityManager {
+    private restrictions;
+    private enhancedConfig;
+    private basicSafetyRules;
+    private enhancedEvaluator?;
+    private historyManager?;
+    constructor(config?: EnhancedSecurityConfig);
+    private setDefaultRestrictions;
+    /**
+     * Load enhanced security configuration from environment variables
+     */
+    private loadEnhancedConfigFromEnv;
+    setRestrictions(restrictions: Partial<SecurityRestrictions>): SecurityRestrictions;
+    getRestrictions(): SecurityRestrictions | null;
+    validateCommand(command: string): void;
+    validatePath(path: string): void;
+    validateExecutionTime(timeoutSeconds: number): void;
+    validateMemoryUsage(memoryMb: number): void;
+    validateNetworkAccess(): void;
+    auditCommand(command: string, workingDirectory?: string): void;
+    private isCommandAllowed;
+    /**
+     * Update enhanced security configuration
+     */
+    setEnhancedConfig(config: Partial<EnhancedSecurityConfig>): void;
+    /**
+     * Get current enhanced security configuration
+     */
+    getEnhancedConfig(): EnhancedSecurityConfig;
+    /**
+     * Update basic safety rules
+     */
+    setBasicSafetyRules(rules: BasicSafetyRule[]): void;
+    /**
+     * Get current basic safety rules
+     */
+    getBasicSafetyRules(): BasicSafetyRule[];
+    /**
+     * Check if enhanced security mode is enabled
+     */
+    isEnhancedModeEnabled(): boolean;
+    /**
+     * Check if LLM evaluation is enabled
+     */
+    isLLMEvaluationEnabled(): boolean;
+    /**
+     * Check if command history enhancement is enabled
+     */
+    isCommandHistoryEnhanced(): boolean;
+    /**
+     * Detailed command safety analysis with reasoning
+     */
+    analyzeCommandSafety(command: string): {
+        classification: CommandClassification;
+        reasoning: string;
+        safety_level?: number;
+        matched_rule?: string;
+        dangerous_patterns?: string[];
+    };
+    /**
+     * Initialize Enhanced Safety Evaluator
+     */
+    initializeEnhancedEvaluator(historyManager: CommandHistoryManager, server?: Server, createMessage?: CreateMessageCallback, elicitationHandler?: ElicitationHandler): void;
+    /**
+     * Perform comprehensive safety evaluation using enhanced evaluator
+     */
+    evaluateCommandSafetyByEnhancedEvaluator(command: string, workingDirectory: string, comment?: string, forceUserConfirm?: boolean): Promise<SafetyEvaluationResult>;
+}
+//# sourceMappingURL=manager.d.ts.map

package/dist/security/manager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/security/manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAgB,MAAM,mBAAmB,CAAC;AACvE,OAAO,EACL,sBAAsB,EAGtB,qBAAqB,EACrB,eAAe,EAChB,MAAM,+BAA+B,CAAC;AAIvC,OAAO,EAAsC,KAAK,qBAAqB,EAAE,MAAM,8BAA8B,CAAC;AAC9G,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,sBAAsB,CAAC;AAC/D,OAAO,EAAE,qBAAqB,EAAE,MAAM,qCAAqC,CAAC;AAC5E,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AAGnE,OAAO,KAAK,EAAE,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAEhE,qBAAa,eAAe;IAC1B,OAAO,CAAC,YAAY,CAAqC;IACzD,OAAO,CAAC,cAAc,CAAyB;IAC/C,OAAO,CAAC,gBAAgB,CAAoB;IAC5C,OAAO,CAAC,iBAAiB,CAAC,CAA0B;IACpD,OAAO,CAAC,cAAc,CAAC,CAAwB;gBAEnC,MAAM,CAAC,EAAE,sBAAsB;IAW3C,OAAO,CAAC,sBAAsB;IA2B9B;;OAEG;IACH,OAAO,CAAC,yBAAyB;IA0DjC,eAAe,CAAC,YAAY,EAAE,OAAO,CAAC,oBAAoB,CAAC,GAAG,oBAAoB;IAqClF,eAAe,IAAI,oBAAoB,GAAG,IAAI;IAI9C,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAqHtC,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI;IAahC,qBAAqB,CAAC,cAAc,EAAE,MAAM,GAAG,IAAI;IAmBnD,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAgB3C,qBAAqB,IAAI,IAAI;IAY7B,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,GAAG,IAAI;IA0B9D,OAAO,CAAC,gBAAgB;IA+BxB;;OAEG;IACH,iBAAiB,CAAC,MAAM,EAAE,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI;IAIhE;;OAEG;IACH,iBAAiB,IAAI,sBAAsB;IAI3C;;OAEG;IACH,mBAAmB,CAAC,KAAK,EAAE,eAAe,EAAE,GAAG,IAAI;IAInD;;OAEG;IACH,mBAAmB,IAAI,eAAe,EAAE;IAIxC;;OAEG;IACH,qBAAqB,IAAI,OAAO;IAMhC;;OAEG;IACH,sBAAsB,IAAI,OAAO;IAIjC;;OAEG;IACH,wBAAwB,IAAI,OAAO;IAInC;;OAEG;IACH,oBAAoB,CAAC,OAAO,EAAE,MAAM,GAAG;QACrC,cAAc,EAAE,qBAAqB,CAAC;QACtC,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,kBAAkB,CAAC,EAAE,MAAM,EAAE,CAAC;KAC/B;IA6CD;;OAEG;IACH,2BAA2B,CACzB,cAAc,EAAE,qBAAqB,EACrC,MAAM,CAAC,EAAE,MAAM,EACf,aAAa,CAAC,EAAE,qBAAqB,EACrC,kBAAkB,CAAC,EAAE,kBAAkB,GACtC,IAAI;IAiCP;;OAEG;IACG,wCAAwC,CAC5C,OAAO,EAAE,MAAM,EACf,gBAAgB,EAAE,MAAM,EACxB,OAAO,CAAC,EAAE,MAAM,EAChB,gBAAgB,CAAC,EAAE,OAAO,GACzB,OAAO,CAAC,sBAAsB,CAAC;CAkBnC"}

package/dist/security/manager.js ADDED Viewed

@@ -0,0 +1,445 @@
+import { DEFAULT_ENHANCED_SECURITY_CONFIG, DEFAULT_BASIC_SAFETY_RULES, } from '../types/enhanced-security.js';
+import { SecurityError } from '../utils/errors.js';
+import { isValidPath, generateId, getCurrentTimestamp } from '../utils/helpers.js';
+import { EnhancedSafetyEvaluator } from './enhanced-evaluator.js';
+import { createMessageCallbackFromMCPServer } from './chat-completion-adapter.js';
+export class SecurityManager {
+    restrictions = null;
+    enhancedConfig;
+    basicSafetyRules;
+    enhancedEvaluator;
+    historyManager;
+    constructor(config) {
+        this.enhancedConfig = config ? { ...config } : { ...DEFAULT_ENHANCED_SECURITY_CONFIG };
+        this.basicSafetyRules = [...DEFAULT_BASIC_SAFETY_RULES];
+        // Load Enhanced Security configuration from environment variables
+        this.loadEnhancedConfigFromEnv();
+        // Set default security restrictions
+        this.setDefaultRestrictions();
+    }
+    setDefaultRestrictions() {
+        // Get default settings from environment variables
+        const defaultMode = process.env['MCP_SHELL_SECURITY_MODE'] || 'permissive';
+        const defaultExecutionTime = parseInt(process.env['MCP_SHELL_MAX_EXECUTION_TIME'] || '300');
+        const defaultMemoryMb = parseInt(process.env['MCP_SHELL_MAX_MEMORY_MB'] || '1024');
+        const defaultNetworkEnabled = process.env['MCP_SHELL_ENABLE_NETWORK'] !== 'false';
+        // Automatic configuration for Enhanced Mode
+        if (defaultMode === 'enhanced' || defaultMode === 'enhanced-fast') {
+            this.enhancedConfig.enhanced_mode_enabled = true;
+            this.enhancedConfig.llm_evaluation_enabled = true;
+            // For enhanced-fast, enable safe command skipping
+            this.enhancedConfig.enable_pattern_filtering = defaultMode === 'enhanced-fast';
+        }
+        this.restrictions = {
+            restriction_id: generateId(),
+            security_mode: defaultMode,
+            max_execution_time: defaultExecutionTime, // 5 minutes
+            max_memory_mb: defaultMemoryMb, // 1GB
+            enable_network: defaultNetworkEnabled,
+            active: true,
+            configured_at: getCurrentTimestamp(),
+        };
+    }
+    /**
+     * Load enhanced security configuration from environment variables
+     */
+    loadEnhancedConfigFromEnv() {
+        // Enhanced mode (backward compatibility)
+        if (process.env['MCP_SHELL_ENHANCED_MODE'] === 'true') {
+            this.enhancedConfig.enhanced_mode_enabled = true;
+        }
+        else if (process.env['MCP_SHELL_ENHANCED_MODE'] === 'false') {
+            this.enhancedConfig.enhanced_mode_enabled = false;
+        }
+        // LLM evaluation (backward compatibility)
+        if (process.env['MCP_SHELL_LLM_EVALUATION'] === 'true') {
+            this.enhancedConfig.llm_evaluation_enabled = true;
+        }
+        else if (process.env['MCP_SHELL_LLM_EVALUATION'] === 'false') {
+            this.enhancedConfig.llm_evaluation_enabled = false;
+        }
+        // Safe command skip (new simplified naming)
+        if (process.env['MCP_SHELL_SKIP_SAFE_COMMANDS'] === 'true') {
+            this.enhancedConfig.enable_pattern_filtering = true;
+        }
+        // Pattern matching pre-filtering (backward compatibility)
+        if (process.env['MCP_SHELL_ENABLE_PATTERN_FILTERING'] === 'true') {
+            this.enhancedConfig.enable_pattern_filtering = true;
+        }
+        // Other enhanced security settings
+        if (process.env['MCP_SHELL_ELICITATION'] === 'true') {
+            this.enhancedConfig.elicitation_enabled = true;
+        }
+        if (process.env['MCP_SHELL_BASIC_SAFE_CLASSIFICATION'] === 'false') {
+            this.enhancedConfig.basic_safe_classification = false;
+        }
+        // LLM provider settings
+        if (process.env['MCP_SHELL_LLM_PROVIDER']) {
+            this.enhancedConfig.llm_provider = process.env['MCP_SHELL_LLM_PROVIDER'];
+        }
+        if (process.env['MCP_SHELL_LLM_MODEL']) {
+            this.enhancedConfig.llm_model = process.env['MCP_SHELL_LLM_MODEL'];
+        }
+        if (process.env['MCP_SHELL_LLM_API_KEY']) {
+            this.enhancedConfig.llm_api_key = process.env['MCP_SHELL_LLM_API_KEY'];
+        }
+        if (process.env['MCP_SHELL_LLM_TIMEOUT']) {
+            const timeout = parseInt(process.env['MCP_SHELL_LLM_TIMEOUT']);
+            if (!isNaN(timeout) && timeout > 0 && timeout <= 60) {
+                this.enhancedConfig.llm_timeout_seconds = timeout;
+            }
+        }
+    }
+    setRestrictions(restrictions) {
+        const newRestrictions = {
+            restriction_id: generateId(),
+            security_mode: restrictions.security_mode || this.restrictions?.security_mode || 'permissive',
+            max_execution_time: restrictions.max_execution_time || this.restrictions?.max_execution_time || 300,
+            max_memory_mb: restrictions.max_memory_mb || this.restrictions?.max_memory_mb || 1024,
+            enable_network: restrictions.enable_network ?? this.restrictions?.enable_network ?? true,
+            active: true,
+            configured_at: getCurrentTimestamp(),
+        };
+        // customモードの場合のみ、詳細設定を適用
+        if (newRestrictions.security_mode === 'custom') {
+            if (restrictions.allowed_commands) {
+                newRestrictions.allowed_commands = restrictions.allowed_commands;
+            }
+            else if (this.restrictions?.allowed_commands) {
+                newRestrictions.allowed_commands = this.restrictions.allowed_commands;
+            }
+            if (restrictions.blocked_commands) {
+                newRestrictions.blocked_commands = restrictions.blocked_commands;
+            }
+            else if (this.restrictions?.blocked_commands) {
+                newRestrictions.blocked_commands = this.restrictions.blocked_commands;
+            }
+            if (restrictions.allowed_directories) {
+                newRestrictions.allowed_directories = restrictions.allowed_directories;
+            }
+            else if (this.restrictions?.allowed_directories) {
+                newRestrictions.allowed_directories = this.restrictions.allowed_directories;
+            }
+        }
+        this.restrictions = newRestrictions;
+        return newRestrictions;
+    }
+    getRestrictions() {
+        return this.restrictions;
+    }
+    validateCommand(command) {
+        if (!this.restrictions?.active) {
+            return;
+        }
+        switch (this.restrictions.security_mode) {
+            case 'permissive':
+                // permissive mode: legacy dangerous pattern blocking removed.
+                // Intentionally no blocking here; rely on evaluator & downstream validation.
+                break;
+            case 'moderate':
+                // moderate mode: legacy dangerous pattern blocking removed.
+                // (Could add lightweight heuristics here in future if needed.)
+                break;
+            case 'enhanced':
+            case 'enhanced-fast':
+                // enhanced mode: Enhanced Safety Evaluator performs all validation
+                // No pattern checks at validateCommand stage
+                // All validation is delegated to Enhanced Safety Evaluator
+                // Legacy pattern matching detection is completely skipped
+                break;
+            case 'restrictive':
+                // restrictive mode: only allow read-only and information retrieval commands
+                const restrictiveAllowedCommands = [
+                    // File/directory operations (read-only)
+                    'ls',
+                    'cat',
+                    'less',
+                    'more',
+                    'head',
+                    'tail',
+                    'file',
+                    'stat',
+                    'find',
+                    'locate',
+                    // Text processing
+                    'grep',
+                    'awk',
+                    'sed',
+                    'sort',
+                    'uniq',
+                    'wc',
+                    'cut',
+                    'tr',
+                    'column',
+                    // System information
+                    'pwd',
+                    'whoami',
+                    'id',
+                    'date',
+                    'uptime',
+                    'uname',
+                    'hostname',
+                    'ps',
+                    'top',
+                    'df',
+                    'du',
+                    'free',
+                    'lscpu',
+                    'lsblk',
+                    'lsusb',
+                    'lspci',
+                    // Network (read-only)
+                    'ping',
+                    'nslookup',
+                    'dig',
+                    'host',
+                    'netstat',
+                    'ss',
+                    'lsof',
+                    // Basic commands
+                    'echo',
+                    'printf',
+                    'which',
+                    'type',
+                    'command',
+                    'history',
+                    'env',
+                    'printenv',
+                    // Archive (read-only)
+                    'tar',
+                    'zip',
+                    'unzip',
+                    'gzip',
+                    'gunzip',
+                    'zcat',
+                ];
+                if (!this.isCommandAllowed(command, restrictiveAllowedCommands, [])) {
+                    throw new SecurityError(`Command '${command}' is not allowed in restrictive mode`, {
+                        command,
+                        allowedCommands: restrictiveAllowedCommands,
+                    });
+                }
+                break;
+            case 'custom':
+                // custom mode: use detailed settings
+                if (!this.isCommandAllowed(command, this.restrictions.allowed_commands, this.restrictions.blocked_commands)) {
+                    throw new SecurityError(`Command '${command}' is not allowed by security policy`, {
+                        command,
+                        allowedCommands: this.restrictions.allowed_commands,
+                        blockedCommands: this.restrictions.blocked_commands,
+                    });
+                }
+                break;
+        }
+    }
+    validatePath(path) {
+        if (!this.restrictions?.active) {
+            return;
+        }
+        if (!isValidPath(path, this.restrictions.allowed_directories)) {
+            throw new SecurityError(`Path '${path}' is not accessible`, {
+                path,
+                allowedDirectories: this.restrictions.allowed_directories,
+            });
+        }
+    }
+    validateExecutionTime(timeoutSeconds) {
+        if (!this.restrictions?.active) {
+            return;
+        }
+        if (this.restrictions.max_execution_time &&
+            timeoutSeconds > this.restrictions.max_execution_time) {
+            throw new SecurityError(`Execution time ${timeoutSeconds}s exceeds maximum allowed ${this.restrictions.max_execution_time}s`, {
+                requestedTime: timeoutSeconds,
+                maxAllowedTime: this.restrictions.max_execution_time,
+            });
+        }
+    }
+    validateMemoryUsage(memoryMb) {
+        if (!this.restrictions?.active) {
+            return;
+        }
+        if (this.restrictions.max_memory_mb && memoryMb > this.restrictions.max_memory_mb) {
+            throw new SecurityError(`Memory usage ${memoryMb}MB exceeds maximum allowed ${this.restrictions.max_memory_mb}MB`, {
+                requestedMemory: memoryMb,
+                maxAllowedMemory: this.restrictions.max_memory_mb,
+            });
+        }
+    }
+    validateNetworkAccess() {
+        if (!this.restrictions?.active) {
+            return;
+        }
+        if (!this.restrictions.enable_network) {
+            throw new SecurityError('Network access is disabled by security policy');
+        }
+    }
+    // Legacy detectDangerousPatterns removed (Phase-out); rely on LLM & basic safety rules.
+    auditCommand(command, workingDirectory) {
+        // Enhanced Security Modeの場合は従来の危険パターン検出をスキップ
+        // Enhanced Safety Evaluator performs all validation
+        if (this.restrictions?.security_mode === 'enhanced' ||
+            this.restrictions?.security_mode === 'enhanced-fast') {
+            // Rely only on Enhanced Safety Evaluator
+            this.validateCommand(command);
+            if (workingDirectory) {
+                this.validatePath(workingDirectory);
+            }
+            return;
+        }
+        // Legacy dangerous pattern blocking removed. Proceed to command/path validation.
+        // Additional security checks
+        this.validateCommand(command);
+        if (workingDirectory) {
+            this.validatePath(workingDirectory);
+        }
+    }
+    isCommandAllowed(command, allowedCommands, blockedCommands) {
+        // Extract the first word (actual command name) from the command
+        const cmdName = command.trim().split(/\s+/)[0];
+        // Block if cmdName is empty
+        if (!cmdName) {
+            return false;
+        }
+        // Check blocked commands
+        if (blockedCommands && blockedCommands.length > 0) {
+            if (blockedCommands.some((blocked) => cmdName === blocked || cmdName.startsWith(blocked))) {
+                return false;
+            }
+        }
+        // Check allowed commands
+        if (allowedCommands && allowedCommands.length > 0) {
+            return allowedCommands.some((allowed) => cmdName === allowed || cmdName.startsWith(allowed));
+        }
+        // Allow if allowedCommands is not specified (only blockedCommands check)
+        return true;
+    }
+    // Enhanced Security Configuration Methods
+    /**
+     * Update enhanced security configuration
+     */
+    setEnhancedConfig(config) {
+        this.enhancedConfig = { ...this.enhancedConfig, ...config };
+    }
+    /**
+     * Get current enhanced security configuration
+     */
+    getEnhancedConfig() {
+        return { ...this.enhancedConfig };
+    }
+    /**
+     * Update basic safety rules
+     */
+    setBasicSafetyRules(rules) {
+        this.basicSafetyRules = [...rules];
+    }
+    /**
+     * Get current basic safety rules
+     */
+    getBasicSafetyRules() {
+        return [...this.basicSafetyRules];
+    }
+    /**
+     * Check if enhanced security mode is enabled
+     */
+    isEnhancedModeEnabled() {
+        const enabled = this.enhancedConfig.enhanced_mode_enabled;
+        console.error('isEnhancedModeEnabled() called:', enabled);
+        return enabled;
+    }
+    /**
+     * Check if LLM evaluation is enabled
+     */
+    isLLMEvaluationEnabled() {
+        return this.enhancedConfig.llm_evaluation_enabled;
+    }
+    /**
+     * Check if command history enhancement is enabled
+     */
+    isCommandHistoryEnhanced() {
+        return this.enhancedConfig.command_history_enhanced;
+    }
+    /**
+     * Detailed command safety analysis with reasoning
+     */
+    analyzeCommandSafety(command) {
+        const trimmedCommand = command.trim();
+        if (!this.enhancedConfig.basic_safe_classification) {
+            return {
+                classification: 'llm_required',
+                reasoning: 'Basic safety classification is disabled',
+            };
+        }
+        if (!trimmedCommand) {
+            return {
+                classification: 'basic_safe',
+                reasoning: 'Empty command',
+                safety_level: 1,
+            };
+        }
+        // (Legacy dangerous pattern shortcut removed – allow classification to fall through to rules/LLM.)
+        // Check basic safety rules
+        for (const rule of this.basicSafetyRules) {
+            try {
+                const regex = new RegExp(rule.pattern);
+                if (regex.test(trimmedCommand)) {
+                    return {
+                        classification: rule.safety_level <= 3 ? 'basic_safe' : 'llm_required',
+                        reasoning: rule.reasoning,
+                        safety_level: rule.safety_level,
+                        matched_rule: rule.pattern,
+                    };
+                }
+            }
+            catch (e) {
+                // Skip invalid regex patterns
+                continue;
+            }
+        }
+        return {
+            classification: 'llm_required',
+            reasoning: 'No matching safety rule found - requires LLM evaluation',
+            safety_level: 4,
+        };
+    }
+    /**
+     * Initialize Enhanced Safety Evaluator
+     */
+    initializeEnhancedEvaluator(historyManager, server, createMessage, elicitationHandler) {
+        if (!this.enhancedConfig.enhanced_mode_enabled) {
+            return;
+        }
+        this.historyManager = historyManager;
+        if (!createMessage) {
+            if (!server) {
+                throw new Error('Enhanced security mode requires an LLM provider but no server or LanguageModel adapter was provided.');
+            }
+            createMessage = createMessageCallbackFromMCPServer(server);
+        }
+        if (!server && !elicitationHandler) {
+            this.setEnhancedConfig({ elicitation_enabled: false });
+        }
+        this.enhancedEvaluator = new EnhancedSafetyEvaluator(this, historyManager, createMessage, server, elicitationHandler);
+        if (server) {
+            this.enhancedEvaluator.setMCPServer(server);
+        }
+    }
+    /**
+     * Perform comprehensive safety evaluation using enhanced evaluator
+     */
+    async evaluateCommandSafetyByEnhancedEvaluator(command, workingDirectory, comment, forceUserConfirm) {
+        if (!this.enhancedConfig.enhanced_mode_enabled) {
+            throw new Error('Enhanced mode is not enabled');
+        }
+        if (!this.enhancedEvaluator) {
+            throw new Error('Enhanced evaluator not initialized');
+        }
+        // Get recent command history for context
+        const history = this.historyManager ? this.historyManager.searchHistory({ limit: 10 }) : [];
+        console.error(`[DEBUG] Enhanced Evaluator - Command: ${command}`);
+        console.error(`[DEBUG] Enhanced Evaluator - History entries: ${history.length}`);
+        console.error(`[DEBUG] Enhanced Evaluator - History commands: ${history.map((h) => h.command).join(', ')}`);
+        return await this.enhancedEvaluator.evaluateCommandSafety(command, workingDirectory, history, comment, forceUserConfirm);
+    }
+}
+//# sourceMappingURL=manager.js.map