@melihmucuk/leash 1.0.6 → 1.0.8

package/dist/claude-code/leash.js

@@ -143,6 +143,27 @@ var CommandAnalyzer = class {
     const expanded = this.pathValidator.expand(path);
     return resolveBase ? resolve2(resolveBase, expanded) : expanded;
   }
+  /**
+   * Strip heredoc content from command before analyzing redirects.
+   * Handles: <<EOF, <<'EOF', <<"EOF", <<-EOF
+   */
+  stripHeredocs(command) {
+    const heredocStart = /<<-?\s*(['"]?)(\w+)\1/g;
+    let result = command;
+    let match;
+    while ((match = heredocStart.exec(command)) !== null) {
+      const delimiter = match[2];
+      const endPattern = new RegExp(`\\n\\t*${delimiter}\\s*(?:\\n|$)`);
+      const startIndex = match.index;
+      const contentAfterStart = command.slice(match.index + match[0].length);
+      const endMatch = endPattern.exec(contentAfterStart);
+      if (endMatch) {
+        const endIndex = match.index + match[0].length + endMatch.index + endMatch[0].length;
+        result = result.slice(0, startIndex) + result.slice(endIndex);
+      }
+    }
+    return result;
+  }
   isPathAllowed(path, allowDevicePaths, resolveBase) {
     const resolved = this.resolvePath(path, resolveBase);
     if (this.pathValidator.isWithinWorkingDir(resolved)) return true;
@@ -269,7 +290,8 @@ var CommandAnalyzer = class {
     return commands;
   }
   checkRedirects(command) {
-    const matches = command.matchAll(REDIRECT_PATTERN);
+    const strippedCommand = this.stripHeredocs(command);
+    const matches = strippedCommand.matchAll(REDIRECT_PATTERN);
     for (const match of matches) {
       const path = match[1] || match[2] || match[3];
       if (!path || path.startsWith("&")) {
@@ -325,7 +347,11 @@ var CommandAnalyzer = class {
             reason: `Command "${name}" targets path outside working directory: ${path}`
           };
         }
-        const result = this.checkProtectedPath(path, `Command "${name}"`, resolveBase);
+        const result = this.checkProtectedPath(
+          path,
+          `Command "${name}"`,
+          resolveBase
+        );
         if (result.blocked) return result;
       }
     }
@@ -337,7 +363,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "cp"', resolveBase);
@@ -349,7 +378,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "dd"', resolveBase);
@@ -361,7 +393,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     const destResult = this.checkProtectedPath(
@@ -374,7 +409,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(source, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(source, resolveBase)}`
+          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+            source,
+            resolveBase
+          )}`
         };
       }
       const sourceResult = this.checkProtectedPath(
@@ -391,7 +429,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(
@@ -409,7 +450,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, allowDevicePaths, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(

package/dist/factory/leash.js

@@ -143,6 +143,27 @@ var CommandAnalyzer = class {
     const expanded = this.pathValidator.expand(path);
     return resolveBase ? resolve2(resolveBase, expanded) : expanded;
   }
+  /**
+   * Strip heredoc content from command before analyzing redirects.
+   * Handles: <<EOF, <<'EOF', <<"EOF", <<-EOF
+   */
+  stripHeredocs(command) {
+    const heredocStart = /<<-?\s*(['"]?)(\w+)\1/g;
+    let result = command;
+    let match;
+    while ((match = heredocStart.exec(command)) !== null) {
+      const delimiter = match[2];
+      const endPattern = new RegExp(`\\n\\t*${delimiter}\\s*(?:\\n|$)`);
+      const startIndex = match.index;
+      const contentAfterStart = command.slice(match.index + match[0].length);
+      const endMatch = endPattern.exec(contentAfterStart);
+      if (endMatch) {
+        const endIndex = match.index + match[0].length + endMatch.index + endMatch[0].length;
+        result = result.slice(0, startIndex) + result.slice(endIndex);
+      }
+    }
+    return result;
+  }
   isPathAllowed(path, allowDevicePaths, resolveBase) {
     const resolved = this.resolvePath(path, resolveBase);
     if (this.pathValidator.isWithinWorkingDir(resolved)) return true;
@@ -269,7 +290,8 @@ var CommandAnalyzer = class {
     return commands;
   }
   checkRedirects(command) {
-    const matches = command.matchAll(REDIRECT_PATTERN);
+    const strippedCommand = this.stripHeredocs(command);
+    const matches = strippedCommand.matchAll(REDIRECT_PATTERN);
     for (const match of matches) {
       const path = match[1] || match[2] || match[3];
       if (!path || path.startsWith("&")) {
@@ -325,7 +347,11 @@ var CommandAnalyzer = class {
             reason: `Command "${name}" targets path outside working directory: ${path}`
           };
         }
-        const result = this.checkProtectedPath(path, `Command "${name}"`, resolveBase);
+        const result = this.checkProtectedPath(
+          path,
+          `Command "${name}"`,
+          resolveBase
+        );
         if (result.blocked) return result;
       }
     }
@@ -337,7 +363,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "cp"', resolveBase);
@@ -349,7 +378,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "dd"', resolveBase);
@@ -361,7 +393,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     const destResult = this.checkProtectedPath(
@@ -374,7 +409,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(source, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(source, resolveBase)}`
+          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+            source,
+            resolveBase
+          )}`
         };
       }
       const sourceResult = this.checkProtectedPath(
@@ -391,7 +429,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(
@@ -409,7 +450,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, allowDevicePaths, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(

package/dist/opencode/leash.js

@@ -141,6 +141,27 @@ var CommandAnalyzer = class {
     const expanded = this.pathValidator.expand(path);
     return resolveBase ? resolve2(resolveBase, expanded) : expanded;
   }
+  /**
+   * Strip heredoc content from command before analyzing redirects.
+   * Handles: <<EOF, <<'EOF', <<"EOF", <<-EOF
+   */
+  stripHeredocs(command) {
+    const heredocStart = /<<-?\s*(['"]?)(\w+)\1/g;
+    let result = command;
+    let match;
+    while ((match = heredocStart.exec(command)) !== null) {
+      const delimiter = match[2];
+      const endPattern = new RegExp(`\\n\\t*${delimiter}\\s*(?:\\n|$)`);
+      const startIndex = match.index;
+      const contentAfterStart = command.slice(match.index + match[0].length);
+      const endMatch = endPattern.exec(contentAfterStart);
+      if (endMatch) {
+        const endIndex = match.index + match[0].length + endMatch.index + endMatch[0].length;
+        result = result.slice(0, startIndex) + result.slice(endIndex);
+      }
+    }
+    return result;
+  }
   isPathAllowed(path, allowDevicePaths, resolveBase) {
     const resolved = this.resolvePath(path, resolveBase);
     if (this.pathValidator.isWithinWorkingDir(resolved)) return true;
@@ -267,7 +288,8 @@ var CommandAnalyzer = class {
     return commands;
   }
   checkRedirects(command) {
-    const matches = command.matchAll(REDIRECT_PATTERN);
+    const strippedCommand = this.stripHeredocs(command);
+    const matches = strippedCommand.matchAll(REDIRECT_PATTERN);
     for (const match of matches) {
       const path = match[1] || match[2] || match[3];
       if (!path || path.startsWith("&")) {
@@ -323,7 +345,11 @@ var CommandAnalyzer = class {
             reason: `Command "${name}" targets path outside working directory: ${path}`
           };
         }
-        const result = this.checkProtectedPath(path, `Command "${name}"`, resolveBase);
+        const result = this.checkProtectedPath(
+          path,
+          `Command "${name}"`,
+          resolveBase
+        );
         if (result.blocked) return result;
       }
     }
@@ -335,7 +361,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "cp"', resolveBase);
@@ -347,7 +376,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "dd"', resolveBase);
@@ -359,7 +391,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     const destResult = this.checkProtectedPath(
@@ -372,7 +407,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(source, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(source, resolveBase)}`
+          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+            source,
+            resolveBase
+          )}`
         };
       }
       const sourceResult = this.checkProtectedPath(
@@ -389,7 +427,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(
@@ -407,7 +448,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, allowDevicePaths, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(

package/dist/pi/leash.js

@@ -141,6 +141,27 @@ var CommandAnalyzer = class {
     const expanded = this.pathValidator.expand(path);
     return resolveBase ? resolve2(resolveBase, expanded) : expanded;
   }
+  /**
+   * Strip heredoc content from command before analyzing redirects.
+   * Handles: <<EOF, <<'EOF', <<"EOF", <<-EOF
+   */
+  stripHeredocs(command) {
+    const heredocStart = /<<-?\s*(['"]?)(\w+)\1/g;
+    let result = command;
+    let match;
+    while ((match = heredocStart.exec(command)) !== null) {
+      const delimiter = match[2];
+      const endPattern = new RegExp(`\\n\\t*${delimiter}\\s*(?:\\n|$)`);
+      const startIndex = match.index;
+      const contentAfterStart = command.slice(match.index + match[0].length);
+      const endMatch = endPattern.exec(contentAfterStart);
+      if (endMatch) {
+        const endIndex = match.index + match[0].length + endMatch.index + endMatch[0].length;
+        result = result.slice(0, startIndex) + result.slice(endIndex);
+      }
+    }
+    return result;
+  }
   isPathAllowed(path, allowDevicePaths, resolveBase) {
     const resolved = this.resolvePath(path, resolveBase);
     if (this.pathValidator.isWithinWorkingDir(resolved)) return true;
@@ -267,7 +288,8 @@ var CommandAnalyzer = class {
     return commands;
   }
   checkRedirects(command) {
-    const matches = command.matchAll(REDIRECT_PATTERN);
+    const strippedCommand = this.stripHeredocs(command);
+    const matches = strippedCommand.matchAll(REDIRECT_PATTERN);
     for (const match of matches) {
       const path = match[1] || match[2] || match[3];
       if (!path || path.startsWith("&")) {
@@ -323,7 +345,11 @@ var CommandAnalyzer = class {
             reason: `Command "${name}" targets path outside working directory: ${path}`
           };
         }
-        const result = this.checkProtectedPath(path, `Command "${name}"`, resolveBase);
+        const result = this.checkProtectedPath(
+          path,
+          `Command "${name}"`,
+          resolveBase
+        );
         if (result.blocked) return result;
       }
     }
@@ -335,7 +361,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "cp" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "cp"', resolveBase);
@@ -347,7 +376,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "dd" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     return this.checkProtectedPath(dest, 'Command "dd"', resolveBase);
@@ -359,7 +391,10 @@ var CommandAnalyzer = class {
     if (!this.isPathAllowed(dest, true, resolveBase)) {
       return {
         blocked: true,
-        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(dest, resolveBase)}`
+        reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+          dest,
+          resolveBase
+        )}`
       };
     }
     const destResult = this.checkProtectedPath(
@@ -372,7 +407,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(source, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(source, resolveBase)}`
+          reason: `Command "mv" targets path outside working directory: ${this.resolvePath(
+            source,
+            resolveBase
+          )}`
         };
       }
       const sourceResult = this.checkProtectedPath(
@@ -389,7 +427,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, false, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(
@@ -407,7 +448,10 @@ var CommandAnalyzer = class {
       if (!this.isPathAllowed(path, allowDevicePaths, resolveBase)) {
         return {
           blocked: true,
-          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(path, resolveBase)}`
+          reason: `Command "${baseCmd}" targets path outside working directory: ${this.resolvePath(
+            path,
+            resolveBase
+          )}`
         };
       }
       const result = this.checkProtectedPath(
@@ -522,17 +566,15 @@ async function checkForUpdates() {
 // packages/pi/leash.ts
 function leash_default(pi) {
   let analyzer = null;
-  pi.on("session", async (event, ctx) => {
-    if (event.reason === "start") {
-      analyzer = new CommandAnalyzer(ctx.cwd);
-      ctx.ui.notify("\u{1F512} Leash active", "info");
-      const update = await checkForUpdates();
-      if (update.hasUpdate) {
-        ctx.ui.notify(
-          `\u{1F504} Leash ${update.latestVersion} available. Run: leash --update (restart required)`,
-          "warning"
-        );
-      }
+  pi.on("session_start", async (_event, ctx) => {
+    analyzer = new CommandAnalyzer(ctx.cwd);
+    ctx.ui.notify("\u{1F512} Leash active", "info");
+    const update = await checkForUpdates();
+    if (update.hasUpdate) {
+      ctx.ui.notify(
+        `\u{1F504} Leash ${update.latestVersion} available. Run: leash --update (restart required)`,
+        "warning"
+      );
     }
   });
   pi.on("tool_call", async (event, ctx) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@melihmucuk/leash",
-  "version": "1.0.6",
+  "version": "1.0.8",
   "type": "module",
   "description": "Security guardrails for AI coding agents",
   "bin": {
@@ -49,8 +49,8 @@
     "build:factory": "esbuild packages/factory/leash.ts --bundle --outfile=dist/factory/leash.js --platform=node --format=esm"
   },
   "devDependencies": {
-    "@mariozechner/pi-coding-agent": "^0.27.2",
-    "@opencode-ai/plugin": "^1.0.191",
+    "@mariozechner/pi-coding-agent": "^0.31.0",
+    "@opencode-ai/plugin": "^1.0.224",
     "@types/node": "^22.19.3",
     "esbuild": "^0.27.2",
     "typescript": "^5.9.3"