@pentoshi/clai 0.6.0 → 0.7.1

package/dist/safety/classifier.d.ts

@@ -1,8 +1,12 @@
 import type { RiskLevel, ToolCall } from "../types.js";
+import { type EngagementScope } from "../store/scope.js";
 export interface RiskDecision {
     level: RiskLevel;
     reason: string;
 }
 export declare function isPrivateIpv4(value: string): boolean;
 export declare function isPentestToolCall(call: ToolCall): boolean;
-export declare function classifyToolCall(call: ToolCall): RiskDecision;
+export interface ClassifyOptions {
+    scope?: EngagementScope | undefined;
+}
+export declare function classifyToolCall(call: ToolCall, options?: ClassifyOptions): RiskDecision;

package/dist/safety/classifier.js

@@ -1,9 +1,23 @@
 import net from "node:net";
-import { destructiveCommandPatterns, exfiltrationPatterns, networkScanTools, readOnlyShellCommands, } from "./patterns.js";
+import { homedir } from "node:os";
+import { resolve } from "node:path";
+import { containsShellMetacharacter, destructiveCommandPatterns, exfiltrationPatterns, isSecretPath, networkScanTools, readOnlyShellCommands, subcommandSafeMap, commandHasMutatingArg, } from "./patterns.js";
+import { isScopeActive, targetInScope, } from "../store/scope.js";
 function stringArg(args, key) {
     const value = args[key];
     return typeof value === "string" ? value : undefined;
 }
+function expandTilde(path) {
+    if (path === "~")
+        return homedir();
+    if (path.startsWith("~/") || path.startsWith("~\\")) {
+        return resolve(homedir(), path.slice(2));
+    }
+    return path;
+}
+function resolveForSecretCheck(path) {
+    return resolve(expandTilde(path));
+}
 export function isPrivateIpv4(value) {
     const candidate = value.split("/")[0] ?? value;
     // Handle hostnames — if it's not an IP, treat it as non-private (domain)
@@ -12,7 +26,10 @@ export function isPrivateIpv4(value) {
     if (net.isIP(candidate) === 6) {
         // IPv6 link-local (fe80::), loopback (::1), ULA (fc00::/7)
         const lower = candidate.toLowerCase();
-        return lower === "::1" || lower.startsWith("fe80:") || lower.startsWith("fc") || lower.startsWith("fd");
+        return (lower === "::1" ||
+            lower.startsWith("fe80:") ||
+            lower.startsWith("fc") ||
+            lower.startsWith("fd"));
     }
     const parts = candidate.split(".").map((part) => Number(part));
     const [a, b] = parts;
@@ -31,50 +48,58 @@ export function isPrivateIpv4(value) {
 function commandContainsNetworkScanner(command) {
     return networkScanTools.some((tool) => new RegExp(`(^|\\s)${tool}(\\s|$)`, "i").test(command));
 }
-function isPrivateTarget(value) {
-    const trimmed = value.trim().replace(/^https?:\/\//i, "");
-    const host = trimmed.split(/[/:?#]/)[0] ?? trimmed;
-    if (!host || host === "localhost" || host.endsWith(".localhost"))
-        return true;
-    if (host === "0.0.0.0")
-        return true;
-    return isPrivateIpv4(host);
-}
-function shellTokens(command) {
-    return command.match(/(?:[^\s"']+|"[^"]*"|'[^']*')+/g)?.map((token) => token.replace(/^["']|["']$/g, "")) ?? [];
-}
-function commandHasOwnershipFlag(command) {
-    return shellTokens(command).includes("--i-own-this");
-}
-function extractNetworkTargets(command) {
-    const targets = new Set();
-    for (const match of command.matchAll(/https?:\/\/[^\s"'`<>]+/gi)) {
-        targets.add(match[0]);
-    }
-    for (const match of command.matchAll(/\b(?:\d{1,3}\.){3}\d{1,3}(?:\/\d{1,2})?\b/g)) {
-        targets.add(match[0]);
+const PRIVATE_TLD_RE = /\.(?:local|internal|lan|home|corp|intranet|test|localdomain)$/i;
+const URL_HOSTNAME_RE = /\bhttps?:\/\/([^\/\s:?#]+)/gi;
+// A bareword domain anchored at a whitespace boundary on the left so we
+// don't pick up file paths like `wordlists/common.txt`. The right side
+// stays at \b so trailing punctuation doesn't trip us up.
+const BARE_HOSTNAME_RE = /(?:^|\s)((?:[A-Za-z0-9](?:[A-Za-z0-9-]{0,61}[A-Za-z0-9])?\.)+[A-Za-z]{2,63})\b/g;
+function extractHostnameTokens(command) {
+    const tokens = [];
+    // First pull host parts out of any URL so https://example.com/FUZZ contributes "example.com"
+    let match;
+    URL_HOSTNAME_RE.lastIndex = 0;
+    while ((match = URL_HOSTNAME_RE.exec(command)) !== null) {
+        if (match[1])
+            tokens.push(match[1].replace(/\[|\]/g, "").split(":")[0]);
     }
-    for (const token of shellTokens(command)) {
-        if (token.startsWith("-") || token.includes("/") || token.includes("="))
-            continue;
-        if (/\.(?:txt|lst|list|json|xml|csv|log|html)$/i.test(token))
-            continue;
-        if (/^[A-Za-z0-9.-]+\.[A-Za-z]{2,}$/.test(token))
-            targets.add(token);
+    // Then capture bare-hostname tokens (eg `nmap example.com`). The leading
+    // boundary stops us picking up `path/to/common.txt` (which would
+    // otherwise look like a domain because of the `.txt` suffix).
+    BARE_HOSTNAME_RE.lastIndex = 0;
+    while ((match = BARE_HOSTNAME_RE.exec(command)) !== null) {
+        if (match[1])
+            tokens.push(match[1]);
     }
-    return [...targets];
+    return tokens;
 }
-function containsPublicTarget(command) {
-    const targets = extractNetworkTargets(command);
-    if (targets.length === 0)
+const FILEY_TLDS = new Set([
+    "txt", "log", "json", "yaml", "yml", "md", "html", "htm", "xml", "csv",
+    "sh", "py", "rb", "rs", "go", "js", "ts", "tsx", "jsx", "css", "scss",
+    "tar", "gz", "zip", "tgz", "pdf", "png", "jpg", "jpeg", "gif", "svg",
+    "exe", "dll", "so", "dylib", "ini", "conf", "lock", "toml", "env",
+]);
+function isPublicHostname(host) {
+    const lower = host.toLowerCase();
+    if (!lower.includes("."))
         return false;
-    return targets.some((target) => !isPrivateTarget(target));
-}
-function hasShellControlSyntax(command) {
-    return /(?:[;&|`<>]|\$\(|\${)/.test(command);
+    if (lower === "localhost" || lower === "localhost.localdomain")
+        return false;
+    if (PRIVATE_TLD_RE.test(lower))
+        return false;
+    // Reject things that look like filenames (common.txt, package.json, etc.)
+    // even when they syntactically resemble a domain.
+    const tld = lower.split(".").pop() ?? "";
+    if (FILEY_TLDS.has(tld))
+        return false;
+    // Must contain at least one alphabetic TLD-like segment to count as a domain
+    return /\.[a-z]{2,63}$/i.test(lower);
 }
-function referencesSecretPath(command) {
-    return /(?:^|\s)(?:~\/)?(?:\.ssh|\.gnupg|\.aws|\.kube|\.docker|\.env\b|id_rsa|id_ed25519|\.npmrc|\.pypirc|\.clai\/keys\.json)/i.test(command);
+function containsPublicTarget(command) {
+    const ips = command.match(/\b(?:\d{1,3}\.){3}\d{1,3}(?:\/\d{1,2})?\b/g) ?? [];
+    if (ips.some((ip) => !isPrivateIpv4(ip)))
+        return true;
+    return extractHostnameTokens(command).some((host) => isPublicHostname(host));
 }
 export function isPentestToolCall(call) {
     if (call.name === "net.scan" || call.name === "pentest.recon")
@@ -84,37 +109,117 @@ export function isPentestToolCall(call) {
     const command = stringArg(call.args, "command") ?? "";
     return commandContainsNetworkScanner(command);
 }
-export function classifyToolCall(call) {
-    if (call.name === "sysinfo" ||
-        call.name === "fs.read" ||
+/**
+ * Pull rough "path-looking" tokens out of a command string. Used so we can
+ * refuse to auto-execute commands that touch known secret paths even when
+ * the base command (cat, head, tail, less, etc.) is otherwise safe.
+ */
+function extractPathLikeTokens(command) {
+    // Match tilde paths, absolute paths, and dotted relative paths.
+    const matches = command.match(/(?:~|\.{1,2}|\/)?[\w./~-]+/g) ?? [];
+    return matches.filter((token) => /[\\/~]/.test(token));
+}
+function commandTouchesSecretPath(command) {
+    return extractPathLikeTokens(command).some((token) => {
+        try {
+            return isSecretPath(resolveForSecretCheck(token));
+        }
+        catch {
+            return false;
+        }
+    });
+}
+/**
+ * Split a command line into [base, subcommand] respecting quotes minimally.
+ * We only need the first two whitespace-delimited tokens.
+ */
+function baseAndSub(command) {
+    const tokens = command.trim().split(/\s+/);
+    const baseRaw = tokens[0] ?? "";
+    const base = baseRaw.replace(/^.*\//, "");
+    const sub = tokens[1];
+    return { base, sub };
+}
+function isReadOnlyBase(base) {
+    return readOnlyShellCommands.has(base);
+}
+function isSafeSubcommand(base, sub) {
+    if (!sub)
+        return false;
+    const allow = subcommandSafeMap[base];
+    if (!allow)
+        return false;
+    // Strip leading `--` so `--list` and `list` both work.
+    return allow.has(sub) || allow.has(sub.replace(/^--/, ""));
+}
+/**
+ * Extract the apparent target from a shell command that contains a scanner.
+ * Used to decide whether the target is covered by the active engagement
+ * scope. Falls back to the trailing token of the command if no obvious
+ * target argument is found.
+ */
+function extractScanTarget(command) {
+    // URL-style targets first (eg `ffuf -u https://example.com/FUZZ`,
+    // `nuclei -u https://example.com`). The hostname is what scope cares about.
+    const urlMatch = /\bhttps?:\/\/([^\/\s:?#]+)/i.exec(command);
+    if (urlMatch?.[1]) {
+        return urlMatch[1].replace(/[\[\]]/g, "").split(":")[0];
+    }
+    const tokens = command.trim().split(/\s+/).filter(Boolean);
+    // Drop the first token (binary) and any leading flags.
+    const args = tokens.slice(1).filter((token) => !token.startsWith("-"));
+    // Many scanners take target as the trailing positional.
+    for (let i = args.length - 1; i >= 0; i -= 1) {
+        const arg = args[i];
+        if (/^[A-Za-z0-9](?:[A-Za-z0-9.-]*[A-Za-z0-9])?$/.test(arg) ||
+            net.isIP(arg) ||
+            /^[0-9./]+$/.test(arg)) {
+            return arg;
+        }
+    }
+    return undefined;
+}
+export function classifyToolCall(call, options = {}) {
+    if (call.name === "fs.read" ||
         call.name === "fs.list" ||
         call.name === "fs.search") {
+        const pathArg = stringArg(call.args, "path");
+        if (pathArg) {
+            try {
+                if (isSecretPath(resolveForSecretCheck(pathArg))) {
+                    return {
+                        level: "block",
+                        reason: "Path is a known secret location and cannot be read by the agent",
+                    };
+                }
+            }
+            catch {
+                // resolve failed — fall through to safe
+            }
+        }
+        return { level: "safe", reason: "Read-only operation" };
+    }
+    if (call.name === "sysinfo") {
         return { level: "safe", reason: "Read-only operation" };
     }
+    if (call.name === "tool.batch") {
+        // The batch handler enforces a hard allowlist of read-only tools and a
+        // capped concurrency. Treat it as safe so batched recon can run without
+        // a per-call confirmation. If the caller smuggles in a non-safe tool,
+        // the handler rejects it.
+        return { level: "safe", reason: "Read-only batch dispatch" };
+    }
     if (call.name === "http.fetch") {
         const method = (stringArg(call.args, "method") ?? "GET").toUpperCase();
-        const url = stringArg(call.args, "url") ?? "";
         if (method !== "GET" && method !== "HEAD") {
             return {
                 level: "confirm",
-                reason: "Non-GET HTTP requests can mutate remote systems",
-            };
-        }
-        if (/169\.254\.169\.254|metadata\.google\.internal/i.test(url)) {
-            return {
-                level: "block",
-                reason: "Cloud metadata endpoints are blocked",
-            };
-        }
-        if (url && isPrivateTarget(url)) {
-            return {
-                level: "confirm",
-                reason: "Fetching local or private network URLs requires confirmation",
+                reason: `HTTP ${method} is mutating and requires confirmation`,
             };
         }
         return {
             level: "safe",
-            reason: "HTTP fetch is read-only with response size limits",
+            reason: "HTTP GET/HEAD is read-only",
         };
     }
     if (call.name === "shell.exec") {
@@ -131,55 +236,90 @@ export function classifyToolCall(call) {
                 reason: "Command resembles secret or data exfiltration",
             };
         }
-        if (referencesSecretPath(command)) {
+        if (commandTouchesSecretPath(command)) {
             return {
-                level: "confirm",
-                reason: "Command references a path that may contain secrets",
+                level: "block",
+                reason: "Command references a known secret path (e.g. ~/.ssh, ~/.clai/keys.json, .env)",
             };
         }
         if (commandContainsNetworkScanner(command) &&
-            containsPublicTarget(command) &&
-            !commandHasOwnershipFlag(command)) {
-            return {
-                level: "block",
-                reason: "Public target scanning requires explicit --i-own-this authorization flag",
-            };
+            containsPublicTarget(command)) {
+            // The legacy `--i-own-this` substring bypass is gone: a malicious target
+            // string could include that flag and trick the agent into running a
+            // public scan. Now the agent must have a configured engagement scope
+            // that explicitly covers the apparent target.
+            const target = extractScanTarget(command);
+            const scopeOk = isScopeActive(options.scope) && target
+                ? targetInScope(target, options.scope)
+                : false;
+            if (!scopeOk) {
+                return {
+                    level: "block",
+                    reason: "Public target scanning requires a configured engagement scope. Run `clai scope new` to authorize specific domains/CIDRs.",
+                };
+            }
         }
         // Pentest scan tools always require confirmation even against private targets
         if (commandContainsNetworkScanner(command)) {
-            return { level: "confirm", reason: "Security scan tool requires confirmation" };
+            return {
+                level: "confirm",
+                reason: "Security scan tool requires confirmation",
+            };
         }
-        // Read-only / info commands are safe to auto-execute
-        const base = command.trim().split(/\s+/)[0]?.replace(/^.*\//, "") ?? "";
-        if (hasShellControlSyntax(command)) {
-            return { level: "confirm", reason: "Shell control syntax requires confirmation" };
+        // Compound commands (pipes, redirects, &&, ||, sudo, command substitution)
+        // always require confirmation because the arguments can mutate state or
+        // exfiltrate data even when the base command is otherwise safe.
+        if (containsShellMetacharacter(command)) {
+            return {
+                level: "confirm",
+                reason: "Compound command (pipes, redirects, &&, ||, sudo, or command substitution) requires confirmation",
+            };
+        }
+        // Mutating-argument patterns (sed -i, awk system(...), find -exec/-delete,
+        // git config --global, npm config set, docker run, kubectl apply, ...).
+        // These bypass the read-only base check because their *arguments* mutate
+        // state or escape into another shell.
+        if (commandHasMutatingArg(command)) {
+            return {
+                level: "confirm",
+                reason: "Command argument mutates state or escapes into another shell (sed -i, awk system(), find -exec/-delete, git config --global, npm config set, docker/kubectl mutators)",
+            };
         }
-        if (readOnlyShellCommands.has(base)) {
+        // Read-only / info commands are safe to auto-execute
+        const { base, sub } = baseAndSub(command);
+        if (isReadOnlyBase(base)) {
             return { level: "safe", reason: "Read-only command" };
         }
+        if (isSafeSubcommand(base, sub)) {
+            return { level: "safe", reason: `Read-only ${base} subcommand` };
+        }
         return { level: "confirm", reason: "Shell commands require confirmation" };
     }
     if (call.name === "net.scan") {
         const target = stringArg(call.args, "target") ?? "";
-        const ownsTarget = call.args.iOwnThis === true || call.args.own === true;
-        if (target && !isPrivateTarget(target) && !ownsTarget) {
-            return {
-                level: "block",
-                reason: "Public target scan requires ownership confirmation",
-            };
+        if (target && !isPrivateIpv4(target)) {
+            const scopeOk = isScopeActive(options.scope) && targetInScope(target, options.scope);
+            if (!scopeOk) {
+                return {
+                    level: "block",
+                    reason: "Public IP scan requires a configured engagement scope covering this target",
+                };
+            }
         }
         return { level: "confirm", reason: "Network scans require confirmation" };
     }
     if (call.name === "pentest.recon") {
         const target = stringArg(call.args, "target") ?? "";
-        const ownsTarget = call.args.iOwnThis === true || call.args.own === true;
-        if (target &&
-            !isPrivateTarget(target) &&
-            !ownsTarget) {
-            return {
-                level: "block",
-                reason: "Public target recon requires ownership confirmation",
-            };
+        const targetHost = target.split("/")[0] ?? target;
+        const isPublic = target && (net.isIP(targetHost) ? !isPrivateIpv4(target) : true);
+        if (isPublic) {
+            const scopeOk = isScopeActive(options.scope) && targetInScope(target, options.scope);
+            if (!scopeOk) {
+                return {
+                    level: "block",
+                    reason: "Public target recon requires a configured engagement scope covering this target",
+                };
+            }
         }
         return {
             level: "confirm",
@@ -187,6 +327,22 @@ export function classifyToolCall(call) {
         };
     }
     if (call.name === "fs.write" || call.name === "pkg.install") {
+        if (call.name === "fs.write") {
+            const pathArg = stringArg(call.args, "path");
+            if (pathArg) {
+                try {
+                    if (isSecretPath(resolveForSecretCheck(pathArg))) {
+                        return {
+                            level: "block",
+                            reason: "Refusing to write to a known secret path",
+                        };
+                    }
+                }
+                catch {
+                    // fall through
+                }
+            }
+        }
         return {
             level: "confirm",
             reason: "Mutating operation requires confirmation",

package/dist/safety/classifier.js.map

@@ -1 +1 @@
-{"version":3,"file":"classifier.js","sourceRoot":"","sources":["../../src/safety/classifier.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,UAAU,CAAC;AAE3B,OAAO,EACL,0BAA0B,EAC1B,oBAAoB,EACpB,gBAAgB,EAChB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AAOvB,SAAS,SAAS,CAChB,IAA6B,EAC7B,GAAW;IAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;IAC/C,yEAAyE;IACzE,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,2DAA2D;QAC3D,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QACtC,OAAO,KAAK,KAAK,KAAK,IAAI,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IAC1G,CAAC;IACD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,6BAA6B,CAAC,OAAe;IACpD,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACpC,IAAI,MAAM,CAAC,UAAU,IAAI,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CACvD,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,KAAa;IACpC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAC;IAC1D,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,OAAO,CAAC;IACnD,IAAI,CAAC,IAAI,IAAI,IAAI,KAAK,WAAW,IAAI,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC;QAAE,OAAO,IAAI,CAAC;IAC9E,IAAI,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,CAAC;IACpC,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC;AAC7B,CAAC;AAED,SAAS,WAAW,CAAC,OAAe;IAClC,OAAO,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CACpE,KAAK,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAClC,IAAI,EAAE,CAAC;AACV,CAAC;AAED,SAAS,uBAAuB,CAAC,OAAe;IAC9C,OAAO,WAAW,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC;AACvD,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAe;IAC5C,MAAM,OAAO,GAAG,IAAI,GAAG,EAAU,CAAC;IAClC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,0BAA0B,CAAC,EAAE,CAAC;QACjE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,QAAQ,CAAC,4CAA4C,CAAC,EAAE,CAAC;QACnF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACxB,CAAC;IACD,KAAK,MAAM,KAAK,IAAI,WAAW,CAAC,OAAO,CAAC,EAAE,CAAC;QACzC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;YAAE,SAAS;QAClF,IAAI,4CAA4C,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,SAAS;QACvE,IAAI,gCAAgC,CAAC,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IACvE,CAAC;IACD,OAAO,CAAC,GAAG,OAAO,CAAC,CAAC;AACtB,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,OAAO,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;IAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC;AAC5D,CAAC;AAED,SAAS,qBAAqB,CAAC,OAAe;IAC5C,OAAO,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,OAAO,wHAAwH,CAAC,IAAI,CAClI,OAAO,CACR,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAc;IAC9C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,KAAK,CAAC;IAC7C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;IACtD,OAAO,6BAA6B,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,IAAc;IAC7C,IACE,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,WAAW,EACzB,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACvE,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1C,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,iDAAiD;aAC1D,CAAC;QACJ,CAAC;QACD,IAAI,gDAAgD,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YAC/D,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,sCAAsC;aAC/C,CAAC;QACJ,CAAC;QACD,IAAI,GAAG,IAAI,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,8DAA8D;aACvE,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,MAAM;YACb,MAAM,EAAE,mDAAmD;SAC5D,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,0BAA0B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACxE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,4CAA4C;aACrD,CAAC;QACJ,CAAC;QACD,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,+CAA+C;aACxD,CAAC;QACJ,CAAC;QACD,IAAI,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,oDAAoD;aAC7D,CAAC;QACJ,CAAC;QACD,IACE,6BAA6B,CAAC,OAAO,CAAC;YACtC,oBAAoB,CAAC,OAAO,CAAC;YAC7B,CAAC,uBAAuB,CAAC,OAAO,CAAC,EACjC,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EACJ,0EAA0E;aAC7E,CAAC;QACJ,CAAC;QACD,8EAA8E;QAC9E,IAAI,6BAA6B,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAC;QAClF,CAAC;QACD,qDAAqD;QACrD,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC;QACxE,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;QACpF,CAAC;QACD,IAAI,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACxD,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC;QACzE,IAAI,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC;YACtD,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,oDAAoD;aAC7D,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,KAAK,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC;QACzE,IACE,MAAM;YACN,CAAC,eAAe,CAAC,MAAM,CAAC;YACxB,CAAC,UAAU,EACX,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,qDAAqD;aAC9D,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EACJ,uEAAuE;SAC1E,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAC5D,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,0CAA0C;SACnD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;AAC5E,CAAC"}
+{"version":3,"file":"classifier.js","sourceRoot":"","sources":["../../src/safety/classifier.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,UAAU,CAAC;AAC3B,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EACL,0BAA0B,EAC1B,0BAA0B,EAC1B,oBAAoB,EACpB,YAAY,EACZ,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,aAAa,EACb,aAAa,GAEd,MAAM,mBAAmB,CAAC;AAO3B,SAAS,SAAS,CAChB,IAA6B,EAC7B,GAAW;IAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,OAAO,EAAE,CAAC;IACnC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,OAAO,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;IAC/C,yEAAyE;IACzE,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,2DAA2D;QAC3D,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QACtC,OAAO,CACL,KAAK,KAAK,KAAK;YACf,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;YACzB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;YACtB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CACvB,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,6BAA6B,CAAC,OAAe;IACpD,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACpC,IAAI,MAAM,CAAC,UAAU,IAAI,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CACvD,CAAC;AACJ,CAAC;AAED,MAAM,cAAc,GAAG,gEAAgE,CAAC;AACxF,MAAM,eAAe,GAAG,8BAA8B,CAAC;AACvD,wEAAwE;AACxE,uEAAuE;AACvE,0DAA0D;AAC1D,MAAM,gBAAgB,GACpB,iFAAiF,CAAC;AAEpF,SAAS,qBAAqB,CAAC,OAAe;IAC5C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,6FAA6F;IAC7F,IAAI,KAA6B,CAAC;IAClC,eAAe,CAAC,SAAS,GAAG,CAAC,CAAC;IAC9B,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACxD,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAC3E,CAAC;IACD,yEAAyE;IACzE,iEAAiE;IACjE,8DAA8D;IAC9D,gBAAgB,CAAC,SAAS,GAAG,CAAC,CAAC;IAC/B,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;IACzB,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IACtE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM;IACrE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;IACpE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK;CAClE,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,IAAI,KAAK,KAAK,WAAW,IAAI,KAAK,KAAK,uBAAuB;QAAE,OAAO,KAAK,CAAC;IAC7E,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,0EAA0E;IAC1E,kDAAkD;IAClD,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;IACzC,IAAI,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,6EAA6E;IAC7E,OAAO,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,IAAI,EAAE,CAAC;IAC9E,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACtD,OAAO,qBAAqB,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAc;IAC9C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,KAAK,CAAC;IAC7C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;IACtD,OAAO,6BAA6B,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,OAAe;IAC5C,gEAAgE;IAChE,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,IAAI,EAAE,CAAC;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAe;IAC/C,OAAO,qBAAqB,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;QACnD,IAAI,CAAC;YACH,OAAO,YAAY,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,OAAe;IAIjC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AACvB,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY,EAAE,GAAuB;IAC7D,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,uDAAuD;IACvD,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC;AAMD;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,OAAe;IACxC,kEAAkE;IAClE,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7D,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClB,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3D,uDAAuD;IACvD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACvE,wDAAwD;IACxD,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;QACrB,IACE,6CAA6C,CAAC,IAAI,CAAC,GAAG,CAAC;YACvD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC;YACb,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EACtB,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,IAAc,EACd,UAA2B,EAAE;IAE7B,IACE,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,WAAW,EACzB,CAAC;QACD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,IAAI,YAAY,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;oBACjD,OAAO;wBACL,KAAK,EAAE,OAAO;wBACd,MAAM,EACJ,iEAAiE;qBACpE,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,wCAAwC;YAC1C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5B,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,uEAAuE;QACvE,wEAAwE;QACxE,sEAAsE;QACtE,0BAA0B;QAC1B,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;IAC/D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACvE,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1C,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,QAAQ,MAAM,wCAAwC;aAC/D,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,MAAM;YACb,MAAM,EAAE,4BAA4B;SACrC,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,0BAA0B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACxE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,4CAA4C;aACrD,CAAC;QACJ,CAAC;QACD,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,+CAA+C;aACxD,CAAC;QACJ,CAAC;QACD,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YACtC,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EACJ,+EAA+E;aAClF,CAAC;QACJ,CAAC;QACD,IACE,6BAA6B,CAAC,OAAO,CAAC;YACtC,oBAAoB,CAAC,OAAO,CAAC,EAC7B,CAAC;YACD,yEAAyE;YACzE,oEAAoE;YACpE,qEAAqE;YACrE,8CAA8C;YAC9C,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,OAAO,GACX,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,MAAM;gBACpC,CAAC,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,KAAM,CAAC;gBACvC,CAAC,CAAC,KAAK,CAAC;YACZ,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO;oBACL,KAAK,EAAE,OAAO;oBACd,MAAM,EACJ,0HAA0H;iBAC7H,CAAC;YACJ,CAAC;QACH,CAAC;QACD,8EAA8E;QAC9E,IAAI,6BAA6B,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3C,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,0CAA0C;aACnD,CAAC;QACJ,CAAC;QACD,2EAA2E;QAC3E,wEAAwE;QACxE,gEAAgE;QAChE,IAAI,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;YACxC,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EACJ,kGAAkG;aACrG,CAAC;QACJ,CAAC;QACD,2EAA2E;QAC3E,wEAAwE;QACxE,yEAAyE;QACzE,sCAAsC;QACtC,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EACJ,uKAAuK;aAC1K,CAAC;QACJ,CAAC;QACD,qDAAqD;QACrD,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACxD,CAAC;QACD,IAAI,gBAAgB,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,IAAI,aAAa,EAAE,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,IAAI,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;YACrC,MAAM,OAAO,GACX,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,KAAM,CAAC,CAAC;YACxE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO;oBACL,KAAK,EAAE,OAAO;oBACd,MAAM,EACJ,4EAA4E;iBAC/E,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;QAClD,MAAM,QAAQ,GACZ,MAAM,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QACnE,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,OAAO,GACX,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,KAAM,CAAC,CAAC;YACxE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO;oBACL,KAAK,EAAE,OAAO;oBACd,MAAM,EACJ,iFAAiF;iBACpF,CAAC;YACJ,CAAC;QACH,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EACJ,uEAAuE;SAC1E,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAC5D,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAC7C,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC;oBACH,IAAI,YAAY,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;wBACjD,OAAO;4BACL,KAAK,EAAE,OAAO;4BACd,MAAM,EAAE,0CAA0C;yBACnD,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,eAAe;gBACjB,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,0CAA0C;SACnD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;AAC5E,CAAC"}

package/dist/safety/patterns.d.ts

@@ -1,5 +1,52 @@
 export declare const destructiveCommandPatterns: RegExp[];
 export declare const exfiltrationPatterns: RegExp[];
 export declare const networkScanTools: string[];
-/** Read-only commands that are safe to auto-execute without user confirmation */
+/**
+ * Commands that never mutate state and never expose secrets through their
+ * default arguments. Powerful commands whose arguments can leak data
+ * (cat, env, python, node, git, npm, pip, tee, xargs, curl, wget) are
+ * intentionally NOT here — they fall through to `subcommandSafeMap` or
+ * to the metacharacter-aware confirm path in classifier.ts.
+ */
 export declare const readOnlyShellCommands: Set<string>;
+/**
+ * Subcommand allowlist for powerful CLIs. The classifier treats
+ * `<cmd> <subcmd> …` as safe iff `subcommandSafeMap[cmd]` contains
+ * `subcmd`. Anything else falls through to confirm.
+ *
+ * `config` is intentionally NOT here for git/npm/pnpm/yarn — `git config
+ * --global ...` and `npm config set ...` mutate user-level state and
+ * should always confirm. Read-only forms (`git config --get foo`,
+ * `npm config get registry`) are caught by `mutatingArgPatterns` below
+ * so they can still auto-execute when the args are clearly read-only.
+ */
+export declare const subcommandSafeMap: Record<string, Set<string>>;
+/**
+ * Patterns that move an otherwise-safe-looking command into the
+ * confirm bucket because their arguments mutate state, exfiltrate
+ * data, or escape into another shell:
+ *   - `sed -i …`            in-place file rewrite
+ *   - `awk … system(...)`   shell-out via awk's system()
+ *   - `awk … |getline …`    arbitrary command via getline
+ *   - `find … -exec …`      run arbitrary commands
+ *   - `find … -delete`      delete matched files
+ *   - `git config --global` / `git config --system` write user/system git config
+ *   - `npm config set …`    persist npm/yarn/pnpm config
+ *   - `<cmd> --output-document=…` / `-o …` for fetchers (curl/wget) when
+ *     not GET — handled separately, but pattern caught here for safety
+ */
+export declare const mutatingArgPatterns: RegExp[];
+export declare function commandHasMutatingArg(command: string): boolean;
+/**
+ * Paths that should never be read by an agent without explicit confirmation.
+ * Matched against the resolved (tilde-expanded) absolute path of any tool
+ * that takes a `path` argument, AND against shell command strings for
+ * `cat`/`less`/`more`/`head`/`tail`/`view`/`bat`.
+ */
+export declare const secretPathPatterns: RegExp[];
+/**
+ * Returns true if `path` (already resolved to an absolute path) points at
+ * a known secret location.
+ */
+export declare function isSecretPath(path: string): boolean;
+export declare function containsShellMetacharacter(command: string): boolean;