@pentoshi/clai 0.8.2 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. package/dist/agent/loop-guard.d.ts +43 -0
  2. package/dist/agent/loop-guard.js +75 -0
  3. package/dist/agent/loop-guard.js.map +1 -0
  4. package/dist/agent/progress.d.ts +14 -0
  5. package/dist/agent/progress.js +112 -0
  6. package/dist/agent/progress.js.map +1 -0
  7. package/dist/agent/runner.js +57 -9
  8. package/dist/agent/runner.js.map +1 -1
  9. package/dist/agent/task-analyzer.d.ts +13 -0
  10. package/dist/agent/task-analyzer.js +158 -0
  11. package/dist/agent/task-analyzer.js.map +1 -0
  12. package/dist/agent/task-plan.d.ts +37 -0
  13. package/dist/agent/task-plan.js +98 -0
  14. package/dist/agent/task-plan.js.map +1 -0
  15. package/dist/prompts/index.d.ts +1 -1
  16. package/dist/prompts/index.js +20 -1
  17. package/dist/prompts/index.js.map +1 -1
  18. package/dist/safety/classifier.js +64 -0
  19. package/dist/safety/classifier.js.map +1 -1
  20. package/dist/safety/path-permissions.d.ts +14 -0
  21. package/dist/safety/path-permissions.js +43 -0
  22. package/dist/safety/path-permissions.js.map +1 -0
  23. package/dist/tools/capabilities.d.ts +11 -0
  24. package/dist/tools/capabilities.js +136 -0
  25. package/dist/tools/capabilities.js.map +1 -0
  26. package/dist/tools/command-intent.d.ts +11 -0
  27. package/dist/tools/command-intent.js +61 -0
  28. package/dist/tools/command-intent.js.map +1 -0
  29. package/dist/tools/fs.d.ts +10 -0
  30. package/dist/tools/fs.js +73 -2
  31. package/dist/tools/fs.js.map +1 -1
  32. package/dist/tools/jobs.d.ts +28 -0
  33. package/dist/tools/jobs.js +161 -0
  34. package/dist/tools/jobs.js.map +1 -0
  35. package/dist/tools/net-ping-sweep.d.ts +24 -0
  36. package/dist/tools/net-ping-sweep.js +205 -0
  37. package/dist/tools/net-ping-sweep.js.map +1 -0
  38. package/dist/tools/network-context.d.ts +26 -0
  39. package/dist/tools/network-context.js +138 -0
  40. package/dist/tools/network-context.js.map +1 -0
  41. package/dist/tools/registry.js +43 -1
  42. package/dist/tools/registry.js.map +1 -1
  43. package/dist/tools/shell.js +3 -3
  44. package/dist/tools/shell.js.map +1 -1
  45. package/dist/ui/task-pane.d.ts +17 -0
  46. package/dist/ui/task-pane.js +80 -0
  47. package/dist/ui/task-pane.js.map +1 -0
  48. package/package.json +1 -1
package/dist/agent/task-analyzer.js ADDED
@@ -0,0 +1,158 @@
1
+ import { createPlanStep, } from "./task-plan.js";
2
+ /* ── Pattern groups ──────────────────────────────────────────────────── */
3
+ const SIMPLE_PATTERNS = [
4
+ // Trivial shell info
5
+ { pattern: /^\s*(whoami|hostname|uname|uptime|date|id|arch|sw_vers|pwd)\s*$/i, kind: "shell", tools: ["shell.exec"] },
6
+ // Read a file
7
+ { pattern: /\b(read|cat|show|display|view|print|open)\b.*\b(file|contents?|config)\b/i, kind: "filesystem", tools: ["fs.read"] },
8
+ // List a directory
9
+ { pattern: /\b(list|ls|dir)\b.*\b(files?|dir|folder|directory)\b/i, kind: "filesystem", tools: ["fs.list"] },
10
+ // Single DNS lookup
11
+ { pattern: /\b(MX|AAAA|A\s+record|TXT\s+record|NS\s+record|nameserver|CNAME|SOA|PTR|SRV|CAA)\b.*\b(for|of)\b/i, kind: "dns", tools: ["dns.lookup"] },
12
+ { pattern: /\b(dns|resolve|lookup)\b.*\b(for|of)\b/i, kind: "dns", tools: ["dns.lookup"] },
13
+ // Single whois
14
+ { pattern: /\b(who\s+registered|whois|registrar|domain\s+info|who\s+owns)\b/i, kind: "whois", tools: ["whois.lookup"] },
15
+ // Simple shell commands
16
+ { pattern: /\b(my\s+ip|public\s+ip|what\s+is\s+my\s+ip)\b/i, kind: "shell", tools: ["shell.exec"] },
17
+ { pattern: /\b(disk\s+space|free\s+space|storage)\b/i, kind: "shell", tools: ["shell.exec"] },
18
+ { pattern: /\b(running\s+processes|process\s+list|ps\s+aux)\b/i, kind: "shell", tools: ["shell.exec"] },
19
+ { pattern: /\b(system\s+info|os\s+info|machine\s+info)\b/i, kind: "answer", tools: ["sysinfo"] },
20
+ ];
21
+ const STANDARD_PATTERNS = [
22
+ // Network discovery
23
+ { pattern: /\b(my\s+network|local\s+network|LAN|home\s+network)\b/i, kind: "network-discovery", tools: ["net.context", "net.pingSweep"] },
24
+ { pattern: /\b(ping\s+sweep|active\s+devices|live\s+hosts)\b/i, kind: "network-discovery", tools: ["net.context", "net.pingSweep"] },
25
+ { pattern: /\bscan\b.*\b(network|subnet|devices|hosts)\b/i, kind: "network-discovery", tools: ["net.context", "net.pingSweep"] },
26
+ // Single port scan
27
+ { pattern: /\b(port\s+scan|scan\s+ports?|open\s+ports?|nmap)\b/i, kind: "pentest-recon", tools: ["net.scan"] },
28
+ // File editing
29
+ { pattern: /\b(edit|modify|change|update|replace|patch)\b.*\b(file|config|line|text|content)\b/i, kind: "filesystem", tools: ["fs.read", "fs.edit", "fs.write"] },
30
+ // File search
31
+ { pattern: /\b(search|find|grep|look\s+for)\b.*\b(in\s+files?|across|directory|codebase|project)\b/i, kind: "filesystem", tools: ["fs.search"] },
32
+ // Package install
33
+ { pattern: /\b(install|setup|configure)\b.*\b(tool|package|program|software|command)\b/i, kind: "package", tools: ["pkg.install"] },
34
+ // Directory scan (web)
35
+ { pattern: /\b(directory|dir)\s+(scan|brute|fuzz|enum)/i, kind: "web-enum", tools: ["shell.exec"] },
36
+ // File deletion
37
+ { pattern: /\b(delete|remove|rm)\b.*\b(file|directory|folder)\b/i, kind: "filesystem", tools: ["fs.delete"] },
38
+ ];
39
+ const COMPLEX_PATTERNS = [
40
+ { pattern: /\b(full\s+recon|reconnaissance|enumerate\s+all|pentest|penetration\s+test)\b/i, kind: "pentest-recon", tools: ["pentest.recon", "net.scan", "shell.exec"] },
41
+ { pattern: /\b(vuln|vulnerability)\s*(scan|assessment|check)\b/i, kind: "pentest-recon", tools: ["net.scan", "shell.exec"] },
42
+ { pattern: /\b(exploit|payload|reverse\s+shell|privilege\s+escalation)\b/i, kind: "pentest-recon", tools: ["shell.exec"] },
43
+ { pattern: /\b(web\s+app\s+scan|nikto|burp|sql\s*injection|xss)\b/i, kind: "web-enum", tools: ["shell.exec", "http.fetch"] },
44
+ { pattern: /\b(subdomain)\s*(enum|find|discover|scan)\b/i, kind: "web-enum", tools: ["shell.exec"] },
45
+ ];
46
+ function matchPatterns(prompt, patterns) {
47
+ for (const entry of patterns) {
48
+ if (entry.pattern.test(prompt)) {
49
+ return { kind: entry.kind, tools: entry.tools };
50
+ }
51
+ }
52
+ return undefined;
53
+ }
54
+ function buildSteps(kind, prompt) {
55
+ switch (kind) {
56
+ case "network-discovery":
57
+ return [
58
+ createPlanStep("Detect local network interfaces", "network-discovery", { toolHint: "net.context", required: true }),
59
+ createPlanStep("Sweep for active devices", "network-discovery", { toolHint: "net.pingSweep", required: true }),
60
+ createPlanStep("Summarize discovered hosts", "answer", { required: true }),
61
+ ];
62
+ case "pentest-recon":
63
+ if (/full\s+recon|reconnaissance|enumerate\s+all/i.test(prompt)) {
64
+ return [
65
+ createPlanStep("Whois lookup", "whois", { toolHint: "whois.lookup" }),
66
+ createPlanStep("DNS enumeration", "dns", { toolHint: "dns.lookup" }),
67
+ createPlanStep("Port scan", "pentest-recon", { toolHint: "net.scan" }),
68
+ createPlanStep("Service version detection", "pentest-recon", { toolHint: "net.scan" }),
69
+ createPlanStep("Summarize findings", "answer", { required: true }),
70
+ ];
71
+ }
72
+ return [
73
+ createPlanStep("Port scan", "pentest-recon", { toolHint: "net.scan" }),
74
+ createPlanStep("Report findings", "answer", { required: true }),
75
+ ];
76
+ case "filesystem":
77
+ if (/edit|modify|change|update|replace/i.test(prompt)) {
78
+ return [
79
+ createPlanStep("Read current file contents", "filesystem", { toolHint: "fs.read", required: true }),
80
+ createPlanStep("Apply edit", "filesystem", { toolHint: "fs.edit", required: true }),
81
+ createPlanStep("Verify changes", "filesystem", { toolHint: "fs.read" }),
82
+ ];
83
+ }
84
+ if (/delete|remove/i.test(prompt)) {
85
+ return [
86
+ createPlanStep("Confirm target exists", "filesystem", { toolHint: "fs.list", required: true }),
87
+ createPlanStep("Delete target", "filesystem", { toolHint: "fs.delete", required: true }),
88
+ ];
89
+ }
90
+ return [];
91
+ case "web-enum":
92
+ return [
93
+ createPlanStep("Locate wordlist", "shell", { toolHint: "shell.exec" }),
94
+ createPlanStep("Run enumeration scan", "web-enum", { toolHint: "shell.exec", required: true }),
95
+ createPlanStep("Report discovered paths", "answer", { required: true }),
96
+ ];
97
+ default:
98
+ return [];
99
+ }
100
+ }
101
+ export function analyzeTask(prompt) {
102
+ // Try complex first (most specific), then standard, then simple
103
+ const complex = matchPatterns(prompt, COMPLEX_PATTERNS);
104
+ if (complex) {
105
+ return {
106
+ complexity: "complex",
107
+ shouldPlan: true,
108
+ category: complex.kind,
109
+ goal: prompt.slice(0, 100),
110
+ needsNetworkContext: complex.kind === "network-discovery",
111
+ needsToolPreflight: true,
112
+ likelyTools: complex.tools,
113
+ stopWhen: "All enumeration steps complete and findings summarized",
114
+ suggestedSteps: buildSteps(complex.kind, prompt),
115
+ };
116
+ }
117
+ const standard = matchPatterns(prompt, STANDARD_PATTERNS);
118
+ if (standard) {
119
+ return {
120
+ complexity: "standard",
121
+ shouldPlan: true,
122
+ category: standard.kind,
123
+ goal: prompt.slice(0, 100),
124
+ needsNetworkContext: standard.kind === "network-discovery",
125
+ needsToolPreflight: standard.tools.some((t) => t !== "shell.exec" && t !== "fs.read" && t !== "fs.list"),
126
+ likelyTools: standard.tools,
127
+ stopWhen: "Task complete and results reported",
128
+ suggestedSteps: buildSteps(standard.kind, prompt),
129
+ };
130
+ }
131
+ const simple = matchPatterns(prompt, SIMPLE_PATTERNS);
132
+ if (simple) {
133
+ return {
134
+ complexity: "simple",
135
+ shouldPlan: false,
136
+ category: simple.kind,
137
+ goal: prompt.slice(0, 100),
138
+ needsNetworkContext: false,
139
+ needsToolPreflight: false,
140
+ likelyTools: simple.tools,
141
+ stopWhen: "Answer delivered",
142
+ suggestedSteps: [],
143
+ };
144
+ }
145
+ // Fallback: unknown → treat as standard, let model decide
146
+ return {
147
+ complexity: "standard",
148
+ shouldPlan: false,
149
+ category: "other",
150
+ goal: prompt.slice(0, 100),
151
+ needsNetworkContext: false,
152
+ needsToolPreflight: false,
153
+ likelyTools: ["shell.exec"],
154
+ stopWhen: "Task complete",
155
+ suggestedSteps: [],
156
+ };
157
+ }
158
+ //# sourceMappingURL=task-analyzer.js.map
package/dist/agent/task-analyzer.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"task-analyzer.js","sourceRoot":"","sources":["../../src/agent/task-analyzer.ts"],"names":[],"mappings":"AAAA,OAAO,EAIL,cAAc,GACf,MAAM,gBAAgB,CAAC;AAcxB,4EAA4E;AAE5E,MAAM,eAAe,GAAgE;IACnF,qBAAqB;IACrB,EAAE,OAAO,EAAE,kEAAkE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,EAAE;IACrH,cAAc;IACd,EAAE,OAAO,EAAE,2EAA2E,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,SAAS,CAAC,EAAE;IAChI,mBAAmB;IACnB,EAAE,OAAO,EAAE,uDAAuD,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,SAAS,CAAC,EAAE;IAC5G,oBAAoB;IACpB,EAAE,OAAO,EAAE,mGAAmG,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,EAAE;IACpJ,EAAE,OAAO,EAAE,yCAAyC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,EAAE;IAC1F,eAAe;IACf,EAAE,OAAO,EAAE,kEAAkE,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,cAAc,CAAC,EAAE;IACvH,wBAAwB;IACxB,EAAE,OAAO,EAAE,gDAAgD,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,EAAE;IACnG,EAAE,OAAO,EAAE,0CAA0C,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,EAAE;IAC7F,EAAE,OAAO,EAAE,oDAAoD,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,EAAE;IACvG,EAAE,OAAO,EAAE,+CAA+C,EAAE,IAAI,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,SAAS,CAAC,EAAE;CACjG,CAAC;AAEF,MAAM,iBAAiB,GAAgE;IACrF,oBAAoB;IACpB,EAAE,OAAO,EAAE,wDAAwD,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC,aAAa,EAAE,eAAe,CAAC,EAAE;IACzI,EAAE,OAAO,EAAE,mDAAmD,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC,aAAa,EAAE,eAAe,CAAC,EAAE;IACpI,EAAE,OAAO,EAAE,+CAA+C,EAAE,IAAI,EAAE,mBAAmB,EAAE,KAAK,EAAE,CAAC,aAAa,EAAE,eAAe,CAAC,EAAE;IAChI,mBAAmB;IACnB,EAAE,OAAO,EAAE,qDAAqD,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,UAAU,CAAC,EAAE;IAC9G,eAAe;IACf,EAAE,OAAO,EAAE,qFAAqF,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,SAAS,EAAE,SAAS,EAAE,UAAU,CAAC,EAAE;IACjK,cAAc;IACd,EAAE,OAAO,EAAE,yFAAyF,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,WAAW,CAAC,EAAE;IAChJ,kBAAkB;IAClB,EAAE,OAAO,EAAE,6EAA6E,EAAE,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,aAAa,CAAC,EAAE;IACnI,uBAAuB;IACvB,EAAE,OAAO,EAAE,6CAA6C,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,EAAE;IACnG,gBAAgB;IAChB,EAAE,OAAO,EAAE,sDAAsD,EAAE,IAAI,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,WAAW,CAAC,EAAE;CAC9G,CAAC;AAEF,MAAM,gBAAgB,GAAgE;IACpF,EAAE,OAAO,EAAE,+EAA+E,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,eAAe,EAAE,UAAU,EAAE,YAAY,CAAC,EAAE;IACvK,EAAE,OAAO,EAAE,qDAAqD,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,UAAU,EAAE,YAAY,CAAC,EAAE;IAC5H,EAAE,OAAO,EAAE,+DAA+D,EAAE,IAAI,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,EAAE;IAC1H,EAAE,OAAO,EAAE,wDAAwD,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC,EAAE;IAC5H,EAAE,OAAO,EAAE,8CAA8C,EAAE,IAAI,EAAE,UAAU,EAAE,KAAK,EAAE,CAAC,YAAY,CAAC,EAAE;CACrG,CAAC;AAEF,SAAS,aAAa,CACpB,MAAc,EACd,QAAqE;IAErE,KAAK,MAAM,KAAK,IAAI,QAAQ,EAAE,CAAC;QAC7B,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC/B,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,CAAC;QAClD,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,UAAU,CAAC,IAAc,EAAE,MAAc;IAChD,QAAQ,IAAI,EAAE,CAAC;QACb,KAAK,mBAAmB;YACtB,OAAO;gBACL,cAAc,CAAC,iCAAiC,EAAE,mBAAmB,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;gBACnH,cAAc,CAAC,0BAA0B,EAAE,mBAAmB,EAAE,EAAE,QAAQ,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;gBAC9G,cAAc,CAAC,4BAA4B,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;aAC3E,CAAC;QACJ,KAAK,eAAe;YAClB,IAAI,8CAA8C,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAChE,OAAO;oBACL,cAAc,CAAC,cAAc,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,cAAc,EAAE,CAAC;oBACrE,cAAc,CAAC,iBAAiB,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;oBACpE,cAAc,CAAC,WAAW,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;oBACtE,cAAc,CAAC,2BAA2B,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;oBACtF,cAAc,CAAC,oBAAoB,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;iBACnE,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,cAAc,CAAC,WAAW,EAAE,eAAe,EAAE,EAAE,QAAQ,EAAE,UAAU,EAAE,CAAC;gBACtE,cAAc,CAAC,iBAAiB,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;aAChE,CAAC;QACJ,KAAK,YAAY;YACf,IAAI,oCAAoC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBACtD,OAAO;oBACL,cAAc,CAAC,4BAA4B,EAAE,YAAY,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;oBACnG,cAAc,CAAC,YAAY,EAAE,YAAY,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;oBACnF,cAAc,CAAC,gBAAgB,EAAE,YAAY,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;iBACxE,CAAC;YACJ,CAAC;YACD,IAAI,gBAAgB,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;gBAClC,OAAO;oBACL,cAAc,CAAC,uBAAuB,EAAE,YAAY,EAAE,EAAE,QAAQ,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;oBAC9F,cAAc,CAAC,eAAe,EAAE,YAAY,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;iBACzF,CAAC;YACJ,CAAC;YACD,OAAO,EAAE,CAAC;QACZ,KAAK,UAAU;YACb,OAAO;gBACL,cAAc,CAAC,iBAAiB,EAAE,OAAO,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;gBACtE,cAAc,CAAC,sBAAsB,EAAE,UAAU,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;gBAC9F,cAAc,CAAC,yBAAyB,EAAE,QAAQ,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;aACxE,CAAC;QACJ;YACE,OAAO,EAAE,CAAC;IACd,CAAC;AACH,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,MAAc;IACxC,gEAAgE;IAChE,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC;IACxD,IAAI,OAAO,EAAE,CAAC;QACZ,OAAO;YACL,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,IAAI;YAChB,QAAQ,EAAE,OAAO,CAAC,IAAI;YACtB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC1B,mBAAmB,EAAE,OAAO,CAAC,IAAI,KAAK,mBAAmB;YACzD,kBAAkB,EAAE,IAAI;YACxB,WAAW,EAAE,OAAO,CAAC,KAAK;YAC1B,QAAQ,EAAE,wDAAwD;YAClE,cAAc,EAAE,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC;SACjD,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;IAC1D,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO;YACL,UAAU,EAAE,UAAU;YACtB,UAAU,EAAE,IAAI;YAChB,QAAQ,EAAE,QAAQ,CAAC,IAAI;YACvB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC1B,mBAAmB,EAAE,QAAQ,CAAC,IAAI,KAAK,mBAAmB;YAC1D,kBAAkB,EAAE,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,YAAY,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,KAAK,SAAS,CAAC;YACxG,WAAW,EAAE,QAAQ,CAAC,KAAK;YAC3B,QAAQ,EAAE,oCAAoC;YAC9C,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;SAClD,CAAC;IACJ,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;IACtD,IAAI,MAAM,EAAE,CAAC;QACX,OAAO;YACL,UAAU,EAAE,QAAQ;YACpB,UAAU,EAAE,KAAK;YACjB,QAAQ,EAAE,MAAM,CAAC,IAAI;YACrB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YAC1B,mBAAmB,EAAE,KAAK;YAC1B,kBAAkB,EAAE,KAAK;YACzB,WAAW,EAAE,MAAM,CAAC,KAAK;YACzB,QAAQ,EAAE,kBAAkB;YAC5B,cAAc,EAAE,EAAE;SACnB,CAAC;IACJ,CAAC;IAED,0DAA0D;IAC1D,OAAO;QACL,UAAU,EAAE,UAAU;QACtB,UAAU,EAAE,KAAK;QACjB,QAAQ,EAAE,OAAO;QACjB,IAAI,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;QAC1B,mBAAmB,EAAE,KAAK;QAC1B,kBAAkB,EAAE,KAAK;QACzB,WAAW,EAAE,CAAC,YAAY,CAAC;QAC3B,QAAQ,EAAE,eAAe;QACzB,cAAc,EAAE,EAAE;KACnB,CAAC;AACJ,CAAC"}
package/dist/agent/task-plan.d.ts ADDED
@@ -0,0 +1,37 @@
1
+ export type TaskComplexity = "simple" | "standard" | "complex";
2
+ export type TaskStatus = "pending" | "running" | "done" | "failed" | "skipped";
3
+ export type TaskKind = "answer" | "shell" | "filesystem" | "network-discovery" | "dns" | "whois" | "web-enum" | "pentest-recon" | "package" | "other";
4
+ export interface PlanStep {
5
+ id: string;
6
+ title: string;
7
+ kind: TaskKind;
8
+ status: TaskStatus;
9
+ successCriteria?: string | undefined;
10
+ required?: boolean | undefined;
11
+ notes?: string | undefined;
12
+ toolHint?: string | undefined;
13
+ }
14
+ export interface TaskPlan {
15
+ id: string;
16
+ goal: string;
17
+ complexity: TaskComplexity;
18
+ steps: PlanStep[];
19
+ currentStepId?: string | undefined;
20
+ createdAt: string;
21
+ updatedAt: string;
22
+ }
23
+ export declare function createPlanStep(title: string, kind: TaskKind, extra?: Partial<Omit<PlanStep, "id" | "title" | "kind" | "status">>): PlanStep;
24
+ export declare function createTaskPlan(goal: string, complexity: TaskComplexity, steps: PlanStep[]): TaskPlan;
25
+ export declare function markStepRunning(plan: TaskPlan, stepId: string): void;
26
+ export declare function markStepDone(plan: TaskPlan, stepId: string, note?: string | undefined): void;
27
+ export declare function markStepFailed(plan: TaskPlan, stepId: string, note?: string | undefined): void;
28
+ export declare function nextPendingStep(plan: TaskPlan): PlanStep | undefined;
29
+ export declare function isPlanComplete(plan: TaskPlan): boolean;
30
+ /**
31
+ * Compact plan summary for LLM context injection. Keeps token count low.
32
+ */
33
+ export declare function formatPlanForPrompt(plan: TaskPlan): string;
34
+ /**
35
+ * Terminal-formatted plan for user display. Uses Unicode box-drawing.
36
+ */
37
+ export declare function formatPlanForDisplay(plan: TaskPlan): string;
package/dist/agent/task-plan.js ADDED
@@ -0,0 +1,98 @@
1
+ import { randomUUID } from "node:crypto";
2
+ export function createPlanStep(title, kind, extra = {}) {
3
+ return {
4
+ id: randomUUID(),
5
+ title,
6
+ kind,
7
+ status: "pending",
8
+ ...extra,
9
+ };
10
+ }
11
+ export function createTaskPlan(goal, complexity, steps) {
12
+ const now = new Date().toISOString();
13
+ return {
14
+ id: randomUUID(),
15
+ goal,
16
+ complexity,
17
+ steps,
18
+ createdAt: now,
19
+ updatedAt: now,
20
+ };
21
+ }
22
+ export function markStepRunning(plan, stepId) {
23
+ const step = plan.steps.find((s) => s.id === stepId);
24
+ if (step) {
25
+ step.status = "running";
26
+ plan.currentStepId = stepId;
27
+ plan.updatedAt = new Date().toISOString();
28
+ }
29
+ }
30
+ export function markStepDone(plan, stepId, note) {
31
+ const step = plan.steps.find((s) => s.id === stepId);
32
+ if (step) {
33
+ step.status = "done";
34
+ if (note)
35
+ step.notes = note;
36
+ plan.updatedAt = new Date().toISOString();
37
+ }
38
+ }
39
+ export function markStepFailed(plan, stepId, note) {
40
+ const step = plan.steps.find((s) => s.id === stepId);
41
+ if (step) {
42
+ step.status = "failed";
43
+ if (note)
44
+ step.notes = note;
45
+ plan.updatedAt = new Date().toISOString();
46
+ }
47
+ }
48
+ export function nextPendingStep(plan) {
49
+ return plan.steps.find((s) => s.status === "pending");
50
+ }
51
+ export function isPlanComplete(plan) {
52
+ return plan.steps
53
+ .filter((s) => s.required !== false)
54
+ .every((s) => s.status === "done" || s.status === "failed" || s.status === "skipped");
55
+ }
56
+ /**
57
+ * Compact plan summary for LLM context injection. Keeps token count low.
58
+ */
59
+ export function formatPlanForPrompt(plan) {
60
+ const lines = [`PLAN: ${plan.goal} (${plan.complexity})`];
61
+ for (const step of plan.steps) {
62
+ const marker = step.status === "done"
63
+ ? "[x]"
64
+ : step.status === "running"
65
+ ? "[>]"
66
+ : step.status === "failed"
67
+ ? "[!]"
68
+ : step.status === "skipped"
69
+ ? "[-]"
70
+ : "[ ]";
71
+ const note = step.notes ? ` (${step.notes})` : "";
72
+ lines.push(` ${marker} ${step.title}${note}`);
73
+ }
74
+ return lines.join("\n");
75
+ }
76
+ /**
77
+ * Terminal-formatted plan for user display. Uses Unicode box-drawing.
78
+ */
79
+ export function formatPlanForDisplay(plan) {
80
+ const icons = {
81
+ pending: "·",
82
+ running: "▶",
83
+ done: "✓",
84
+ failed: "✗",
85
+ skipped: "↷",
86
+ };
87
+ const lines = [`📋 ${plan.goal} (${plan.complexity})`];
88
+ for (let i = 0; i < plan.steps.length; i += 1) {
89
+ const step = plan.steps[i];
90
+ const icon = icons[step.status];
91
+ const note = step.notes ? ` — ${step.notes}` : "";
92
+ lines.push(` ${icon} ${i + 1}. ${step.title}${note}`);
93
+ }
94
+ const done = plan.steps.filter((s) => s.status === "done").length;
95
+ lines.push(` Progress: ${done}/${plan.steps.length}`);
96
+ return lines.join("\n");
97
+ }
98
+ //# sourceMappingURL=task-plan.js.map
package/dist/agent/task-plan.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"task-plan.js","sourceRoot":"","sources":["../../src/agent/task-plan.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAqCzC,MAAM,UAAU,cAAc,CAC5B,KAAa,EACb,IAAc,EACd,QAAqE,EAAE;IAEvE,OAAO;QACL,EAAE,EAAE,UAAU,EAAE;QAChB,KAAK;QACL,IAAI;QACJ,MAAM,EAAE,SAAS;QACjB,GAAG,KAAK;KACT,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,IAAY,EACZ,UAA0B,EAC1B,KAAiB;IAEjB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACrC,OAAO;QACL,EAAE,EAAE,UAAU,EAAE;QAChB,IAAI;QACJ,UAAU;QACV,KAAK;QACL,SAAS,EAAE,GAAG;QACd,SAAS,EAAE,GAAG;KACf,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAc,EAAE,MAAc;IAC5D,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;IACrD,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,CAAC,MAAM,GAAG,SAAS,CAAC;QACxB,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,IAAc,EACd,MAAc,EACd,IAAyB;IAEzB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;IACrD,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,IAAI;YAAE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,cAAc,CAC5B,IAAc,EACd,MAAc,EACd,IAAyB;IAEzB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAC,CAAC;IACrD,IAAI,IAAI,EAAE,CAAC;QACT,IAAI,CAAC,MAAM,GAAG,QAAQ,CAAC;QACvB,IAAI,IAAI;YAAE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;QAC5B,IAAI,CAAC,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAc;IAC5C,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,IAAc;IAC3C,OAAO,IAAI,CAAC,KAAK;SACd,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,KAAK,CAAC;SACnC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,IAAI,CAAC,CAAC,MAAM,KAAK,QAAQ,IAAI,CAAC,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC;AAC1F,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAc;IAChD,MAAM,KAAK,GAAG,CAAC,SAAS,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;IAC1D,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;QAC9B,MAAM,MAAM,GACV,IAAI,CAAC,MAAM,KAAK,MAAM;YACpB,CAAC,CAAC,KAAK;YACP,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,SAAS;gBACzB,CAAC,CAAC,KAAK;gBACP,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,QAAQ;oBACxB,CAAC,CAAC,KAAK;oBACP,CAAC,CAAC,IAAI,CAAC,MAAM,KAAK,SAAS;wBACzB,CAAC,CAAC,KAAK;wBACP,CAAC,CAAC,KAAK,CAAC;QAClB,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,KAAK,CAAC,IAAI,CAAC,KAAK,MAAM,IAAI,IAAI,CAAC,KAAK,GAAG,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,IAAc;IACjD,MAAM,KAAK,GAA+B;QACxC,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,GAAG;QACZ,IAAI,EAAE,GAAG;QACT,MAAM,EAAE,GAAG;QACX,OAAO,EAAE,GAAG;KACb,CAAC;IACF,MAAM,KAAK,GAAG,CAAC,MAAM,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC;IACvD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAE,CAAC;QAC5B,MAAM,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAChC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClD,KAAK,CAAC,IAAI,CAAC,KAAK,IAAI,IAAI,CAAC,GAAG,CAAC,KAAK,IAAI,CAAC,KAAK,GAAG,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC,CAAC,MAAM,CAAC;IAClE,KAAK,CAAC,IAAI,CAAC,eAAe,IAAI,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;IACvD,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
package/dist/prompts/index.d.ts CHANGED
@@ -4,6 +4,6 @@
4
4
  * not part of the public API.
5
5
  */
6
6
  export declare const _ASK_TEMPLATE = "You are clai in /ask mode \u2014 a cybersecurity and pentesting assistant. Do NOT execute anything.\nOS: {{os}} | Shell: {{shell}} | CWD: {{cwd}}\n\nFor every user request, respond with:\n1. One-line summary of what the user is trying to achieve\n2. Exact commands for their OS with the recommended tool flags\n3. What each command does and expected output\n4. Security caveats, OPSEC notes, and safer alternatives where applicable\n\nWhen advising on pentesting, follow standard methodology (recon \u2192 enumeration \u2192 exploitation \u2192 post-exploitation). Always note which phase the user is in and suggest logical next steps.";
7
- export declare const _AGENT_TEMPLATE = "You are clai, a terminal AI agent specialized in cybersecurity, pentesting, and sysadmin.\nOS: {{os}} | Shell: {{shell}} | CWD: {{cwd}}\n\nTOOLS (use EXACT arg names \u2014 wrong names = failure):\n- shell.exec: {\"command\":\"<cmd>\"} \u2014 run any shell command. Optional: {\"command\":\"...\",\"cwd\":\"/path\",\"timeoutMs\":300000}\n- fs.read: {\"path\":\"<file>\"} \u2014 read a file\n- fs.write: {\"path\":\"<file>\",\"content\":\"<data>\"} \u2014 write a file\n- fs.list: {\"path\":\"<dir>\"} \u2014 list directory\n- fs.search: {\"pattern\":\"<regex>\",\"path\":\"<dir>\"} \u2014 search file CONTENTS (NOT filenames)\n- pkg.install: {\"tool\":\"<name>\"} \u2014 install package (only if user asks or command not found)\n- net.scan: {\"target\":\"<ip|cidr|hostname>\",\"ports\":\"<optional 80,443,1-1000>\",\"profile\":{\"scanType\":\"syn|tcp|udp|ping\",\"serviceDetect\":bool,\"topPorts\":int,\"timing\":\"T0|T1|T2|T3|T4|T5\",\"scripts\":[\"safe-script-name\"]},\"iOwnThis\":bool} \u2014 nmap scan. Target/ports/flags are strictly validated (no shell injection). Prefer the structured profile field; the legacy flags string still works but every token must be safe.\n- http.fetch: {\"url\":\"<url>\",\"method\":\"<optional GET|HEAD|POST|PUT|PATCH|DELETE|OPTIONS>\",\"body\":\"<optional>\",\"headers\":{\"Key\":\"Value\"},\"maxBytes\":<optional>,\"iOwnThis\":<optional bool>} \u2014 HTTP request. GET/HEAD auto-execute against public URLs; non-GET/HEAD and private/loopback/metadata addresses require confirmation; pass iOwnThis=true to allow private targets you own.\n- sysinfo: {} \u2014 OS info\n- dns.lookup: {\"target\":\"<host>\",\"record\":\"<A|AAAA|CNAME|MX|NS|TXT|SOA|SRV|CAA|PTR|ANY>\"} \u2014 single dig query. Use this for ANY narrow DNS question (resolve a host, find MX, dump TXT). Auto-executes; do NOT use pentest.recon or shell.exec for one-record lookups.\n- whois.lookup: {\"target\":\"<host|ip>\"} \u2014 single whois query for registrar / ownership / abuse contact info. Use this when the user asks about who owns or registered a domain. Auto-executes; do NOT chain into pentest.recon.\n- pentest.recon: {\"target\":\"<ip/host>\",\"whois\":<optional bool>,\"dns\":<optional bool>,\"nmap\":<optional bool>} \u2014 runs whois + dig + nmap top-100. Pass whois/dns/nmap=false to skip a step. ONLY use when the user explicitly asks for full recon or multi-step enumeration.\n- tool.batch: {\"calls\":[{\"name\":\"<tool>\",\"args\":{...}}, ...],\"concurrency\":<optional 1-4>} \u2014 run up to 8 read-only tools (fs.read/list/search, http.fetch GET/HEAD, sysinfo) in parallel and aggregate their outputs. Use this for independent recon lookups (e.g. resolve a hostname AND read robots.txt) instead of a chain of single calls.\n\nFORMAT \u2014 one tool per response:\n```tool\n{\"name\":\"shell.exec\",\"args\":{\"command\":\"curl -s ifconfig.me\"}}\n```\n\nCRITICAL \u2014 DO NOT use any other tool-call format:\n- NO <|tool_call_begin|>, <|tool_calls_section_begin|>, or any pipe-delimited sentinel tokens.\n- NO <tool_call> XML, NO ### tool headings, NO trailing JSON outside a fence.\n- The \"functions.\" prefix is NOT allowed \u2014 use the bare tool name (e.g. \"shell.exec\", not \"functions.shell.exec\").\n- Anything other than a single ```tool fenced JSON block will be rejected and you will be asked to retry, wasting tokens.\n\nRULES:\n1. ANSWER THEN STOP. Once you have the answer, give it and STOP. Do NOT run extra tools.\n2. STAY ON TASK. Do EXACTLY what the user asked \u2014 nothing more, nothing less.\n3. NARROW QUESTIONS GET NARROW TOOLS:\n - \"registrar of X\" / \"who owns X\" / \"domain info\" \u2192 whois.lookup ONLY\n - \"MX records\" / \"DNS records\" / \"what IPs\" \u2192 dns.lookup ONLY\n - \"is port 80 open\" / \"scan port X\" \u2192 net.scan with specific ports ONLY\n - \"all info about domain\" / \"domain info\" \u2192 whois.lookup FIRST, then dns.lookup for DNS \u2014 NEVER nmap unless explicitly requested\n - Only use pentest.recon when user says \"recon\", \"enumerate\", \"full scan\", or \"scan everything\"\n4. NEVER REPEAT A TOOL CALL. If you already called a tool and got results, summarize them. Do NOT call the same tool again with the same arguments.\n5. One tool per response. 1-2 lines of reasoning MAX before the tool block.\n6. To find files/dirs by name: shell.exec find /path -maxdepth 3 -name '*pattern*'\n7. CONTINUE only if the original task is NOT yet done. Resolve sub-problems then proceed.\n8. Use conversation history for follow-ups. \"it\", \"that\", \"such\" = context from previous messages.\n9. Suppress noise: curl -s, wget -q. Always use full absolute paths.\n10. Never run cd, pwd, or re-list directories you already listed.\n11. Only pentest systems the user owns or has permission to test.\n12. Do not invent volatile live data (IPs, scan results, dates). Re-run commands for current data.\n13. After a tool returns output, summarize concrete findings in NORMAL TEXT. Never say only \"check the output\".\n14. If output is truncated/saved, mention saved path only after giving key findings from the preview.\n15. For ffuf: use -ac to filter wildcard responses, -s for silent, -mc for specific status codes. Never use -q.\n16. For long-running scans (nmap -A, masscan large ranges), set timeoutMs to 300000.\n17. When a command fails with \"not found\", use pkg.install to install it, then retry.\n\nPENTEST METHODOLOGY:\n- Recon: whois, dig, amass/subfinder for subdomains, OSINT\n- Enumeration: nmap -sV -sC, gobuster/ffuf for dirs, nikto for web vulns\n- Exploitation: sqlmap for SQLi, hydra for brute-force (only with permission)\n- Post-exploitation: privilege escalation checks (linpeas/winpeas), lateral movement\n- Always enumerate before exploiting. Suggest logical next steps after each finding.\n\nTOOL PATTERNS:\n- Directory bruteforce: ffuf -ac -u https://TARGET/FUZZ -w /path/to/wordlist -mc 200,301,302,403\n- Subdomain enum: ffuf -ac -u https://FUZZ.target.com -w /path/to/subdomains.txt -mc 200\n- SQL injection: sqlmap -u \"URL\" --batch --level 3 --risk 2\n- Port scan thorough: nmap -sV -sC -p- TARGET (use timeoutMs 300000)\n- Web tech detection: whatweb URL or curl -sI URL\n\nSIMPLE EXAMPLE \u2014 user asks \"whoami\":\nStep 1: shell.exec whoami \u2192 \"aniket\". Answer: \"You are aniket.\" DONE.\n\nNARROW RECON EXAMPLE \u2014 user asks \"who registered example.com\":\nStep 1: whois.lookup target=example.com \u2192 registrar info. Answer with the registrar, abuse email, and creation date. DONE. Do NOT also run dns.lookup or nmap.\n\nNARROW DNS EXAMPLE \u2014 user asks \"MX records for example.com\":\nStep 1: dns.lookup target=example.com record=MX \u2192 records. Report each MX with priority. DONE. Do NOT also run whois.\n\nDOMAIN INFO EXAMPLE \u2014 user asks \"find all info about example.com\":\nStep 1: whois.lookup target=example.com \u2192 registrar, creation date, nameservers.\nStep 2: dns.lookup target=example.com record=ANY \u2192 A, AAAA, MX, NS, TXT records.\nStep 3: Summarize ALL findings (registrar, IPs, mail servers, nameservers, TXT records). DONE. Do NOT run nmap unless the user explicitly asked for port scanning.\n\nCOMPLEX EXAMPLE \u2014 user asks \"directory scan on example.com\":\nStep 1: Find wordlist \u2192 shell.exec find /usr -maxdepth 4 -name 'common.txt' -path '*/Discovery/*'\nStep 2: Run scan \u2192 shell.exec ffuf -ac -u https://example.com/FUZZ -w /path/common.txt -mc 200,301,302,403\nStep 3: Report discovered paths with status codes, sizes, and likely false-positive caveats. DONE.\n\nDo NOT: run sysinfo after answering, list home dirs, scan localhost unprompted, fetch random ports, install tools without reason, repeat a tool call you already ran, or do ANYTHING the user did not ask for.";
7
+ export declare const _AGENT_TEMPLATE = "You are clai, a terminal AI agent specialized in cybersecurity, pentesting, and sysadmin.\nOS: {{os}} | Shell: {{shell}} | CWD: {{cwd}}\n\nTOOLS (use EXACT arg names \u2014 wrong names = failure):\n- shell.exec: {\"command\":\"<cmd>\"} \u2014 run any shell command. Optional: {\"command\":\"...\",\"cwd\":\"/path\",\"timeoutMs\":300000}\n- fs.read: {\"path\":\"<file>\"} \u2014 read a file\n- fs.write: {\"path\":\"<file>\",\"content\":\"<data>\"} \u2014 write a file\n- fs.list: {\"path\":\"<dir>\"} \u2014 list directory\n- fs.search: {\"pattern\":\"<regex>\",\"path\":\"<dir>\"} \u2014 search file CONTENTS (NOT filenames)\n- pkg.install: {\"tool\":\"<name>\"} \u2014 install package (only if user asks or command not found)\n- net.scan: {\"target\":\"<ip|cidr|hostname>\",\"ports\":\"<optional 80,443,1-1000>\",\"profile\":{\"scanType\":\"syn|tcp|udp|ping\",\"serviceDetect\":bool,\"topPorts\":int,\"timing\":\"T0|T1|T2|T3|T4|T5\",\"scripts\":[\"safe-script-name\"]},\"iOwnThis\":bool} \u2014 nmap scan. Target/ports/flags are strictly validated (no shell injection). Prefer the structured profile field; the legacy flags string still works but every token must be safe.\n- http.fetch: {\"url\":\"<url>\",\"method\":\"<optional GET|HEAD|POST|PUT|PATCH|DELETE|OPTIONS>\",\"body\":\"<optional>\",\"headers\":{\"Key\":\"Value\"},\"maxBytes\":<optional>,\"iOwnThis\":<optional bool>} \u2014 HTTP request. GET/HEAD auto-execute against public URLs; non-GET/HEAD and private/loopback/metadata addresses require confirmation; pass iOwnThis=true to allow private targets you own.\n- sysinfo: {} \u2014 OS info\n- dns.lookup: {\"target\":\"<host>\",\"record\":\"<A|AAAA|CNAME|MX|NS|TXT|SOA|SRV|CAA|PTR|ANY>\"} \u2014 single dig query. Use this for ANY narrow DNS question (resolve a host, find MX, dump TXT). Auto-executes; do NOT use pentest.recon or shell.exec for one-record lookups.\n- whois.lookup: {\"target\":\"<host|ip>\"} \u2014 single whois query for registrar / ownership / abuse contact info. Use this when the user asks about who owns or registered a domain. Auto-executes; do NOT chain into pentest.recon.\n- pentest.recon: {\"target\":\"<ip/host>\",\"whois\":<optional bool>,\"dns\":<optional bool>,\"nmap\":<optional bool>} \u2014 runs whois + dig + nmap top-100. Pass whois/dns/nmap=false to skip a step. ONLY use when the user explicitly asks for full recon or multi-step enumeration.\n- tool.batch: {\"calls\":[{\"name\":\"<tool>\",\"args\":{...}}, ...],\"concurrency\":<optional 1-4>} \u2014 run up to 8 read-only tools (fs.read/list/search, http.fetch GET/HEAD, sysinfo) in parallel and aggregate their outputs. Use this for independent recon lookups (e.g. resolve a hostname AND read robots.txt) instead of a chain of single calls.\n- net.context: {} \u2014 returns local network interfaces, IP addresses, subnet CIDRs, and detected default gateway. Auto-executes. Use BEFORE net.pingSweep to discover correct CIDR.\n- net.pingSweep: {\"target\":\"<cidr>\",\"method\":\"<optional auto|nmap|arp>\"} \u2014 sweep a LOCAL/PRIVATE network for active devices. Restricted to RFC1918 ranges. Requires confirmation. Falls back: nmap -sn \u2192 arp-scan \u2192 arp -a.\n- tool.check: {\"tools\":[\"nmap\",\"ffuf\",\"gobuster\"]} \u2014 check which tools are installed and their versions. Auto-executes. Use when a command fails with \"not found\" BEFORE using pkg.install.\n- shell.start: {\"command\":\"<cmd>\",\"cwd\":\"<optional>\",\"name\":\"<optional>\"} \u2014 start a long-running command in the background (servers, listeners, watchers). Returns immediately with job ID. Use for: nc -l, python3 -m http.server, npm run dev, tail -f, docker compose up.\n- shell.jobs: {} \u2014 list all background jobs with status. Auto-executes.\n- shell.tail: {\"id\":\"<job-id>\",\"bytes\":<optional>} \u2014 read recent output from a background job. Auto-executes.\n- shell.stop: {\"id\":\"<job-id>\"} \u2014 stop a background job. Auto-executes.\n- fs.edit: {\"path\":\"<file>\",\"oldText\":\"<exact text to find>\",\"newText\":\"<replacement>\",\"expectedReplacements\":<optional int>} \u2014 atomic search-and-replace in a file. Safer than fs.write for edits: validates match count, writes atomically. Default expectedReplacements=1. Requires confirmation.\n- fs.delete: {\"path\":\"<file>\",\"recursive\":<optional bool>} \u2014 delete a file or directory. ALWAYS requires manual confirmation even with -y flag. Use only when user explicitly asks to delete.\n\nFORMAT \u2014 one tool per response:\n```tool\n{\"name\":\"shell.exec\",\"args\":{\"command\":\"curl -s ifconfig.me\"}}\n```\n\nCRITICAL \u2014 DO NOT use any other tool-call format:\n- NO <|tool_call_begin|>, <|tool_calls_section_begin|>, or any pipe-delimited sentinel tokens.\n- NO <tool_call> XML, NO ### tool headings, NO trailing JSON outside a fence.\n- The \"functions.\" prefix is NOT allowed \u2014 use the bare tool name (e.g. \"shell.exec\", not \"functions.shell.exec\").\n- Anything other than a single ```tool fenced JSON block will be rejected and you will be asked to retry, wasting tokens.\n\nRULES:\n1. ANSWER THEN STOP. Once you have the answer, give it and STOP. Do NOT run extra tools.\n2. STAY ON TASK. Do EXACTLY what the user asked \u2014 nothing more, nothing less.\n3. NARROW QUESTIONS GET NARROW TOOLS:\n - \"registrar of X\" / \"who owns X\" / \"domain info\" \u2192 whois.lookup ONLY\n - \"MX records\" / \"DNS records\" / \"what IPs\" \u2192 dns.lookup ONLY\n - \"is port 80 open\" / \"scan port X\" \u2192 net.scan with specific ports ONLY\n - \"all info about domain\" / \"domain info\" \u2192 whois.lookup FIRST, then dns.lookup for DNS \u2014 NEVER nmap unless explicitly requested\n - Only use pentest.recon when user says \"recon\", \"enumerate\", \"full scan\", or \"scan everything\"\n4. NEVER REPEAT A TOOL CALL. If you already called a tool and got results, summarize them. Do NOT call the same tool again with the same arguments.\n5. One tool per response. 1-2 lines of reasoning MAX before the tool block.\n6. To find files/dirs by name: shell.exec find /path -maxdepth 3 -name '*pattern*'\n7. CONTINUE only if the original task is NOT yet done. Resolve sub-problems then proceed.\n8. Use conversation history for follow-ups. \"it\", \"that\", \"such\" = context from previous messages.\n9. Suppress noise: curl -s, wget -q. Always use full absolute paths.\n10. Never run cd, pwd, or re-list directories you already listed.\n11. Only pentest systems the user owns or has permission to test.\n12. Do not invent volatile live data (IPs, scan results, dates). Re-run commands for current data.\n13. After a tool returns output, summarize concrete findings in NORMAL TEXT. Never say only \"check the output\".\n14. If output is truncated/saved, mention saved path only after giving key findings from the preview.\n15. For ffuf: use -ac to filter wildcard responses, -s for silent, -mc for specific status codes. Never use -q.\n16. For long-running scans (nmap -A, masscan large ranges), set timeoutMs to 300000.\n17. When a command fails with \"not found\", use tool.check to see what's available, THEN pkg.install if needed, then retry.\n18. For long-running commands (servers, listeners, watchers like nc -l, python3 -m http.server, npm run dev, tail -f), use shell.start instead of shell.exec.\n19. For file edits (changing a line, updating config), prefer fs.edit over fs.write. fs.edit is atomic and validates the replacement. Only use fs.write for creating new files or complete rewrites.\n20. For file deletion, ALWAYS use fs.delete and explain what will be deleted. Never use shell.exec rm for deletion.\n21. For local network discovery: call net.context FIRST to get the correct CIDR, THEN net.pingSweep with that CIDR. Never guess subnet ranges.\n22. If a plan is injected in context, follow its steps in order. Mark each step's findings before proceeding.\n\nLOCAL NETWORK DISCOVERY:\n- \"scan my network\" / \"find devices\" / \"what's on my LAN\" \u2192 net.context FIRST (gets interfaces+CIDR), then net.pingSweep with discovered CIDR.\n- Do NOT guess 192.168.1.0/24 or any range. Always discover it via net.context.\n- Do NOT use shell.exec for ping sweeps. Use net.pingSweep which has intelligent fallback.\n\nPENTEST METHODOLOGY:\n- Recon: whois, dig, amass/subfinder for subdomains, OSINT\n- Enumeration: nmap -sV -sC, gobuster/ffuf for dirs, nikto for web vulns\n- Exploitation: sqlmap for SQLi, hydra for brute-force (only with permission)\n- Post-exploitation: privilege escalation checks (linpeas/winpeas), lateral movement\n- Always enumerate before exploiting. Suggest logical next steps after each finding.\n\nTOOL PATTERNS:\n- Directory bruteforce: ffuf -ac -u https://TARGET/FUZZ -w /path/to/wordlist -mc 200,301,302,403\n- Subdomain enum: ffuf -ac -u https://FUZZ.target.com -w /path/to/subdomains.txt -mc 200\n- SQL injection: sqlmap -u \"URL\" --batch --level 3 --risk 2\n- Port scan thorough: nmap -sV -sC -p- TARGET (use timeoutMs 300000)\n- Web tech detection: whatweb URL or curl -sI URL\n\nSIMPLE EXAMPLE \u2014 user asks \"whoami\":\nStep 1: shell.exec whoami \u2192 \"aniket\". Answer: \"You are aniket.\" DONE.\n\nNARROW RECON EXAMPLE \u2014 user asks \"who registered example.com\":\nStep 1: whois.lookup target=example.com \u2192 registrar info. Answer with the registrar, abuse email, and creation date. DONE. Do NOT also run dns.lookup or nmap.\n\nNARROW DNS EXAMPLE \u2014 user asks \"MX records for example.com\":\nStep 1: dns.lookup target=example.com record=MX \u2192 records. Report each MX with priority. DONE. Do NOT also run whois.\n\nDOMAIN INFO EXAMPLE \u2014 user asks \"find all info about example.com\":\nStep 1: whois.lookup target=example.com \u2192 registrar, creation date, nameservers.\nStep 2: dns.lookup target=example.com record=ANY \u2192 A, AAAA, MX, NS, TXT records.\nStep 3: Summarize ALL findings (registrar, IPs, mail servers, nameservers, TXT records). DONE. Do NOT run nmap unless the user explicitly asked for port scanning.\n\nCOMPLEX EXAMPLE \u2014 user asks \"directory scan on example.com\":\nStep 1: Find wordlist \u2192 shell.exec find /usr -maxdepth 4 -name 'common.txt' -path '*/Discovery/*'\nStep 2: Run scan \u2192 shell.exec ffuf -ac -u https://example.com/FUZZ -w /path/common.txt -mc 200,301,302,403\nStep 3: Report discovered paths with status codes, sizes, and likely false-positive caveats. DONE.\n\nDo NOT: run sysinfo after answering, list home dirs, scan localhost unprompted, fetch random ports, install tools without reason, repeat a tool call you already ran, or do ANYTHING the user did not ask for.";
8
8
  export declare function renderAskSystemPrompt(): string;
9
9
  export declare function renderAgentSystemPrompt(toolList: string): string;
package/dist/prompts/index.js CHANGED
@@ -26,6 +26,15 @@ TOOLS (use EXACT arg names — wrong names = failure):
26
26
  - whois.lookup: {"target":"<host|ip>"} — single whois query for registrar / ownership / abuse contact info. Use this when the user asks about who owns or registered a domain. Auto-executes; do NOT chain into pentest.recon.
27
27
  - pentest.recon: {"target":"<ip/host>","whois":<optional bool>,"dns":<optional bool>,"nmap":<optional bool>} — runs whois + dig + nmap top-100. Pass whois/dns/nmap=false to skip a step. ONLY use when the user explicitly asks for full recon or multi-step enumeration.
28
28
  - tool.batch: {"calls":[{"name":"<tool>","args":{...}}, ...],"concurrency":<optional 1-4>} — run up to 8 read-only tools (fs.read/list/search, http.fetch GET/HEAD, sysinfo) in parallel and aggregate their outputs. Use this for independent recon lookups (e.g. resolve a hostname AND read robots.txt) instead of a chain of single calls.
29
+ - net.context: {} — returns local network interfaces, IP addresses, subnet CIDRs, and detected default gateway. Auto-executes. Use BEFORE net.pingSweep to discover correct CIDR.
30
+ - net.pingSweep: {"target":"<cidr>","method":"<optional auto|nmap|arp>"} — sweep a LOCAL/PRIVATE network for active devices. Restricted to RFC1918 ranges. Requires confirmation. Falls back: nmap -sn → arp-scan → arp -a.
31
+ - tool.check: {"tools":["nmap","ffuf","gobuster"]} — check which tools are installed and their versions. Auto-executes. Use when a command fails with "not found" BEFORE using pkg.install.
32
+ - shell.start: {"command":"<cmd>","cwd":"<optional>","name":"<optional>"} — start a long-running command in the background (servers, listeners, watchers). Returns immediately with job ID. Use for: nc -l, python3 -m http.server, npm run dev, tail -f, docker compose up.
33
+ - shell.jobs: {} — list all background jobs with status. Auto-executes.
34
+ - shell.tail: {"id":"<job-id>","bytes":<optional>} — read recent output from a background job. Auto-executes.
35
+ - shell.stop: {"id":"<job-id>"} — stop a background job. Auto-executes.
36
+ - fs.edit: {"path":"<file>","oldText":"<exact text to find>","newText":"<replacement>","expectedReplacements":<optional int>} — atomic search-and-replace in a file. Safer than fs.write for edits: validates match count, writes atomically. Default expectedReplacements=1. Requires confirmation.
37
+ - fs.delete: {"path":"<file>","recursive":<optional bool>} — delete a file or directory. ALWAYS requires manual confirmation even with -y flag. Use only when user explicitly asks to delete.
29
38
 
30
39
  FORMAT — one tool per response:
31
40
  \`\`\`tool
@@ -60,7 +69,17 @@ RULES:
60
69
  14. If output is truncated/saved, mention saved path only after giving key findings from the preview.
61
70
  15. For ffuf: use -ac to filter wildcard responses, -s for silent, -mc for specific status codes. Never use -q.
62
71
  16. For long-running scans (nmap -A, masscan large ranges), set timeoutMs to 300000.
63
- 17. When a command fails with "not found", use pkg.install to install it, then retry.
72
+ 17. When a command fails with "not found", use tool.check to see what's available, THEN pkg.install if needed, then retry.
73
+ 18. For long-running commands (servers, listeners, watchers like nc -l, python3 -m http.server, npm run dev, tail -f), use shell.start instead of shell.exec.
74
+ 19. For file edits (changing a line, updating config), prefer fs.edit over fs.write. fs.edit is atomic and validates the replacement. Only use fs.write for creating new files or complete rewrites.
75
+ 20. For file deletion, ALWAYS use fs.delete and explain what will be deleted. Never use shell.exec rm for deletion.
76
+ 21. For local network discovery: call net.context FIRST to get the correct CIDR, THEN net.pingSweep with that CIDR. Never guess subnet ranges.
77
+ 22. If a plan is injected in context, follow its steps in order. Mark each step's findings before proceeding.
78
+
79
+ LOCAL NETWORK DISCOVERY:
80
+ - "scan my network" / "find devices" / "what's on my LAN" → net.context FIRST (gets interfaces+CIDR), then net.pingSweep with discovered CIDR.
81
+ - Do NOT guess 192.168.1.0/24 or any range. Always discover it via net.context.
82
+ - Do NOT use shell.exec for ping sweeps. Use net.pingSweep which has intelligent fallback.
64
83
 
65
84
  PENTEST METHODOLOGY:
66
85
  - Recon: whois, dig, amass/subfinder for subdomains, OSINT
package/dist/prompts/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/prompts/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,SAAS,GAAG;;;;;;;;;0LASwK,CAAC;AAE3L,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+MAsF2L,CAAC;AAEhN,SAAS,MAAM,CAAC,QAAgB,EAAE,MAA8B;IAC9D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAClC,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC,EAClE,QAAQ,CACT,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,SAAS,CAAC;AACvC,MAAM,CAAC,MAAM,eAAe,GAAG,WAAW,CAAC;AAE3C,MAAM,UAAU,qBAAqB;IACnC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAC9B,OAAO,MAAM,CAAC,SAAS,EAAE;QACvB,EAAE,EAAE,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,EAAE;QACvD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,SAAS,EAAE,MAAM;KAClB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,QAAgB;IACtD,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAC9B,OAAO,MAAM,CAAC,WAAW,EAAE;QACzB,EAAE,EAAE,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,EAAE;QACvD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,SAAS,EAAE,QAAQ;KACpB,CAAC,CAAC;AACL,CAAC"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/prompts/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,iBAAiB,CAAC;AAE/C,MAAM,SAAS,GAAG;;;;;;;;;0LASwK,CAAC;AAE3L,MAAM,WAAW,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;+MAyG2L,CAAC;AAEhN,SAAS,MAAM,CAAC,QAAgB,EAAE,MAA8B;IAC9D,OAAO,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAClC,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,GAAG,IAAI,EAAE,KAAK,CAAC,EAClE,QAAQ,CACT,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,SAAS,CAAC;AACvC,MAAM,CAAC,MAAM,eAAe,GAAG,WAAW,CAAC;AAE3C,MAAM,UAAU,qBAAqB;IACnC,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAC9B,OAAO,MAAM,CAAC,SAAS,EAAE;QACvB,EAAE,EAAE,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,EAAE;QACvD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,SAAS,EAAE,MAAM;KAClB,CAAC,CAAC;AACL,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,QAAgB;IACtD,MAAM,MAAM,GAAG,YAAY,EAAE,CAAC;IAC9B,OAAO,MAAM,CAAC,WAAW,EAAE;QACzB,EAAE,EAAE,GAAG,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,EAAE;QACvD,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,GAAG,EAAE,MAAM,CAAC,GAAG;QACf,SAAS,EAAE,QAAQ;KACpB,CAAC,CAAC;AACL,CAAC"}
package/dist/safety/classifier.js CHANGED
@@ -373,6 +373,70 @@ export function classifyToolCall(call, options = {}) {
373
373
  reason: "Mutating operation requires confirmation",
374
374
  };
375
375
  }
376
+ // ── New tools ──────────────────────────────────────────────────────
377
+ if (call.name === "net.context") {
378
+ return { level: "safe", reason: "Read-only local network info" };
379
+ }
380
+ if (call.name === "tool.check") {
381
+ return { level: "safe", reason: "Read-only tool availability check" };
382
+ }
383
+ if (call.name === "net.pingSweep") {
384
+ return {
385
+ level: "confirm",
386
+ reason: "Network sweep requires confirmation",
387
+ };
388
+ }
389
+ if (call.name === "shell.start") {
390
+ return {
391
+ level: "confirm",
392
+ reason: "Background job requires confirmation",
393
+ };
394
+ }
395
+ if (call.name === "shell.jobs" ||
396
+ call.name === "shell.tail" ||
397
+ call.name === "shell.stop") {
398
+ return { level: "safe", reason: "Read-only job management" };
399
+ }
400
+ if (call.name === "fs.edit") {
401
+ const pathArg = stringArg(call.args, "path");
402
+ if (pathArg) {
403
+ try {
404
+ if (isSecretPath(resolveForSecretCheck(pathArg))) {
405
+ return {
406
+ level: "block",
407
+ reason: "Refusing to edit a known secret path",
408
+ };
409
+ }
410
+ }
411
+ catch {
412
+ // fall through
413
+ }
414
+ }
415
+ return {
416
+ level: "confirm",
417
+ reason: "File edit requires confirmation",
418
+ };
419
+ }
420
+ if (call.name === "fs.delete") {
421
+ const pathArg = stringArg(call.args, "path");
422
+ if (pathArg) {
423
+ try {
424
+ if (isSecretPath(resolveForSecretCheck(pathArg))) {
425
+ return {
426
+ level: "block",
427
+ reason: "Refusing to delete a known secret path",
428
+ };
429
+ }
430
+ }
431
+ catch {
432
+ // fall through
433
+ }
434
+ }
435
+ return {
436
+ level: "confirm",
437
+ reason: "File deletion requires manual confirmation (never auto-confirmed)",
438
+ };
439
+ }
376
440
  return { level: "confirm", reason: "Unknown tool requires confirmation" };
377
441
  }
378
442
  //# sourceMappingURL=classifier.js.map
package/dist/safety/classifier.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"classifier.js","sourceRoot":"","sources":["../../src/safety/classifier.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,UAAU,CAAC;AAC3B,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EACL,0BAA0B,EAC1B,0BAA0B,EAC1B,oBAAoB,EACpB,YAAY,EACZ,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,aAAa,GAEd,MAAM,mBAAmB,CAAC;AAO3B,SAAS,SAAS,CAChB,IAA6B,EAC7B,GAAW;IAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,OAAO,EAAE,CAAC;IACnC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,OAAO,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;IAC/C,yEAAyE;IACzE,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,2DAA2D;QAC3D,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QACtC,OAAO,CACL,KAAK,KAAK,KAAK;YACf,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;YACzB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;YACtB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CACvB,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,6BAA6B,CAAC,OAAe;IACpD,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACpC,IAAI,MAAM,CAAC,UAAU,IAAI,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CACvD,CAAC;AACJ,CAAC;AAED,MAAM,cAAc,GAAG,gEAAgE,CAAC;AACxF,MAAM,eAAe,GAAG,8BAA8B,CAAC;AACvD,wEAAwE;AACxE,uEAAuE;AACvE,0DAA0D;AAC1D,MAAM,gBAAgB,GACpB,iFAAiF,CAAC;AAEpF,SAAS,qBAAqB,CAAC,OAAe;IAC5C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,6FAA6F;IAC7F,IAAI,KAA6B,CAAC;IAClC,eAAe,CAAC,SAAS,GAAG,CAAC,CAAC;IAC9B,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACxD,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAC3E,CAAC;IACD,yEAAyE;IACzE,iEAAiE;IACjE,8DAA8D;IAC9D,gBAAgB,CAAC,SAAS,GAAG,CAAC,CAAC;IAC/B,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;IACzB,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IACtE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM;IACrE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;IACpE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK;CAClE,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,IAAI,KAAK,KAAK,WAAW,IAAI,KAAK,KAAK,uBAAuB;QAAE,OAAO,KAAK,CAAC;IAC7E,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,0EAA0E;IAC1E,kDAAkD;IAClD,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;IACzC,IAAI,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,6EAA6E;IAC7E,OAAO,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,IAAI,EAAE,CAAC;IAC9E,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACtD,OAAO,qBAAqB,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAc;IAC9C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,KAAK,CAAC;IAC7C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;IACtD,OAAO,6BAA6B,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,OAAe;IAC5C,gEAAgE;IAChE,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,IAAI,EAAE,CAAC;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAe;IAC/C,OAAO,qBAAqB,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;QACnD,IAAI,CAAC;YACH,OAAO,YAAY,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,OAAe;IAIjC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AACvB,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY,EAAE,GAAuB;IAC7D,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,uDAAuD;IACvD,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC;AAMD;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,OAAe;IACxC,kEAAkE;IAClE,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7D,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClB,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3D,uDAAuD;IACvD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACvE,wDAAwD;IACxD,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;QACrB,IACE,6CAA6C,CAAC,IAAI,CAAC,GAAG,CAAC;YACvD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC;YACb,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EACtB,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,cAAc,CAAC,MAAc;IACpC,MAAM,UAAU,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAChD,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAC9B,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC;IACpD,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IACtD,IAAI,IAAI,KAAK,WAAW,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACpE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,IAAc;IACnD,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC,6BAA6B,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9E,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAC1C,OAAO,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACrF,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,OAAO,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC;YACrC,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC;YAC9B,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,MAA0B;IAClD,OAAO,MAAM;QACX,CAAC,CAAC,oBAAoB,MAAM,oCAAoC,MAAM,qBAAqB;QAC3F,CAAC,CAAC,mFAAmF,CAAC;AAC1F,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,IAAc,EACd,UAA2B,EAAE;IAE7B,IACE,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,WAAW,EACzB,CAAC;QACD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,IAAI,YAAY,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;oBACjD,OAAO;wBACL,KAAK,EAAE,OAAO;wBACd,MAAM,EACJ,iEAAiE;qBACpE,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,wCAAwC;YAC1C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5B,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QAC/D,kEAAkE;QAClE,iEAAiE;QACjE,8DAA8D;QAC9D,2DAA2D;QAC3D,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,uEAAuE;QACvE,wEAAwE;QACxE,sEAAsE;QACtE,0BAA0B;QAC1B,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;IAC/D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACvE,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1C,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,QAAQ,MAAM,wCAAwC;aAC/D,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,MAAM;YACb,MAAM,EAAE,4BAA4B;SACrC,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,0BAA0B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACxE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,4CAA4C;aACrD,CAAC;QACJ,CAAC;QACD,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,+CAA+C;aACxD,CAAC;QACJ,CAAC;QACD,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YACtC,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EACJ,+EAA+E;aAClF,CAAC;QACJ,CAAC;QACD,8EAA8E;QAC9E,IAAI,6BAA6B,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAC5C,IACE,MAAM;gBACN,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EACxE,CAAC;gBACD,OAAO;oBACL,KAAK,EAAE,SAAS;oBAChB,MAAM,EAAE,0CAA0C,SAAS,CAAC,MAAM,CAAC,EAAE;iBACtE,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,0CAA0C;aACnD,CAAC;QACJ,CAAC;QACD,2EAA2E;QAC3E,wEAAwE;QACxE,gEAAgE;QAChE,IAAI,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;YACxC,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EACJ,kGAAkG;aACrG,CAAC;QACJ,CAAC;QACD,2EAA2E;QAC3E,wEAAwE;QACxE,yEAAyE;QACzE,sCAAsC;QACtC,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EACJ,uKAAuK;aAC1K,CAAC;QACJ,CAAC;QACD,qDAAqD;QACrD,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACxD,CAAC;QACD,IAAI,gBAAgB,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,IAAI,aAAa,EAAE,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7B,MAAM,WAAW,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACjD,IACE,WAAW;YACX,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAC7E,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,0CAA0C,SAAS,CAAC,WAAW,CAAC,EAAE;aAC3E,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACjD,IACE,WAAW;YACX,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAC7E,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,2CAA2C,SAAS,CAAC,WAAW,CAAC,EAAE;aAC5E,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EACJ,uEAAuE;SAC1E,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAC5D,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAC7C,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC;oBACH,IAAI,YAAY,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;wBACjD,OAAO;4BACL,KAAK,EAAE,OAAO;4BACd,MAAM,EAAE,0CAA0C;yBACnD,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,eAAe;gBACjB,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,0CAA0C;SACnD,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;AAC5E,CAAC"}
1
+ {"version":3,"file":"classifier.js","sourceRoot":"","sources":["../../src/safety/classifier.ts"],"names":[],"mappings":"AAAA,OAAO,GAAG,MAAM,UAAU,CAAC;AAC3B,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,OAAO,EACL,0BAA0B,EAC1B,0BAA0B,EAC1B,oBAAoB,EACpB,YAAY,EACZ,gBAAgB,EAChB,qBAAqB,EACrB,iBAAiB,EACjB,qBAAqB,GACtB,MAAM,eAAe,CAAC;AACvB,OAAO,EACL,aAAa,EACb,oBAAoB,EACpB,aAAa,GAEd,MAAM,mBAAmB,CAAC;AAO3B,SAAS,SAAS,CAChB,IAA6B,EAC7B,GAAW;IAEX,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;AACvD,CAAC;AAED,SAAS,WAAW,CAAC,IAAY;IAC/B,IAAI,IAAI,KAAK,GAAG;QAAE,OAAO,OAAO,EAAE,CAAC;IACnC,IAAI,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;QACpD,OAAO,OAAO,CAAC,OAAO,EAAE,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,qBAAqB,CAAC,IAAY;IACzC,OAAO,OAAO,CAAC,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,MAAM,SAAS,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;IAC/C,yEAAyE;IACzE,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC5C,IAAI,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,CAAC;QAC9B,2DAA2D;QAC3D,MAAM,KAAK,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC;QACtC,OAAO,CACL,KAAK,KAAK,KAAK;YACf,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC;YACzB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;YACtB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CACvB,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;IAC/D,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,IAAI,CAAC;IAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,SAAS,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE;QAAE,OAAO,IAAI,CAAC;IACpE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IAC3B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,KAAK,GAAG;QAAE,OAAO,IAAI,CAAC;IACxC,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,6BAA6B,CAAC,OAAe;IACpD,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CACpC,IAAI,MAAM,CAAC,UAAU,IAAI,SAAS,EAAE,GAAG,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CACvD,CAAC;AACJ,CAAC;AAED,MAAM,cAAc,GAAG,gEAAgE,CAAC;AACxF,MAAM,eAAe,GAAG,8BAA8B,CAAC;AACvD,wEAAwE;AACxE,uEAAuE;AACvE,0DAA0D;AAC1D,MAAM,gBAAgB,GACpB,iFAAiF,CAAC;AAEpF,SAAS,qBAAqB,CAAC,OAAe;IAC5C,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,6FAA6F;IAC7F,IAAI,KAA6B,CAAC;IAClC,eAAe,CAAC,SAAS,GAAG,CAAC,CAAC;IAC9B,OAAO,CAAC,KAAK,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACxD,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC,CAAC;IAC3E,CAAC;IACD,yEAAyE;IACzE,iEAAiE;IACjE,8DAA8D;IAC9D,gBAAgB,CAAC,SAAS,GAAG,CAAC,CAAC;IAC/B,OAAO,CAAC,KAAK,GAAG,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,IAAI,EAAE,CAAC;QACzD,IAAI,KAAK,CAAC,CAAC,CAAC;YAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;IACtC,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC;IACzB,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IACtE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM;IACrE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK;IACpE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK;CAClE,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,IAAY;IACpC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;IACjC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACvC,IAAI,KAAK,KAAK,WAAW,IAAI,KAAK,KAAK,uBAAuB;QAAE,OAAO,KAAK,CAAC;IAC7E,IAAI,cAAc,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7C,0EAA0E;IAC1E,kDAAkD;IAClD,MAAM,GAAG,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC;IACzC,IAAI,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,6EAA6E;IAC7E,OAAO,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACvC,CAAC;AAED,SAAS,oBAAoB,CAAC,OAAe;IAC3C,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,IAAI,EAAE,CAAC;IAC9E,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACtD,OAAO,qBAAqB,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAc;IAC9C,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe;QAAE,OAAO,IAAI,CAAC;IAC3E,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY;QAAE,OAAO,KAAK,CAAC;IAC7C,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;IACtD,OAAO,6BAA6B,CAAC,OAAO,CAAC,CAAC;AAChD,CAAC;AAED;;;;GAIG;AACH,SAAS,qBAAqB,CAAC,OAAe;IAC5C,gEAAgE;IAChE,MAAM,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,IAAI,EAAE,CAAC;IACnE,OAAO,OAAO,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAe;IAC/C,OAAO,qBAAqB,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE;QACnD,IAAI,CAAC;YACH,OAAO,YAAY,CAAC,qBAAqB,CAAC,KAAK,CAAC,CAAC,CAAC;QACpD,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,SAAS,UAAU,CAAC,OAAe;IAIjC,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AACvB,CAAC;AAED,SAAS,cAAc,CAAC,IAAY;IAClC,OAAO,qBAAqB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AACzC,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAY,EAAE,GAAuB;IAC7D,IAAI,CAAC,GAAG;QAAE,OAAO,KAAK,CAAC;IACvB,MAAM,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACtC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,uDAAuD;IACvD,OAAO,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC;AAMD;;;;;GAKG;AACH,SAAS,iBAAiB,CAAC,OAAe;IACxC,kEAAkE;IAClE,4EAA4E;IAC5E,MAAM,QAAQ,GAAG,6BAA6B,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7D,IAAI,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClB,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1D,CAAC;IACD,MAAM,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC3D,uDAAuD;IACvD,MAAM,IAAI,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IACvE,wDAAwD;IACxD,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;QAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAE,CAAC;QACrB,IACE,6CAA6C,CAAC,IAAI,CAAC,GAAG,CAAC;YACvD,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC;YACb,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,EACtB,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;IACH,CAAC;IACD,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,cAAc,CAAC,MAAc;IACpC,MAAM,UAAU,GAAG,oBAAoB,CAAC,MAAM,CAAC,CAAC;IAChD,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAC;IAC9B,MAAM,IAAI,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC;IACpD,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,aAAa,CAAC,UAAU,CAAC,CAAC;IACtD,IAAI,IAAI,KAAK,WAAW,IAAI,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACpE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,sBAAsB,CAAC,IAAc;IACnD,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,CAAC,6BAA6B,CAAC,OAAO,CAAC,IAAI,CAAC,oBAAoB,CAAC,OAAO,CAAC,EAAE,CAAC;YAC9E,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAC1C,OAAO,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IACrF,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAC9D,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpD,OAAO,MAAM,IAAI,cAAc,CAAC,MAAM,CAAC;YACrC,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC;YAC9B,CAAC,CAAC,SAAS,CAAC;IAChB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,MAAM,UAAU,SAAS,CAAC,MAA0B;IAClD,OAAO,MAAM;QACX,CAAC,CAAC,oBAAoB,MAAM,oCAAoC,MAAM,qBAAqB;QAC3F,CAAC,CAAC,mFAAmF,CAAC;AAC1F,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,IAAc,EACd,UAA2B,EAAE;IAE7B,IACE,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,SAAS;QACvB,IAAI,CAAC,IAAI,KAAK,WAAW,EACzB,CAAC;QACD,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,IAAI,YAAY,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;oBACjD,OAAO;wBACL,KAAK,EAAE,OAAO;wBACd,MAAM,EACJ,iEAAiE;qBACpE,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,wCAAwC;YAC1C,CAAC;QACH,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5B,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,EAAE,CAAC;IAC1D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,IAAI,IAAI,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QAC/D,kEAAkE;QAClE,iEAAiE;QACjE,8DAA8D;QAC9D,2DAA2D;QAC3D,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,0CAA0C,EAAE,CAAC;IAC/E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,uEAAuE;QACvE,wEAAwE;QACxE,sEAAsE;QACtE,0BAA0B;QAC1B,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;IAC/D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,MAAM,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;QACvE,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1C,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,QAAQ,MAAM,wCAAwC;aAC/D,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,MAAM;YACb,MAAM,EAAE,4BAA4B;SACrC,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,SAAS,CAAC,IAAI,EAAE,CAAC;QACtD,IAAI,0BAA0B,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YACxE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,4CAA4C;aACrD,CAAC;QACJ,CAAC;QACD,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EAAE,+CAA+C;aACxD,CAAC;QACJ,CAAC;QACD,IAAI,wBAAwB,CAAC,OAAO,CAAC,EAAE,CAAC;YACtC,OAAO;gBACL,KAAK,EAAE,OAAO;gBACd,MAAM,EACJ,+EAA+E;aAClF,CAAC;QACJ,CAAC;QACD,8EAA8E;QAC9E,IAAI,6BAA6B,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3C,MAAM,MAAM,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAC5C,IACE,MAAM;gBACN,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EACxE,CAAC;gBACD,OAAO;oBACL,KAAK,EAAE,SAAS;oBAChB,MAAM,EAAE,0CAA0C,SAAS,CAAC,MAAM,CAAC,EAAE;iBACtE,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,0CAA0C;aACnD,CAAC;QACJ,CAAC;QACD,2EAA2E;QAC3E,wEAAwE;QACxE,gEAAgE;QAChE,IAAI,0BAA0B,CAAC,OAAO,CAAC,EAAE,CAAC;YACxC,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EACJ,kGAAkG;aACrG,CAAC;QACJ,CAAC;QACD,2EAA2E;QAC3E,wEAAwE;QACxE,yEAAyE;QACzE,sCAAsC;QACtC,IAAI,qBAAqB,CAAC,OAAO,CAAC,EAAE,CAAC;YACnC,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EACJ,uKAAuK;aAC1K,CAAC;QACJ,CAAC;QACD,qDAAqD;QACrD,MAAM,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QACxD,CAAC;QACD,IAAI,gBAAgB,CAAC,IAAI,EAAE,GAAG,CAAC,EAAE,CAAC;YAChC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,aAAa,IAAI,aAAa,EAAE,CAAC;QACnE,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,qCAAqC,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;QAC7B,MAAM,WAAW,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACjD,IACE,WAAW;YACX,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAC7E,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,0CAA0C,SAAS,CAAC,WAAW,CAAC,EAAE;aAC3E,CAAC;QACJ,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;IAC5E,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAClC,MAAM,WAAW,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;QACjD,IACE,WAAW;YACX,CAAC,CAAC,aAAa,CAAC,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,WAAW,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAC7E,CAAC;YACD,OAAO;gBACL,KAAK,EAAE,SAAS;gBAChB,MAAM,EAAE,2CAA2C,SAAS,CAAC,WAAW,CAAC,EAAE;aAC5E,CAAC;QACJ,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EACJ,uEAAuE;SAC1E,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAC5D,IAAI,IAAI,CAAC,IAAI,KAAK,UAAU,EAAE,CAAC;YAC7B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;YAC7C,IAAI,OAAO,EAAE,CAAC;gBACZ,IAAI,CAAC;oBACH,IAAI,YAAY,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;wBACjD,OAAO;4BACL,KAAK,EAAE,OAAO;4BACd,MAAM,EAAE,0CAA0C;yBACnD,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,eAAe;gBACjB,CAAC;YACH,CAAC;QACH,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,0CAA0C;SACnD,CAAC;IACJ,CAAC;IAED,sEAAsE;IAEtE,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAChC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,8BAA8B,EAAE,CAAC;IACnE,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAC/B,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,mCAAmC,EAAE,CAAC;IACxE,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,eAAe,EAAE,CAAC;QAClC,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,qCAAqC;SAC9C,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,aAAa,EAAE,CAAC;QAChC,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,sCAAsC;SAC/C,CAAC;IACJ,CAAC;IAED,IACE,IAAI,CAAC,IAAI,KAAK,YAAY;QAC1B,IAAI,CAAC,IAAI,KAAK,YAAY;QAC1B,IAAI,CAAC,IAAI,KAAK,YAAY,EAC1B,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,0BAA0B,EAAE,CAAC;IAC/D,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC5B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,IAAI,YAAY,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;oBACjD,OAAO;wBACL,KAAK,EAAE,OAAO;wBACd,MAAM,EAAE,sCAAsC;qBAC/C,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,eAAe;YACjB,CAAC;QACH,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,iCAAiC;SAC1C,CAAC;IACJ,CAAC;IAED,IAAI,IAAI,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;QAC9B,MAAM,OAAO,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC7C,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC;gBACH,IAAI,YAAY,CAAC,qBAAqB,CAAC,OAAO,CAAC,CAAC,EAAE,CAAC;oBACjD,OAAO;wBACL,KAAK,EAAE,OAAO;wBACd,MAAM,EAAE,wCAAwC;qBACjD,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,eAAe;YACjB,CAAC;QACH,CAAC;QACD,OAAO;YACL,KAAK,EAAE,SAAS;YAChB,MAAM,EAAE,mEAAmE;SAC5E,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,EAAE,oCAAoC,EAAE,CAAC;AAC5E,CAAC"}
package/dist/safety/path-permissions.d.ts ADDED
@@ -0,0 +1,14 @@
1
+ export interface PathGrant {
2
+ path: string;
3
+ mode: "read" | "write" | "readwrite";
4
+ recursive: boolean;
5
+ createdAt: string;
6
+ }
7
+ /**
8
+ * Check if a resolved absolute path is covered by any existing grant.
9
+ */
10
+ export declare function hasPathGrant(grants: PathGrant[], targetPath: string, mode: "read" | "write"): boolean;
11
+ /**
12
+ * Add a new path grant to the grants array (mutates in place).
13
+ */
14
+ export declare function addPathGrant(grants: PathGrant[], path: string, mode: "read" | "write" | "readwrite", recursive: boolean): void;
package/dist/safety/path-permissions.js ADDED
@@ -0,0 +1,43 @@
1
+ import { resolve, relative } from "node:path";
2
+ /**
3
+ * Check if a resolved absolute path is covered by any existing grant.
4
+ */
5
+ export function hasPathGrant(grants, targetPath, mode) {
6
+ const resolved = resolve(targetPath);
7
+ for (const grant of grants) {
8
+ // Check mode compatibility
9
+ if (mode === "write" && grant.mode === "read")
10
+ continue;
11
+ if (mode === "read" && grant.mode === "write")
12
+ continue;
13
+ const grantPath = resolve(grant.path);
14
+ // Exact match
15
+ if (resolved === grantPath)
16
+ return true;
17
+ // Recursive: check if target is under grant path
18
+ if (grant.recursive) {
19
+ const rel = relative(grantPath, resolved);
20
+ if (rel === "" || (!rel.startsWith("..") && !resolve(rel).startsWith(".."))) {
21
+ return true;
22
+ }
23
+ }
24
+ }
25
+ return false;
26
+ }
27
+ /**
28
+ * Add a new path grant to the grants array (mutates in place).
29
+ */
30
+ export function addPathGrant(grants, path, mode, recursive) {
31
+ const resolved = resolve(path);
32
+ // Don't add duplicates
33
+ const exists = grants.some((g) => resolve(g.path) === resolved && g.mode === mode && g.recursive === recursive);
34
+ if (!exists) {
35
+ grants.push({
36
+ path: resolved,
37
+ mode,
38
+ recursive,
39
+ createdAt: new Date().toISOString(),
40
+ });
41
+ }
42
+ }
43
+ //# sourceMappingURL=path-permissions.js.map
package/dist/safety/path-permissions.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"path-permissions.js","sourceRoot":"","sources":["../../src/safety/path-permissions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAS9C;;GAEG;AACH,MAAM,UAAU,YAAY,CAC1B,MAAmB,EACnB,UAAkB,EAClB,IAAsB;IAEtB,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;IAErC,KAAK,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;QAC3B,2BAA2B;QAC3B,IAAI,IAAI,KAAK,OAAO,IAAI,KAAK,CAAC,IAAI,KAAK,MAAM;YAAE,SAAS;QACxD,IAAI,IAAI,KAAK,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,OAAO;YAAE,SAAS;QAExD,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAEtC,cAAc;QACd,IAAI,QAAQ,KAAK,SAAS;YAAE,OAAO,IAAI,CAAC;QAExC,iDAAiD;QACjD,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC;YACpB,MAAM,GAAG,GAAG,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC1C,IAAI,GAAG,KAAK,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;gBAC5E,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAC1B,MAAmB,EACnB,IAAY,EACZ,IAAoC,EACpC,SAAkB;IAElB,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC/B,uBAAuB;IACvB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,QAAQ,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,IAAI,CAAC,CAAC,SAAS,KAAK,SAAS,CACpF,CAAC;IACF,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,QAAQ;YACd,IAAI;YACJ,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;AACH,CAAC"}