npm - @phuetz/code-buddy - Versions diffs - 0.1.12 → 0.1.14 - Mend

@phuetz/code-buddy 0.1.12 → 0.1.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (321) hide show

package/README.md +228 -13
package/dist/agent/architect-mode.d.ts +11 -0
package/dist/agent/architect-mode.js +133 -25
package/dist/agent/architect-mode.js.map +1 -1
package/dist/agent/codebuddy-agent.d.ts +24 -0
package/dist/agent/codebuddy-agent.js +118 -16
package/dist/agent/codebuddy-agent.js.map +1 -1
package/dist/agent/execution/agent-executor.d.ts +9 -0
package/dist/agent/execution/agent-executor.js +62 -1
package/dist/agent/execution/agent-executor.js.map +1 -1
package/dist/agent/message-queue.d.ts +77 -0
package/dist/agent/message-queue.js +116 -0
package/dist/agent/message-queue.js.map +1 -0
package/dist/agent/middleware/auto-observation.d.ts +37 -0
package/dist/agent/middleware/auto-observation.js +231 -0
package/dist/agent/middleware/auto-observation.js.map +1 -0
package/dist/agent/middleware/index.d.ts +2 -0
package/dist/agent/middleware/index.js +1 -0
package/dist/agent/middleware/index.js.map +1 -1
package/dist/agent/tool-handler.js +3 -2
package/dist/agent/tool-handler.js.map +1 -1
package/dist/agent/turn-diff-tracker.js +3 -0
package/dist/agent/turn-diff-tracker.js.map +1 -1
package/dist/agent/types.d.ts +7 -2
package/dist/analytics/budget-alerts.d.ts +81 -0
package/dist/analytics/budget-alerts.js +126 -0
package/dist/analytics/budget-alerts.js.map +1 -0
package/dist/analytics/cost-predictor.d.ts +79 -0
package/dist/analytics/cost-predictor.js +150 -0
package/dist/analytics/cost-predictor.js.map +1 -0
package/dist/analytics/index.d.ts +2 -0
package/dist/analytics/index.js +2 -0
package/dist/analytics/index.js.map +1 -1
package/dist/auth/profile-manager.d.ts +205 -0
package/dist/auth/profile-manager.js +484 -0
package/dist/auth/profile-manager.js.map +1 -0
package/dist/browser-automation/browser-manager.d.ts +79 -1
package/dist/browser-automation/browser-manager.js +265 -2
package/dist/browser-automation/browser-manager.js.map +1 -1
package/dist/browser-automation/profile-manager.d.ts +32 -0
package/dist/browser-automation/profile-manager.js +83 -0
package/dist/browser-automation/profile-manager.js.map +1 -0
package/dist/browser-automation/route-interceptor.d.ts +29 -0
package/dist/browser-automation/route-interceptor.js +103 -0
package/dist/browser-automation/route-interceptor.js.map +1 -0
package/dist/browser-automation/screenshot-annotator.d.ts +23 -0
package/dist/browser-automation/screenshot-annotator.js +86 -0
package/dist/browser-automation/screenshot-annotator.js.map +1 -0
package/dist/browser-automation/types.d.ts +47 -0
package/dist/cache/llm-response-cache.js +3 -0
package/dist/cache/llm-response-cache.js.map +1 -1
package/dist/canvas/canvas-server.js +4 -3
package/dist/canvas/canvas-server.js.map +1 -1
package/dist/channels/discord/client.d.ts +2 -1
package/dist/channels/discord/client.js +28 -16
package/dist/channels/discord/client.js.map +1 -1
package/dist/channels/dm-pairing.js +6 -3
package/dist/channels/dm-pairing.js.map +1 -1
package/dist/channels/google-chat/index.d.ts +210 -0
package/dist/channels/google-chat/index.js +505 -0
package/dist/channels/google-chat/index.js.map +1 -0
package/dist/channels/group-security.d.ts +182 -0
package/dist/channels/group-security.js +407 -0
package/dist/channels/group-security.js.map +1 -0
package/dist/channels/index.d.ts +17 -1
package/dist/channels/index.js +16 -0
package/dist/channels/index.js.map +1 -1
package/dist/channels/matrix/index.d.ts +181 -0
package/dist/channels/matrix/index.js +643 -0
package/dist/channels/matrix/index.js.map +1 -0
package/dist/channels/offline-queue.d.ts +92 -0
package/dist/channels/offline-queue.js +112 -0
package/dist/channels/offline-queue.js.map +1 -0
package/dist/channels/reconnection-manager.d.ts +117 -0
package/dist/channels/reconnection-manager.js +171 -0
package/dist/channels/reconnection-manager.js.map +1 -0
package/dist/channels/signal/index.d.ts +184 -0
package/dist/channels/signal/index.js +488 -0
package/dist/channels/signal/index.js.map +1 -0
package/dist/channels/slack/client.d.ts +2 -1
package/dist/channels/slack/client.js +30 -15
package/dist/channels/slack/client.js.map +1 -1
package/dist/channels/teams/index.d.ts +196 -0
package/dist/channels/teams/index.js +477 -0
package/dist/channels/teams/index.js.map +1 -0
package/dist/channels/telegram/client.d.ts +3 -1
package/dist/channels/telegram/client.js +29 -2
package/dist/channels/telegram/client.js.map +1 -1
package/dist/channels/webchat/index.d.ts +103 -0
package/dist/channels/webchat/index.js +697 -0
package/dist/channels/webchat/index.js.map +1 -0
package/dist/channels/whatsapp/index.d.ts +105 -0
package/dist/channels/whatsapp/index.js +533 -0
package/dist/channels/whatsapp/index.js.map +1 -0
package/dist/codebuddy/client.js +11 -5
package/dist/codebuddy/client.js.map +1 -1
package/dist/codebuddy/tool-definitions/advanced-tools.d.ts +1 -0
package/dist/codebuddy/tool-definitions/advanced-tools.js +103 -3
package/dist/codebuddy/tool-definitions/advanced-tools.js.map +1 -1
package/dist/codebuddy/tool-definitions/index.d.ts +1 -1
package/dist/codebuddy/tool-definitions/index.js +1 -1
package/dist/codebuddy/tool-definitions/index.js.map +1 -1
package/dist/codebuddy/tools.js +3 -1
package/dist/codebuddy/tools.js.map +1 -1
package/dist/commands/cli/config-command.d.ts +8 -0
package/dist/commands/cli/config-command.js +90 -0
package/dist/commands/cli/config-command.js.map +1 -0
package/dist/commands/cli/openclaw-commands.d.ts +12 -0
package/dist/commands/cli/openclaw-commands.js +446 -0
package/dist/commands/cli/openclaw-commands.js.map +1 -0
package/dist/commands/cli/utility-commands.js +30 -0
package/dist/commands/cli/utility-commands.js.map +1 -1
package/dist/commands/client-dispatcher.js +22 -2
package/dist/commands/client-dispatcher.js.map +1 -1
package/dist/commands/enhanced-command-handler.js +21 -2
package/dist/commands/enhanced-command-handler.js.map +1 -1
package/dist/commands/handlers/extra-handlers.d.ts +30 -0
package/dist/commands/handlers/extra-handlers.js +547 -0
package/dist/commands/handlers/extra-handlers.js.map +1 -0
package/dist/commands/handlers/index.d.ts +1 -0
package/dist/commands/handlers/index.js +2 -0
package/dist/commands/handlers/index.js.map +1 -1
package/dist/commands/slash/builtin-commands.js +41 -34
package/dist/commands/slash/builtin-commands.js.map +1 -1
package/dist/config/env-schema.d.ts +58 -0
package/dist/config/env-schema.js +789 -0
package/dist/config/env-schema.js.map +1 -0
package/dist/config/feature-flags.js +2 -1
package/dist/config/feature-flags.js.map +1 -1
package/dist/context/bootstrap-loader.d.ts +48 -0
package/dist/context/bootstrap-loader.js +123 -0
package/dist/context/bootstrap-loader.js.map +1 -0
package/dist/context/codebase-rag/chunker.js +2 -2
package/dist/context/codebase-rag/chunker.js.map +1 -1
package/dist/copilot/copilot-proxy.d.ts +15 -1
package/dist/copilot/copilot-proxy.js +92 -23
package/dist/copilot/copilot-proxy.js.map +1 -1
package/dist/daemon/health-monitor.js +11 -7
package/dist/daemon/health-monitor.js.map +1 -1
package/dist/daemon/heartbeat.d.ts +112 -0
package/dist/daemon/heartbeat.js +339 -0
package/dist/daemon/heartbeat.js.map +1 -0
package/dist/desktop-automation/smart-snapshot.d.ts +11 -0
package/dist/desktop-automation/smart-snapshot.js +38 -0
package/dist/desktop-automation/smart-snapshot.js.map +1 -1
package/dist/extensions/extension-loader.js +4 -0
package/dist/extensions/extension-loader.js.map +1 -1
package/dist/identity/identity-manager.d.ts +95 -0
package/dist/identity/identity-manager.js +242 -0
package/dist/identity/identity-manager.js.map +1 -0
package/dist/index.js +147 -17
package/dist/index.js.map +1 -1
package/dist/input/text-to-speech.js +4 -2
package/dist/input/text-to-speech.js.map +1 -1
package/dist/input/voice-control.js +5 -3
package/dist/input/voice-control.js.map +1 -1
package/dist/integrations/github-integration.js +1 -1
package/dist/integrations/github-integration.js.map +1 -1
package/dist/orchestration/orchestrator.js +3 -0
package/dist/orchestration/orchestrator.js.map +1 -1
package/dist/persistence/conversation-branches.js +2 -1
package/dist/persistence/conversation-branches.js.map +1 -1
package/dist/persistence/session-store.d.ts +1 -1
package/dist/persistence/session-store.js +1 -1
package/dist/persistence/session-store.js.map +1 -1
package/dist/plugins/plugin-system.js +5 -2
package/dist/plugins/plugin-system.js.map +1 -1
package/dist/providers/gemini-provider.js +6 -4
package/dist/providers/gemini-provider.js.map +1 -1
package/dist/providers/local-llm-provider.js +8 -0
package/dist/providers/local-llm-provider.js.map +1 -1
package/dist/sandbox/auto-sandbox.d.ts +59 -0
package/dist/sandbox/auto-sandbox.js +145 -0
package/dist/sandbox/auto-sandbox.js.map +1 -0
package/dist/scheduler/cron-scheduler.js +2 -0
package/dist/scheduler/cron-scheduler.js.map +1 -1
package/dist/scheduler/scheduler.js +11 -2
package/dist/scheduler/scheduler.js.map +1 -1
package/dist/security/audit-logger.d.ts +127 -0
package/dist/security/audit-logger.js +194 -0
package/dist/security/audit-logger.js.map +1 -0
package/dist/security/bash-allowlist/allowlist-store.js +3 -2
package/dist/security/bash-allowlist/allowlist-store.js.map +1 -1
package/dist/security/bash-parser.js +0 -2
package/dist/security/bash-parser.js.map +1 -1
package/dist/security/code-validator.d.ts +51 -0
package/dist/security/code-validator.js +185 -0
package/dist/security/code-validator.js.map +1 -0
package/dist/security/dangerous-patterns.d.ts +68 -0
package/dist/security/dangerous-patterns.js +218 -0
package/dist/security/dangerous-patterns.js.map +1 -0
package/dist/security/remote-approval.d.ts +65 -0
package/dist/security/remote-approval.js +138 -0
package/dist/security/remote-approval.js.map +1 -0
package/dist/security/security-audit.d.ts +7 -0
package/dist/security/security-audit.js +23 -0
package/dist/security/security-audit.js.map +1 -1
package/dist/security/syntax-validator.d.ts +17 -0
package/dist/security/syntax-validator.js +292 -0
package/dist/security/syntax-validator.js.map +1 -0
package/dist/server/index.js +277 -2
package/dist/server/index.js.map +1 -1
package/dist/server/middleware/logging.js +9 -1
package/dist/server/middleware/logging.js.map +1 -1
package/dist/server/routes/memory.js +4 -1
package/dist/server/routes/memory.js.map +1 -1
package/dist/server/routes/metrics.js +1 -1
package/dist/server/routes/metrics.js.map +1 -1
package/dist/server/routes/sessions.js +5 -4
package/dist/server/routes/sessions.js.map +1 -1
package/dist/server/websocket/handler.js +8 -2
package/dist/server/websocket/handler.js.map +1 -1
package/dist/services/prompt-builder.js +16 -0
package/dist/services/prompt-builder.js.map +1 -1
package/dist/skills/hub.d.ts +231 -0
package/dist/skills/hub.js +694 -0
package/dist/skills/hub.js.map +1 -0
package/dist/skills/skill-loader.js +1 -1
package/dist/skills/skill-loader.js.map +1 -1
package/dist/skills/skill-manager.js +2 -1
package/dist/skills/skill-manager.js.map +1 -1
package/dist/skills/skill-registry.js +4 -0
package/dist/skills/skill-registry.js.map +1 -1
package/dist/talk-mode/providers/audioreader-tts.js +1 -0
package/dist/talk-mode/providers/audioreader-tts.js.map +1 -1
package/dist/tools/apply-patch.d.ts +1 -0
package/dist/tools/apply-patch.js +66 -12
package/dist/tools/apply-patch.js.map +1 -1
package/dist/tools/bash/bash-tool.d.ts +123 -0
package/dist/tools/bash/bash-tool.js +549 -0
package/dist/tools/bash/bash-tool.js.map +1 -0
package/dist/tools/bash/command-validator.d.ts +49 -0
package/dist/tools/bash/command-validator.js +223 -0
package/dist/tools/bash/command-validator.js.map +1 -0
package/dist/tools/bash/index.d.ts +7 -0
package/dist/tools/bash/index.js +8 -0
package/dist/tools/bash/index.js.map +1 -0
package/dist/tools/bash/security-patterns.d.ts +44 -0
package/dist/tools/bash/security-patterns.js +234 -0
package/dist/tools/bash/security-patterns.js.map +1 -0
package/dist/tools/bash/streaming-executor.d.ts +23 -0
package/dist/tools/bash/streaming-executor.js +134 -0
package/dist/tools/bash/streaming-executor.js.map +1 -0
package/dist/tools/bash.js +5 -3
package/dist/tools/bash.js.map +1 -1
package/dist/tools/code-formatter.js +41 -27
package/dist/tools/code-formatter.js.map +1 -1
package/dist/tools/code-review.js +1 -1
package/dist/tools/code-review.js.map +1 -1
package/dist/tools/computer-control-tool.js +21 -0
package/dist/tools/computer-control-tool.js.map +1 -1
package/dist/tools/document-tool.js +3 -2
package/dist/tools/document-tool.js.map +1 -1
package/dist/tools/git-tool.d.ts +45 -0
package/dist/tools/git-tool.js +224 -2
package/dist/tools/git-tool.js.map +1 -1
package/dist/tools/index.d.ts +1 -1
package/dist/tools/index.js +1 -1
package/dist/tools/index.js.map +1 -1
package/dist/tools/morph-editor.js +1 -0
package/dist/tools/morph-editor.js.map +1 -1
package/dist/tools/multi-edit.js +31 -3
package/dist/tools/multi-edit.js.map +1 -1
package/dist/tools/notebook-tool.js +8 -2
package/dist/tools/notebook-tool.js.map +1 -1
package/dist/tools/process-tool.d.ts +69 -0
package/dist/tools/process-tool.js +222 -0
package/dist/tools/process-tool.js.map +1 -0
package/dist/tools/registry/git-tools.d.ts +32 -0
package/dist/tools/registry/git-tools.js +211 -0
package/dist/tools/registry/git-tools.js.map +1 -0
package/dist/tools/registry/index.d.ts +2 -0
package/dist/tools/registry/index.js +8 -0
package/dist/tools/registry/index.js.map +1 -1
package/dist/tools/registry/misc-tools.d.ts +32 -4
package/dist/tools/registry/misc-tools.js +230 -90
package/dist/tools/registry/misc-tools.js.map +1 -1
package/dist/tools/registry/process-tools.d.ts +20 -0
package/dist/tools/registry/process-tools.js +141 -0
package/dist/tools/registry/process-tools.js.map +1 -0
package/dist/tools/registry/types.d.ts +2 -0
package/dist/tools/search.js +4 -2
package/dist/tools/search.js.map +1 -1
package/dist/tools/video-tool.js +30 -14
package/dist/tools/video-tool.js.map +1 -1
package/dist/tools/web-search.js +4 -1
package/dist/tools/web-search.js.map +1 -1
package/dist/ui/components/ChatInterface.js +9 -0
package/dist/ui/components/ChatInterface.js.map +1 -1
package/dist/utils/autonomy-manager.js +3 -2
package/dist/utils/autonomy-manager.js.map +1 -1
package/dist/utils/config-validation/schema.d.ts +15 -15
package/dist/utils/confirmation-service.d.ts +16 -0
package/dist/utils/confirmation-service.js +37 -3
package/dist/utils/confirmation-service.js.map +1 -1
package/dist/utils/custom-instructions.js +2 -1
package/dist/utils/custom-instructions.js.map +1 -1
package/dist/utils/diff-generator.js +3 -1
package/dist/utils/diff-generator.js.map +1 -1
package/dist/utils/graceful-shutdown.js +9 -9
package/dist/utils/graceful-shutdown.js.map +1 -1
package/dist/utils/head-tail-truncation.d.ts +18 -0
package/dist/utils/head-tail-truncation.js +127 -0
package/dist/utils/head-tail-truncation.js.map +1 -1
package/dist/utils/history-manager.js +3 -2
package/dist/utils/history-manager.js.map +1 -1
package/dist/utils/logger.d.ts +2 -0
package/dist/utils/logger.js +18 -3
package/dist/utils/logger.js.map +1 -1
package/dist/utils/performance.js +16 -15
package/dist/utils/performance.js.map +1 -1
package/dist/utils/stream-helpers.js +4 -2
package/dist/utils/stream-helpers.js.map +1 -1
package/dist/utils/update-notifier.js +2 -1
package/dist/utils/update-notifier.js.map +1 -1
package/dist/workflows/pipeline.d.ts +54 -1
package/dist/workflows/pipeline.js +128 -7
package/dist/workflows/pipeline.js.map +1 -1
package/dist/workflows/step-manager.js +2 -1
package/dist/workflows/step-manager.js.map +1 -1
package/package.json +6 -3

package/dist/tools/bash/bash-tool.js ADDED Viewed

@@ -0,0 +1,549 @@
+/**
+ * BashTool - Main coordinator class for shell command execution.
+ *
+ * Executes shell commands with comprehensive security measures:
+ * - Blocked dangerous patterns (rm -rf /, fork bombs, etc.)
+ * - Protected paths (~/.ssh, ~/.aws, /etc/shadow, etc.)
+ * - User confirmation for commands (unless session-approved)
+ * - Self-healing: automatic error recovery for common failures
+ * - Process isolation via spawn with process group management
+ * - Graceful termination with SIGTERM before SIGKILL
+ *
+ * Security modes are controlled by SandboxManager configuration.
+ * Self-healing can be disabled via --no-self-heal flag.
+ */
+import { spawn } from 'child_process';
+import { ConfirmationService } from '../../utils/confirmation-service.js';
+import { getSandboxManager } from '../../security/sandbox.js';
+import { getSelfHealingEngine } from '../../utils/self-healing.js';
+import { parseTestOutput, isLikelyTestOutput } from '../../utils/test-output-parser.js';
+import { registerDisposable } from '../../utils/disposable.js';
+import { bashToolSchemas, validateWithSchema, validateCommand as validateCommandSafety, sanitizeForShell } from '../../utils/input-validator.js';
+import { rgPath } from '@vscode/ripgrep';
+import { validateCommand, getFilteredEnv } from './command-validator.js';
+import { executeStreaming as executeStreamingImpl } from './streaming-executor.js';
+import { parseBashCommand } from '../../security/bash-parser.js';
+import { getCheckpointManager } from '../../checkpoints/checkpoint-manager.js';
+import { auditLogger } from '../../security/audit-logger.js';
+export class BashTool {
+    currentDirectory = process.cwd();
+    confirmationService = ConfirmationService.getInstance();
+    sandboxManager = getSandboxManager();
+    selfHealingEngine = getSelfHealingEngine();
+    selfHealingEnabled = true;
+    runningProcesses = new Set();
+    constructor() {
+        registerDisposable(this);
+    }
+    /**
+     * Clean up resources - kill any running processes
+     */
+    dispose() {
+        for (const proc of this.runningProcesses) {
+            try {
+                proc.kill('SIGTERM');
+            }
+            catch {
+                // Process may already be dead
+            }
+        }
+        this.runningProcesses.clear();
+    }
+    /**
+     * Validate command for dangerous patterns (delegates to command-validator)
+     *
+     * Security checks performed (in order):
+     * 1. Control characters - blocks terminal manipulation
+     * 2. ANSI escape sequences - blocks display manipulation
+     * 3. Shell bypass features - blocks process substitution, here-strings, etc.
+     * 4. Base command blocklist - blocks known dangerous commands
+     * 5. Blocked command patterns - blocks known dangerous patterns
+     * 6. Protected paths - blocks access to sensitive directories
+     * 7. Sandbox manager validation - additional runtime checks
+     */
+    validateCommand(command) {
+        // Run static validation checks
+        const staticValidation = validateCommand(command);
+        if (!staticValidation.valid) {
+            return staticValidation;
+        }
+        // Also use sandbox manager validation
+        const sandboxValidation = this.sandboxManager.validateCommand(command);
+        if (!sandboxValidation.valid) {
+            return sandboxValidation;
+        }
+        return { valid: true };
+    }
+    /**
+     * Execute a command with streaming output.
+     * Yields each line of stdout/stderr as it arrives.
+     * Validates and confirms the command before execution.
+     */
+    async *executeStreaming(command, timeout = 30000) {
+        return yield* executeStreamingImpl(command, timeout, {
+            getCurrentDirectory: () => this.currentDirectory,
+            getSandboxManager: () => this.sandboxManager,
+            getRunningProcesses: () => this.runningProcesses,
+        });
+    }
+    /**
+     * Execute a command using spawn with process group isolation (safer than exec)
+     * Inspired by mistral-vibe's robust process handling
+     */
+    executeWithSpawn(command, options) {
+        return new Promise((resolve) => {
+            let stdout = '';
+            let stderr = '';
+            let timedOut = false;
+            const isWindows = process.platform === 'win32';
+            // Start with filtered environment (only safe vars, no secrets)
+            const filteredEnv = getFilteredEnv();
+            // Controlled environment variables for deterministic output
+            const controlledEnv = {
+                ...filteredEnv,
+                // Disable history to prevent command logging
+                HISTFILE: '/dev/null',
+                HISTSIZE: '0',
+                // CI mode for consistent behavior
+                CI: 'true',
+                // Disable color output for clean parsing
+                NO_COLOR: '1',
+                TERM: 'dumb',
+                // Disable TTY for non-interactive mode
+                NO_TTY: '1',
+                // Disable interactive features
+                GIT_TERMINAL_PROMPT: '0',
+                NPM_CONFIG_YES: 'true',
+                YARN_ENABLE_PROGRESS_BARS: 'false',
+                // Locale settings for consistent encoding
+                LC_ALL: 'C.UTF-8',
+                LANG: 'C.UTF-8',
+                PYTHONIOENCODING: 'utf-8',
+                // Force non-interactive for common tools
+                DEBIAN_FRONTEND: 'noninteractive',
+            };
+            const spawnOptions = {
+                // IMPORTANT: shell must be false when using bash -c
+                // Using shell: true with bash -c creates double-shell that breaks commands
+                shell: false,
+                cwd: options.cwd,
+                env: controlledEnv,
+                // Process group isolation on Unix (allows killing entire process tree)
+                detached: !isWindows,
+                // Don't inherit stdin - commands should be non-interactive
+                stdio: ['ignore', 'pipe', 'pipe'],
+            };
+            const proc = spawn('bash', ['-c', command], spawnOptions);
+            // Store process group ID for cleanup
+            const pgid = proc.pid;
+            // Graceful termination: SIGTERM first, then SIGKILL after grace period
+            const gracePeriod = 3000; // 3 seconds grace period
+            let gracefulTerminationTimer = null;
+            const killProcess = (signal = 'SIGKILL') => {
+                try {
+                    if (!isWindows && pgid) {
+                        // Kill the entire process group
+                        process.kill(-pgid, signal);
+                    }
+                    else {
+                        proc.kill(signal);
+                    }
+                }
+                catch {
+                    // Process may have already exited
+                    try {
+                        proc.kill('SIGKILL');
+                    }
+                    catch {
+                        // Ignore - process is already gone
+                    }
+                }
+            };
+            const timer = setTimeout(() => {
+                timedOut = true;
+                // Try graceful termination first (SIGTERM)
+                killProcess('SIGTERM');
+                // If still running after grace period, force kill
+                gracefulTerminationTimer = setTimeout(() => {
+                    killProcess('SIGKILL');
+                }, gracePeriod);
+            }, options.timeout);
+            const maxBuffer = 1024 * 1024; // 1MB limit
+            proc.stdout?.on('data', (data) => {
+                const chunk = data.toString();
+                if (stdout.length + chunk.length <= maxBuffer) {
+                    stdout += chunk;
+                }
+            });
+            proc.stderr?.on('data', (data) => {
+                const chunk = data.toString();
+                if (stderr.length + chunk.length <= maxBuffer) {
+                    stderr += chunk;
+                }
+            });
+            proc.on('close', (exitCode) => {
+                clearTimeout(timer);
+                if (gracefulTerminationTimer) {
+                    clearTimeout(gracefulTerminationTimer);
+                }
+                if (timedOut) {
+                    resolve({
+                        stdout: stdout.trim(),
+                        stderr: 'Command timed out (graceful termination attempted)',
+                        exitCode: 124
+                    });
+                }
+                else {
+                    resolve({
+                        stdout: stdout.trim(),
+                        stderr: stderr.trim(),
+                        exitCode: exitCode ?? 1
+                    });
+                }
+            });
+            proc.on('error', (error) => {
+                clearTimeout(timer);
+                if (gracefulTerminationTimer) {
+                    clearTimeout(gracefulTerminationTimer);
+                }
+                resolve({
+                    stdout: '',
+                    stderr: error.message,
+                    exitCode: 1
+                });
+            });
+        });
+    }
+    /**
+     * Execute a shell command
+     *
+     * Validates command safety, requests user confirmation, and executes
+     * via spawn with process isolation. Failed commands trigger self-healing
+     * attempts if enabled.
+     *
+     * Special handling for `cd` commands to update working directory state.
+     *
+     * @param command - Shell command to execute
+     * @param timeout - Maximum execution time in ms (default: 30000)
+     * @returns Command output or error message; test output is parsed and structured
+     *
+     * @example
+     * // Simple command
+     * await bash.execute('ls -la');
+     *
+     * // With custom timeout (2 minutes)
+     * await bash.execute('npm install', 120000);
+     */
+    async execute(command, timeout = 30000) {
+        try {
+            // Validate input with schema (enhanced validation)
+            const schemaValidation = validateWithSchema(bashToolSchemas.execute, { command, timeout }, 'execute');
+            if (!schemaValidation.valid) {
+                return {
+                    success: false,
+                    error: `Invalid input: ${schemaValidation.error}`,
+                };
+            }
+            // Additional command safety validation
+            const commandSafetyValidation = validateCommandSafety(command);
+            if (!commandSafetyValidation.valid) {
+                return {
+                    success: false,
+                    error: `Command blocked: ${commandSafetyValidation.error}`,
+                };
+            }
+            // Validate command before any execution (legacy validation)
+            const validation = this.validateCommand(command);
+            if (!validation.valid) {
+                return {
+                    success: false,
+                    error: `Command blocked: ${validation.reason}`,
+                };
+            }
+            // Check if user has already accepted bash commands for this session
+            const sessionFlags = this.confirmationService.getSessionFlags();
+            if (!sessionFlags.bashCommands && !sessionFlags.allOperations) {
+                // Request confirmation showing the command
+                const confirmationResult = await this.confirmationService.requestConfirmation({
+                    operation: 'Run bash command',
+                    filename: command,
+                    showVSCodeOpen: false,
+                    content: `Command: ${command}\nWorking directory: ${this.currentDirectory}`,
+                }, 'bash');
+                if (!confirmationResult.confirmed) {
+                    return {
+                        success: false,
+                        error: confirmationResult.feedback || 'Command execution cancelled by user',
+                    };
+                }
+            }
+            // Checkpoint files targeted by destructive commands (rm, mv, etc.)
+            this.checkpointDestructiveTargets(command);
+            // Handle cd command separately
+            if (command.startsWith('cd ')) {
+                const newDir = command.substring(3).trim();
+                // Remove quotes if present
+                const cleanDir = newDir.replace(/^["']|["']$/g, '');
+                try {
+                    process.chdir(cleanDir);
+                    this.currentDirectory = process.cwd();
+                    return {
+                        success: true,
+                        output: `Changed directory to: ${this.currentDirectory}`,
+                    };
+                }
+                catch (error) {
+                    const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+                    return {
+                        success: false,
+                        error: `Cannot change directory: ${errorMessage}`,
+                    };
+                }
+            }
+            // Execute using spawn (safer than exec)
+            const result = await this.executeWithSpawn(command, {
+                timeout,
+                cwd: this.currentDirectory,
+            });
+            if (result.exitCode !== 0) {
+                const errorMessage = result.stderr || `Command exited with code ${result.exitCode}`;
+                // Attempt self-healing if enabled
+                if (this.selfHealingEnabled) {
+                    const healingResult = await this.selfHealingEngine.attemptHealing(command, errorMessage, async (fixCmd) => {
+                        // Execute fix command without self-healing to avoid recursion
+                        const fixResult = await this.executeWithSpawn(fixCmd, {
+                            timeout: timeout * 2, // Give more time for fix commands
+                            cwd: this.currentDirectory,
+                        });
+                        if (fixResult.exitCode === 0) {
+                            return {
+                                success: true,
+                                output: fixResult.stdout || 'Fix applied successfully',
+                            };
+                        }
+                        return {
+                            success: false,
+                            error: fixResult.stderr || `Fix failed with code ${fixResult.exitCode}`,
+                        };
+                    });
+                    if (healingResult.success && healingResult.finalResult) {
+                        return {
+                            success: true,
+                            output: `🔧 Self-healed after ${healingResult.attempts.length} attempt(s)\n` +
+                                `Fix applied: ${healingResult.fixedCommand}\n\n` +
+                                (healingResult.finalResult.output || 'Success'),
+                        };
+                    }
+                    // If healing failed, return original error with healing info
+                    if (healingResult.attempts.length > 0) {
+                        return {
+                            success: false,
+                            error: `${errorMessage}\n\n🔧 Self-healing attempted ${healingResult.attempts.length} fix(es) but failed.`,
+                        };
+                    }
+                }
+                return {
+                    success: false,
+                    error: errorMessage,
+                };
+            }
+            const output = result.stdout + (result.stderr ? `\nSTDERR: ${result.stderr}` : '');
+            const trimmedOutput = output.trim() || 'Command executed successfully (no output)';
+            // Check if this looks like test output and enrich it
+            if (isLikelyTestOutput(trimmedOutput)) {
+                const parsed = parseTestOutput(trimmedOutput);
+                if (parsed.isTestOutput && parsed.data) {
+                    // Return structured test data as JSON for the renderer
+                    return {
+                        success: true,
+                        output: JSON.stringify(parsed.data),
+                        data: { type: 'test-results', framework: parsed.data.framework },
+                    };
+                }
+            }
+            return {
+                success: true,
+                output: trimmedOutput,
+            };
+        }
+        catch (error) {
+            const errorMessage = error instanceof Error ? error.message : 'Unknown error';
+            return {
+                success: false,
+                error: `Command failed: ${errorMessage}`,
+            };
+        }
+    }
+    /**
+     * Checkpoint files that would be affected by destructive commands.
+     * Parses command arguments to identify file targets of rm, mv, etc.
+     */
+    checkpointDestructiveTargets(command) {
+        const DESTRUCTIVE_CMDS = new Set(['rm', 'mv', 'cp', 'truncate']);
+        try {
+            const parsed = parseBashCommand(command);
+            const checkpointMgr = getCheckpointManager();
+            for (const cmd of parsed.commands) {
+                if (DESTRUCTIVE_CMDS.has(cmd.command)) {
+                    // Extract file arguments (skip flags starting with -)
+                    const fileArgs = cmd.args.filter(a => !a.startsWith('-'));
+                    for (const fileArg of fileArgs) {
+                        const resolved = fileArg.startsWith('/')
+                            ? fileArg
+                            : `${this.currentDirectory}/${fileArg}`;
+                        try {
+                            checkpointMgr.checkpointBeforeEdit(resolved);
+                            auditLogger.logFileOperation({
+                                action: 'file_edit',
+                                target: resolved,
+                                decision: 'allow',
+                                source: 'bash-checkpoint',
+                                details: `Pre-checkpoint before ${cmd.command}`,
+                            });
+                        }
+                        catch {
+                            // File might not exist or not be readable — skip
+                        }
+                    }
+                }
+            }
+        }
+        catch {
+            // Parsing failed — skip checkpointing (command already validated)
+        }
+    }
+    /**
+     * Enable or disable self-healing
+     */
+    setSelfHealing(enabled) {
+        this.selfHealingEnabled = enabled;
+    }
+    /**
+     * Check if self-healing is enabled
+     */
+    isSelfHealingEnabled() {
+        return this.selfHealingEnabled;
+    }
+    /**
+     * Get self-healing engine for configuration
+     */
+    getSelfHealingEngine() {
+        return this.selfHealingEngine;
+    }
+    getCurrentDirectory() {
+        return this.currentDirectory;
+    }
+    /**
+     * Escape shell argument to prevent command injection
+     */
+    escapeShellArg(arg) {
+        // Use single quotes and escape any single quotes in the string
+        return `'${arg.replace(/'/g, "'\\''")}'`;
+    }
+    /**
+     * List files in a directory (wrapper for `ls -la`)
+     *
+     * @param directory - Directory path to list (default: current directory)
+     * @returns Formatted directory listing or error
+     */
+    async listFiles(directory = '.') {
+        // Validate input with schema
+        const validation = validateWithSchema(bashToolSchemas.listFiles, { directory }, 'listFiles');
+        if (!validation.valid) {
+            return {
+                success: false,
+                error: `Invalid input: ${validation.error}`,
+            };
+        }
+        const safeDir = sanitizeForShell(directory);
+        return this.execute(`ls -la ${safeDir}`);
+    }
+    /**
+     * Find files matching a pattern (wrapper for `find -name -type f`)
+     *
+     * @param pattern - Glob pattern to match (e.g., "*.ts", "package.json")
+     * @param directory - Directory to search in (default: current directory)
+     * @returns List of matching file paths or error
+     */
+    async findFiles(pattern, directory = '.') {
+        // Validate input with schema
+        const validation = validateWithSchema(bashToolSchemas.findFiles, { pattern, directory }, 'findFiles');
+        if (!validation.valid) {
+            return {
+                success: false,
+                error: `Invalid input: ${validation.error}`,
+            };
+        }
+        const safeDir = sanitizeForShell(directory);
+        const safePattern = sanitizeForShell(pattern);
+        return this.execute(`find ${safeDir} -name ${safePattern} -type f`);
+    }
+    /**
+     * Search for a pattern in files using ripgrep
+     *
+     * Uses @vscode/ripgrep for ultra-fast searching. Results are limited
+     * to 100 matches for performance.
+     *
+     * @param pattern - Regex pattern to search for
+     * @param files - File or directory to search in (default: current directory)
+     * @returns Matching lines with file paths and line numbers, or error
+     */
+    async grep(pattern, files = '.') {
+        // Validate input with schema
+        const validation = validateWithSchema(bashToolSchemas.grep, { pattern, files }, 'grep');
+        if (!validation.valid) {
+            return {
+                success: false,
+                error: `Invalid input: ${validation.error}`,
+            };
+        }
+        // Use ripgrep for ultra-fast searching
+        return new Promise((resolve) => {
+            const args = [
+                '--no-heading',
+                '--line-number',
+                '--color', 'never',
+                '--max-count', '100', // Limit results for performance
+                pattern,
+                files
+            ];
+            const rg = spawn(rgPath, args, {
+                cwd: this.currentDirectory,
+                env: getFilteredEnv(),
+            });
+            let stdout = '';
+            let stderr = '';
+            rg.stdout?.on('data', (data) => {
+                if (stdout.length < 5_000_000)
+                    stdout += data.toString();
+            });
+            rg.stderr?.on('data', (data) => {
+                if (stderr.length < 100_000)
+                    stderr += data.toString();
+            });
+            rg.on('close', (code) => {
+                // ripgrep returns 1 if no matches found (not an error)
+                if (code === 0 || code === 1) {
+                    resolve({
+                        success: true,
+                        output: stdout || 'No matches found',
+                    });
+                }
+                else {
+                    resolve({
+                        success: false,
+                        error: stderr || `ripgrep exited with code ${code}`,
+                        output: stdout,
+                    });
+                }
+            });
+            rg.on('error', (error) => {
+                resolve({
+                    success: false,
+                    error: `ripgrep error: ${error.message}`,
+                });
+            });
+        });
+    }
+}
+//# sourceMappingURL=bash-tool.js.map

package/dist/tools/bash/bash-tool.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"bash-tool.js","sourceRoot":"","sources":["../../../src/tools/bash/bash-tool.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EAAE,KAAK,EAA8B,MAAM,eAAe,CAAC;AAElE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qCAAqC,CAAC;AAC1E,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAC;AAC9D,OAAO,EAAE,oBAAoB,EAAqB,MAAM,6BAA6B,CAAC;AACtF,OAAO,EAAE,eAAe,EAAE,kBAAkB,EAAE,MAAM,mCAAmC,CAAC;AACxF,OAAO,EAAc,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AAC3E,OAAO,EACL,eAAe,EACf,kBAAkB,EAClB,eAAe,IAAI,qBAAqB,EACxC,gBAAgB,EACjB,MAAM,gCAAgC,CAAC;AACxC,OAAO,EAAE,MAAM,EAAE,MAAM,iBAAiB,CAAC;AACzC,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,wBAAwB,CAAC;AACzE,OAAO,EAAE,gBAAgB,IAAI,oBAAoB,EAAE,MAAM,yBAAyB,CAAC;AACnF,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAC;AACjE,OAAO,EAAE,oBAAoB,EAAE,MAAM,yCAAyC,CAAC;AAC/E,OAAO,EAAE,WAAW,EAAE,MAAM,gCAAgC,CAAC;AAE7D,MAAM,OAAO,QAAQ;IACX,gBAAgB,GAAW,OAAO,CAAC,GAAG,EAAE,CAAC;IACzC,mBAAmB,GAAG,mBAAmB,CAAC,WAAW,EAAE,CAAC;IACxD,cAAc,GAAG,iBAAiB,EAAE,CAAC;IACrC,iBAAiB,GAAsB,oBAAoB,EAAE,CAAC;IAC9D,kBAAkB,GAAY,IAAI,CAAC;IACnC,gBAAgB,GAAsB,IAAI,GAAG,EAAE,CAAC;IAExD;QACE,kBAAkB,CAAC,IAAI,CAAC,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,OAAO;QACL,KAAK,MAAM,IAAI,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACzC,IAAI,CAAC;gBACH,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACvB,CAAC;YAAC,MAAM,CAAC;gBACP,8BAA8B;YAChC,CAAC;QACH,CAAC;QACD,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;IAChC,CAAC;IAED;;;;;;;;;;;OAWG;IACK,eAAe,CAAC,OAAe;QACrC,+BAA+B;QAC/B,MAAM,gBAAgB,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;YAC5B,OAAO,gBAAgB,CAAC;QAC1B,CAAC;QAED,sCAAsC;QACtC,MAAM,iBAAiB,GAAG,IAAI,CAAC,cAAc,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;QACvE,IAAI,CAAC,iBAAiB,CAAC,KAAK,EAAE,CAAC;YAC7B,OAAO,iBAAiB,CAAC;QAC3B,CAAC;QAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,CAAC,gBAAgB,CAAC,OAAe,EAAE,UAAkB,KAAK;QAC9D,OAAO,KAAK,CAAC,CAAC,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE;YACnD,mBAAmB,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,gBAAgB;YAChD,iBAAiB,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,cAAc;YAC5C,mBAAmB,EAAE,GAAG,EAAE,CAAC,IAAI,CAAC,gBAAgB;SACjD,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,gBAAgB,CACtB,OAAe,EACf,OAAyC;QAEzC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,QAAQ,GAAG,KAAK,CAAC;YAErB,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;YAE/C,+DAA+D;YAC/D,MAAM,WAAW,GAAG,cAAc,EAAE,CAAC;YAErC,4DAA4D;YAC5D,MAAM,aAAa,GAA2B;gBAC5C,GAAG,WAAW;gBACd,6CAA6C;gBAC7C,QAAQ,EAAE,WAAW;gBACrB,QAAQ,EAAE,GAAG;gBACb,kCAAkC;gBAClC,EAAE,EAAE,MAAM;gBACV,yCAAyC;gBACzC,QAAQ,EAAE,GAAG;gBACb,IAAI,EAAE,MAAM;gBACZ,uCAAuC;gBACvC,MAAM,EAAE,GAAG;gBACX,+BAA+B;gBAC/B,mBAAmB,EAAE,GAAG;gBACxB,cAAc,EAAE,MAAM;gBACtB,yBAAyB,EAAE,OAAO;gBAClC,0CAA0C;gBAC1C,MAAM,EAAE,SAAS;gBACjB,IAAI,EAAE,SAAS;gBACf,gBAAgB,EAAE,OAAO;gBACzB,yCAAyC;gBACzC,eAAe,EAAE,gBAAgB;aAClC,CAAC;YAEF,MAAM,YAAY,GAAiB;gBACjC,oDAAoD;gBACpD,2EAA2E;gBAC3E,KAAK,EAAE,KAAK;gBACZ,GAAG,EAAE,OAAO,CAAC,GAAG;gBAChB,GAAG,EAAE,aAAa;gBAClB,uEAAuE;gBACvE,QAAQ,EAAE,CAAC,SAAS;gBACpB,2DAA2D;gBAC3D,KAAK,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC;aAClC,CAAC;YAEF,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,OAAO,CAAC,EAAE,YAAY,CAAC,CAAC;YAE1D,qCAAqC;YACrC,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC;YAEtB,uEAAuE;YACvE,MAAM,WAAW,GAAG,IAAI,CAAC,CAAC,yBAAyB;YACnD,IAAI,wBAAwB,GAA0B,IAAI,CAAC;YAE3D,MAAM,WAAW,GAAG,CAAC,SAAyB,SAAS,EAAE,EAAE;gBACzD,IAAI,CAAC;oBACH,IAAI,CAAC,SAAS,IAAI,IAAI,EAAE,CAAC;wBACvB,gCAAgC;wBAChC,OAAO,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;oBAC9B,CAAC;yBAAM,CAAC;wBACN,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;oBACpB,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,kCAAkC;oBAClC,IAAI,CAAC;wBACH,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBACvB,CAAC;oBAAC,MAAM,CAAC;wBACP,mCAAmC;oBACrC,CAAC;gBACH,CAAC;YACH,CAAC,CAAC;YAEF,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,QAAQ,GAAG,IAAI,CAAC;gBAChB,2CAA2C;gBAC3C,WAAW,CAAC,SAAS,CAAC,CAAC;gBAEvB,kDAAkD;gBAClD,wBAAwB,GAAG,UAAU,CAAC,GAAG,EAAE;oBACzC,WAAW,CAAC,SAAS,CAAC,CAAC;gBACzB,CAAC,EAAE,WAAW,CAAC,CAAC;YAClB,CAAC,EAAE,OAAO,CAAC,OAAO,CAAC,CAAC;YAEpB,MAAM,SAAS,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,YAAY;YAE3C,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACvC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC9B,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;oBAC9C,MAAM,IAAI,KAAK,CAAC;gBAClB,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;gBACvC,MAAM,KAAK,GAAG,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAC9B,IAAI,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;oBAC9C,MAAM,IAAI,KAAK,CAAC;gBAClB,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,QAAuB,EAAE,EAAE;gBAC3C,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,wBAAwB,EAAE,CAAC;oBAC7B,YAAY,CAAC,wBAAwB,CAAC,CAAC;gBACzC,CAAC;gBACD,IAAI,QAAQ,EAAE,CAAC;oBACb,OAAO,CAAC;wBACN,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;wBACrB,MAAM,EAAE,oDAAoD;wBAC5D,QAAQ,EAAE,GAAG;qBACd,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC;wBACN,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;wBACrB,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;wBACrB,QAAQ,EAAE,QAAQ,IAAI,CAAC;qBACxB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAY,EAAE,EAAE;gBAChC,YAAY,CAAC,KAAK,CAAC,CAAC;gBACpB,IAAI,wBAAwB,EAAE,CAAC;oBAC7B,YAAY,CAAC,wBAAwB,CAAC,CAAC;gBACzC,CAAC;gBACD,OAAO,CAAC;oBACN,MAAM,EAAE,EAAE;oBACV,MAAM,EAAE,KAAK,CAAC,OAAO;oBACrB,QAAQ,EAAE,CAAC;iBACZ,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;;;;;;;;;;;OAmBG;IACH,KAAK,CAAC,OAAO,CAAC,OAAe,EAAE,UAAkB,KAAK;QACpD,IAAI,CAAC;YACH,mDAAmD;YACnD,MAAM,gBAAgB,GAAG,kBAAkB,CACzC,eAAe,CAAC,OAAO,EACvB,EAAE,OAAO,EAAE,OAAO,EAAE,EACpB,SAAS,CACV,CAAC;YAEF,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;gBAC5B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,kBAAkB,gBAAgB,CAAC,KAAK,EAAE;iBAClD,CAAC;YACJ,CAAC;YAED,uCAAuC;YACvC,MAAM,uBAAuB,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAC/D,IAAI,CAAC,uBAAuB,CAAC,KAAK,EAAE,CAAC;gBACnC,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,oBAAoB,uBAAuB,CAAC,KAAK,EAAE;iBAC3D,CAAC;YACJ,CAAC;YAED,4DAA4D;YAC5D,MAAM,UAAU,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;YACjD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,oBAAoB,UAAU,CAAC,MAAM,EAAE;iBAC/C,CAAC;YACJ,CAAC;YAED,oEAAoE;YACpE,MAAM,YAAY,GAAG,IAAI,CAAC,mBAAmB,CAAC,eAAe,EAAE,CAAC;YAChE,IAAI,CAAC,YAAY,CAAC,YAAY,IAAI,CAAC,YAAY,CAAC,aAAa,EAAE,CAAC;gBAC9D,2CAA2C;gBAC3C,MAAM,kBAAkB,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAC3E;oBACE,SAAS,EAAE,kBAAkB;oBAC7B,QAAQ,EAAE,OAAO;oBACjB,cAAc,EAAE,KAAK;oBACrB,OAAO,EAAE,YAAY,OAAO,wBAAwB,IAAI,CAAC,gBAAgB,EAAE;iBAC5E,EACD,MAAM,CACP,CAAC;gBAEF,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,CAAC;oBAClC,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,kBAAkB,CAAC,QAAQ,IAAI,qCAAqC;qBAC5E,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,mEAAmE;YACnE,IAAI,CAAC,4BAA4B,CAAC,OAAO,CAAC,CAAC;YAE3C,+BAA+B;YAC/B,IAAI,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,MAAM,MAAM,GAAG,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3C,2BAA2B;gBAC3B,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;gBACpD,IAAI,CAAC;oBACH,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;oBACxB,IAAI,CAAC,gBAAgB,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;oBACtC,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,MAAM,EAAE,yBAAyB,IAAI,CAAC,gBAAgB,EAAE;qBACzD,CAAC;gBACJ,CAAC;gBAAC,OAAO,KAAc,EAAE,CAAC;oBACxB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;oBAC9E,OAAO;wBACL,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,4BAA4B,YAAY,EAAE;qBAClD,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,wCAAwC;YACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,OAAO,EAAE;gBAClD,OAAO;gBACP,GAAG,EAAE,IAAI,CAAC,gBAAgB;aAC3B,CAAC,CAAC;YAEH,IAAI,MAAM,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;gBAC1B,MAAM,YAAY,GAAG,MAAM,CAAC,MAAM,IAAI,4BAA4B,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAEpF,kCAAkC;gBAClC,IAAI,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBAC5B,MAAM,aAAa,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,cAAc,CAC/D,OAAO,EACP,YAAY,EACZ,KAAK,EAAE,MAAc,EAAE,EAAE;wBACvB,8DAA8D;wBAC9D,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE;4BACpD,OAAO,EAAE,OAAO,GAAG,CAAC,EAAE,kCAAkC;4BACxD,GAAG,EAAE,IAAI,CAAC,gBAAgB;yBAC3B,CAAC,CAAC;wBAEH,IAAI,SAAS,CAAC,QAAQ,KAAK,CAAC,EAAE,CAAC;4BAC7B,OAAO;gCACL,OAAO,EAAE,IAAI;gCACb,MAAM,EAAE,SAAS,CAAC,MAAM,IAAI,0BAA0B;6BACvD,CAAC;wBACJ,CAAC;wBACD,OAAO;4BACL,OAAO,EAAE,KAAK;4BACd,KAAK,EAAE,SAAS,CAAC,MAAM,IAAI,wBAAwB,SAAS,CAAC,QAAQ,EAAE;yBACxE,CAAC;oBACJ,CAAC,CACF,CAAC;oBAEF,IAAI,aAAa,CAAC,OAAO,IAAI,aAAa,CAAC,WAAW,EAAE,CAAC;wBACvD,OAAO;4BACL,OAAO,EAAE,IAAI;4BACb,MAAM,EAAE,wBAAwB,aAAa,CAAC,QAAQ,CAAC,MAAM,eAAe;gCACpE,gBAAgB,aAAa,CAAC,YAAY,MAAM;gCAChD,CAAC,aAAa,CAAC,WAAW,CAAC,MAAM,IAAI,SAAS,CAAC;yBACxD,CAAC;oBACJ,CAAC;oBAED,6DAA6D;oBAC7D,IAAI,aAAa,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;wBACtC,OAAO;4BACL,OAAO,EAAE,KAAK;4BACd,KAAK,EAAE,GAAG,YAAY,iCAAiC,aAAa,CAAC,QAAQ,CAAC,MAAM,sBAAsB;yBAC3G,CAAC;oBACJ,CAAC;gBACH,CAAC;gBAED,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,YAAY;iBACpB,CAAC;YACJ,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,aAAa,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACnF,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,EAAE,IAAI,2CAA2C,CAAC;YAEnF,qDAAqD;YACrD,IAAI,kBAAkB,CAAC,aAAa,CAAC,EAAE,CAAC;gBACtC,MAAM,MAAM,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;gBAC9C,IAAI,MAAM,CAAC,YAAY,IAAI,MAAM,CAAC,IAAI,EAAE,CAAC;oBACvC,uDAAuD;oBACvD,OAAO;wBACL,OAAO,EAAE,IAAI;wBACb,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC;wBACnC,IAAI,EAAE,EAAE,IAAI,EAAE,cAAc,EAAE,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE;qBACjE,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,MAAM,EAAE,aAAa;aACtB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,MAAM,YAAY,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC;YAC9E,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,mBAAmB,YAAY,EAAE;aACzC,CAAC;QACJ,CAAC;IACH,CAAC;IAED;;;OAGG;IACK,4BAA4B,CAAC,OAAe;QAClD,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC;QACjE,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;YACzC,MAAM,aAAa,GAAG,oBAAoB,EAAE,CAAC;YAE7C,KAAK,MAAM,GAAG,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;gBAClC,IAAI,gBAAgB,CAAC,GAAG,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBACtC,sDAAsD;oBACtD,MAAM,QAAQ,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC1D,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;wBAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;4BACtC,CAAC,CAAC,OAAO;4BACT,CAAC,CAAC,GAAG,IAAI,CAAC,gBAAgB,IAAI,OAAO,EAAE,CAAC;wBAC1C,IAAI,CAAC;4BACH,aAAa,CAAC,oBAAoB,CAAC,QAAQ,CAAC,CAAC;4BAC7C,WAAW,CAAC,gBAAgB,CAAC;gCAC3B,MAAM,EAAE,WAAW;gCACnB,MAAM,EAAE,QAAQ;gCAChB,QAAQ,EAAE,OAAO;gCACjB,MAAM,EAAE,iBAAiB;gCACzB,OAAO,EAAE,yBAAyB,GAAG,CAAC,OAAO,EAAE;6BAChD,CAAC,CAAC;wBACL,CAAC;wBAAC,MAAM,CAAC;4BACP,iDAAiD;wBACnD,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,kEAAkE;QACpE,CAAC;IACH,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,OAAgB;QAC7B,IAAI,CAAC,kBAAkB,GAAG,OAAO,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAChC,CAAC;IAED,mBAAmB;QACjB,OAAO,IAAI,CAAC,gBAAgB,CAAC;IAC/B,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,GAAW;QAChC,+DAA+D;QAC/D,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,GAAG,CAAC;IAC3C,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,SAAS,CAAC,YAAoB,GAAG;QACrC,6BAA6B;QAC7B,MAAM,UAAU,GAAG,kBAAkB,CACnC,eAAe,CAAC,SAAS,EACzB,EAAE,SAAS,EAAE,EACb,WAAW,CACZ,CAAC;QAEF,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kBAAkB,UAAU,CAAC,KAAK,EAAE;aAC5C,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAC5C,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,OAAO,EAAE,CAAC,CAAC;IAC3C,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,SAAS,CAAC,OAAe,EAAE,YAAoB,GAAG;QACtD,6BAA6B;QAC7B,MAAM,UAAU,GAAG,kBAAkB,CACnC,eAAe,CAAC,SAAS,EACzB,EAAE,OAAO,EAAE,SAAS,EAAE,EACtB,WAAW,CACZ,CAAC;QAEF,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kBAAkB,UAAU,CAAC,KAAK,EAAE;aAC5C,CAAC;QACJ,CAAC;QAED,MAAM,OAAO,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAC5C,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAC9C,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,OAAO,UAAU,WAAW,UAAU,CAAC,CAAC;IACtE,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,IAAI,CAAC,OAAe,EAAE,QAAgB,GAAG;QAC7C,6BAA6B;QAC7B,MAAM,UAAU,GAAG,kBAAkB,CACnC,eAAe,CAAC,IAAI,EACpB,EAAE,OAAO,EAAE,KAAK,EAAE,EAClB,MAAM,CACP,CAAC;QAEF,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;YACtB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,kBAAkB,UAAU,CAAC,KAAK,EAAE;aAC5C,CAAC;QACJ,CAAC;QAED,uCAAuC;QACvC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,IAAI,GAAG;gBACX,cAAc;gBACd,eAAe;gBACf,SAAS,EAAE,OAAO;gBAClB,aAAa,EAAE,KAAK,EAAE,gCAAgC;gBACtD,OAAO;gBACP,KAAK;aACN,CAAC;YAEF,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,EAAE,IAAI,EAAE;gBAC7B,GAAG,EAAE,IAAI,CAAC,gBAAgB;gBAC1B,GAAG,EAAE,cAAc,EAAE;aACtB,CAAC,CAAC;YAEH,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAEhB,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC7B,IAAI,MAAM,CAAC,MAAM,GAAG,SAAS;oBAAE,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC3D,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,MAAM,EAAE,EAAE,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBAC7B,IAAI,MAAM,CAAC,MAAM,GAAG,OAAO;oBAAE,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YACzD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,IAAI,EAAE,EAAE;gBACtB,uDAAuD;gBACvD,IAAI,IAAI,KAAK,CAAC,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;oBAC7B,OAAO,CAAC;wBACN,OAAO,EAAE,IAAI;wBACb,MAAM,EAAE,MAAM,IAAI,kBAAkB;qBACrC,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC;wBACN,OAAO,EAAE,KAAK;wBACd,KAAK,EAAE,MAAM,IAAI,4BAA4B,IAAI,EAAE;wBACnD,MAAM,EAAE,MAAM;qBACf,CAAC,CAAC;gBACL,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;gBACvB,OAAO,CAAC;oBACN,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,kBAAkB,KAAK,CAAC,OAAO,EAAE;iBACzC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/tools/bash/command-validator.d.ts ADDED Viewed

@@ -0,0 +1,49 @@
+/**
+ * Command validation and environment filtering for BashTool.
+ *
+ * Contains:
+ * - extractBaseCommand: Parses the base command from a shell string
+ * - hasShellBypassFeatures: Detects shell features that could bypass validation
+ * - validateCommand: Full security validation pipeline
+ * - getFilteredEnv: Environment variable filtering for child processes
+ */
+/**
+ * Extract the base command from a command string
+ * Handles paths, env var prefixes, and common shell constructs
+ */
+export declare function extractBaseCommand(command: string): string | null;
+/**
+ * Check if command uses shell features that could bypass validation
+ */
+export declare function hasShellBypassFeatures(command: string): {
+    bypass: boolean;
+    reason?: string;
+};
+/**
+ * Validate command for dangerous patterns
+ *
+ * Security checks performed (in order):
+ * 1. Control characters - blocks terminal manipulation
+ * 2. ANSI escape sequences - blocks display manipulation
+ * 3. Shell bypass features - blocks process substitution, here-strings, etc.
+ * 4. Base command blocklist - blocks known dangerous commands
+ * 5. Blocked command patterns - blocks known dangerous patterns
+ * 6. Protected paths - blocks access to sensitive directories
+ *
+ * Note: Sandbox manager validation is performed separately by the caller
+ * since it requires instance state.
+ */
+export declare function validateCommand(command: string): {
+    valid: boolean;
+    reason?: string;
+};
+/**
+ * Filter environment variables to only include safe ones
+ * This prevents credential leakage to child processes
+ *
+ * Security measures:
+ * - Only allowlisted variable names are passed through
+ * - Values containing shell metacharacters are sanitized
+ * - Values that look like secrets are excluded
+ */
+export declare function getFilteredEnv(): Record<string, string>;