@probelabs/probe 0.6.0-rc105 → 0.6.0-rc106

package/build/agent/ProbeAgent.js

@@ -92,6 +92,10 @@ export class ProbeAgent {
     this.maxResponseTokens = options.maxResponseTokens || parseInt(process.env.MAX_RESPONSE_TOKENS || '0', 10) || null;
     this.disableMermaidValidation = !!options.disableMermaidValidation;
 
+    // Bash configuration
+    this.enableBash = !!options.enableBash;
+    this.bashConfig = options.bashConfig || {};
+
     // Search configuration - support both path (single) and allowedFolders (array)
     if (options.allowedFolders && Array.isArray(options.allowedFolders)) {
       this.allowedFolders = options.allowedFolders;
@@ -156,7 +160,9 @@ export class ProbeAgent {
       debug: this.debug,
       defaultPath: this.allowedFolders.length > 0 ? this.allowedFolders[0] : process.cwd(),
       allowedFolders: this.allowedFolders,
-      outline: this.outline
+      outline: this.outline,
+      enableBash: this.enableBash,
+      bashConfig: this.bashConfig
     };
 
     // Create base tools
@@ -174,6 +180,11 @@ export class ProbeAgent {
       listFiles: listFilesToolInstance,
       searchFiles: searchFilesToolInstance,
     };
+
+    // Add bash tool if enabled
+    if (this.enableBash && wrappedTools.bashToolInstance) {
+      this.toolImplementations.bash = wrappedTools.bashToolInstance;
+    }
     
     // Store wrapped tools for ACP system
     this.wrappedTools = wrappedTools;

package/build/agent/bashCommandUtils.js

@@ -0,0 +1,200 @@
+/**
+ * Unified command parsing utilities for bash tool
+ * 
+ * This module provides a single source of truth for parsing shell commands.
+ * It supports only simple commands (no pipes, operators, or substitutions)
+ * to align with the executor's capabilities.
+ * 
+ * @module bashCommandUtils
+ */
+
+/**
+ * Parse a simple shell command into command and arguments
+ * Properly handles quoted arguments and strips quotes
+ * Rejects complex shell constructs for security and consistency
+ * 
+ * @param {string} command - Command string to parse
+ * @returns {Object} Parse result with command, args, and validation info
+ */
+export function parseSimpleCommand(command) {
+  if (!command || typeof command !== 'string') {
+    return {
+      success: false,
+      error: 'Command must be a non-empty string',
+      command: null,
+      args: [],
+      isComplex: false
+    };
+  }
+
+  const trimmed = command.trim();
+  if (!trimmed) {
+    return {
+      success: false,
+      error: 'Command cannot be empty',
+      command: null,
+      args: [],
+      isComplex: false
+    };
+  }
+
+  // Check for complex shell constructs that we don't support
+  const complexPatterns = [
+    /\|/,           // Pipes
+    /&&/,           // Logical AND
+    /\|\|/,         // Logical OR
+    /(?<!\\);/,     // Command separator (but not escaped \;)
+    /&$/,           // Background execution
+    /\$\(/,         // Command substitution $()
+    /`/,            // Command substitution ``
+    />/,            // Redirection >
+    /</,            // Redirection <
+    /\*\*/,         // Glob patterns (potentially dangerous)
+    /^\s*\{.*,.*\}|\{.*\.\.\.*\}/,  // Brace expansion like {a,b} or {1..10} (but not find {} placeholders)
+  ];
+
+  for (const pattern of complexPatterns) {
+    if (pattern.test(trimmed)) {
+      return {
+        success: false,
+        error: 'Complex shell commands with pipes, operators, or redirections are not supported for security reasons',
+        command: null,
+        args: [],
+        isComplex: true,
+        detected: pattern.toString()
+      };
+    }
+  }
+
+  // Parse simple command with proper quote handling
+  const args = [];
+  let current = '';
+  let inQuotes = false;
+  let quoteChar = '';
+  let escaped = false;
+
+  for (let i = 0; i < trimmed.length; i++) {
+    const char = trimmed[i];
+    const nextChar = i + 1 < trimmed.length ? trimmed[i + 1] : '';
+    
+    if (escaped) {
+      // Handle escaped characters
+      current += char;
+      escaped = false;
+      continue;
+    }
+
+    if (char === '\\' && !inQuotes) {
+      // Escape next character
+      escaped = true;
+      continue;
+    }
+
+    if (!inQuotes && (char === '"' || char === "'")) {
+      // Start quoted section - don't include quote char
+      inQuotes = true;
+      quoteChar = char;
+    } else if (inQuotes && char === quoteChar) {
+      // End quoted section - don't include quote char
+      inQuotes = false;
+      quoteChar = '';
+    } else if (!inQuotes && char === ' ') {
+      // Space outside quotes - end current argument
+      if (current.trim()) {
+        args.push(current.trim());
+        current = '';
+      }
+    } else {
+      // Regular character - add to current argument
+      current += char;
+    }
+  }
+  
+  // Add final argument if exists
+  if (current.trim()) {
+    args.push(current.trim());
+  }
+
+  // Check for unclosed quotes
+  if (inQuotes) {
+    return {
+      success: false,
+      error: `Unclosed quote in command: ${quoteChar}`,
+      command: null,
+      args: [],
+      isComplex: false
+    };
+  }
+
+  if (args.length === 0) {
+    return {
+      success: false,
+      error: 'No command found after parsing',
+      command: null,
+      args: [],
+      isComplex: false
+    };
+  }
+
+  const [baseCommand, ...commandArgs] = args;
+
+  return {
+    success: true,
+    error: null,
+    command: baseCommand,
+    args: commandArgs,
+    fullArgs: args,
+    isComplex: false,
+    original: command
+  };
+}
+
+/**
+ * Check if a command contains complex shell constructs
+ * @param {string} command - Command to check
+ * @returns {boolean} True if command is complex
+ */
+export function isComplexCommand(command) {
+  const result = parseSimpleCommand(command);
+  return result.isComplex;
+}
+
+/**
+ * Legacy compatibility function - parses command for permission checking
+ * @param {string} command - Command to parse
+ * @returns {Object} Parse result compatible with existing permission checker
+ */
+export function parseCommand(command) {
+  const result = parseSimpleCommand(command);
+  
+  if (!result.success) {
+    return {
+      command: '',
+      args: [],
+      error: result.error,
+      isComplex: result.isComplex
+    };
+  }
+
+  return {
+    command: result.command,
+    args: result.args,
+    error: null,
+    isComplex: result.isComplex
+  };
+}
+
+/**
+ * Parse command for execution - returns array format expected by spawn()
+ * @param {string} command - Command to parse  
+ * @returns {string[]|null} Array of [command, ...args] or null if invalid
+ */
+export function parseCommandForExecution(command) {
+  const result = parseSimpleCommand(command);
+  
+  if (!result.success) {
+    return null;
+  }
+
+  return result.fullArgs;
+}

package/build/agent/bashDefaults.js

@@ -0,0 +1,202 @@
+/**
+ * Default allow and deny patterns for bash command execution
+ * @module agent/bashDefaults
+ */
+
+/**
+ * Default allow patterns for safe, read-only commands useful for code exploration
+ */
+export const DEFAULT_ALLOW_PATTERNS = [
+  // Basic navigation and listing
+  'ls', 'dir', 'pwd', 'cd', 'cd:*',
+  
+  // File reading commands
+  'cat', 'cat:*', 'head', 'head:*', 'tail', 'tail:*',
+  'less', 'more', 'view',
+  
+  // File information and metadata
+  'file', 'file:*', 'stat', 'stat:*', 'wc', 'wc:*',
+  'du', 'du:*', 'df', 'df:*', 'realpath', 'realpath:*',
+  
+  // Search and find commands (read-only) - find restricted to safe operations
+  'find', 'find:-name:*', 'find:-type:*', 'find:-size:*', 'find:-mtime:*', 'find:-newer:*',
+  'find:-path:*', 'find:-iname:*', 'find:-maxdepth:*', 'find:-mindepth:*', 'find:-print',
+  'grep', 'grep:*', 'egrep', 'egrep:*', 'fgrep', 'fgrep:*',
+  'rg', 'rg:*', 'ag', 'ag:*', 'ack', 'ack:*',
+  'which', 'which:*', 'whereis', 'whereis:*', 'locate', 'locate:*',
+  'type', 'type:*', 'command', 'command:*',
+  
+  // Tree and structure visualization
+  'tree', 'tree:*',
+  
+  // Git read-only operations
+  'git:status', 'git:log', 'git:log:*', 'git:diff', 'git:diff:*',
+  'git:show', 'git:show:*', 'git:branch', 'git:branch:*',
+  'git:tag', 'git:tag:*', 'git:describe', 'git:describe:*',
+  'git:remote', 'git:remote:*', 'git:config:*',
+  'git:blame', 'git:blame:*', 'git:shortlog', 'git:reflog',
+  'git:ls-files', 'git:ls-tree', 'git:rev-parse', 'git:rev-list',
+  'git:--version', 'git:help', 'git:help:*',
+  
+  // Package managers (information only)
+  'npm:list', 'npm:ls', 'npm:view', 'npm:info', 'npm:show',
+  'npm:outdated', 'npm:audit', 'npm:--version',
+  'yarn:list', 'yarn:info', 'yarn:--version',
+  'pnpm:list', 'pnpm:--version',
+  'pip:list', 'pip:show', 'pip:--version',
+  'pip3:list', 'pip3:show', 'pip3:--version',
+  'gem:list', 'gem:--version',
+  'bundle:list', 'bundle:show', 'bundle:--version',
+  'composer:show', 'composer:--version',
+  
+  // Language and runtime versions
+  'node:--version', 'node:-v',
+  'python:--version', 'python:-V', 'python3:--version', 'python3:-V',
+  'ruby:--version', 'ruby:-v',
+  'go:version', 'go:env', 'go:list', 'go:mod:graph',
+  'rustc:--version', 'cargo:--version', 'cargo:tree', 'cargo:metadata',
+  'java:--version', 'java:-version', 'javac:--version',
+  'mvn:--version', 'gradle:--version',
+  'php:--version', 'dotnet:--version', 'dotnet:list',
+  
+  // Database client versions (connection info only)
+  'psql:--version', 'mysql:--version', 'redis-cli:--version',
+  'mongo:--version', 'sqlite3:--version',
+  
+  // System information
+  'uname', 'uname:*', 'hostname', 'whoami', 'id', 'groups',
+  'date', 'cal', 'uptime', 'w', 'users', 'sleep', 'sleep:*',
+  
+  // Environment and shell
+  'env', 'printenv', 'echo', 'echo:*', 'printf', 'printf:*',
+  'export', 'export:*', 'set', 'unset',
+  
+  // Process information (read-only)
+  'ps', 'ps:*', 'pgrep', 'pgrep:*', 'jobs', 'top:-n:1',
+  
+  // Network information (read-only)
+  'ifconfig', 'ip:addr', 'ip:link', 'hostname:-I',
+  'ping:-c:*', 'traceroute', 'nslookup', 'dig',
+  
+  // Text processing and utilities (awk removed - too powerful)
+  'sed:-n:*', 'cut', 'cut:*', 'sort', 'sort:*',
+  'uniq', 'uniq:*', 'tr', 'tr:*', 'column', 'column:*',
+  'paste', 'paste:*', 'join', 'join:*', 'comm', 'comm:*',
+  'diff', 'diff:*', 'cmp', 'cmp:*', 'patch:--dry-run:*',
+  
+  // Hashing and encoding (read-only)
+  'md5sum', 'md5sum:*', 'sha1sum', 'sha1sum:*', 'sha256sum', 'sha256sum:*',
+  'base64', 'base64:-d', 'od', 'od:*', 'hexdump', 'hexdump:*',
+  
+  // Archive and compression (list/view only)
+  'tar:-tf:*', 'tar:-tzf:*', 'unzip:-l:*', 'zip:-l:*',
+  'gzip:-l:*', 'gunzip:-l:*',
+  
+  // Help and documentation
+  'man', 'man:*', '--help', 'help', 'info', 'info:*',
+  'whatis', 'whatis:*', 'apropos', 'apropos:*',
+  
+  // Make (dry run and info)
+  'make:-n', 'make:--dry-run', 'make:-p', 'make:--print-data-base',
+  
+  // Docker (read-only operations)
+  'docker:ps', 'docker:images', 'docker:version', 'docker:info',
+  'docker:logs:*', 'docker:inspect:*',
+  
+  // Test runners (list/info only)
+  'jest:--listTests', 'mocha:--help', 'pytest:--collect-only'
+];
+
+/**
+ * Default deny patterns for potentially dangerous or destructive commands
+ */
+export const DEFAULT_DENY_PATTERNS = [
+  // Dangerous file operations
+  'rm:-rf', 'rm:-f:/', 'rm:/', 'rm:-rf:*', 'rmdir', 
+  'chmod:777', 'chmod:-R:777', 'chown', 'chgrp',
+  'dd', 'dd:*', 'shred', 'shred:*',
+  
+  // Dangerous find operations that can execute arbitrary commands
+  'find:-exec:*', 'find:*:-exec:*', 'find:-execdir:*', 'find:*:-execdir:*', 
+  'find:-ok:*', 'find:*:-ok:*', 'find:-okdir:*', 'find:*:-okdir:*',
+  
+  // Powerful scripting tools that can execute arbitrary commands
+  'awk', 'awk:*', 'perl', 'perl:*', 'python:-c:*', 'node:-e:*',
+  
+  // System administration and modification
+  'sudo:*', 'su', 'su:*', 'passwd', 'adduser', 'useradd',
+  'userdel', 'usermod', 'groupadd', 'groupdel', 'visudo',
+  
+  // Package installation and removal
+  'npm:install', 'npm:i', 'npm:uninstall', 'npm:publish',
+  'npm:unpublish', 'npm:link', 'npm:update',
+  'yarn:install', 'yarn:add', 'yarn:remove', 'yarn:upgrade',
+  'pnpm:install', 'pnpm:add', 'pnpm:remove',
+  'pip:install', 'pip:uninstall', 'pip:upgrade',
+  'pip3:install', 'pip3:uninstall', 'pip3:upgrade',
+  'gem:install', 'gem:uninstall', 'gem:update',
+  'bundle:install', 'bundle:update',
+  'composer:install', 'composer:update', 'composer:remove',
+  'apt:*', 'apt-get:*', 'yum:*', 'dnf:*', 'zypper:*',
+  'brew:install', 'brew:uninstall', 'brew:upgrade',
+  'conda:install', 'conda:remove', 'conda:update',
+  
+  // Service and system control
+  'systemctl:*', 'service:*', 'chkconfig:*',
+  'initctl:*', 'upstart:*',
+  
+  // Network operations that could be dangerous
+  'curl:-d:*', 'curl:--data:*', 'curl:-X:POST:*', 'curl:-X:PUT:*',
+  'wget:-O:/', 'wget:--post-data:*',
+  'ssh', 'ssh:*', 'scp', 'scp:*', 'sftp', 'sftp:*', 'rsync:*',
+  'nc', 'nc:*', 'netcat', 'netcat:*', 'telnet', 'telnet:*',
+  'ftp', 'ftp:*',
+  
+  // Process control and termination
+  'kill', 'kill:*', 'killall', 'killall:*', 'pkill', 'pkill:*',
+  'nohup:*', 'disown:*',
+  
+  // System control and shutdown
+  'shutdown', 'shutdown:*', 'reboot', 'halt', 'poweroff',
+  'init', 'telinit',
+  
+  // Kernel and module operations
+  'insmod', 'insmod:*', 'rmmod', 'rmmod:*', 'modprobe', 'modprobe:*',
+  'sysctl:-w:*',
+  
+  // Dangerous git operations
+  'git:push', 'git:push:*', 'git:force', 'git:reset:--hard:*',
+  'git:clean:-fd', 'git:rm:*', 'git:commit', 'git:merge',
+  'git:rebase', 'git:cherry-pick', 'git:stash:drop',
+  
+  // File system mounting and partitioning
+  'mount', 'mount:*', 'umount', 'umount:*', 'fdisk', 'fdisk:*',
+  'parted', 'parted:*', 'mkfs', 'mkfs:*', 'fsck', 'fsck:*',
+  
+  // Cron and scheduling
+  'crontab', 'crontab:*', 'at', 'at:*', 'batch', 'batch:*',
+  
+  // Compression with potential overwrite
+  'tar:-xf:*', 'unzip', 'unzip:*', 'gzip:*', 'gunzip:*',
+  
+  // Build and compilation that might modify files
+  'make', 'make:install', 'make:clean', 'cargo:build', 'cargo:install',
+  'npm:run:build', 'yarn:build', 'mvn:install', 'gradle:build',
+  
+  // Docker operations that could modify state
+  'docker:run', 'docker:run:*', 'docker:exec', 'docker:exec:*',
+  'docker:build', 'docker:build:*', 'docker:pull', 'docker:push',
+  'docker:rm', 'docker:rmi', 'docker:stop', 'docker:start',
+  
+  // Database operations
+  'mysql:-e:DROP', 'psql:-c:DROP', 'redis-cli:FLUSHALL',
+  'mongo:--eval:*',
+  
+  // Text editors that could modify files
+  'vi', 'vi:*', 'vim', 'vim:*', 'nano', 'nano:*', 'emacs', 'emacs:*',
+  'sed:-i:*', 'perl:-i:*',
+  
+  // Potentially dangerous utilities
+  'eval', 'eval:*', 'exec', 'exec:*', 'source', 'source:*',
+  'bash:-c:*', 'sh:-c:*', 'zsh:-c:*'
+];