@probelabs/probe 0.6.0-rc177 → 0.6.0-rc186

package/build/agent/ProbeAgent.js

@@ -2501,10 +2501,26 @@ When troubleshooting:
               // Execute native tool
               try {
                 // Add sessionId and workingDirectory to params for tool execution
+                // Validate and resolve workingDirectory
+                let resolvedWorkingDirectory = (this.allowedFolders && this.allowedFolders[0]) || process.cwd();
+                if (params.workingDirectory) {
+                  const requestedDir = resolve(params.workingDirectory);
+                  // Check if the requested directory is within allowed folders
+                  const isWithinAllowed = !this.allowedFolders || this.allowedFolders.length === 0 ||
+                    this.allowedFolders.some(folder => {
+                      const resolvedFolder = resolve(folder);
+                      return requestedDir === resolvedFolder || requestedDir.startsWith(resolvedFolder + sep);
+                    });
+                  if (isWithinAllowed) {
+                    resolvedWorkingDirectory = requestedDir;
+                  } else if (this.debug) {
+                    console.error(`[DEBUG] Rejected workingDirectory "${params.workingDirectory}" - not within allowed folders`);
+                  }
+                }
                 const toolParams = {
                   ...params,
                   sessionId: this.sessionId,
-                  workingDirectory: (this.allowedFolders && this.allowedFolders[0]) || process.cwd()
+                  workingDirectory: resolvedWorkingDirectory
                 };
 
                 // Log tool execution in debug mode

package/build/agent/bashCommandUtils.js

@@ -159,6 +159,69 @@ export function isComplexCommand(command) {
   return result.isComplex;
 }
 
+/**
+ * Check if a pattern is a complex pattern (contains shell operators)
+ * Complex patterns are used to match full command strings including operators
+ * @param {string} pattern - Pattern to check
+ * @returns {boolean} True if pattern contains shell operators
+ */
+export function isComplexPattern(pattern) {
+  if (!pattern || typeof pattern !== 'string') return false;
+
+  // Check for operators in the pattern (aligned with complexPatterns in parseSimpleCommand)
+  const operatorPatterns = [
+    /\|/,           // Pipes
+    /&&/,           // Logical AND
+    /\|\|/,         // Logical OR
+    /;/,            // Command separator
+    /&$/,           // Background execution
+    /\$\(/,         // Command substitution $()
+    /`/,            // Command substitution ``
+    />/,            // Redirection >
+    /</,            // Redirection <
+  ];
+
+  return operatorPatterns.some(p => p.test(pattern));
+}
+
+/**
+ * Convert a glob-style pattern to regex for matching
+ * Supports * as wildcard (matches any characters except operators)
+ * @param {string} pattern - Glob pattern
+ * @returns {RegExp} Compiled regex
+ */
+function globToRegex(pattern) {
+  // Escape regex special characters except *
+  let escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, '\\$&');
+  // Convert * to .*? (non-greedy match)
+  escaped = escaped.replace(/\*/g, '.*?');
+  // Make it match the full string
+  return new RegExp('^' + escaped + '$', 'i');
+}
+
+/**
+ * Match a command string against a complex pattern
+ * Complex patterns use glob-style wildcards (*) for matching
+ * @param {string} command - Full command string
+ * @param {string} pattern - Complex pattern with wildcards
+ * @returns {boolean} True if command matches the pattern
+ */
+export function matchesComplexPattern(command, pattern) {
+  if (!command || !pattern) return false;
+
+  // Normalize whitespace
+  const normalizedCommand = command.trim().replace(/\s+/g, ' ');
+  const normalizedPattern = pattern.trim().replace(/\s+/g, ' ');
+
+  try {
+    const regex = globToRegex(normalizedPattern);
+    return regex.test(normalizedCommand);
+  } catch (e) {
+    // If regex fails, fall back to exact match
+    return normalizedCommand === normalizedPattern;
+  }
+}
+
 /**
  * Legacy compatibility function - parses command for permission checking
  * @param {string} command - Command to parse

package/build/agent/bashExecutor.js

@@ -6,7 +6,7 @@
 import { spawn } from 'child_process';
 import { resolve, join } from 'path';
 import { existsSync } from 'fs';
-import { parseCommandForExecution } from './bashCommandUtils.js';
+import { parseCommandForExecution, isComplexCommand } from './bashCommandUtils.js';
 
 /**
  * Execute a bash command with security controls
@@ -63,31 +63,46 @@ export async function executeBashCommand(command, options = {}) {
       ...env
     };
 
-    // Parse command for shell execution
-    // We use shell: false for security, so we need to parse manually
-    const args = parseCommandForExecution(command);
-    if (!args || args.length === 0) {
-      resolve({
-        success: false,
-        error: 'Failed to parse command',
-        stdout: '',
-        stderr: '',
-        exitCode: 1,
-        command,
-        workingDirectory: cwd,
-        duration: Date.now() - startTime
-      });
-      return;
-    }
+    // Check if this is a complex command (contains pipes, operators, etc.)
+    const isComplex = isComplexCommand(command);
 
-    const [cmd, ...cmdArgs] = args;
+    let cmd, cmdArgs, useShell;
+
+    if (isComplex) {
+      // For complex commands, use sh -c to execute through shell
+      // This is only reached if the permission checker allowed the complex command
+      cmd = 'sh';
+      cmdArgs = ['-c', command];
+      useShell = false; // We explicitly use sh -c, not spawn's shell option
+      if (debug) {
+        console.log(`[BashExecutor] Complex command - using sh -c`);
+      }
+    } else {
+      // Parse simple command for direct execution
+      const args = parseCommandForExecution(command);
+      if (!args || args.length === 0) {
+        resolve({
+          success: false,
+          error: 'Failed to parse command',
+          stdout: '',
+          stderr: '',
+          exitCode: 1,
+          command,
+          workingDirectory: cwd,
+          duration: Date.now() - startTime
+        });
+        return;
+      }
+      [cmd, ...cmdArgs] = args;
+      useShell = false;
+    }
 
     // Spawn the process
     const child = spawn(cmd, cmdArgs, {
       cwd,
       env: processEnv,
       stdio: ['ignore', 'pipe', 'pipe'], // stdin ignored, capture stdout/stderr
-      shell: false, // For security
+      shell: useShell, // false for security
       windowsHide: true
     });
 

package/build/agent/bashPermissions.js

@@ -4,7 +4,7 @@
  */
 
 import { DEFAULT_ALLOW_PATTERNS, DEFAULT_DENY_PATTERNS } from './bashDefaults.js';
-import { parseCommand, isComplexCommand } from './bashCommandUtils.js';
+import { parseCommand, isComplexCommand, isComplexPattern, matchesComplexPattern } from './bashCommandUtils.js';
 
 /**
  * Check if a pattern matches a parsed command
@@ -125,7 +125,7 @@ export class BashPermissionChecker {
   }
 
   /**
-   * Check if a simple command is allowed (rejects complex commands for security)
+   * Check if a simple command is allowed (complex commands allowed if they match patterns)
    * @param {string} command - Command to check
    * @returns {Object} Permission result
    */
@@ -138,19 +138,17 @@ export class BashPermissionChecker {
       };
     }
 
-    // First check if this is a complex command - reject immediately for security
-    if (isComplexCommand(command)) {
-      return {
-        allowed: false,
-        reason: 'Complex shell commands with pipes, operators, or redirections are not supported for security reasons',
-        command: command,
-        isComplex: true
-      };
+    // Check if this is a complex command
+    const commandIsComplex = isComplexCommand(command);
+
+    if (commandIsComplex) {
+      // For complex commands, check against complex patterns in allow/deny lists
+      return this._checkComplexCommand(command);
     }
 
     // Parse the simple command
     const parsed = parseCommand(command);
-    
+
     if (parsed.error) {
       return {
         allowed: false,
@@ -203,14 +201,77 @@ export class BashPermissionChecker {
       parsed: parsed,
       isComplex: false
     };
-    
+
     if (this.debug) {
       console.log(`[BashPermissions] ALLOWED - command passed all checks`);
     }
-    
+
     return result;
   }
 
+  /**
+   * Check a complex command against complex patterns in allow/deny lists
+   * @private
+   * @param {string} command - Complex command to check
+   * @returns {Object} Permission result
+   */
+  _checkComplexCommand(command) {
+    if (this.debug) {
+      console.log(`[BashPermissions] Checking complex command: "${command}"`);
+    }
+
+    // Get complex patterns from allow and deny lists
+    const complexAllowPatterns = this.allowPatterns.filter(p => isComplexPattern(p));
+    const complexDenyPatterns = this.denyPatterns.filter(p => isComplexPattern(p));
+
+    if (this.debug) {
+      console.log(`[BashPermissions] Complex allow patterns: ${complexAllowPatterns.length}`);
+      console.log(`[BashPermissions] Complex deny patterns: ${complexDenyPatterns.length}`);
+    }
+
+    // Check deny patterns first (deny takes precedence)
+    for (const pattern of complexDenyPatterns) {
+      if (matchesComplexPattern(command, pattern)) {
+        if (this.debug) {
+          console.log(`[BashPermissions] DENIED - matches complex deny pattern: ${pattern}`);
+        }
+        return {
+          allowed: false,
+          reason: `Command matches deny pattern: ${pattern}`,
+          command: command,
+          isComplex: true,
+          matchedPatterns: [pattern]
+        };
+      }
+    }
+
+    // Check allow patterns
+    for (const pattern of complexAllowPatterns) {
+      if (matchesComplexPattern(command, pattern)) {
+        if (this.debug) {
+          console.log(`[BashPermissions] ALLOWED - matches complex allow pattern: ${pattern}`);
+        }
+        return {
+          allowed: true,
+          command: command,
+          isComplex: true,
+          matchedPattern: pattern
+        };
+      }
+    }
+
+    // No matching complex pattern found - reject complex command
+    if (this.debug) {
+      console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
+    }
+    return {
+      allowed: false,
+      reason: 'Complex shell commands require explicit allow patterns (e.g., "cd * && git *")',
+      command: command,
+      isComplex: true
+    };
+  }
+
   /**
    * Get configuration summary
    * @returns {Object} Configuration info

package/build/agent/index.js

@@ -9136,6 +9136,46 @@ function isComplexCommand(command) {
   const result = parseSimpleCommand(command);
   return result.isComplex;
 }
+function isComplexPattern(pattern) {
+  if (!pattern || typeof pattern !== "string") return false;
+  const operatorPatterns = [
+    /\|/,
+    // Pipes
+    /&&/,
+    // Logical AND
+    /\|\|/,
+    // Logical OR
+    /;/,
+    // Command separator
+    /&$/,
+    // Background execution
+    /\$\(/,
+    // Command substitution $()
+    /`/,
+    // Command substitution ``
+    />/,
+    // Redirection >
+    /</
+    // Redirection <
+  ];
+  return operatorPatterns.some((p) => p.test(pattern));
+}
+function globToRegex(pattern) {
+  let escaped = pattern.replace(/[.+?^${}()|[\]\\]/g, "\\$&");
+  escaped = escaped.replace(/\*/g, ".*?");
+  return new RegExp("^" + escaped + "$", "i");
+}
+function matchesComplexPattern(command, pattern) {
+  if (!command || !pattern) return false;
+  const normalizedCommand = command.trim().replace(/\s+/g, " ");
+  const normalizedPattern = pattern.trim().replace(/\s+/g, " ");
+  try {
+    const regex = globToRegex(normalizedPattern);
+    return regex.test(normalizedCommand);
+  } catch (e) {
+    return normalizedCommand === normalizedPattern;
+  }
+}
 function parseCommand(command) {
   const result = parseSimpleCommand(command);
   if (!result.success) {
@@ -9250,7 +9290,7 @@ var init_bashPermissions = __esm({
         }
       }
       /**
-       * Check if a simple command is allowed (rejects complex commands for security)
+       * Check if a simple command is allowed (complex commands allowed if they match patterns)
        * @param {string} command - Command to check
        * @returns {Object} Permission result
        */
@@ -9262,13 +9302,9 @@ var init_bashPermissions = __esm({
             command
           };
         }
-        if (isComplexCommand(command)) {
-          return {
-            allowed: false,
-            reason: "Complex shell commands with pipes, operators, or redirections are not supported for security reasons",
-            command,
-            isComplex: true
-          };
+        const commandIsComplex = isComplexCommand(command);
+        if (commandIsComplex) {
+          return this._checkComplexCommand(command);
         }
         const parsed = parseCommand(command);
         if (parsed.error) {
@@ -9320,6 +9356,59 @@ var init_bashPermissions = __esm({
         }
         return result;
       }
+      /**
+       * Check a complex command against complex patterns in allow/deny lists
+       * @private
+       * @param {string} command - Complex command to check
+       * @returns {Object} Permission result
+       */
+      _checkComplexCommand(command) {
+        if (this.debug) {
+          console.log(`[BashPermissions] Checking complex command: "${command}"`);
+        }
+        const complexAllowPatterns = this.allowPatterns.filter((p) => isComplexPattern(p));
+        const complexDenyPatterns = this.denyPatterns.filter((p) => isComplexPattern(p));
+        if (this.debug) {
+          console.log(`[BashPermissions] Complex allow patterns: ${complexAllowPatterns.length}`);
+          console.log(`[BashPermissions] Complex deny patterns: ${complexDenyPatterns.length}`);
+        }
+        for (const pattern of complexDenyPatterns) {
+          if (matchesComplexPattern(command, pattern)) {
+            if (this.debug) {
+              console.log(`[BashPermissions] DENIED - matches complex deny pattern: ${pattern}`);
+            }
+            return {
+              allowed: false,
+              reason: `Command matches deny pattern: ${pattern}`,
+              command,
+              isComplex: true,
+              matchedPatterns: [pattern]
+            };
+          }
+        }
+        for (const pattern of complexAllowPatterns) {
+          if (matchesComplexPattern(command, pattern)) {
+            if (this.debug) {
+              console.log(`[BashPermissions] ALLOWED - matches complex allow pattern: ${pattern}`);
+            }
+            return {
+              allowed: true,
+              command,
+              isComplex: true,
+              matchedPattern: pattern
+            };
+          }
+        }
+        if (this.debug) {
+          console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
+        }
+        return {
+          allowed: false,
+          reason: 'Complex shell commands require explicit allow patterns (e.g., "cd * && git *")',
+          command,
+          isComplex: true
+        };
+      }
       /**
        * Get configuration summary
        * @returns {Object} Configuration info
@@ -9378,28 +9467,40 @@ async function executeBashCommand(command, options = {}) {
       ...process.env,
       ...env
     };
-    const args = parseCommandForExecution(command);
-    if (!args || args.length === 0) {
-      resolve6({
-        success: false,
-        error: "Failed to parse command",
-        stdout: "",
-        stderr: "",
-        exitCode: 1,
-        command,
-        workingDirectory: cwd,
-        duration: Date.now() - startTime
-      });
-      return;
+    const isComplex = isComplexCommand(command);
+    let cmd, cmdArgs, useShell;
+    if (isComplex) {
+      cmd = "sh";
+      cmdArgs = ["-c", command];
+      useShell = false;
+      if (debug) {
+        console.log(`[BashExecutor] Complex command - using sh -c`);
+      }
+    } else {
+      const args = parseCommandForExecution(command);
+      if (!args || args.length === 0) {
+        resolve6({
+          success: false,
+          error: "Failed to parse command",
+          stdout: "",
+          stderr: "",
+          exitCode: 1,
+          command,
+          workingDirectory: cwd,
+          duration: Date.now() - startTime
+        });
+        return;
+      }
+      [cmd, ...cmdArgs] = args;
+      useShell = false;
     }
-    const [cmd, ...cmdArgs] = args;
     const child = spawn2(cmd, cmdArgs, {
       cwd,
       env: processEnv,
       stdio: ["ignore", "pipe", "pipe"],
       // stdin ignored, capture stdout/stderr
-      shell: false,
-      // For security
+      shell: useShell,
+      // false for security
       windowsHide: true
     });
     let stdout = "";
@@ -23000,6 +23101,16 @@ var init_regexp_parser = __esm({
               case "!":
                 type = "NegativeLookahead";
                 break;
+              case "<": {
+                switch (this.popChar()) {
+                  case "=":
+                    type = "Lookbehind";
+                    break;
+                  case "!":
+                    type = "NegativeLookbehind";
+                }
+                break;
+              }
             }
             ASSERT_EXISTS(type);
             const disjunction = this.disjunction();
@@ -23491,9 +23602,9 @@ var init_regexp_parser = __esm({
               default:
                 return false;
             }
-          // '(?=' or '(?!'
+          // '(?=' or '(?!' or `(?<=` or `(?<!`
           case "(":
-            return this.peekChar(1) === "?" && (this.peekChar(2) === "=" || this.peekChar(2) === "!");
+            return this.peekChar(1) === "?" && (this.peekChar(2) === "=" || this.peekChar(2) === "!" || this.peekChar(2) === "<" && (this.peekChar(3) === "=" || this.peekChar(3) === "!"));
           default:
             return false;
         }
@@ -23618,6 +23729,12 @@ var init_base_regexp_visitor = __esm({
           case "NegativeLookahead":
             this.visitNegativeLookahead(node);
             break;
+          case "Lookbehind":
+            this.visitLookbehind(node);
+            break;
+          case "NegativeLookbehind":
+            this.visitNegativeLookbehind(node);
+            break;
           case "Character":
             this.visitCharacter(node);
             break;
@@ -23657,6 +23774,10 @@ var init_base_regexp_visitor = __esm({
       }
       visitNegativeLookahead(node) {
       }
+      visitLookbehind(node) {
+      }
+      visitNegativeLookbehind(node) {
+      }
       // atoms
       visitCharacter(node) {
       }
@@ -23750,6 +23871,8 @@ function firstCharOptimizedIndices(ast, result, ignoreCase) {
           // assertions do not affect potential starting codes
           case "Lookahead":
           case "NegativeLookahead":
+          case "Lookbehind":
+          case "NegativeLookbehind":
           case "StartAnchor":
           case "WordBoundary":
           case "NonWordBoundary":
@@ -23894,6 +24017,12 @@ var init_reg_exp = __esm({
           case "NegativeLookahead":
             this.visitNegativeLookahead(node);
             return;
+          case "Lookbehind":
+            this.visitLookbehind(node);
+            return;
+          case "NegativeLookbehind":
+            this.visitNegativeLookbehind(node);
+            return;
         }
         super.visitChildren(node);
       }
@@ -24333,24 +24462,27 @@ function findUnreachablePatterns(tokenTypes) {
     }
     return result;
   }, []);
-  forEach_default(tokenTypes, (tokType, testIdx) => {
-    forEach_default(canBeTested, ({ str, idx, tokenType }) => {
-      if (testIdx < idx && testTokenType(str, tokType.PATTERN)) {
-        const msg = `Token: ->${tokenType.name}<- can never be matched.
-Because it appears AFTER the Token Type ->${tokType.name}<-in the lexer's definition.
+  forEach_default(tokenTypes, (aTokType, aIdx) => {
+    forEach_default(canBeTested, ({ str: bStr, idx: bIdx, tokenType: bTokType }) => {
+      if (aIdx < bIdx && tryToMatchStrToPattern(bStr, aTokType.PATTERN)) {
+        const msg = `Token: ->${bTokType.name}<- can never be matched.
+Because it appears AFTER the Token Type ->${aTokType.name}<-in the lexer's definition.
 See https://chevrotain.io/docs/guide/resolving_lexer_errors.html#UNREACHABLE`;
         errors.push({
           message: msg,
           type: LexerDefinitionErrorType.UNREACHABLE_PATTERN,
-          tokenTypes: [tokType, tokenType]
+          tokenTypes: [aTokType, bTokType]
         });
       }
     });
   });
   return errors;
 }
-function testTokenType(str, pattern) {
+function tryToMatchStrToPattern(str, pattern) {
   if (isRegExp_default(pattern)) {
+    if (usesLookAheadOrBehind(pattern)) {
+      return false;
+    }
     const regExpArray = pattern.exec(str);
     return regExpArray !== null && regExpArray.index === 0;
   } else if (isFunction_default(pattern)) {
@@ -24381,6 +24513,9 @@ function noMetaChar(regExp) {
   ];
   return find_default(metaChars, (char) => regExp.source.indexOf(char) !== -1) === void 0;
 }
+function usesLookAheadOrBehind(regExp) {
+  return /(\(\?=)|(\(\?!)|(\(\?<=)|(\(\?<!)/.test(regExp.source);
+}
 function addStartOfInput(pattern) {
   const flags = pattern.ignoreCase ? "i" : "";
   return new RegExp(`^(?:${pattern.source})`, flags);
@@ -24728,7 +24863,7 @@ var init_lexer_errors_public = __esm({
       buildUnableToPopLexerModeMessage(token) {
         return `Unable to pop Lexer Mode after encountering Token ->${token.image}<- The Mode Stack is empty`;
       },
-      buildUnexpectedCharactersMessage(fullText, startOffset, length, line, column) {
+      buildUnexpectedCharactersMessage(fullText, startOffset, length, line, column, mode) {
         return `unexpected character: ->${fullText.charAt(startOffset)}<- at offset: ${startOffset}, skipped ${length} characters.`;
       }
     };
@@ -25169,7 +25304,7 @@ var init_lexer_public = __esm({
             }
             errLength = offset - errorStartOffset;
             column = this.computeNewColumn(column, errLength);
-            msg = this.config.errorMessageProvider.buildUnexpectedCharactersMessage(orgText, errorStartOffset, errLength, errorLine, errorColumn);
+            msg = this.config.errorMessageProvider.buildUnexpectedCharactersMessage(orgText, errorStartOffset, errLength, errorLine, errorColumn, last_default(modeStack));
             errors.push({
               offset: errorStartOffset,
               line: errorLine,
@@ -25282,7 +25417,7 @@ var init_lexer_public = __esm({
         return regExpArray !== null ? regExpArray[0] : null;
       }
     };
-    Lexer.SKIPPED = "This marks a skipped Token pattern, this means each token identified by it willbe consumed and then thrown into oblivion, this can be used to for example to completely ignore whitespace.";
+    Lexer.SKIPPED = "This marks a skipped Token pattern, this means each token identified by it will be consumed and then thrown into oblivion, this can be used to for example to completely ignore whitespace.";
     Lexer.NA = /NOT_APPLICABLE/;
   }
 });
@@ -61086,10 +61221,23 @@ ${toolResultContent}
                   }
                 } else if (this.toolImplementations[toolName]) {
                   try {
+                    let resolvedWorkingDirectory = this.allowedFolders && this.allowedFolders[0] || process.cwd();
+                    if (params.workingDirectory) {
+                      const requestedDir = resolve4(params.workingDirectory);
+                      const isWithinAllowed = !this.allowedFolders || this.allowedFolders.length === 0 || this.allowedFolders.some((folder) => {
+                        const resolvedFolder = resolve4(folder);
+                        return requestedDir === resolvedFolder || requestedDir.startsWith(resolvedFolder + sep3);
+                      });
+                      if (isWithinAllowed) {
+                        resolvedWorkingDirectory = requestedDir;
+                      } else if (this.debug) {
+                        console.error(`[DEBUG] Rejected workingDirectory "${params.workingDirectory}" - not within allowed folders`);
+                      }
+                    }
                     const toolParams = {
                       ...params,
                       sessionId: this.sessionId,
-                      workingDirectory: this.allowedFolders && this.allowedFolders[0] || process.cwd()
+                      workingDirectory: resolvedWorkingDirectory
                     };
                     if (this.debug) {
                       console.error(`