@probelabs/probe 0.6.0-rc208 → 0.6.0-rc210

package/src/agent/bashCommandUtils.js

@@ -1,10 +1,36 @@
 /**
  * Unified command parsing utilities for bash tool
- * 
+ *
  * This module provides a single source of truth for parsing shell commands.
  * It supports only simple commands (no pipes, operators, or substitutions)
  * to align with the executor's capabilities.
- * 
+ *
+ * ## Escape Handling Architecture
+ *
+ * There are THREE different escape handling behaviors in the bash permission system,
+ * each serving a distinct purpose:
+ *
+ * 1. **stripQuotedContent()** (in parseSimpleCommand): SKIPS both backslash AND next char
+ *    - Purpose: Detect operators (|, &&, ||) that exist OUTSIDE quoted strings
+ *    - Output is never used for execution, only for operator detection
+ *    - Example: `echo "a && b"` → strips quoted content → no `&&` detected outside quotes
+ *
+ * 2. **parseSimpleCommand()** main loop: STRIPS backslash, KEEPS escaped char
+ *    - Purpose: Extract actual argument values that would be passed to the command
+ *    - Matches bash behavior where `\"` inside double quotes becomes `"`
+ *    - Example: `echo "he said \"hi\""` → args: ['he said "hi"']
+ *
+ * 3. **_splitComplexCommand()** (in bashPermissions.js): PRESERVES both backslash AND next char
+ *    - Purpose: Split complex commands by operators while preserving escape sequences
+ *    - Output is passed to parseCommand() which will then interpret the escapes
+ *    - Example: `echo "test\" && b" && cmd` → components passed to parseCommand for final parsing
+ *
+ * This design ensures:
+ * - Commands with operators inside quotes (e.g., `echo "a && b"`) are NOT incorrectly
+ *   flagged as complex commands
+ * - Escaped quotes (e.g., `\"`) don't prematurely end quoted sections
+ * - Each component gets proper escape interpretation in the final parsing step
+ *
  * @module bashCommandUtils
  */
 
@@ -38,7 +64,64 @@ export function parseSimpleCommand(command) {
     };
   }
 
+  // Strip quoted content before checking for complex operators
+  // This prevents detecting operators inside quotes (e.g., echo "a && b")
+  //
+  // IMPORTANT: This function is ONLY used to detect operators, NOT for argument parsing.
+  // It REMOVES both backslash AND escaped character from the output, unlike parseSimpleCommand
+  // which interprets escapes. This is intentional - we only care about finding operators
+  // that exist outside of quoted strings. See module header for architecture details.
+  const stripQuotedContent = (str) => {
+    let result = '';
+    let inQuotes = false;
+    let quoteChar = '';
+
+    for (let i = 0; i < str.length; i++) {
+      const char = str[i];
+      const nextChar = str[i + 1];
+
+      // Handle escape sequences outside quotes - skip both chars (not operators)
+      if (!inQuotes && char === '\\' && nextChar !== undefined) {
+        // Skip the backslash and next char - they can't be operators
+        i++;
+        continue;
+      }
+
+      // Handle escape sequences inside double quotes
+      // In bash, only ", $, `, \, and newline are escapable in double quotes
+      if (inQuotes && quoteChar === '"' && char === '\\' && nextChar !== undefined) {
+        // Skip both the backslash and the escaped character (stays inside quotes)
+        i++;
+        continue;
+      }
+
+      // Start of quoted section
+      if (!inQuotes && (char === '"' || char === "'")) {
+        inQuotes = true;
+        quoteChar = char;
+        continue;
+      }
+
+      // End of quoted section
+      if (inQuotes && char === quoteChar) {
+        inQuotes = false;
+        quoteChar = '';
+        continue;
+      }
+
+      // Only add characters that are outside quotes
+      if (!inQuotes) {
+        result += char;
+      }
+    }
+
+    return result;
+  };
+
   // Check for complex shell constructs that we don't support
+  // Use stripped version (without quoted content) for operator detection
+  const strippedForOperators = stripQuotedContent(trimmed);
+
   const complexPatterns = [
     /\|/,           // Pipes
     /&&/,           // Logical AND
@@ -54,7 +137,7 @@ export function parseSimpleCommand(command) {
   ];
 
   for (const pattern of complexPatterns) {
-    if (pattern.test(trimmed)) {
+    if (pattern.test(strippedForOperators)) {
       return {
         success: false,
         error: 'Complex shell commands with pipes, operators, or redirections are not supported for security reasons',
@@ -71,22 +154,25 @@ export function parseSimpleCommand(command) {
   let current = '';
   let inQuotes = false;
   let quoteChar = '';
-  let escaped = false;
 
   for (let i = 0; i < trimmed.length; i++) {
     const char = trimmed[i];
     const nextChar = i + 1 < trimmed.length ? trimmed[i + 1] : '';
-    
-    if (escaped) {
-      // Handle escaped characters
-      current += char;
-      escaped = false;
+
+    // Handle escapes outside quotes
+    if (!inQuotes && char === '\\' && nextChar) {
+      // Add the escaped character (skip the backslash)
+      current += nextChar;
+      i++; // Skip next character
       continue;
     }
 
-    if (char === '\\' && !inQuotes) {
-      // Escape next character
-      escaped = true;
+    // Handle escapes inside double quotes (single quotes don't process escapes)
+    if (inQuotes && quoteChar === '"' && char === '\\' && nextChar) {
+      // In double quotes, backslash escapes certain characters
+      // Add the escaped character to current
+      current += nextChar;
+      i++; // Skip next character
       continue;
     }
 

package/src/agent/bashPermissions.js

@@ -272,8 +272,119 @@ export class BashPermissionChecker {
     return result;
   }
 
+  /**
+   * Split a complex command into component commands by operators
+   *
+   * ## Escape Handling (Security-Critical)
+   *
+   * This function intentionally PRESERVES escape sequences (both backslash AND
+   * escaped character) in the output. This is step 1 of a 2-step parsing process:
+   *
+   * 1. _splitComplexCommand: Splits by operators, PRESERVES escapes → `echo "test\" && b"`
+   * 2. parseCommand: Interprets escapes in each component → args: ['test" && b']
+   *
+   * This differs from stripQuotedContent() in bashCommandUtils.js which REMOVES
+   * escapes entirely (for operator detection only).
+   *
+   * The security rationale: if we stripped escapes here, `\"` would become `"`,
+   * potentially causing incorrect quote boundary detection and allowing operator
+   * injection. By preserving escapes, parseCommand() can correctly interpret them.
+   *
+   * See bashCommandUtils.js module header for the full escape handling architecture.
+   *
+   * @private
+   * @param {string} command - Complex command to split
+   * @returns {string[]} Array of component commands (with escapes preserved)
+   */
+  _splitComplexCommand(command) {
+    // Split by &&, ||, and | operators while respecting quotes and escape sequences
+    // IMPORTANT: Preserves backslashes so parseCommand() can interpret them correctly
+    const components = [];
+    let current = '';
+    let inQuotes = false;
+    let quoteChar = '';
+    let i = 0;
+
+    while (i < command.length) {
+      const char = command[i];
+      const nextChar = command[i + 1] || '';
+
+      // Handle escape sequences outside quotes
+      if (!inQuotes && char === '\\') {
+        // Keep the backslash and the next character
+        current += char;
+        if (nextChar) {
+          current += nextChar;
+          i += 2;
+        } else {
+          i++;
+        }
+        continue;
+      }
+
+      // Handle escape sequences inside double quotes (single quotes don't support escaping)
+      if (inQuotes && quoteChar === '"' && char === '\\' && nextChar) {
+        // Keep both the backslash and the escaped character
+        current += char + nextChar;
+        i += 2;
+        continue;
+      }
+
+      // Start of quoted section
+      if (!inQuotes && (char === '"' || char === "'")) {
+        inQuotes = true;
+        quoteChar = char;
+        current += char;
+        i++;
+        continue;
+      }
+
+      // End of quoted section
+      if (inQuotes && char === quoteChar) {
+        inQuotes = false;
+        quoteChar = '';
+        current += char;
+        i++;
+        continue;
+      }
+
+      // Check for operators only outside quotes
+      if (!inQuotes) {
+        // Check for && or ||
+        if ((char === '&' && nextChar === '&') || (char === '|' && nextChar === '|')) {
+          if (current.trim()) {
+            components.push(current.trim());
+          }
+          current = '';
+          i += 2; // Skip both characters
+          continue;
+        }
+        // Check for single pipe |
+        if (char === '|') {
+          if (current.trim()) {
+            components.push(current.trim());
+          }
+          current = '';
+          i++;
+          continue;
+        }
+      }
+
+      current += char;
+      i++;
+    }
+
+    // Add the last component
+    if (current.trim()) {
+      components.push(current.trim());
+    }
+
+    return components;
+  }
+
   /**
    * Check a complex command against complex patterns in allow/deny lists
+   * Also supports auto-allowing commands where all components are individually allowed
    * @private
    * @param {string} command - Complex command to check
    * @returns {Object} Permission result
@@ -336,7 +447,102 @@ export class BashPermissionChecker {
       }
     }
 
-    // No matching complex pattern found - reject complex command
+    // No explicit complex pattern matched - try component-based evaluation
+    // Split the command by &&, ||, and | operators and check each component
+    const components = this._splitComplexCommand(command);
+
+    if (this.debug) {
+      console.log(`[BashPermissions] Checking ${components.length} command components: ${JSON.stringify(components)}`);
+    }
+
+    if (components.length > 1) {
+      // Check each component individually
+      const componentResults = [];
+      let allAllowed = true;
+      let deniedComponent = null;
+      let deniedReason = null;
+
+      for (const component of components) {
+        // Parse the component as a simple command
+        const parsed = parseCommand(component);
+
+        if (parsed.error || parsed.isComplex) {
+          // Component itself is complex or has an error - can't auto-allow
+          if (this.debug) {
+            console.log(`[BashPermissions] Component "${component}" is complex or has error: ${parsed.error}`);
+          }
+          allAllowed = false;
+          deniedComponent = component;
+          deniedReason = parsed.error || 'Component contains nested complex constructs';
+          break;
+        }
+
+        // Check against deny patterns
+        if (matchesAnyPattern(parsed, this.denyPatterns)) {
+          if (this.debug) {
+            console.log(`[BashPermissions] Component "${component}" matches deny pattern`);
+          }
+          allAllowed = false;
+          deniedComponent = component;
+          deniedReason = 'Component matches deny pattern';
+          break;
+        }
+
+        // Check against allow patterns
+        if (!matchesAnyPattern(parsed, this.allowPatterns)) {
+          if (this.debug) {
+            console.log(`[BashPermissions] Component "${component}" not in allow list`);
+          }
+          allAllowed = false;
+          deniedComponent = component;
+          deniedReason = 'Component not in allow list';
+          break;
+        }
+
+        componentResults.push({ component, parsed, allowed: true });
+      }
+
+      if (allAllowed) {
+        if (this.debug) {
+          console.log(`[BashPermissions] ALLOWED - all ${components.length} components passed individual checks`);
+        }
+        const result = {
+          allowed: true,
+          command: command,
+          isComplex: true,
+          allowedByComponents: true,
+          components: componentResults
+        };
+        this.recordBashEvent('permission.allowed', {
+          command,
+          isComplex: true,
+          allowedByComponents: true,
+          componentCount: components.length
+        });
+        return result;
+      } else {
+        if (this.debug) {
+          console.log(`[BashPermissions] DENIED - component "${deniedComponent}" failed: ${deniedReason}`);
+        }
+        const result = {
+          allowed: false,
+          reason: `Component "${deniedComponent}" not allowed: ${deniedReason}`,
+          command: command,
+          isComplex: true,
+          failedComponent: deniedComponent
+        };
+        this.recordBashEvent('permission.denied', {
+          command,
+          reason: 'component_not_allowed',
+          failedComponent: deniedComponent,
+          componentReason: deniedReason,
+          isComplex: true
+        });
+        return result;
+      }
+    }
+
+    // No matching complex pattern found and couldn't split into components - reject
     if (this.debug) {
       console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
     }

package/src/agent/index.js

@@ -138,7 +138,7 @@ function parseArgs() {
     noMermaidValidation: false, // New flag to disable mermaid validation
     allowedTools: null, // Tool filtering: ['*'] = all, [] = none, ['tool1', 'tool2'] = specific
     disableTools: false, // Convenience flag to disable all tools
-    disableSkills: false, // Disable skill discovery and activation
+    allowSkills: false, // Enable skill discovery and activation (disabled by default)
     skillDirs: null, // Comma-separated list of repo-relative skill directories
     // Task management
     enableTasks: false, // Enable task tracking for progress management
@@ -212,8 +212,8 @@ function parseArgs() {
     } else if (arg === '--disable-tools') {
       // Convenience flag to disable all tools (raw AI mode)
       config.disableTools = true;
-    } else if (arg === '--no-skills') {
-      config.disableSkills = true;
+    } else if (arg === '--allow-skills') {
+      config.allowSkills = true;
     } else if (arg === '--skills-dir' && i + 1 < args.length) {
       config.skillDirs = args[++i].split(',').map(dir => dir.trim()).filter(Boolean);
     } else if (arg === '--allow-tasks') {
@@ -280,8 +280,8 @@ Options:
                                    Supports exclusion: '*,!bash' (all except bash)
   --disable-tools                  Disable all tools (raw AI mode, no code analysis)
                                    Convenience flag equivalent to --allowed-tools none
+  --allow-skills                   Enable skill discovery and activation (disabled by default)
   --skills-dir <dirs>              Comma-separated list of repo-relative skill directories to scan
-  --no-skills                      Disable skill discovery and activation
   --allow-tasks                    Enable task management for tracking multi-step progress
   --verbose                        Enable verbose output
   --outline                        Use outline-xml format for code search results
@@ -841,7 +841,7 @@ async function main() {
       disableMermaidValidation: config.noMermaidValidation,
       allowedTools: config.allowedTools,
       disableTools: config.disableTools,
-      enableSkills: !config.disableSkills,
+      allowSkills: config.allowSkills,
       skillDirs: config.skillDirs,
       enableBash: config.enableBash,
       bashConfig: bashConfig,

package/src/agent/mcp/client.js

@@ -474,11 +474,12 @@ export class MCPClientManager {
       });
 
       // Race between the actual call and timeout
+      // Pass timeout to SDK's callTool to override its default 60s timeout
       const result = await Promise.race([
         clientInfo.client.callTool({
           name: tool.originalName,
           arguments: args
-        }),
+        }, undefined, { timeout }),
         timeoutPromise
       ]);
 

package/src/delegate.js

@@ -186,6 +186,9 @@ const delegationManager = new DelegationManager();
  * @param {boolean} [options.searchDelegate] - Use delegated search in the subagent
  * @param {Object|string} [options.schema] - Optional JSON schema to enforce response format
  * @param {boolean} [options.enableTasks=false] - Enable task management for the subagent (isolated instance)
+ * @param {boolean} [options.enableMcp=false] - Enable MCP tool integration (inherited from parent)
+ * @param {Object} [options.mcpConfig] - MCP configuration object (inherited from parent)
+ * @param {string} [options.mcpConfigPath] - Path to MCP configuration file (inherited from parent)
  * @returns {Promise<string>} The response from the delegate agent
  */
 export async function delegate({
@@ -208,7 +211,10 @@ export async function delegate({
 	disableTools = false,
 	searchDelegate = undefined,
 	schema = null,
-	enableTasks = false
+	enableTasks = false,
+	enableMcp = false,
+	mcpConfig = null,
+	mcpConfigPath = null
 }) {
 	if (!task || typeof task !== 'string') {
 		throw new Error('Task parameter is required and must be a string');
@@ -270,7 +276,10 @@ export async function delegate({
 			allowedTools,
 			disableTools,
 			searchDelegate,
-			enableTasks // Inherit from parent (subagent gets isolated TaskManager)
+			enableTasks, // Inherit from parent (subagent gets isolated TaskManager)
+			enableMcp,   // Inherit from parent (subagent creates own MCPXmlBridge)
+			mcpConfig,   // Inherit from parent
+			mcpConfigPath // Inherit from parent
 		});
 
 		if (debug) {

package/src/tools/vercel.js

@@ -469,7 +469,7 @@ export const extractTool = (options = {}) => {
  * @returns {Object} Configured delegate tool
  */
 export const delegateTool = (options = {}) => {
-	const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig, architectureFileName } = options;
+	const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig, architectureFileName, enableMcp = false, mcpConfig = null, mcpConfigPath = null } = options;
 
 	return tool({
 		name: 'delegate',
@@ -558,7 +558,10 @@ export const delegateTool = (options = {}) => {
 				enableBash,
 				bashConfig,
 				architectureFileName,
-				searchDelegate
+				searchDelegate,
+				enableMcp,
+				mcpConfig,
+				mcpConfigPath
 			});
 
 			return result;