@probelabs/probe 0.6.0-rc209 → 0.6.0-rc210

package/src/agent/bashPermissions.js

@@ -272,8 +272,119 @@ export class BashPermissionChecker {
     return result;
   }
 
+  /**
+   * Split a complex command into component commands by operators
+   *
+   * ## Escape Handling (Security-Critical)
+   *
+   * This function intentionally PRESERVES escape sequences (both backslash AND
+   * escaped character) in the output. This is step 1 of a 2-step parsing process:
+   *
+   * 1. _splitComplexCommand: Splits by operators, PRESERVES escapes → `echo "test\" && b"`
+   * 2. parseCommand: Interprets escapes in each component → args: ['test" && b']
+   *
+   * This differs from stripQuotedContent() in bashCommandUtils.js which REMOVES
+   * escapes entirely (for operator detection only).
+   *
+   * The security rationale: if we stripped escapes here, `\"` would become `"`,
+   * potentially causing incorrect quote boundary detection and allowing operator
+   * injection. By preserving escapes, parseCommand() can correctly interpret them.
+   *
+   * See bashCommandUtils.js module header for the full escape handling architecture.
+   *
+   * @private
+   * @param {string} command - Complex command to split
+   * @returns {string[]} Array of component commands (with escapes preserved)
+   */
+  _splitComplexCommand(command) {
+    // Split by &&, ||, and | operators while respecting quotes and escape sequences
+    // IMPORTANT: Preserves backslashes so parseCommand() can interpret them correctly
+    const components = [];
+    let current = '';
+    let inQuotes = false;
+    let quoteChar = '';
+    let i = 0;
+
+    while (i < command.length) {
+      const char = command[i];
+      const nextChar = command[i + 1] || '';
+
+      // Handle escape sequences outside quotes
+      if (!inQuotes && char === '\\') {
+        // Keep the backslash and the next character
+        current += char;
+        if (nextChar) {
+          current += nextChar;
+          i += 2;
+        } else {
+          i++;
+        }
+        continue;
+      }
+
+      // Handle escape sequences inside double quotes (single quotes don't support escaping)
+      if (inQuotes && quoteChar === '"' && char === '\\' && nextChar) {
+        // Keep both the backslash and the escaped character
+        current += char + nextChar;
+        i += 2;
+        continue;
+      }
+
+      // Start of quoted section
+      if (!inQuotes && (char === '"' || char === "'")) {
+        inQuotes = true;
+        quoteChar = char;
+        current += char;
+        i++;
+        continue;
+      }
+
+      // End of quoted section
+      if (inQuotes && char === quoteChar) {
+        inQuotes = false;
+        quoteChar = '';
+        current += char;
+        i++;
+        continue;
+      }
+
+      // Check for operators only outside quotes
+      if (!inQuotes) {
+        // Check for && or ||
+        if ((char === '&' && nextChar === '&') || (char === '|' && nextChar === '|')) {
+          if (current.trim()) {
+            components.push(current.trim());
+          }
+          current = '';
+          i += 2; // Skip both characters
+          continue;
+        }
+        // Check for single pipe |
+        if (char === '|') {
+          if (current.trim()) {
+            components.push(current.trim());
+          }
+          current = '';
+          i++;
+          continue;
+        }
+      }
+
+      current += char;
+      i++;
+    }
+
+    // Add the last component
+    if (current.trim()) {
+      components.push(current.trim());
+    }
+
+    return components;
+  }
+
   /**
    * Check a complex command against complex patterns in allow/deny lists
+   * Also supports auto-allowing commands where all components are individually allowed
    * @private
    * @param {string} command - Complex command to check
    * @returns {Object} Permission result
@@ -336,7 +447,102 @@ export class BashPermissionChecker {
       }
     }
 
-    // No matching complex pattern found - reject complex command
+    // No explicit complex pattern matched - try component-based evaluation
+    // Split the command by &&, ||, and | operators and check each component
+    const components = this._splitComplexCommand(command);
+
+    if (this.debug) {
+      console.log(`[BashPermissions] Checking ${components.length} command components: ${JSON.stringify(components)}`);
+    }
+
+    if (components.length > 1) {
+      // Check each component individually
+      const componentResults = [];
+      let allAllowed = true;
+      let deniedComponent = null;
+      let deniedReason = null;
+
+      for (const component of components) {
+        // Parse the component as a simple command
+        const parsed = parseCommand(component);
+
+        if (parsed.error || parsed.isComplex) {
+          // Component itself is complex or has an error - can't auto-allow
+          if (this.debug) {
+            console.log(`[BashPermissions] Component "${component}" is complex or has error: ${parsed.error}`);
+          }
+          allAllowed = false;
+          deniedComponent = component;
+          deniedReason = parsed.error || 'Component contains nested complex constructs';
+          break;
+        }
+
+        // Check against deny patterns
+        if (matchesAnyPattern(parsed, this.denyPatterns)) {
+          if (this.debug) {
+            console.log(`[BashPermissions] Component "${component}" matches deny pattern`);
+          }
+          allAllowed = false;
+          deniedComponent = component;
+          deniedReason = 'Component matches deny pattern';
+          break;
+        }
+
+        // Check against allow patterns
+        if (!matchesAnyPattern(parsed, this.allowPatterns)) {
+          if (this.debug) {
+            console.log(`[BashPermissions] Component "${component}" not in allow list`);
+          }
+          allAllowed = false;
+          deniedComponent = component;
+          deniedReason = 'Component not in allow list';
+          break;
+        }
+
+        componentResults.push({ component, parsed, allowed: true });
+      }
+
+      if (allAllowed) {
+        if (this.debug) {
+          console.log(`[BashPermissions] ALLOWED - all ${components.length} components passed individual checks`);
+        }
+        const result = {
+          allowed: true,
+          command: command,
+          isComplex: true,
+          allowedByComponents: true,
+          components: componentResults
+        };
+        this.recordBashEvent('permission.allowed', {
+          command,
+          isComplex: true,
+          allowedByComponents: true,
+          componentCount: components.length
+        });
+        return result;
+      } else {
+        if (this.debug) {
+          console.log(`[BashPermissions] DENIED - component "${deniedComponent}" failed: ${deniedReason}`);
+        }
+        const result = {
+          allowed: false,
+          reason: `Component "${deniedComponent}" not allowed: ${deniedReason}`,
+          command: command,
+          isComplex: true,
+          failedComponent: deniedComponent
+        };
+        this.recordBashEvent('permission.denied', {
+          command,
+          reason: 'component_not_allowed',
+          failedComponent: deniedComponent,
+          componentReason: deniedReason,
+          isComplex: true
+        });
+        return result;
+      }
+    }
+
+    // No matching complex pattern found and couldn't split into components - reject
     if (this.debug) {
       console.log(`[BashPermissions] DENIED - no matching complex pattern found`);
     }

package/src/delegate.js

@@ -186,6 +186,9 @@ const delegationManager = new DelegationManager();
  * @param {boolean} [options.searchDelegate] - Use delegated search in the subagent
  * @param {Object|string} [options.schema] - Optional JSON schema to enforce response format
  * @param {boolean} [options.enableTasks=false] - Enable task management for the subagent (isolated instance)
+ * @param {boolean} [options.enableMcp=false] - Enable MCP tool integration (inherited from parent)
+ * @param {Object} [options.mcpConfig] - MCP configuration object (inherited from parent)
+ * @param {string} [options.mcpConfigPath] - Path to MCP configuration file (inherited from parent)
  * @returns {Promise<string>} The response from the delegate agent
  */
 export async function delegate({
@@ -208,7 +211,10 @@ export async function delegate({
 	disableTools = false,
 	searchDelegate = undefined,
 	schema = null,
-	enableTasks = false
+	enableTasks = false,
+	enableMcp = false,
+	mcpConfig = null,
+	mcpConfigPath = null
 }) {
 	if (!task || typeof task !== 'string') {
 		throw new Error('Task parameter is required and must be a string');
@@ -270,7 +276,10 @@ export async function delegate({
 			allowedTools,
 			disableTools,
 			searchDelegate,
-			enableTasks // Inherit from parent (subagent gets isolated TaskManager)
+			enableTasks, // Inherit from parent (subagent gets isolated TaskManager)
+			enableMcp,   // Inherit from parent (subagent creates own MCPXmlBridge)
+			mcpConfig,   // Inherit from parent
+			mcpConfigPath // Inherit from parent
 		});
 
 		if (debug) {

package/src/tools/vercel.js

@@ -469,7 +469,7 @@ export const extractTool = (options = {}) => {
  * @returns {Object} Configured delegate tool
  */
 export const delegateTool = (options = {}) => {
-	const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig, architectureFileName } = options;
+	const { debug = false, timeout = 300, cwd, allowedFolders, enableBash = false, bashConfig, architectureFileName, enableMcp = false, mcpConfig = null, mcpConfigPath = null } = options;
 
 	return tool({
 		name: 'delegate',
@@ -558,7 +558,10 @@ export const delegateTool = (options = {}) => {
 				enableBash,
 				bashConfig,
 				architectureFileName,
-				searchDelegate
+				searchDelegate,
+				enableMcp,
+				mcpConfig,
+				mcpConfigPath
 			});
 
 			return result;