@probelabs/probe 0.6.0-rc256 → 0.6.0-rc257

package/cjs/agent/ProbeAgent.cjs

@@ -41049,191 +41049,102 @@ var init_bashDefaults = __esm({
       "dir",
       "pwd",
       "cd",
-      "cd:*",
       // File reading commands
       "cat",
-      "cat:*",
       "head",
-      "head:*",
       "tail",
-      "tail:*",
       "less",
       "more",
       "view",
       // File information and metadata
       "file",
-      "file:*",
       "stat",
-      "stat:*",
       "wc",
-      "wc:*",
       "du",
-      "du:*",
       "df",
-      "df:*",
       "realpath",
-      "realpath:*",
-      // Search and find commands (read-only) - find restricted to safe operations
+      // Search and find commands (read-only)
+      // Note: bare 'find' allows all find variants; dangerous ones (find -exec) are blocked by deny list
       "find",
-      "find:-name:*",
-      "find:-type:*",
-      "find:-size:*",
-      "find:-mtime:*",
-      "find:-newer:*",
-      "find:-path:*",
-      "find:-iname:*",
-      "find:-maxdepth:*",
-      "find:-mindepth:*",
-      "find:-print",
       "grep",
-      "grep:*",
       "egrep",
-      "egrep:*",
       "fgrep",
-      "fgrep:*",
       "rg",
-      "rg:*",
       "ag",
-      "ag:*",
       "ack",
-      "ack:*",
       "which",
-      "which:*",
       "whereis",
-      "whereis:*",
       "locate",
-      "locate:*",
       "type",
-      "type:*",
       "command",
-      "command:*",
       // Tree and structure visualization
       "tree",
-      "tree:*",
       // Git read-only operations
       "git:status",
-      "git:status:*",
       "git:log",
-      "git:log:*",
       "git:diff",
-      "git:diff:*",
       "git:show",
-      "git:show:*",
       "git:branch",
-      "git:branch:*",
       "git:tag",
-      "git:tag:*",
       "git:describe",
-      "git:describe:*",
       "git:remote",
-      "git:remote:*",
-      "git:config:*",
+      "git:config",
       "git:blame",
-      "git:blame:*",
       "git:shortlog",
-      "git:shortlog:*",
       "git:reflog",
-      "git:reflog:*",
       "git:ls-files",
-      "git:ls-files:*",
       "git:ls-tree",
-      "git:ls-tree:*",
       "git:ls-remote",
-      "git:ls-remote:*",
       "git:rev-parse",
-      "git:rev-parse:*",
       "git:rev-list",
-      "git:rev-list:*",
       "git:cat-file",
-      "git:cat-file:*",
       "git:diff-tree",
-      "git:diff-tree:*",
       "git:diff-files",
-      "git:diff-files:*",
       "git:diff-index",
-      "git:diff-index:*",
       "git:for-each-ref",
-      "git:for-each-ref:*",
       "git:merge-base",
-      "git:merge-base:*",
       "git:name-rev",
-      "git:name-rev:*",
       "git:count-objects",
-      "git:count-objects:*",
       "git:verify-commit",
-      "git:verify-commit:*",
       "git:verify-tag",
-      "git:verify-tag:*",
       "git:check-ignore",
-      "git:check-ignore:*",
       "git:check-attr",
-      "git:check-attr:*",
       "git:stash:list",
       "git:stash:show",
-      "git:stash:show:*",
       "git:worktree:list",
-      "git:worktree:list:*",
       "git:notes:list",
       "git:notes:show",
-      "git:notes:show:*",
       "git:--version",
       "git:help",
-      "git:help:*",
       // GitHub CLI (gh) read-only operations
       "gh:--version",
       "gh:help",
-      "gh:help:*",
       "gh:status",
       "gh:auth:status",
-      "gh:auth:status:*",
       "gh:issue:list",
-      "gh:issue:list:*",
       "gh:issue:view",
-      "gh:issue:view:*",
       "gh:issue:status",
-      "gh:issue:status:*",
       "gh:pr:list",
-      "gh:pr:list:*",
       "gh:pr:view",
-      "gh:pr:view:*",
       "gh:pr:status",
-      "gh:pr:status:*",
       "gh:pr:diff",
-      "gh:pr:diff:*",
       "gh:pr:checks",
-      "gh:pr:checks:*",
       "gh:repo:list",
-      "gh:repo:list:*",
       "gh:repo:view",
-      "gh:repo:view:*",
       "gh:release:list",
-      "gh:release:list:*",
       "gh:release:view",
-      "gh:release:view:*",
       "gh:run:list",
-      "gh:run:list:*",
       "gh:run:view",
-      "gh:run:view:*",
       "gh:workflow:list",
-      "gh:workflow:list:*",
       "gh:workflow:view",
-      "gh:workflow:view:*",
       "gh:gist:list",
-      "gh:gist:list:*",
       "gh:gist:view",
-      "gh:gist:view:*",
       "gh:search:issues",
-      "gh:search:issues:*",
       "gh:search:prs",
-      "gh:search:prs:*",
       "gh:search:repos",
-      "gh:search:repos:*",
       "gh:search:code",
-      "gh:search:code:*",
       "gh:search:commits",
-      "gh:search:commits:*",
       "gh:api",
-      "gh:api:*",
       // Package managers (information only)
       "npm:list",
       "npm:ls",
@@ -41294,7 +41205,6 @@ var init_bashDefaults = __esm({
       "sqlite3:--version",
       // System information
       "uname",
-      "uname:*",
       "hostname",
       "whoami",
       "id",
@@ -41305,23 +41215,17 @@ var init_bashDefaults = __esm({
       "w",
       "users",
       "sleep",
-      "sleep:*",
       // Environment and shell
       "env",
       "printenv",
       "echo",
-      "echo:*",
       "printf",
-      "printf:*",
       "export",
-      "export:*",
       "set",
       "unset",
       // Process information (read-only)
       "ps",
-      "ps:*",
       "pgrep",
-      "pgrep:*",
       "jobs",
       "top:-n:1",
       // Network information (read-only)
@@ -41336,39 +41240,24 @@ var init_bashDefaults = __esm({
       // Text processing and utilities (awk removed - too powerful)
       "sed:-n:*",
       "cut",
-      "cut:*",
       "sort",
-      "sort:*",
       "uniq",
-      "uniq:*",
       "tr",
-      "tr:*",
       "column",
-      "column:*",
       "paste",
-      "paste:*",
       "join",
-      "join:*",
       "comm",
-      "comm:*",
       "diff",
-      "diff:*",
       "cmp",
-      "cmp:*",
       "patch:--dry-run:*",
       // Hashing and encoding (read-only)
       "md5sum",
-      "md5sum:*",
       "sha1sum",
-      "sha1sum:*",
       "sha256sum",
-      "sha256sum:*",
       "base64",
       "base64:-d",
       "od",
-      "od:*",
       "hexdump",
-      "hexdump:*",
       // Archive and compression (list/view only)
       "tar:-tf:*",
       "tar:-tzf:*",
@@ -41378,15 +41267,11 @@ var init_bashDefaults = __esm({
       "gunzip:-l:*",
       // Help and documentation
       "man",
-      "man:*",
       "--help",
       "help",
       "info",
-      "info:*",
       "whatis",
-      "whatis:*",
       "apropos",
-      "apropos:*",
       // Make (dry run and info)
       "make:-n",
       "make:--dry-run",
@@ -41409,36 +41294,30 @@ var init_bashDefaults = __esm({
       "rm:-rf",
       "rm:-f:/",
       "rm:/",
-      "rm:-rf:*",
       "rmdir",
       "chmod:777",
       "chmod:-R:777",
       "chown",
       "chgrp",
       "dd",
-      "dd:*",
       "shred",
-      "shred:*",
       // Dangerous find operations that can execute arbitrary commands
-      "find:-exec:*",
-      "find:*:-exec:*",
-      "find:-execdir:*",
-      "find:*:-execdir:*",
-      "find:-ok:*",
-      "find:*:-ok:*",
-      "find:-okdir:*",
-      "find:*:-okdir:*",
+      "find:-exec",
+      "find:*:-exec",
+      "find:-execdir",
+      "find:*:-execdir",
+      "find:-ok",
+      "find:*:-ok",
+      "find:-okdir",
+      "find:*:-okdir",
       // Powerful scripting tools that can execute arbitrary commands
       "awk",
-      "awk:*",
       "perl",
-      "perl:*",
       "python:-c:*",
       "node:-e:*",
       // System administration and modification
-      "sudo:*",
+      "sudo",
       "su",
-      "su:*",
       "passwd",
       "adduser",
       "useradd",
@@ -41476,11 +41355,11 @@ var init_bashDefaults = __esm({
       "composer:install",
       "composer:update",
       "composer:remove",
-      "apt:*",
-      "apt-get:*",
-      "yum:*",
-      "dnf:*",
-      "zypper:*",
+      "apt",
+      "apt-get",
+      "yum",
+      "dnf",
+      "zypper",
       "brew:install",
       "brew:uninstall",
       "brew:upgrade",
@@ -41488,11 +41367,11 @@ var init_bashDefaults = __esm({
       "conda:remove",
       "conda:update",
       // Service and system control
-      "systemctl:*",
-      "service:*",
-      "chkconfig:*",
-      "initctl:*",
-      "upstart:*",
+      "systemctl",
+      "service",
+      "chkconfig",
+      "initctl",
+      "upstart",
       // Network operations that could be dangerous
       "curl:-d:*",
       "curl:--data:*",
@@ -41501,32 +41380,21 @@ var init_bashDefaults = __esm({
       "wget:-O:/",
       "wget:--post-data:*",
       "ssh",
-      "ssh:*",
       "scp",
-      "scp:*",
       "sftp",
-      "sftp:*",
-      "rsync:*",
+      "rsync",
       "nc",
-      "nc:*",
       "netcat",
-      "netcat:*",
       "telnet",
-      "telnet:*",
       "ftp",
-      "ftp:*",
       // Process control and termination
       "kill",
-      "kill:*",
       "killall",
-      "killall:*",
       "pkill",
-      "pkill:*",
-      "nohup:*",
-      "disown:*",
+      "nohup",
+      "disown",
       // System control and shutdown
       "shutdown",
-      "shutdown:*",
       "reboot",
       "halt",
       "poweroff",
@@ -41534,168 +41402,92 @@ var init_bashDefaults = __esm({
       "telinit",
       // Kernel and module operations
       "insmod",
-      "insmod:*",
       "rmmod",
-      "rmmod:*",
       "modprobe",
-      "modprobe:*",
       "sysctl:-w:*",
       // Dangerous git operations
       "git:push",
-      "git:push:*",
       "git:force",
       "git:reset",
-      "git:reset:*",
       "git:clean",
-      "git:clean:*",
       "git:rm",
-      "git:rm:*",
       "git:commit",
-      "git:commit:*",
       "git:merge",
-      "git:merge:*",
       "git:rebase",
-      "git:rebase:*",
       "git:cherry-pick",
-      "git:cherry-pick:*",
       "git:stash:drop",
-      "git:stash:drop:*",
       "git:stash:pop",
-      "git:stash:pop:*",
       "git:stash:push",
-      "git:stash:push:*",
       "git:stash:clear",
       "git:branch:-d",
-      "git:branch:-d:*",
       "git:branch:-D",
-      "git:branch:-D:*",
       "git:branch:--delete",
-      "git:branch:--delete:*",
       "git:tag:-d",
-      "git:tag:-d:*",
       "git:tag:--delete",
-      "git:tag:--delete:*",
       "git:remote:remove",
-      "git:remote:remove:*",
       "git:remote:rm",
-      "git:remote:rm:*",
       "git:checkout:--force",
-      "git:checkout:--force:*",
       "git:checkout:-f",
-      "git:checkout:-f:*",
       "git:submodule:deinit",
-      "git:submodule:deinit:*",
       "git:notes:add",
-      "git:notes:add:*",
       "git:notes:remove",
-      "git:notes:remove:*",
       "git:worktree:add",
-      "git:worktree:add:*",
       "git:worktree:remove",
-      "git:worktree:remove:*",
       // Dangerous GitHub CLI (gh) write operations
       "gh:issue:create",
-      "gh:issue:create:*",
       "gh:issue:close",
-      "gh:issue:close:*",
       "gh:issue:delete",
-      "gh:issue:delete:*",
       "gh:issue:edit",
-      "gh:issue:edit:*",
       "gh:issue:reopen",
-      "gh:issue:reopen:*",
       "gh:issue:comment",
-      "gh:issue:comment:*",
       "gh:pr:create",
-      "gh:pr:create:*",
       "gh:pr:close",
-      "gh:pr:close:*",
       "gh:pr:merge",
-      "gh:pr:merge:*",
       "gh:pr:edit",
-      "gh:pr:edit:*",
       "gh:pr:reopen",
-      "gh:pr:reopen:*",
       "gh:pr:review",
-      "gh:pr:review:*",
       "gh:pr:comment",
-      "gh:pr:comment:*",
       "gh:repo:create",
-      "gh:repo:create:*",
       "gh:repo:delete",
-      "gh:repo:delete:*",
       "gh:repo:fork",
-      "gh:repo:fork:*",
       "gh:repo:rename",
-      "gh:repo:rename:*",
       "gh:repo:archive",
-      "gh:repo:archive:*",
       "gh:repo:clone",
-      "gh:repo:clone:*",
       "gh:release:create",
-      "gh:release:create:*",
       "gh:release:delete",
-      "gh:release:delete:*",
       "gh:release:edit",
-      "gh:release:edit:*",
       "gh:run:cancel",
-      "gh:run:cancel:*",
       "gh:run:rerun",
-      "gh:run:rerun:*",
       "gh:workflow:run",
-      "gh:workflow:run:*",
       "gh:workflow:enable",
-      "gh:workflow:enable:*",
       "gh:workflow:disable",
-      "gh:workflow:disable:*",
       "gh:gist:create",
-      "gh:gist:create:*",
       "gh:gist:delete",
-      "gh:gist:delete:*",
       "gh:gist:edit",
-      "gh:gist:edit:*",
       "gh:secret:set",
-      "gh:secret:set:*",
       "gh:secret:delete",
-      "gh:secret:delete:*",
       "gh:variable:set",
-      "gh:variable:set:*",
       "gh:variable:delete",
-      "gh:variable:delete:*",
       "gh:label:create",
-      "gh:label:create:*",
       "gh:label:delete",
-      "gh:label:delete:*",
       "gh:ssh-key:add",
-      "gh:ssh-key:add:*",
       "gh:ssh-key:delete",
-      "gh:ssh-key:delete:*",
       // File system mounting and partitioning
       "mount",
-      "mount:*",
       "umount",
-      "umount:*",
       "fdisk",
-      "fdisk:*",
       "parted",
-      "parted:*",
       "mkfs",
-      "mkfs:*",
       "fsck",
-      "fsck:*",
       // Cron and scheduling
       "crontab",
-      "crontab:*",
       "at",
-      "at:*",
       "batch",
-      "batch:*",
       // Compression with potential overwrite
       "tar:-xf:*",
       "unzip",
-      "unzip:*",
-      "gzip:*",
-      "gunzip:*",
+      "gzip",
+      "gunzip",
       // Build and compilation that might modify files
       "make",
       "make:install",
@@ -41708,11 +41500,8 @@ var init_bashDefaults = __esm({
       "gradle:build",
       // Docker operations that could modify state
       "docker:run",
-      "docker:run:*",
       "docker:exec",
-      "docker:exec:*",
       "docker:build",
-      "docker:build:*",
       "docker:pull",
       "docker:push",
       "docker:rm",
@@ -41726,22 +41515,15 @@ var init_bashDefaults = __esm({
       "mongo:--eval:*",
       // Text editors that could modify files
       "vi",
-      "vi:*",
       "vim",
-      "vim:*",
       "nano",
-      "nano:*",
       "emacs",
-      "emacs:*",
       "sed:-i:*",
       "perl:-i:*",
       // Potentially dangerous utilities
       "eval",
-      "eval:*",
       "exec",
-      "exec:*",
       "source",
-      "source:*",
       "bash:-c:*",
       "sh:-c:*",
       "zsh:-c:*"
@@ -42020,9 +41802,19 @@ var init_bashPermissions = __esm({
     BashPermissionChecker = class {
       /**
        * Create a permission checker
+       *
+       * Priority order (highest to lowest):
+       *   1. Custom deny  — always blocks (user explicitly blocked it)
+       *   2. Custom allow — overrides default deny (user explicitly allowed it)
+       *   3. Default deny — blocks by default
+       *   4. Allow list   — allows recognized safe commands
+       *
+       * This means `--bash-allow "git:push"` overrides the default deny for git:push
+       * without requiring `--no-default-bash-deny`.
+       *
        * @param {Object} config - Configuration options
-       * @param {string[]} [config.allow] - Additional allow patterns
-       * @param {string[]} [config.deny] - Additional deny patterns
+       * @param {string[]} [config.allow] - Additional allow patterns (override default deny)
+       * @param {string[]} [config.deny] - Additional deny patterns (always win)
        * @param {boolean} [config.disableDefaultAllow] - Disable default allow list
        * @param {boolean} [config.disableDefaultDeny] - Disable default deny list
        * @param {boolean} [config.debug] - Enable debug logging
@@ -42031,40 +41823,22 @@ var init_bashPermissions = __esm({
       constructor(config = {}) {
         this.debug = config.debug || false;
         this.tracer = config.tracer || null;
-        this.allowPatterns = [];
-        if (!config.disableDefaultAllow) {
-          this.allowPatterns.push(...DEFAULT_ALLOW_PATTERNS);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${DEFAULT_ALLOW_PATTERNS.length} default allow patterns`);
-          }
-        }
-        if (config.allow && Array.isArray(config.allow)) {
-          this.allowPatterns.push(...config.allow);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${config.allow.length} custom allow patterns:`, config.allow);
-          }
-        }
-        this.denyPatterns = [];
-        if (!config.disableDefaultDeny) {
-          this.denyPatterns.push(...DEFAULT_DENY_PATTERNS);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${DEFAULT_DENY_PATTERNS.length} default deny patterns`);
-          }
-        }
-        if (config.deny && Array.isArray(config.deny)) {
-          this.denyPatterns.push(...config.deny);
-          if (this.debug) {
-            console.log(`[BashPermissions] Added ${config.deny.length} custom deny patterns:`, config.deny);
-          }
-        }
+        this.defaultAllowPatterns = config.disableDefaultAllow ? [] : [...DEFAULT_ALLOW_PATTERNS];
+        this.customAllowPatterns = config.allow && Array.isArray(config.allow) ? [...config.allow] : [];
+        this.allowPatterns = [...this.defaultAllowPatterns, ...this.customAllowPatterns];
+        this.defaultDenyPatterns = config.disableDefaultDeny ? [] : [...DEFAULT_DENY_PATTERNS];
+        this.customDenyPatterns = config.deny && Array.isArray(config.deny) ? [...config.deny] : [];
+        this.denyPatterns = [...this.defaultDenyPatterns, ...this.customDenyPatterns];
         if (this.debug) {
+          console.log(`[BashPermissions] Default allow: ${this.defaultAllowPatterns.length}, Custom allow: ${this.customAllowPatterns.length}`);
+          console.log(`[BashPermissions] Default deny: ${this.defaultDenyPatterns.length}, Custom deny: ${this.customDenyPatterns.length}`);
           console.log(`[BashPermissions] Total patterns - Allow: ${this.allowPatterns.length}, Deny: ${this.denyPatterns.length}`);
         }
         this.recordBashEvent("permissions.initialized", {
           allowPatternCount: this.allowPatterns.length,
           denyPatternCount: this.denyPatterns.length,
-          hasCustomAllowPatterns: !!(config.allow && config.allow.length > 0),
-          hasCustomDenyPatterns: !!(config.deny && config.deny.length > 0),
+          hasCustomAllowPatterns: this.customAllowPatterns.length > 0,
+          hasCustomDenyPatterns: this.customDenyPatterns.length > 0,
           disableDefaultAllow: !!config.disableDefaultAllow,
           disableDefaultDeny: !!config.disableDefaultDeny
         });
@@ -42134,8 +41908,11 @@ var init_bashPermissions = __esm({
           console.log(`[BashPermissions] Checking simple command: "${command}"`);
           console.log(`[BashPermissions] Parsed: ${parsed.command} with args: [${parsed.args.join(", ")}]`);
         }
-        if (matchesAnyPattern(parsed, this.denyPatterns)) {
-          const matchedPatterns = this.denyPatterns.filter((pattern) => matchesPattern(parsed, pattern));
+        if (matchesAnyPattern(parsed, this.customDenyPatterns)) {
+          const matchedPatterns = this.customDenyPatterns.filter((pattern) => matchesPattern(parsed, pattern));
+          if (this.debug) {
+            console.log(`[BashPermissions] DENIED - matches custom deny pattern: ${matchedPatterns[0]}`);
+          }
           const result2 = {
             allowed: false,
             reason: `Command matches deny pattern: ${matchedPatterns[0]}`,
@@ -42148,7 +41925,31 @@ var init_bashPermissions = __esm({
             parsedCommand: parsed.command,
             reason: "matches_deny_pattern",
             matchedPattern: matchedPatterns[0],
-            isComplex: false
+            isComplex: false,
+            isCustomDeny: true
+          });
+          return result2;
+        }
+        const matchesCustomAllow = matchesAnyPattern(parsed, this.customAllowPatterns);
+        if (!matchesCustomAllow && matchesAnyPattern(parsed, this.defaultDenyPatterns)) {
+          const matchedPatterns = this.defaultDenyPatterns.filter((pattern) => matchesPattern(parsed, pattern));
+          if (this.debug) {
+            console.log(`[BashPermissions] DENIED - matches default deny pattern: ${matchedPatterns[0]}`);
+          }
+          const result2 = {
+            allowed: false,
+            reason: `Command matches deny pattern: ${matchedPatterns[0]}`,
+            command,
+            parsed,
+            matchedPatterns
+          };
+          this.recordBashEvent("permission.denied", {
+            command,
+            parsedCommand: parsed.command,
+            reason: "matches_deny_pattern",
+            matchedPattern: matchedPatterns[0],
+            isComplex: false,
+            isCustomDeny: false
           });
           return result2;
         }
@@ -42173,15 +41974,21 @@ var init_bashPermissions = __esm({
           allowed: true,
           command,
           parsed,
-          isComplex: false
+          isComplex: false,
+          overriddenDeny: matchesCustomAllow && matchesAnyPattern(parsed, this.defaultDenyPatterns)
         };
         if (this.debug) {
-          console.log(`[BashPermissions] ALLOWED - command passed all checks`);
+          if (result.overriddenDeny) {
+            console.log(`[BashPermissions] ALLOWED - custom allow overrides default deny`);
+          } else {
+            console.log(`[BashPermissions] ALLOWED - command passed all checks`);
+          }
         }
         this.recordBashEvent("permission.allowed", {
           command,
           parsedCommand: parsed.command,
-          isComplex: false
+          isComplex: false,
+          overriddenDeny: result.overriddenDeny || false
         });
         return result;
       }
@@ -42350,9 +42157,19 @@ var init_bashPermissions = __esm({
               deniedReason = parsed.error || "Component contains nested complex constructs";
               break;
             }
-            if (matchesAnyPattern(parsed, this.denyPatterns)) {
+            if (matchesAnyPattern(parsed, this.customDenyPatterns)) {
               if (this.debug) {
-                console.log(`[BashPermissions] Component "${component}" matches deny pattern`);
+                console.log(`[BashPermissions] Component "${component}" matches custom deny pattern`);
+              }
+              allAllowed = false;
+              deniedComponent = component;
+              deniedReason = "Component matches deny pattern";
+              break;
+            }
+            const componentMatchesCustomAllow = matchesAnyPattern(parsed, this.customAllowPatterns);
+            if (!componentMatchesCustomAllow && matchesAnyPattern(parsed, this.defaultDenyPatterns)) {
+              if (this.debug) {
+                console.log(`[BashPermissions] Component "${component}" matches default deny pattern`);
               }
               allAllowed = false;
               deniedComponent = component;
@@ -42432,6 +42249,10 @@ var init_bashPermissions = __esm({
         return {
           allowPatterns: this.allowPatterns.length,
           denyPatterns: this.denyPatterns.length,
+          customAllowPatterns: this.customAllowPatterns.length,
+          customDenyPatterns: this.customDenyPatterns.length,
+          defaultAllowPatterns: this.defaultAllowPatterns.length,
+          defaultDenyPatterns: this.defaultDenyPatterns.length,
           totalPatterns: this.allowPatterns.length + this.denyPatterns.length
         };
       }
@@ -42814,8 +42635,8 @@ Common reasons:
 2. The command is not in the allow list (not a recognized safe command)
 
 If you believe this command should be allowed, you can:
-- Use the --bash-allow option to add specific patterns
-- Use the --no-default-bash-deny flag to remove default restrictions (not recommended)
+- Use the --bash-allow option to add specific patterns (overrides default deny list)
+  Example: --bash-allow "git:push" allows git push while keeping all other deny rules
 
 For code exploration, try these safe alternatives:
 - ls, cat, head, tail for file operations
@@ -109753,10 +109574,10 @@ var init_FallbackManager = __esm({
       // Use custom provider list
     };
     DEFAULT_MODELS = {
-      anthropic: "claude-sonnet-4-5-20250929",
-      openai: "gpt-4o",
-      google: "gemini-2.0-flash-exp",
-      bedrock: "anthropic.claude-sonnet-4-20250514-v1:0"
+      anthropic: "claude-sonnet-4-6",
+      openai: "gpt-5.2",
+      google: "gemini-2.5-flash",
+      bedrock: "anthropic.claude-sonnet-4-6"
     };
     FallbackManager = class {
       /**
@@ -112275,7 +112096,7 @@ var init_ProbeAgent = __esm({
               }
               this.clientApiProvider = "claude-code";
               this.provider = null;
-              this.model = this.clientApiModel || "claude-3-5-sonnet-20241022";
+              this.model = this.clientApiModel || "claude-sonnet-4-6";
               this.apiType = "claude-code";
             } else if (codexAvailable) {
               if (this.debug) {
@@ -112284,7 +112105,7 @@ var init_ProbeAgent = __esm({
               }
               this.clientApiProvider = "codex";
               this.provider = null;
-              this.model = this.clientApiModel || "gpt-4o";
+              this.model = this.clientApiModel || "gpt-5.2";
               this.apiType = "codex";
             } else {
               throw new Error("No API key provided and neither claude nor codex command found. Please either:\n1. Set an API key: ANTHROPIC_API_KEY, OPENAI_API_KEY, GOOGLE_GENERATIVE_AI_API_KEY, or AWS credentials\n2. Install claude command from https://docs.claude.com/en/docs/claude-code\n3. Install codex command from https://openai.com/codex");
@@ -112522,7 +112343,7 @@ var init_ProbeAgent = __esm({
         }
         if (this.clientApiProvider === "claude-code" || process.env.USE_CLAUDE_CODE === "true") {
           this.provider = null;
-          this.model = modelName || "claude-3-5-sonnet-20241022";
+          this.model = modelName || "claude-sonnet-4-6";
           this.apiType = "claude-code";
           if (this.debug) {
             console.log("[DEBUG] Claude Code engine selected - will use built-in access if available");
@@ -112889,7 +112710,7 @@ var init_ProbeAgent = __esm({
           apiKey,
           ...apiUrl && { baseURL: apiUrl }
         });
-        this.model = modelName || "claude-sonnet-4-5-20250929";
+        this.model = modelName || "claude-sonnet-4-6";
         this.apiType = "anthropic";
         if (this.debug) {
           console.log(`Using Anthropic API with model: ${this.model}${apiUrl ? ` (URL: ${apiUrl})` : ""}`);
@@ -112904,7 +112725,7 @@ var init_ProbeAgent = __esm({
           apiKey,
           ...apiUrl && { baseURL: apiUrl }
         });
-        this.model = modelName || "gpt-5-thinking";
+        this.model = modelName || "gpt-5.2";
         this.apiType = "openai";
         if (this.debug) {
           console.log(`Using OpenAI API with model: ${this.model}${apiUrl ? ` (URL: ${apiUrl})` : ""}`);
@@ -113008,7 +112829,7 @@ var init_ProbeAgent = __esm({
           config.baseURL = baseURL;
         }
         this.provider = createAmazonBedrock(config);
-        this.model = modelName || "anthropic.claude-sonnet-4-20250514-v1:0";
+        this.model = modelName || "anthropic.claude-sonnet-4-6";
         this.apiType = "bedrock";
         if (this.debug) {
           const authMethod = apiKey ? "API Key" : "AWS Credentials";
@@ -113067,7 +112888,7 @@ var init_ProbeAgent = __esm({
               allowedTools: this.allowedTools,
               // Pass tool filtering configuration
               model: this.model
-              // Pass model name (e.g., gpt-4o, o3, etc.)
+              // Pass model name (e.g., gpt-5.2, o3, etc.)
             });
             if (this.debug) {
               console.log("[DEBUG] Using Codex CLI engine with Probe tools");
@@ -114322,9 +114143,7 @@ You are working with a workspace. Available paths: ${workspaceDesc}
             let maxResponseTokens = this.maxResponseTokens;
             if (!maxResponseTokens) {
               maxResponseTokens = 4e3;
-              if (this.model && this.model.includes("opus") || this.model && this.model.includes("sonnet") || this.model && this.model.startsWith("gpt-4-")) {
-                maxResponseTokens = 8192;
-              } else if (this.model && this.model.startsWith("gpt-4o")) {
+              if (this.model && this.model.includes("opus") || this.model && this.model.includes("sonnet") || this.model && this.model.startsWith("gpt-4") || this.model && this.model.startsWith("gpt-5")) {
                 maxResponseTokens = 8192;
               } else if (this.model && this.model.startsWith("gemini")) {
                 maxResponseTokens = 32e3;