@qduc/term2 0.1.0

package/dist/utils/command-safety/find-helpers.js

@@ -0,0 +1,218 @@
+import { extractWordText } from './utils.js';
+/**
+ * Check if a find command has dangerous execution flags (-exec, -execdir, -ok, -okdir, -delete)
+ */
+export function hasFindDangerousExecution(args) {
+    for (let i = 0; i < args.length; i++) {
+        const argText = extractWordText(args[i]);
+        if (!argText)
+            continue;
+        // Check for -delete flag
+        if (argText === '-delete') {
+            return { dangerous: true, reason: 'find -delete (destructive)' };
+        }
+        // Check for execution flags
+        const execFlags = ['-exec', '-execdir', '-ok', '-okdir'];
+        if (!execFlags.includes(argText))
+            continue;
+        // Found an exec flag - analyze the command it executes
+        // Find the terminator (; or +)
+        let terminatorIndex = -1;
+        for (let j = i + 1; j < args.length; j++) {
+            const term = extractWordText(args[j]);
+            if (term === ';' ||
+                term === '+' ||
+                term === '\\;' ||
+                term === '\\+') {
+                terminatorIndex = j;
+                break;
+            }
+        }
+        if (terminatorIndex === -1) {
+            // Malformed -exec (no terminator)
+            return {
+                dangerous: true,
+                reason: `find ${argText} without terminator`,
+            };
+        }
+        // Extract the command between exec flag and terminator
+        const execArgs = args.slice(i + 1, terminatorIndex);
+        // Check for redirects (which indicate shell operations)
+        const hasRedirect = execArgs.some((a) => a?.type === 'Redirect');
+        if (hasRedirect) {
+            return {
+                dangerous: true,
+                reason: `find ${argText} with shell redirection`,
+            };
+        }
+        const execCommand = execArgs
+            .map(a => extractWordText(a))
+            .filter(Boolean);
+        if (execCommand.length === 0) {
+            return {
+                dangerous: true,
+                reason: `find ${argText} with empty command`,
+            };
+        }
+        const cmdName = execCommand[0];
+        if (!cmdName) {
+            return {
+                dangerous: true,
+                reason: `find ${argText} with undefined command`,
+            };
+        }
+        // Check if {} is the command itself (executing found files)
+        if (cmdName === '{}') {
+            return {
+                dangerous: true,
+                reason: `find ${argText} {} (executes found files directly)`,
+            };
+        }
+        // Check for destructive commands
+        const destructiveCmds = [
+            'rm',
+            'shred',
+            'chmod',
+            'chown',
+            'mv',
+            'dd',
+            'mkfs',
+            'truncate',
+            'tee',
+            'cp',
+            'ln',
+            'install',
+            'rsync',
+        ];
+        if (destructiveCmds.includes(cmdName)) {
+            return {
+                dangerous: true,
+                reason: `find ${argText} ${cmdName} (destructive)`,
+            };
+        }
+        // Check for dangerous interpreters and meta-executors
+        // These can all invoke arbitrary commands or scripts
+        const dangerousInterpreters = [
+            // Shells
+            'sh',
+            'bash',
+            'zsh',
+            'ksh',
+            'dash',
+            'fish',
+            'tcsh',
+            'csh',
+            // Script interpreters
+            'perl',
+            'python',
+            'python2',
+            'python3',
+            'ruby',
+            'node',
+            'nodejs',
+            'php',
+            'lua',
+            // Meta-executors that can run commands
+            'env',
+            'xargs',
+            'parallel',
+            'nohup',
+            'nice',
+            'ionice',
+            'timeout',
+            'stdbuf',
+            'script',
+            'expect',
+            // Text processors that can execute
+            'awk',
+            'gawk',
+            'mawk',
+            'nawk',
+            'sed',
+            'ed',
+            // Editors that can run shell commands
+            'vim',
+            'nvim',
+            'emacs',
+        ];
+        // Handle both bare names and full paths like /usr/bin/python
+        const isDangerousInterpreter = dangerousInterpreters.some(interp => cmdName === interp || cmdName.endsWith(`/${interp}`));
+        if (isDangerousInterpreter) {
+            return {
+                dangerous: true,
+                reason: `find ${argText} ${cmdName} (can execute commands)`,
+            };
+        }
+        // Check for shell metacharacters in command
+        const fullExecCmd = execCommand.join(' ');
+        if (/[|&;$`<>]/.test(fullExecCmd)) {
+            return {
+                dangerous: true,
+                reason: `find ${argText} with shell metacharacters`,
+            };
+        }
+    }
+    return { dangerous: false };
+}
+/**
+ * Check for suspicious find flags that warrant YELLOW classification
+ */
+export function hasFindSuspiciousFlags(args) {
+    for (const arg of args) {
+        const argText = extractWordText(arg);
+        if (!argText)
+            continue;
+        // File output flags
+        if (['-fprint', '-fprint0', '-fprintf', '-fls'].some(flag => argText.startsWith(flag))) {
+            return {
+                suspicious: true,
+                reason: `find ${argText} (file output)`,
+            };
+        }
+        // Symlink following
+        if (['-L', '-follow', '-H'].includes(argText)) {
+            return {
+                suspicious: true,
+                reason: `find ${argText} (symlink following)`,
+            };
+        }
+        // SUID/SGID permission searches
+        if (argText === '-perm') {
+            // Check the next argument for dangerous permission patterns
+            const nextIdx = args.indexOf(arg) + 1;
+            if (nextIdx < args.length) {
+                const permValue = extractWordText(args[nextIdx]);
+                if (permValue) {
+                    // Numeric SUID/SGID patterns (e.g., -4000, /6000)
+                    const hasNumericSuid = /[-\/]?[2467]000/.test(permValue);
+                    // Symbolic SUID/SGID patterns (e.g., -u+s, /g+s, +s)
+                    const hasSymbolicSuid = /[ug]?\+s/.test(permValue);
+                    if (hasNumericSuid || hasSymbolicSuid) {
+                        return {
+                            suspicious: true,
+                            reason: `find -perm ${permValue} (SUID/SGID search)`,
+                        };
+                    }
+                }
+            }
+        }
+        // Inode-based searches (can bypass path restrictions)
+        if (argText === '-inum') {
+            return {
+                suspicious: true,
+                reason: 'find -inum (inode-based access bypasses path checks)',
+            };
+        }
+        // Read-only exec (still suspicious, requires approval)
+        if (['-exec', '-execdir', '-ok', '-okdir'].includes(argText)) {
+            // If we reach here, hasFindDangerousExecution already passed (not RED)
+            // but any -exec usage should still be YELLOW
+            return {
+                suspicious: true,
+                reason: `find ${argText} (command execution)`,
+            };
+        }
+    }
+    return { suspicious: false };
+}
+//# sourceMappingURL=find-helpers.js.map

package/dist/utils/command-safety/find-helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"find-helpers.js","sourceRoot":"","sources":["../../../source/utils/command-safety/find-helpers.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,eAAe,EAAC,MAAM,YAAY,CAAC;AAE3C;;GAEG;AACH,MAAM,UAAU,yBAAyB,CAAC,IAAW;IAIjD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,MAAM,OAAO,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,yBAAyB;QACzB,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YACxB,OAAO,EAAC,SAAS,EAAE,IAAI,EAAE,MAAM,EAAE,4BAA4B,EAAC,CAAC;QACnE,CAAC;QAED,4BAA4B;QAC5B,MAAM,SAAS,GAAG,CAAC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC;QACzD,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC;YAAE,SAAS;QAE3C,uDAAuD;QACvD,+BAA+B;QAC/B,IAAI,eAAe,GAAG,CAAC,CAAC,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,MAAM,IAAI,GAAG,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;YACtC,IACI,IAAI,KAAK,GAAG;gBACZ,IAAI,KAAK,GAAG;gBACZ,IAAI,KAAK,KAAK;gBACd,IAAI,KAAK,KAAK,EAChB,CAAC;gBACC,eAAe,GAAG,CAAC,CAAC;gBACpB,MAAM;YACV,CAAC;QACL,CAAC;QAED,IAAI,eAAe,KAAK,CAAC,CAAC,EAAE,CAAC;YACzB,kCAAkC;YAClC,OAAO;gBACH,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,QAAQ,OAAO,qBAAqB;aAC/C,CAAC;QACN,CAAC;QAED,uDAAuD;QACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,EAAE,eAAe,CAAC,CAAC;QAEpD,wDAAwD;QACxD,MAAM,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,KAAK,UAAU,CAAC,CAAC;QACtE,IAAI,WAAW,EAAE,CAAC;YACd,OAAO;gBACH,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,QAAQ,OAAO,yBAAyB;aACnD,CAAC;QACN,CAAC;QAED,MAAM,WAAW,GAAG,QAAQ;aACvB,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC;aAC5B,MAAM,CAAC,OAAO,CAAC,CAAC;QAErB,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3B,OAAO;gBACH,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,QAAQ,OAAO,qBAAqB;aAC/C,CAAC;QACN,CAAC;QAED,MAAM,OAAO,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;YACX,OAAO;gBACH,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,QAAQ,OAAO,yBAAyB;aACnD,CAAC;QACN,CAAC;QAED,4DAA4D;QAC5D,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACnB,OAAO;gBACH,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,QAAQ,OAAO,qCAAqC;aAC/D,CAAC;QACN,CAAC;QAED,iCAAiC;QACjC,MAAM,eAAe,GAAG;YACpB,IAAI;YACJ,OAAO;YACP,OAAO;YACP,OAAO;YACP,IAAI;YACJ,IAAI;YACJ,MAAM;YACN,UAAU;YACV,KAAK;YACL,IAAI;YACJ,IAAI;YACJ,SAAS;YACT,OAAO;SACV,CAAC;QACF,IAAI,eAAe,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YACpC,OAAO;gBACH,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,QAAQ,OAAO,IAAI,OAAO,gBAAgB;aACrD,CAAC;QACN,CAAC;QAED,sDAAsD;QACtD,qDAAqD;QACrD,MAAM,qBAAqB,GAAG;YAC1B,SAAS;YACT,IAAI;YACJ,MAAM;YACN,KAAK;YACL,KAAK;YACL,MAAM;YACN,MAAM;YACN,MAAM;YACN,KAAK;YACL,sBAAsB;YACtB,MAAM;YACN,QAAQ;YACR,SAAS;YACT,SAAS;YACT,MAAM;YACN,MAAM;YACN,QAAQ;YACR,KAAK;YACL,KAAK;YACL,uCAAuC;YACvC,KAAK;YACL,OAAO;YACP,UAAU;YACV,OAAO;YACP,MAAM;YACN,QAAQ;YACR,SAAS;YACT,QAAQ;YACR,QAAQ;YACR,QAAQ;YACR,mCAAmC;YACnC,KAAK;YACL,MAAM;YACN,MAAM;YACN,MAAM;YACN,KAAK;YACL,IAAI;YACJ,sCAAsC;YACtC,KAAK;YACL,MAAM;YACN,OAAO;SACV,CAAC;QAEF,6DAA6D;QAC7D,MAAM,sBAAsB,GAAG,qBAAqB,CAAC,IAAI,CACrD,MAAM,CAAC,EAAE,CAAC,OAAO,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,MAAM,EAAE,CAAC,CACjE,CAAC;QAEF,IAAI,sBAAsB,EAAE,CAAC;YACzB,OAAO;gBACH,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,QAAQ,OAAO,IAAI,OAAO,yBAAyB;aAC9D,CAAC;QACN,CAAC;QAED,4CAA4C;QAC5C,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,WAAW,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAChC,OAAO;gBACH,SAAS,EAAE,IAAI;gBACf,MAAM,EAAE,QAAQ,OAAO,4BAA4B;aACtD,CAAC;QACN,CAAC;IACL,CAAC;IAED,OAAO,EAAC,SAAS,EAAE,KAAK,EAAC,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,sBAAsB,CAAC,IAAW;IAI9C,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACrB,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;QACrC,IAAI,CAAC,OAAO;YAAE,SAAS;QAEvB,oBAAoB;QACpB,IACI,CAAC,SAAS,EAAE,UAAU,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CACpD,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAC3B,EACH,CAAC;YACC,OAAO;gBACH,UAAU,EAAE,IAAI;gBAChB,MAAM,EAAE,QAAQ,OAAO,gBAAgB;aAC1C,CAAC;QACN,CAAC;QAED,oBAAoB;QACpB,IAAI,CAAC,IAAI,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC5C,OAAO;gBACH,UAAU,EAAE,IAAI;gBAChB,MAAM,EAAE,QAAQ,OAAO,sBAAsB;aAChD,CAAC;QACN,CAAC;QAED,gCAAgC;QAChC,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACtB,4DAA4D;YAC5D,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;YACtC,IAAI,OAAO,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC;gBACxB,MAAM,SAAS,GAAG,eAAe,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;gBACjD,IAAI,SAAS,EAAE,CAAC;oBACZ,kDAAkD;oBAClD,MAAM,cAAc,GAAG,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBACzD,qDAAqD;oBACrD,MAAM,eAAe,GAAG,UAAU,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBAEnD,IAAI,cAAc,IAAI,eAAe,EAAE,CAAC;wBACpC,OAAO;4BACH,UAAU,EAAE,IAAI;4BAChB,MAAM,EAAE,cAAc,SAAS,qBAAqB;yBACvD,CAAC;oBACN,CAAC;gBACL,CAAC;YACL,CAAC;QACL,CAAC;QAED,sDAAsD;QACtD,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;YACtB,OAAO;gBACH,UAAU,EAAE,IAAI;gBAChB,MAAM,EAAE,sDAAsD;aACjE,CAAC;QACN,CAAC;QAED,uDAAuD;QACvD,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,KAAK,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;YAC3D,uEAAuE;YACvE,6CAA6C;YAC7C,OAAO;gBACH,UAAU,EAAE,IAAI;gBAChB,MAAM,EAAE,QAAQ,OAAO,sBAAsB;aAChD,CAAC;QACN,CAAC;IACL,CAAC;IAED,OAAO,EAAC,UAAU,EAAE,KAAK,EAAC,CAAC;AAC/B,CAAC"}

package/dist/utils/command-safety/handlers/find-handler.d.ts

@@ -0,0 +1,6 @@
+import type { CommandHandler } from './types.js';
+/**
+ * Handler for find command safety analysis
+ */
+export declare const findHandler: CommandHandler;
+//# sourceMappingURL=find-handler.d.ts.map

package/dist/utils/command-safety/handlers/find-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"find-handler.d.ts","sourceRoot":"","sources":["../../../../source/utils/command-safety/handlers/find-handler.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACR,cAAc,EAGjB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,eAAO,MAAM,WAAW,EAAE,cA+HzB,CAAC"}

package/dist/utils/command-safety/handlers/find-handler.js

@@ -0,0 +1,113 @@
+import { SafetyStatus } from '../constants.js';
+/**
+ * Handler for find command safety analysis
+ */
+export const findHandler = {
+    handle(node, helpers) {
+        const { extractWordText, analyzePathRisk, hasFindDangerousExecution, hasFindSuspiciousFlags, } = helpers;
+        const reasons = [];
+        let status = SafetyStatus.GREEN;
+        if (!node.suffix) {
+            return { status, reasons };
+        }
+        // Check for dangerous find operations first (RED)
+        const dangerResult = hasFindDangerousExecution(node.suffix);
+        if (dangerResult.dangerous) {
+            return {
+                status: SafetyStatus.RED,
+                reasons: [dangerResult.reason || 'find with dangerous flags'],
+            };
+        }
+        // Check for suspicious find flags (YELLOW)
+        const suspiciousResult = hasFindSuspiciousFlags(node.suffix);
+        if (suspiciousResult.suspicious) {
+            status = SafetyStatus.YELLOW;
+            reasons.push(suspiciousResult.reason || 'find with suspicious flags');
+        }
+        // Check path arguments for find
+        // Track if previous arg was a pattern flag like -name, -regex
+        let previousArgWasPatternFlag = false;
+        for (const arg of node.suffix) {
+            if (arg?.type === 'Redirect')
+                continue;
+            const argText = extractWordText(arg);
+            if (!argText)
+                continue;
+            // Track pattern flags
+            if ([
+                '-name',
+                '-iname',
+                '-path',
+                '-ipath',
+                '-regex',
+                '-iregex',
+            ].includes(argText)) {
+                previousArgWasPatternFlag = true;
+                continue;
+            }
+            // Skip flags
+            if (argText.startsWith('-')) {
+                previousArgWasPatternFlag = false;
+                continue;
+            }
+            // Skip pattern arguments (the values after -name, -regex, etc.)
+            if (previousArgWasPatternFlag) {
+                previousArgWasPatternFlag = false;
+                continue;
+            }
+            // Skip glob patterns (contain wildcards)
+            if (/[*?[\]]/.test(argText))
+                continue;
+            // Skip safe relative paths (. and ./)
+            if (argText === '.' || argText === './')
+                continue;
+            // Skip patterns with backslashes (regex patterns)
+            if (argText.includes('\\'))
+                continue;
+            // Root traversal detection (DoS + information disclosure)
+            if (argText === '/' || argText === '//') {
+                status = SafetyStatus.YELLOW;
+                reasons.push('find / (root traversal - resource intensive)');
+                continue;
+            }
+            // For find, analyzing paths is more lenient:
+            // - System paths like /etc are YELLOW (not RED)
+            // - Home directories and dotfiles are still RED
+            const pathStatus = analyzePathRisk(argText);
+            if (pathStatus === SafetyStatus.RED) {
+                // Keep RED for home directories, dotfiles, and traversal
+                // Downgrade system paths to YELLOW
+                const homeRelatedPatterns = [
+                    /^~/, // Tilde
+                    /^\$/, // Variables like $HOME, $USER
+                    /^\/home\//, // Linux home
+                    /^\/Users\//, // macOS home
+                    /^\/root/, // Root's home
+                    /\/\.ssh/, // SSH keys
+                    /\/\.env/, // Environment files
+                    /\/\.git/, // Git config
+                    /\/\.aws/, // AWS credentials
+                    /\/\.kube/, // Kubernetes config
+                    /\/\.gnupg/, // GPG keys
+                    /\.\./, // Directory traversal
+                ];
+                const isHomeRelated = homeRelatedPatterns.some(pattern => pattern.test(argText));
+                if (isHomeRelated) {
+                    status = SafetyStatus.RED;
+                    reasons.push(`find dangerous path: ${argText}`);
+                }
+                else {
+                    // System paths like /etc get downgraded to YELLOW
+                    status = SafetyStatus.YELLOW;
+                    reasons.push(`find system path: ${argText}`);
+                }
+            }
+            else if (pathStatus === SafetyStatus.YELLOW) {
+                status = pathStatus;
+                reasons.push(`find path argument ${argText}`);
+            }
+        }
+        return { status, reasons };
+    },
+};
+//# sourceMappingURL=find-handler.js.map

package/dist/utils/command-safety/handlers/find-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"find-handler.js","sourceRoot":"","sources":["../../../../source/utils/command-safety/handlers/find-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAC,MAAM,iBAAiB,CAAC;AAO7C;;GAEG;AACH,MAAM,CAAC,MAAM,WAAW,GAAmB;IACvC,MAAM,CAAC,IAAS,EAAE,OAA8B;QAC5C,MAAM,EACF,eAAe,EACf,eAAe,EACf,yBAAyB,EACzB,sBAAsB,GACzB,GAAG,OAAO,CAAC;QACZ,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,MAAM,GAAiB,YAAY,CAAC,KAAK,CAAC;QAE9C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,OAAO,EAAC,MAAM,EAAE,OAAO,EAAC,CAAC;QAC7B,CAAC;QAED,kDAAkD;QAClD,MAAM,YAAY,GAAG,yBAAyB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC5D,IAAI,YAAY,CAAC,SAAS,EAAE,CAAC;YACzB,OAAO;gBACH,MAAM,EAAE,YAAY,CAAC,GAAG;gBACxB,OAAO,EAAE,CAAC,YAAY,CAAC,MAAM,IAAI,2BAA2B,CAAC;aAChE,CAAC;QACN,CAAC;QAED,2CAA2C;QAC3C,MAAM,gBAAgB,GAAG,sBAAsB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAC7D,IAAI,gBAAgB,CAAC,UAAU,EAAE,CAAC;YAC9B,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;YAC7B,OAAO,CAAC,IAAI,CACR,gBAAgB,CAAC,MAAM,IAAI,4BAA4B,CAC1D,CAAC;QACN,CAAC;QAED,gCAAgC;QAChC,8DAA8D;QAC9D,IAAI,yBAAyB,GAAG,KAAK,CAAC;QAEtC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC5B,IAAI,GAAG,EAAE,IAAI,KAAK,UAAU;gBAAE,SAAS;YACvC,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,CAAC,OAAO;gBAAE,SAAS;YAEvB,sBAAsB;YACtB,IACI;gBACI,OAAO;gBACP,QAAQ;gBACR,OAAO;gBACP,QAAQ;gBACR,QAAQ;gBACR,SAAS;aACZ,CAAC,QAAQ,CAAC,OAAO,CAAC,EACrB,CAAC;gBACC,yBAAyB,GAAG,IAAI,CAAC;gBACjC,SAAS;YACb,CAAC;YAED,aAAa;YACb,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC1B,yBAAyB,GAAG,KAAK,CAAC;gBAClC,SAAS;YACb,CAAC;YAED,gEAAgE;YAChE,IAAI,yBAAyB,EAAE,CAAC;gBAC5B,yBAAyB,GAAG,KAAK,CAAC;gBAClC,SAAS;YACb,CAAC;YAED,yCAAyC;YACzC,IAAI,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC;gBAAE,SAAS;YAEtC,sCAAsC;YACtC,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI;gBAAE,SAAS;YAElD,kDAAkD;YAClD,IAAI,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;gBAAE,SAAS;YAErC,0DAA0D;YAC1D,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;gBACtC,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;gBAC7B,OAAO,CAAC,IAAI,CAAC,8CAA8C,CAAC,CAAC;gBAC7D,SAAS;YACb,CAAC;YAED,6CAA6C;YAC7C,gDAAgD;YAChD,gDAAgD;YAChD,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;YAC5C,IAAI,UAAU,KAAK,YAAY,CAAC,GAAG,EAAE,CAAC;gBAClC,yDAAyD;gBACzD,mCAAmC;gBACnC,MAAM,mBAAmB,GAAG;oBACxB,IAAI,EAAE,QAAQ;oBACd,KAAK,EAAE,8BAA8B;oBACrC,WAAW,EAAE,aAAa;oBAC1B,YAAY,EAAE,aAAa;oBAC3B,SAAS,EAAE,cAAc;oBACzB,SAAS,EAAE,WAAW;oBACtB,SAAS,EAAE,oBAAoB;oBAC/B,SAAS,EAAE,aAAa;oBACxB,SAAS,EAAE,kBAAkB;oBAC7B,UAAU,EAAE,oBAAoB;oBAChC,WAAW,EAAE,WAAW;oBACxB,MAAM,EAAE,sBAAsB;iBACjC,CAAC;gBAEF,MAAM,aAAa,GAAG,mBAAmB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CACrD,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CACxB,CAAC;gBAEF,IAAI,aAAa,EAAE,CAAC;oBAChB,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC;oBAC1B,OAAO,CAAC,IAAI,CAAC,wBAAwB,OAAO,EAAE,CAAC,CAAC;gBACpD,CAAC;qBAAM,CAAC;oBACJ,kDAAkD;oBAClD,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;oBAC7B,OAAO,CAAC,IAAI,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC;gBACjD,CAAC;YACL,CAAC;iBAAM,IAAI,UAAU,KAAK,YAAY,CAAC,MAAM,EAAE,CAAC;gBAC5C,MAAM,GAAG,UAAU,CAAC;gBACpB,OAAO,CAAC,IAAI,CAAC,sBAAsB,OAAO,EAAE,CAAC,CAAC;YAClD,CAAC;QACL,CAAC;QAED,OAAO,EAAC,MAAM,EAAE,OAAO,EAAC,CAAC;IAC7B,CAAC;CACJ,CAAC"}

package/dist/utils/command-safety/handlers/git-handler.d.ts

@@ -0,0 +1,6 @@
+import type { CommandHandler } from './types.js';
+/**
+ * Handler for git command safety analysis
+ */
+export declare const gitHandler: CommandHandler;
+//# sourceMappingURL=git-handler.d.ts.map

package/dist/utils/command-safety/handlers/git-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"git-handler.d.ts","sourceRoot":"","sources":["../../../../source/utils/command-safety/handlers/git-handler.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EACR,cAAc,EAGjB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,eAAO,MAAM,UAAU,EAAE,cAsExB,CAAC"}

package/dist/utils/command-safety/handlers/git-handler.js

@@ -0,0 +1,68 @@
+import { SafetyStatus, SAFE_GIT_COMMANDS, DANGEROUS_GIT_COMMANDS, } from '../constants.js';
+/**
+ * Handler for git command safety analysis
+ */
+export const gitHandler = {
+    handle(node, helpers) {
+        const { extractWordText } = helpers;
+        const reasons = [];
+        let status = SafetyStatus.GREEN;
+        // Extract the git subcommand (first non-flag argument)
+        let gitSubcommand;
+        if (node.suffix) {
+            for (const arg of node.suffix) {
+                const argText = extractWordText(arg);
+                if (argText && !argText.startsWith('-')) {
+                    gitSubcommand = argText;
+                    break;
+                }
+            }
+        }
+        if (!gitSubcommand) {
+            // No subcommand found (e.g., just "git" or "git --version")
+            return {
+                status: SafetyStatus.YELLOW,
+                reasons: ['git without subcommand'],
+            };
+        }
+        // Check if it's a known dangerous command
+        if (DANGEROUS_GIT_COMMANDS.has(gitSubcommand)) {
+            return {
+                status: SafetyStatus.YELLOW,
+                reasons: [`git ${gitSubcommand} (write operation)`],
+            };
+        }
+        // Check if it's a known safe command
+        if (SAFE_GIT_COMMANDS.has(gitSubcommand)) {
+            // Check for dangerous flags that might make it unsafe
+            const hasDangerousFlags = node.suffix.some((arg) => {
+                const argText = extractWordText(arg);
+                if (!argText)
+                    return false;
+                // Flags that might modify repository state
+                return (argText.startsWith('--force') ||
+                    argText.startsWith('-f') ||
+                    argText.startsWith('--hard') ||
+                    argText.startsWith('--delete') ||
+                    argText.startsWith('-d') ||
+                    argText.startsWith('-D'));
+            });
+            if (hasDangerousFlags) {
+                return {
+                    status: SafetyStatus.YELLOW,
+                    reasons: [
+                        `git ${gitSubcommand} with potentially dangerous flags`,
+                    ],
+                };
+            }
+            // Otherwise stays GREEN - safe read-only git command
+            return { status, reasons };
+        }
+        // Unknown git subcommand
+        return {
+            status: SafetyStatus.YELLOW,
+            reasons: [`git ${gitSubcommand} (unknown subcommand)`],
+        };
+    },
+};
+//# sourceMappingURL=git-handler.js.map

package/dist/utils/command-safety/handlers/git-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"git-handler.js","sourceRoot":"","sources":["../../../../source/utils/command-safety/handlers/git-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EACH,YAAY,EACZ,iBAAiB,EACjB,sBAAsB,GACzB,MAAM,iBAAiB,CAAC;AAOzB;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAmB;IACtC,MAAM,CAAC,IAAS,EAAE,OAA8B;QAC5C,MAAM,EAAC,eAAe,EAAC,GAAG,OAAO,CAAC;QAClC,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,MAAM,GAAiB,YAAY,CAAC,KAAK,CAAC;QAE9C,uDAAuD;QACvD,IAAI,aAAiC,CAAC;QACtC,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YACd,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;gBACrC,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;oBACtC,aAAa,GAAG,OAAO,CAAC;oBACxB,MAAM;gBACV,CAAC;YACL,CAAC;QACL,CAAC;QAED,IAAI,CAAC,aAAa,EAAE,CAAC;YACjB,4DAA4D;YAC5D,OAAO;gBACH,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,CAAC,wBAAwB,CAAC;aACtC,CAAC;QACN,CAAC;QAED,0CAA0C;QAC1C,IAAI,sBAAsB,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YAC5C,OAAO;gBACH,MAAM,EAAE,YAAY,CAAC,MAAM;gBAC3B,OAAO,EAAE,CAAC,OAAO,aAAa,oBAAoB,CAAC;aACtD,CAAC;QACN,CAAC;QAED,qCAAqC;QACrC,IAAI,iBAAiB,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YACvC,sDAAsD;YACtD,MAAM,iBAAiB,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,GAAQ,EAAE,EAAE;gBACpD,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;gBACrC,IAAI,CAAC,OAAO;oBAAE,OAAO,KAAK,CAAC;gBAE3B,2CAA2C;gBAC3C,OAAO,CACH,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;oBAC7B,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;oBACxB,OAAO,CAAC,UAAU,CAAC,QAAQ,CAAC;oBAC5B,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC;oBAC9B,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;oBACxB,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,CAC3B,CAAC;YACN,CAAC,CAAC,CAAC;YAEH,IAAI,iBAAiB,EAAE,CAAC;gBACpB,OAAO;oBACH,MAAM,EAAE,YAAY,CAAC,MAAM;oBAC3B,OAAO,EAAE;wBACL,OAAO,aAAa,mCAAmC;qBAC1D;iBACJ,CAAC;YACN,CAAC;YACD,qDAAqD;YACrD,OAAO,EAAC,MAAM,EAAE,OAAO,EAAC,CAAC;QAC7B,CAAC;QAED,yBAAyB;QACzB,OAAO;YACH,MAAM,EAAE,YAAY,CAAC,MAAM;YAC3B,OAAO,EAAE,CAAC,OAAO,aAAa,uBAAuB,CAAC;SACzD,CAAC;IACN,CAAC;CACJ,CAAC"}

package/dist/utils/command-safety/handlers/index.d.ts

@@ -0,0 +1,13 @@
+import type { CommandHandler } from './types.js';
+/**
+ * Registry of command-specific handlers
+ */
+export declare const commandHandlers: Map<string, CommandHandler>;
+/**
+ * Get a handler for a specific command
+ * @param commandName The command name
+ * @returns The handler if one exists, undefined otherwise
+ */
+export declare function getCommandHandler(commandName: string): CommandHandler | undefined;
+export type { CommandHandler, CommandHandlerHelpers, CommandHandlerResult, } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/utils/command-safety/handlers/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../source/utils/command-safety/handlers/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAC,cAAc,EAAC,MAAM,YAAY,CAAC;AAK/C;;GAEG;AACH,eAAO,MAAM,eAAe,6BAI1B,CAAC;AAEH;;;;GAIG;AACH,wBAAgB,iBAAiB,CAC7B,WAAW,EAAE,MAAM,GACpB,cAAc,GAAG,SAAS,CAE5B;AAGD,YAAY,EACR,cAAc,EACd,qBAAqB,EACrB,oBAAoB,GACvB,MAAM,YAAY,CAAC"}

package/dist/utils/command-safety/handlers/index.js

@@ -0,0 +1,20 @@
+import { gitHandler } from './git-handler.js';
+import { findHandler } from './find-handler.js';
+import { sedHandler } from './sed-handler.js';
+/**
+ * Registry of command-specific handlers
+ */
+export const commandHandlers = new Map([
+    ['git', gitHandler],
+    ['find', findHandler],
+    ['sed', sedHandler],
+]);
+/**
+ * Get a handler for a specific command
+ * @param commandName The command name
+ * @returns The handler if one exists, undefined otherwise
+ */
+export function getCommandHandler(commandName) {
+    return commandHandlers.get(commandName);
+}
+//# sourceMappingURL=index.js.map

package/dist/utils/command-safety/handlers/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../source/utils/command-safety/handlers/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAC5C,OAAO,EAAC,WAAW,EAAC,MAAM,mBAAmB,CAAC;AAC9C,OAAO,EAAC,UAAU,EAAC,MAAM,kBAAkB,CAAC;AAE5C;;GAEG;AACH,MAAM,CAAC,MAAM,eAAe,GAAG,IAAI,GAAG,CAAyB;IAC3D,CAAC,KAAK,EAAE,UAAU,CAAC;IACnB,CAAC,MAAM,EAAE,WAAW,CAAC;IACrB,CAAC,KAAK,EAAE,UAAU,CAAC;CACtB,CAAC,CAAC;AAEH;;;;GAIG;AACH,MAAM,UAAU,iBAAiB,CAC7B,WAAmB;IAEnB,OAAO,eAAe,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;AAC5C,CAAC"}

package/dist/utils/command-safety/handlers/sed-handler.d.ts

@@ -0,0 +1,6 @@
+import type { CommandHandler } from './types.js';
+/**
+ * Handler for sed command safety analysis
+ */
+export declare const sedHandler: CommandHandler;
+//# sourceMappingURL=sed-handler.d.ts.map

package/dist/utils/command-safety/handlers/sed-handler.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sed-handler.d.ts","sourceRoot":"","sources":["../../../../source/utils/command-safety/handlers/sed-handler.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACR,cAAc,EAGjB,MAAM,YAAY,CAAC;AAEpB;;GAEG;AACH,eAAO,MAAM,UAAU,EAAE,cAqGxB,CAAC"}

package/dist/utils/command-safety/handlers/sed-handler.js

@@ -0,0 +1,94 @@
+import { SafetyStatus } from '../constants.js';
+/**
+ * Handler for sed command safety analysis
+ */
+export const sedHandler = {
+    handle(node, helpers) {
+        const { extractWordText, analyzePathRisk } = helpers;
+        const reasons = [];
+        let status = SafetyStatus.GREEN;
+        if (!node.suffix) {
+            return { status, reasons };
+        }
+        let hasOutputRedirect = false;
+        let hasInPlaceEdit = false;
+        // First pass: detect dangerous sed patterns
+        for (const arg of node.suffix) {
+            if (arg?.type === 'Redirect') {
+                // Check if it's an output redirect (>, >>)
+                const op = arg.op?.text || arg.op;
+                if (op === '>' || op === '>>') {
+                    hasOutputRedirect = true;
+                }
+            }
+            const argText = extractWordText(arg);
+            if (argText && argText.startsWith('-')) {
+                if (argText.startsWith('-i')) {
+                    hasInPlaceEdit = true;
+                }
+            }
+        }
+        // Second pass: classify arguments
+        for (const arg of node.suffix) {
+            // Redirects: analyze path risk. For `sed`, only mark output redirects as YELLOW
+            if (arg?.type === 'Redirect') {
+                const fileText = extractWordText(arg.file ?? arg);
+                const op = arg.op?.text || arg.op;
+                if (op === '>' || op === '>>') {
+                    status = SafetyStatus.YELLOW;
+                    reasons.push(`sed with output redirection to ${fileText ?? '<unknown>'}`);
+                }
+                const pathStatus = analyzePathRisk(fileText);
+                if (pathStatus !== SafetyStatus.GREEN) {
+                    status = pathStatus;
+                    reasons.push(`redirect to ${fileText ?? '<unknown>'}`);
+                }
+                continue;
+            }
+            const argText = extractWordText(arg);
+            // Flags are normally ignored, but for `sed` the -i flag is dangerous
+            // because it performs in-place edits. Detect -i and variants (e.g. -i, -i.bak, -i'')
+            if (argText && argText.startsWith('-')) {
+                if (argText.startsWith('-i')) {
+                    return {
+                        status: SafetyStatus.RED,
+                        reasons: [`sed in-place edit detected: ${argText}`],
+                    };
+                }
+                continue; // other flags ignored
+            }
+            const pathStatus = analyzePathRisk(argText);
+            // For `sed`, file arguments are only risky if combined with dangerous operations
+            if (argText) {
+                // If there's an in-place edit or output redirect, path risk matters
+                // Otherwise, reading files with sed is safe (GREEN)
+                if (hasInPlaceEdit || hasOutputRedirect) {
+                    if (pathStatus === SafetyStatus.RED) {
+                        status = pathStatus;
+                        reasons.push(`sed file argument ${argText}`);
+                    }
+                    else {
+                        status = SafetyStatus.YELLOW;
+                        reasons.push(`sed file argument ${argText}`);
+                    }
+                }
+                else {
+                    // Read-only sed: only escalate if path itself is risky
+                    if (pathStatus !== SafetyStatus.GREEN) {
+                        status = pathStatus;
+                        reasons.push(`sed file argument ${argText}`);
+                    }
+                    // Otherwise GREEN - read-only sed is safe
+                }
+                continue;
+            }
+            // Unknown/opaque args fall back to YELLOW
+            if (!argText) {
+                status = SafetyStatus.YELLOW;
+                reasons.push('opaque or unparseable argument');
+            }
+        }
+        return { status, reasons };
+    },
+};
+//# sourceMappingURL=sed-handler.js.map

package/dist/utils/command-safety/handlers/sed-handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sed-handler.js","sourceRoot":"","sources":["../../../../source/utils/command-safety/handlers/sed-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAC,MAAM,iBAAiB,CAAC;AAO7C;;GAEG;AACH,MAAM,CAAC,MAAM,UAAU,GAAmB;IACtC,MAAM,CAAC,IAAS,EAAE,OAA8B;QAC5C,MAAM,EAAC,eAAe,EAAE,eAAe,EAAC,GAAG,OAAO,CAAC;QACnD,MAAM,OAAO,GAAa,EAAE,CAAC;QAC7B,IAAI,MAAM,GAAiB,YAAY,CAAC,KAAK,CAAC;QAE9C,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACf,OAAO,EAAC,MAAM,EAAE,OAAO,EAAC,CAAC;QAC7B,CAAC;QAED,IAAI,iBAAiB,GAAG,KAAK,CAAC;QAC9B,IAAI,cAAc,GAAG,KAAK,CAAC;QAE3B,4CAA4C;QAC5C,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC5B,IAAI,GAAG,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC3B,2CAA2C;gBAC3C,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,EAAE,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;gBAClC,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;oBAC5B,iBAAiB,GAAG,IAAI,CAAC;gBAC7B,CAAC;YACL,CAAC;YAED,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YACrC,IAAI,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,cAAc,GAAG,IAAI,CAAC;gBAC1B,CAAC;YACL,CAAC;QACL,CAAC;QAED,kCAAkC;QAClC,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAC5B,gFAAgF;YAChF,IAAI,GAAG,EAAE,IAAI,KAAK,UAAU,EAAE,CAAC;gBAC3B,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,CAAC;gBAClD,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,EAAE,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;gBAElC,IAAI,EAAE,KAAK,GAAG,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC;oBAC5B,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;oBAC7B,OAAO,CAAC,IAAI,CACR,kCACI,QAAQ,IAAI,WAChB,EAAE,CACL,CAAC;gBACN,CAAC;gBAED,MAAM,UAAU,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;gBAC7C,IAAI,UAAU,KAAK,YAAY,CAAC,KAAK,EAAE,CAAC;oBACpC,MAAM,GAAG,UAAU,CAAC;oBACpB,OAAO,CAAC,IAAI,CAAC,eAAe,QAAQ,IAAI,WAAW,EAAE,CAAC,CAAC;gBAC3D,CAAC;gBACD,SAAS;YACb,CAAC;YAED,MAAM,OAAO,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;YACrC,qEAAqE;YACrE,qFAAqF;YACrF,IAAI,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACrC,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;oBAC3B,OAAO;wBACH,MAAM,EAAE,YAAY,CAAC,GAAG;wBACxB,OAAO,EAAE,CAAC,+BAA+B,OAAO,EAAE,CAAC;qBACtD,CAAC;gBACN,CAAC;gBACD,SAAS,CAAC,sBAAsB;YACpC,CAAC;YAED,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;YAC5C,iFAAiF;YACjF,IAAI,OAAO,EAAE,CAAC;gBACV,oEAAoE;gBACpE,oDAAoD;gBACpD,IAAI,cAAc,IAAI,iBAAiB,EAAE,CAAC;oBACtC,IAAI,UAAU,KAAK,YAAY,CAAC,GAAG,EAAE,CAAC;wBAClC,MAAM,GAAG,UAAU,CAAC;wBACpB,OAAO,CAAC,IAAI,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC;oBACjD,CAAC;yBAAM,CAAC;wBACJ,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;wBAC7B,OAAO,CAAC,IAAI,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC;oBACjD,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACJ,uDAAuD;oBACvD,IAAI,UAAU,KAAK,YAAY,CAAC,KAAK,EAAE,CAAC;wBACpC,MAAM,GAAG,UAAU,CAAC;wBACpB,OAAO,CAAC,IAAI,CAAC,qBAAqB,OAAO,EAAE,CAAC,CAAC;oBACjD,CAAC;oBACD,0CAA0C;gBAC9C,CAAC;gBACD,SAAS;YACb,CAAC;YAED,0CAA0C;YAC1C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACX,MAAM,GAAG,YAAY,CAAC,MAAM,CAAC;gBAC7B,OAAO,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;YACnD,CAAC;QACL,CAAC;QAED,OAAO,EAAC,MAAM,EAAE,OAAO,EAAC,CAAC;IAC7B,CAAC;CACJ,CAAC"}

package/dist/utils/command-safety/handlers/types.d.ts

@@ -0,0 +1,36 @@
+import { SafetyStatus } from '../constants.js';
+/**
+ * Result from a command handler
+ */
+export interface CommandHandlerResult {
+    status: SafetyStatus;
+    reasons: string[];
+}
+/**
+ * Helper functions passed to command handlers
+ */
+export interface CommandHandlerHelpers {
+    extractWordText: (arg: any) => string | undefined;
+    analyzePathRisk: (path: string | undefined) => SafetyStatus;
+    hasFindDangerousExecution: (suffix: any[]) => {
+        dangerous: boolean;
+        reason?: string;
+    };
+    hasFindSuspiciousFlags: (suffix: any[]) => {
+        suspicious: boolean;
+        reason?: string;
+    };
+}
+/**
+ * Interface for command-specific safety handlers
+ */
+export interface CommandHandler {
+    /**
+     * Handle command-specific safety analysis
+     * @param node The AST node representing the command
+     * @param helpers Helper functions for analysis
+     * @returns Safety status and reasons
+     */
+    handle(node: any, helpers: CommandHandlerHelpers): CommandHandlerResult;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/utils/command-safety/handlers/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../../source/utils/command-safety/handlers/types.ts"],"names":[],"mappings":"AAAA,OAAO,EAAC,YAAY,EAAC,MAAM,iBAAiB,CAAC;AAE7C;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACjC,MAAM,EAAE,YAAY,CAAC;IACrB,OAAO,EAAE,MAAM,EAAE,CAAC;CACrB;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IAClC,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,MAAM,GAAG,SAAS,CAAC;IAClD,eAAe,EAAE,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,KAAK,YAAY,CAAC;IAC5D,yBAAyB,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK;QAC1C,SAAS,EAAE,OAAO,CAAC;QACnB,MAAM,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;IACF,sBAAsB,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,KAAK;QACvC,UAAU,EAAE,OAAO,CAAC;QACpB,MAAM,CAAC,EAAE,MAAM,CAAC;KACnB,CAAC;CACL;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC3B;;;;;OAKG;IACH,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,OAAO,EAAE,qBAAqB,GAAG,oBAAoB,CAAC;CAC3E"}

package/dist/utils/command-safety/handlers/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/utils/command-safety/handlers/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../source/utils/command-safety/handlers/types.ts"],"names":[],"mappings":""}