@robinmordasiewicz/f5xc-xcsh 1.0.91-2601040044 → 1.0.91-2601040346

package/dist/index.js

@@ -47052,8 +47052,8 @@ function getLogoModeFromEnv(envPrefix) {
 var CLI_NAME = "xcsh";
 var CLI_FULL_NAME = "F5 Distributed Cloud Shell";
 function getVersion() {
-  if ("v1.0.91-2601040044") {
-    return "v1.0.91-2601040044";
+  if ("v1.0.91-2601040346") {
+    return "v1.0.91-2601040346";
   }
   if (process.env.XCSH_VERSION) {
     return process.env.XCSH_VERSION;
@@ -145585,6 +145585,387 @@ function buildConnectionInfo(profileName, apiUrl, hasToken, namespace, isConnect
   return info;
 }
 
+// src/validation/namespace.ts
+function validateNamespaceScope(domain, action, currentNamespace, resourceType) {
+  const opInfo = getOperationDescription(domain, action, resourceType);
+  if (!opInfo?.namespaceScope) {
+    return { valid: true };
+  }
+  const scope = opInfo.namespaceScope;
+  const normalizedNamespace = currentNamespace.toLowerCase();
+  switch (scope) {
+    case "system":
+      if (normalizedNamespace !== "system") {
+        return {
+          valid: false,
+          scope,
+          message: `${action} on ${resourceType || domain} requires the 'system' namespace`,
+          suggestion: "system"
+        };
+      }
+      return { valid: true, scope };
+    case "shared":
+      if (normalizedNamespace !== "shared") {
+        return {
+          valid: false,
+          scope,
+          message: `${action} on ${resourceType || domain} requires the 'shared' namespace`,
+          suggestion: "shared"
+        };
+      }
+      return { valid: true, scope };
+    case "any":
+    default:
+      return { valid: true, scope };
+  }
+}
+
+// src/validation/safety.ts
+function checkOperationSafety(domain, action, resourceType) {
+  const opInfo = getOperationDescription(domain, action, resourceType);
+  const dangerLevel = opInfo?.dangerLevel || "low";
+  const requiresConfirmation2 = opInfo?.confirmationRequired ?? dangerLevel === "high";
+  const sideEffects = opInfo?.sideEffects;
+  const result = {
+    proceed: dangerLevel !== "high",
+    // High danger requires explicit confirmation
+    dangerLevel,
+    requiresConfirmation: requiresConfirmation2
+  };
+  if (dangerLevel === "high") {
+    result.warning = formatHighDangerWarning(domain, action, sideEffects);
+  } else if (dangerLevel === "medium") {
+    result.warning = formatMediumDangerWarning(domain, action, sideEffects);
+  }
+  if (sideEffects) {
+    result.sideEffects = sideEffects;
+  }
+  return result;
+}
+function formatHighDangerWarning(_domain, _action, sideEffects) {
+  const lines = [
+    colorRed("\u26A0\uFE0F  WARNING: This is a HIGH DANGER operation"),
+    ""
+  ];
+  if (sideEffects) {
+    if (sideEffects.deletes && sideEffects.deletes.length > 0) {
+      lines.push(
+        colorRed(`  Will DELETE: ${sideEffects.deletes.join(", ")}`)
+      );
+    }
+    if (sideEffects.updates && sideEffects.updates.length > 0) {
+      lines.push(`  Will UPDATE: ${sideEffects.updates.join(", ")}`);
+    }
+    if (sideEffects.creates && sideEffects.creates.length > 0) {
+      lines.push(
+        colorDim(`  Will CREATE: ${sideEffects.creates.join(", ")}`)
+      );
+    }
+    lines.push("");
+  }
+  lines.push(
+    colorRed("This action may be destructive and cannot be undone.")
+  );
+  return lines.join("\n");
+}
+function formatMediumDangerWarning(_domain, _action, sideEffects) {
+  const lines = [
+    colorYellow("\u26A0\uFE0F  CAUTION: This operation may have significant effects"),
+    ""
+  ];
+  if (sideEffects) {
+    const effects = [];
+    if (sideEffects.creates && sideEffects.creates.length > 0) {
+      effects.push(`creates: ${sideEffects.creates.join(", ")}`);
+    }
+    if (sideEffects.updates && sideEffects.updates.length > 0) {
+      effects.push(`updates: ${sideEffects.updates.join(", ")}`);
+    }
+    if (sideEffects.deletes && sideEffects.deletes.length > 0) {
+      effects.push(`deletes: ${sideEffects.deletes.join(", ")}`);
+    }
+    if (effects.length > 0) {
+      lines.push(`  Side effects: ${effects.join("; ")}`);
+      lines.push("");
+    }
+  }
+  return lines.join("\n");
+}
+
+// src/validation/reserved-words.ts
+var RESERVED_ACTIONS = /* @__PURE__ */ new Set([
+  // CRUD operations
+  "create",
+  "delete",
+  "list",
+  "get",
+  "update",
+  "apply",
+  "patch",
+  // Info operations
+  "describe",
+  "show",
+  "status",
+  "logs",
+  "events",
+  // Modification
+  "edit",
+  "replace",
+  "set",
+  "unset",
+  // Lifecycle
+  "start",
+  "stop",
+  "restart",
+  "rollout",
+  "scale",
+  // Connection
+  "attach",
+  "detach",
+  "connect",
+  "disconnect",
+  // Registration
+  "register",
+  "deregister",
+  "associate",
+  "disassociate",
+  // AWS-specific
+  "put",
+  "modify",
+  // Built-in xcsh commands
+  "help",
+  "quit",
+  "exit",
+  "clear",
+  "history",
+  "refresh",
+  "context",
+  "banner",
+  "profile",
+  "completion",
+  // Common CLI patterns
+  "run",
+  "exec",
+  "wait",
+  "open",
+  "close",
+  "inspect",
+  "validate",
+  "diff",
+  "plan",
+  "import",
+  "export"
+]);
+var SHELL_METACHARACTERS = /[;&|`$()<>\\#!{}[\]*?~\n\r]/;
+var DANGEROUS_PATTERNS = [
+  {
+    pattern: /^-/,
+    message: "Name cannot start with a hyphen (would be interpreted as a flag)"
+  },
+  {
+    pattern: /^--/,
+    message: "Name cannot start with double-hyphen (would be interpreted as a long flag)"
+  },
+  {
+    pattern: /\.\./,
+    message: "Name cannot contain '..' (path traversal risk)"
+  },
+  {
+    pattern: /^\./,
+    message: "Name cannot start with '.' (hidden file pattern)"
+  },
+  {
+    pattern: /\//,
+    message: "Name cannot contain '/' (path separator)"
+  },
+  {
+    pattern: /\\$/,
+    message: "Name cannot end with backslash (escape sequence risk)"
+  },
+  {
+    pattern: /\s/,
+    message: "Name cannot contain whitespace"
+  },
+  {
+    pattern: /^_/,
+    message: "Name cannot start with underscore (reserved for internal use)"
+  }
+];
+var DANGEROUS_COMMANDS = /* @__PURE__ */ new Set([
+  // File destruction
+  "rm",
+  "rm-rf",
+  "rmdir",
+  "del",
+  "unlink",
+  "shred",
+  // Privilege escalation
+  "sudo",
+  "su",
+  "chmod",
+  "chown",
+  "chattr",
+  "setfacl",
+  // Network tools (payload download)
+  "wget",
+  "curl",
+  "nc",
+  "netcat",
+  "socat",
+  "telnet",
+  "ssh",
+  "scp",
+  "rsync",
+  // Shell execution
+  "bash",
+  "sh",
+  "zsh",
+  "csh",
+  "ksh",
+  "fish",
+  "pwsh",
+  "powershell",
+  // Process execution
+  "exec",
+  "eval",
+  "source",
+  "nohup",
+  "xargs",
+  // Process termination
+  "kill",
+  "pkill",
+  "killall",
+  "killall5",
+  // Disk operations
+  "dd",
+  "mkfs",
+  "fdisk",
+  "parted",
+  "format",
+  // System control
+  "reboot",
+  "shutdown",
+  "halt",
+  "poweroff",
+  "init",
+  "systemctl",
+  // Container escape
+  "docker",
+  "kubectl",
+  "nsenter",
+  "chroot"
+]);
+var CONTROL_CHARS = /[\x00-\x1f\x7f]/;
+var RFC1035_PATTERN = /^[a-z]([a-z0-9-]{0,61}[a-z0-9])?$/;
+
+// src/validation/resource-name.ts
+var DEFAULT_OPTIONS = {
+  maxLength: 63,
+  allowUppercase: false,
+  skipFormatValidation: false
+};
+function validateResourceName(name, options = {}) {
+  const opts = { ...DEFAULT_OPTIONS, ...options };
+  const nameLower = name.toLowerCase();
+  if (!name || name.trim().length === 0) {
+    return {
+      valid: false,
+      category: "invalid",
+      message: "Resource name cannot be empty"
+    };
+  }
+  if (name.length > opts.maxLength) {
+    return {
+      valid: false,
+      category: "invalid",
+      message: `Name exceeds maximum length of ${opts.maxLength} characters (got ${name.length})`,
+      suggestion: sanitizeName(name.slice(0, opts.maxLength))
+    };
+  }
+  if (CONTROL_CHARS.test(name)) {
+    return {
+      valid: false,
+      category: "security",
+      message: "Name contains control characters which are not allowed"
+    };
+  }
+  if (SHELL_METACHARACTERS.test(name)) {
+    const match = name.match(SHELL_METACHARACTERS);
+    const char = match?.[0] ?? "unknown";
+    const charDesc = getCharacterDescription(char);
+    return {
+      valid: false,
+      category: "security",
+      message: `Name contains shell metacharacter '${charDesc}' which could enable command injection`
+    };
+  }
+  if (RESERVED_ACTIONS.has(nameLower)) {
+    return {
+      valid: false,
+      category: "reserved",
+      message: `'${name}' is a reserved CLI action word and cannot be used as a resource name`,
+      suggestion: `my-${name}`
+    };
+  }
+  if (DANGEROUS_COMMANDS.has(nameLower)) {
+    return {
+      valid: false,
+      category: "dangerous",
+      message: `'${name}' matches a dangerous system command and cannot be used as a resource name`
+    };
+  }
+  for (const { pattern, message } of DANGEROUS_PATTERNS) {
+    if (pattern.test(name)) {
+      return {
+        valid: false,
+        category: "dangerous",
+        message
+      };
+    }
+  }
+  if (!opts.skipFormatValidation) {
+    const nameToCheck = opts.allowUppercase ? nameLower : name;
+    if (!RFC1035_PATTERN.test(nameToCheck.toLowerCase())) {
+      return {
+        valid: false,
+        category: "invalid",
+        message: "Name must start with a letter, end with alphanumeric, and contain only lowercase letters, numbers, and hyphens",
+        suggestion: sanitizeName(name)
+      };
+    }
+  }
+  return { valid: true };
+}
+function getCharacterDescription(char) {
+  const descriptions = {
+    ";": "; (command separator)",
+    "&": "& (background execution)",
+    "|": "| (pipe)",
+    "`": "` (command substitution)",
+    $: "$ (variable/command expansion)",
+    "(": "( (subshell)",
+    ")": ") (subshell)",
+    "<": "< (input redirection)",
+    ">": "> (output redirection)",
+    "\\": "\\ (escape)",
+    "#": "# (comment)",
+    "!": "! (history expansion)",
+    "{": "{ (brace expansion)",
+    "}": "} (brace expansion)",
+    "[": "[ (bracket expansion)",
+    "]": "] (bracket expansion)",
+    "*": "* (glob pattern)",
+    "?": "? (glob pattern)",
+    "~": "~ (home directory)",
+    "\n": "newline",
+    "\r": "carriage return"
+  };
+  return descriptions[char] ?? char;
+}
+function sanitizeName(name) {
+  return name.toLowerCase().replace(/[^a-z0-9-]/g, "-").replace(/^[^a-z]+/, "").replace(/-+$/, "").replace(/-{2,}/g, "-").slice(0, 63) || "resource";
+}
+
 // src/domains/login/profile/create.ts
 var createCommand2 = {
   name: "create",
@@ -145611,6 +145992,18 @@ var createCommand2 = {
         ].join("\n")
       );
     }
+    const nameValidation = validateResourceName(name, {
+      maxLength: 128,
+      // Profiles can have longer names than API resources
+      resourceType: "profile"
+    });
+    if (!nameValidation.valid) {
+      const lines = [`Invalid profile name: ${nameValidation.message}`];
+      if (nameValidation.suggestion) {
+        lines.push("", `Suggested: ${nameValidation.suggestion}`);
+      }
+      return errorResult(lines.join("\n"));
+    }
     const existing = await manager.get(name);
     if (existing) {
       return errorResult(
@@ -148271,7 +148664,7 @@ var queryCommand = {
 // src/domains/ai_services/chat.ts
 import * as readline from "readline";
 function parseChatArgs(args, session) {
-  const { remainingArgs } = parseDomainOutputFlags(
+  const { options, remainingArgs } = parseDomainOutputFlags(
     args,
     session.getOutputFormat()
   );
@@ -148290,7 +148683,11 @@ function parseChatArgs(args, session) {
     }
     i++;
   }
-  return { spec, namespace };
+  return {
+    spec,
+    namespace,
+    suppressOutput: options.format === "none"
+  };
 }
 function showChatHelp() {
   return [
@@ -148505,13 +148902,19 @@ var chatCommand = {
   usage: "[--namespace <ns>]",
   aliases: ["interactive", "i"],
   async execute(args, session) {
-    const { spec, namespace } = parseChatArgs(args, session);
+    const { spec, namespace, suppressOutput } = parseChatArgs(
+      args,
+      session
+    );
     if (spec) {
       const cmdSpec = getCommandSpec("generative_ai chat");
       if (cmdSpec) {
         return successResult([formatSpec(cmdSpec)]);
       }
     }
+    if (suppressOutput) {
+      return successResult([]);
+    }
     if (!process.stdin.isTTY) {
       return errorResult(
         "Chat mode requires an interactive terminal. Use 'ai query' for non-interactive queries."
@@ -148529,7 +148932,7 @@ var chatCommand = {
 
 // src/domains/ai_services/feedback.ts
 function parseFeedbackArgs(args, session) {
-  const { remainingArgs } = parseDomainOutputFlags(
+  const { options, remainingArgs } = parseDomainOutputFlags(
     args,
     session.getOutputFormat()
   );
@@ -148577,6 +148980,8 @@ function parseFeedbackArgs(args, session) {
     i++;
   }
   return {
+    format: options.format,
+    noColor: options.noColor,
     spec,
     namespace,
     positive,
@@ -148593,13 +148998,25 @@ var feedbackCommand = {
   usage: "--positive | --negative <type> [--comment <text>] [--query-id <id>]",
   aliases: ["fb", "rate"],
   async execute(args, session) {
-    const { spec, namespace, positive, negativeType, comment, queryId } = parseFeedbackArgs(args, session);
+    const {
+      format,
+      noColor,
+      spec,
+      namespace,
+      positive,
+      negativeType,
+      comment,
+      queryId
+    } = parseFeedbackArgs(args, session);
     if (spec) {
       const cmdSpec = getCommandSpec("generative_ai feedback");
       if (cmdSpec) {
         return successResult([formatSpec(cmdSpec)]);
       }
     }
+    if (format === "none") {
+      return successResult([]);
+    }
     if (!positive && !negativeType) {
       const validTypes = getValidFeedbackTypes().join(", ");
       return errorResult(
@@ -148644,6 +149061,17 @@ Negative types: ${validTypes}`
           positive_feedback: {},
           comment: comment ?? void 0
         });
+        const result2 = {
+          status: "success",
+          type: "positive",
+          query_id: targetQueryId,
+          message: "Positive feedback submitted successfully."
+        };
+        if (format === "json" || format === "yaml" || format === "tsv") {
+          return successResult(
+            formatDomainOutput(result2, { format, noColor })
+          );
+        }
         return successResult([
           "Positive feedback submitted successfully.",
           `Query ID: ${targetQueryId}`
@@ -148658,6 +149086,19 @@ Negative types: ${validTypes}`
         },
         comment: comment ?? void 0
       });
+      const result = {
+        status: "success",
+        type: "negative",
+        query_id: targetQueryId,
+        reason: negativeType ?? "OTHER",
+        ...comment ? { comment } : {},
+        message: "Negative feedback submitted successfully."
+      };
+      if (format === "json" || format === "yaml" || format === "tsv") {
+        return successResult(
+          formatDomainOutput(result, { format, noColor })
+        );
+      }
       return successResult([
         "Negative feedback submitted successfully.",
         `Query ID: ${targetQueryId}`,
@@ -148909,13 +149350,94 @@ var evalSubcommands = {
   defaultCommand: evalQueryCommand
 };
 
+// src/domains/domain-overview.ts
+function formatDomainOverview(config) {
+  const lines = [];
+  lines.push("");
+  lines.push(`${config.name} - ${config.description}`);
+  lines.push("");
+  if (config.commands.length > 0) {
+    lines.push("Commands:");
+    const maxNameLen = Math.max(
+      ...config.commands.map((cmd) => cmd.name.length)
+    );
+    const padding = Math.min(maxNameLen + 2, 20);
+    for (const cmd of config.commands) {
+      lines.push(`  ${cmd.name.padEnd(padding)} ${cmd.description}`);
+    }
+    lines.push("");
+  }
+  if (config.examples.length > 0) {
+    lines.push("Examples:");
+    for (const example of config.examples) {
+      lines.push(`  ${example}`);
+    }
+    lines.push("");
+  }
+  if (config.supportsOutputFormats) {
+    lines.push("Output formats: --output json|yaml|table|tsv|none");
+    lines.push("");
+  }
+  if (config.notes && config.notes.length > 0) {
+    for (const note of config.notes) {
+      lines.push(note);
+    }
+    lines.push("");
+  }
+  return lines;
+}
+
 // src/domains/ai_services/index.ts
+var entryCommand = {
+  name: "ai_services",
+  description: "AI-powered query and chat services for F5 Distributed Cloud",
+  descriptionShort: "AI assistant queries and feedback",
+  descriptionMedium: "Query the AI assistant for help with F5 XC platform operations, configurations, and troubleshooting.",
+  async execute(args, session) {
+    const hasQuestion = args.length > 0 && !args[0]?.startsWith("--");
+    if (hasQuestion) {
+      return queryCommand.execute(args, session);
+    }
+    const overview = formatDomainOverview({
+      name: "AI Services",
+      description: "Query and chat with the F5 XC AI assistant",
+      commands: [
+        {
+          name: "query <question>",
+          description: "Ask a single question"
+        },
+        {
+          name: "chat",
+          description: "Start interactive chat session"
+        },
+        {
+          name: "feedback",
+          description: "Provide feedback on AI responses"
+        }
+      ],
+      examples: [
+        "query 'How do I create an HTTP load balancer?'",
+        "query 'What is my WAF policy configuration?' --namespace prod",
+        "chat",
+        "feedback positive"
+      ],
+      supportsOutputFormats: true,
+      notes: ["Use 'eval' subcommand for AI evaluation testing."]
+    });
+    return {
+      output: overview,
+      contextChanged: true,
+      shouldExit: false,
+      shouldClear: false
+    };
+  }
+};
 var aiServicesDomain = {
   name: "ai_services",
   description: "Interact with the F5 Distributed Cloud AI assistant for natural language queries about platform operations. Ask questions about load balancers, WAF configurations, site status, security events, or any platform topic. Supports single queries with follow-up suggestions, interactive multi-turn chat sessions, and feedback submission to improve AI responses.",
   descriptionShort: "AI assistant queries and feedback",
   descriptionMedium: "Query the AI assistant for help with F5 XC platform operations, configurations, security analysis, and troubleshooting.",
-  defaultCommand: queryCommand,
+  defaultCommand: entryCommand,
   commands: /* @__PURE__ */ new Map([
     ["query", queryCommand],
     ["chat", chatCommand],
@@ -150510,13 +151032,13 @@ var RESERVED_API_ACTIONS = /* @__PURE__ */ new Set([
   "add-labels",
   "remove-labels"
 ]);
-function isReservedAction(name) {
+function isReservedAction2(name) {
   return RESERVED_API_ACTIONS.has(name.toLowerCase());
 }
 function validateExtension(extension) {
   const conflicts = [];
   for (const [name] of extension.commands) {
-    if (isReservedAction(name)) {
+    if (isReservedAction2(name)) {
       conflicts.push(name);
     }
   }
@@ -151861,114 +152383,15 @@ function useGitStatus(options = {}) {
   return { gitInfo, refresh, lastRefresh };
 }
 
-// src/validation/namespace.ts
-function validateNamespaceScope(domain, action, currentNamespace, resourceType) {
-  const opInfo = getOperationDescription(domain, action, resourceType);
-  if (!opInfo?.namespaceScope) {
-    return { valid: true };
-  }
-  const scope = opInfo.namespaceScope;
-  const normalizedNamespace = currentNamespace.toLowerCase();
-  switch (scope) {
-    case "system":
-      if (normalizedNamespace !== "system") {
-        return {
-          valid: false,
-          scope,
-          message: `${action} on ${resourceType || domain} requires the 'system' namespace`,
-          suggestion: "system"
-        };
-      }
-      return { valid: true, scope };
-    case "shared":
-      if (normalizedNamespace !== "shared") {
-        return {
-          valid: false,
-          scope,
-          message: `${action} on ${resourceType || domain} requires the 'shared' namespace`,
-          suggestion: "shared"
-        };
-      }
-      return { valid: true, scope };
-    case "any":
-    default:
-      return { valid: true, scope };
-  }
-}
-
-// src/validation/safety.ts
-function checkOperationSafety(domain, action, resourceType) {
-  const opInfo = getOperationDescription(domain, action, resourceType);
-  const dangerLevel = opInfo?.dangerLevel || "low";
-  const requiresConfirmation2 = opInfo?.confirmationRequired ?? dangerLevel === "high";
-  const sideEffects = opInfo?.sideEffects;
-  const result = {
-    proceed: dangerLevel !== "high",
-    // High danger requires explicit confirmation
-    dangerLevel,
-    requiresConfirmation: requiresConfirmation2
-  };
-  if (dangerLevel === "high") {
-    result.warning = formatHighDangerWarning(domain, action, sideEffects);
-  } else if (dangerLevel === "medium") {
-    result.warning = formatMediumDangerWarning(domain, action, sideEffects);
-  }
-  if (sideEffects) {
-    result.sideEffects = sideEffects;
-  }
-  return result;
-}
-function formatHighDangerWarning(_domain, _action, sideEffects) {
-  const lines = [
-    colorRed("\u26A0\uFE0F  WARNING: This is a HIGH DANGER operation"),
-    ""
-  ];
-  if (sideEffects) {
-    if (sideEffects.deletes && sideEffects.deletes.length > 0) {
-      lines.push(
-        colorRed(`  Will DELETE: ${sideEffects.deletes.join(", ")}`)
-      );
-    }
-    if (sideEffects.updates && sideEffects.updates.length > 0) {
-      lines.push(`  Will UPDATE: ${sideEffects.updates.join(", ")}`);
-    }
-    if (sideEffects.creates && sideEffects.creates.length > 0) {
-      lines.push(
-        colorDim(`  Will CREATE: ${sideEffects.creates.join(", ")}`)
-      );
-    }
-    lines.push("");
-  }
-  lines.push(
-    colorRed("This action may be destructive and cannot be undone.")
-  );
-  return lines.join("\n");
-}
-function formatMediumDangerWarning(_domain, _action, sideEffects) {
-  const lines = [
-    colorYellow("\u26A0\uFE0F  CAUTION: This operation may have significant effects"),
-    ""
-  ];
-  if (sideEffects) {
-    const effects = [];
-    if (sideEffects.creates && sideEffects.creates.length > 0) {
-      effects.push(`creates: ${sideEffects.creates.join(", ")}`);
-    }
-    if (sideEffects.updates && sideEffects.updates.length > 0) {
-      effects.push(`updates: ${sideEffects.updates.join(", ")}`);
-    }
-    if (sideEffects.deletes && sideEffects.deletes.length > 0) {
-      effects.push(`deletes: ${sideEffects.deletes.join(", ")}`);
-    }
-    if (effects.length > 0) {
-      lines.push(`  Side effects: ${effects.join("; ")}`);
-      lines.push("");
-    }
-  }
-  return lines.join("\n");
-}
-
 // src/repl/executor.ts
+var WRITE_OPERATIONS = /* @__PURE__ */ new Set([
+  "create",
+  "replace",
+  "apply",
+  "patch",
+  "add-labels",
+  "remove-labels"
+]);
 var BUILTIN_COMMANDS = /* @__PURE__ */ new Set([
   "help",
   "--help",
@@ -152653,6 +153076,50 @@ async function executeAPICommand(session, ctx, cmd) {
   );
   const { resourceType, name, namespace, outputFormat, spec, noColor } = parseCommandArgs(args, domainResourceTypes);
   const effectiveNamespace = namespace ?? session.getNamespace();
+  if (effectiveNamespace) {
+    const nsNameValidation = validateResourceName(effectiveNamespace, {
+      resourceType: "namespace"
+    });
+    if (!nsNameValidation.valid) {
+      const lines = [
+        `Error: Invalid namespace name '${effectiveNamespace}'`,
+        "",
+        nsNameValidation.message ?? "Invalid namespace name"
+      ];
+      if (nsNameValidation.suggestion) {
+        lines.push("", `Suggested: ${nsNameValidation.suggestion}`);
+      }
+      return {
+        output: lines,
+        shouldExit: false,
+        shouldClear: false,
+        contextChanged: false,
+        error: nsNameValidation.message ?? "Invalid namespace name"
+      };
+    }
+  }
+  if (WRITE_OPERATIONS.has(action) && name) {
+    const nameValidation = validateResourceName(name, {
+      resourceType: resourceType ?? canonicalDomain
+    });
+    if (!nameValidation.valid) {
+      const lines = [
+        `Error: Invalid resource name '${name}'`,
+        "",
+        nameValidation.message ?? "Invalid resource name"
+      ];
+      if (nameValidation.suggestion) {
+        lines.push("", `Suggested: ${nameValidation.suggestion}`);
+      }
+      return {
+        output: lines,
+        shouldExit: false,
+        shouldClear: false,
+        contextChanged: false,
+        error: nameValidation.message ?? "Invalid resource name"
+      };
+    }
+  }
   const effectiveResource = resourceType ?? canonicalDomain;
   const nsValidation = validateNamespaceScope(
     canonicalDomain,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@robinmordasiewicz/f5xc-xcsh",
-  "version": "1.0.91-2601040044",
+  "version": "1.0.91-2601040346",
   "description": "F5 Distributed Cloud Shell - Interactive CLI for F5 XC",
   "type": "module",
   "bin": {