@soleri/cli 9.3.0 → 9.4.0

package/src/commands/staging.ts

@@ -4,9 +4,12 @@ import { join, relative } from 'node:path';
 import { homedir } from 'node:os';
 import * as log from '../utils/logger.js';
 
-const STAGING_ROOT = join(homedir(), '.soleri', 'staging');
+export const STAGING_ROOT = join(homedir(), '.soleri', 'staging');
 
-interface StagedEntry {
+/** Default max age for stale staging entries (7 days). */
+const DEFAULT_MAX_AGE_MS = 7 * 24 * 60 * 60 * 1000;
+
+export interface StagedEntry {
   id: string;
   timestamp: string;
   path: string;
@@ -17,7 +20,7 @@ interface StagedEntry {
 /**
  * Walk a directory tree and collect all items with their relative paths.
  */
-function walkDir(dir: string, base: string): { relPath: string; size: number }[] {
+export function walkDir(dir: string, base: string): { relPath: string; size: number }[] {
   const results: { relPath: string; size: number }[] = [];
   if (!existsSync(dir)) return results;
 
@@ -38,7 +41,7 @@ function walkDir(dir: string, base: string): { relPath: string; size: number }[]
 /**
  * List all staged entries.
  */
-function listStaged(): StagedEntry[] {
+export function listStaged(): StagedEntry[] {
   if (!existsSync(STAGING_ROOT)) return [];
 
   const entries: StagedEntry[] = [];
@@ -66,7 +69,7 @@ function listStaged(): StagedEntry[] {
 /**
  * Parse a duration string like "7d", "24h", "30m" into milliseconds.
  */
-function parseDuration(duration: string): number | null {
+export function parseDuration(duration: string): number | null {
   const match = duration.match(/^(\d+)(d|h|m)$/);
   if (!match) return null;
 
@@ -85,12 +88,78 @@ function parseDuration(duration: string): number | null {
   }
 }
 
-function formatSize(bytes: number): string {
+export function formatSize(bytes: number): string {
   if (bytes < 1024) return `${bytes} B`;
   if (bytes < 1024 * 1024) return `${(bytes / 1024).toFixed(1)} KB`;
   return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
 }
 
+// ─── Reusable Utility Functions ──────────────────────────────────────
+
+export interface StaleStagingInfo {
+  /** Entries older than maxAge. */
+  staleEntries: StagedEntry[];
+  /** Total bytes across stale entries. */
+  totalBytes: number;
+  /** Human-readable total size. */
+  totalSize: string;
+  /** Number of stale entries. */
+  count: number;
+}
+
+/**
+ * Check for staging entries older than a given age.
+ * Pure function — no I/O side effects beyond reading the filesystem.
+ *
+ * @param maxAgeMs - Maximum age in milliseconds (default: 7 days)
+ * @returns Info about stale entries, or null if none found.
+ */
+export function getStaleStagingInfo(
+  maxAgeMs: number = DEFAULT_MAX_AGE_MS,
+): StaleStagingInfo | null {
+  const entries = listStaged();
+  if (entries.length === 0) return null;
+
+  const cutoff = Date.now() - maxAgeMs;
+  const staleEntries = entries.filter((entry) => {
+    try {
+      const stat = statSync(entry.path);
+      return stat.mtimeMs < cutoff;
+    } catch {
+      return false;
+    }
+  });
+
+  if (staleEntries.length === 0) return null;
+
+  const totalBytes = staleEntries.reduce((sum, e) => sum + e.size, 0);
+  return {
+    staleEntries,
+    totalBytes,
+    totalSize: formatSize(totalBytes),
+    count: staleEntries.length,
+  };
+}
+
+/**
+ * Purge stale staging entries. Returns the number of entries removed.
+ *
+ * @param entries - Entries to purge (from getStaleStagingInfo().staleEntries)
+ * @returns Number of entries successfully removed.
+ */
+export function purgeStagingEntries(entries: StagedEntry[]): number {
+  let removed = 0;
+  for (const entry of entries) {
+    try {
+      rmSync(entry.path, { recursive: true, force: true });
+      removed++;
+    } catch {
+      // Skip failures silently — entry may have been removed concurrently
+    }
+  }
+  return removed;
+}
+
 export function registerStaging(program: Command): void {
   const staging = program.command('staging').description('Manage anti-deletion staging folder');
 
@@ -161,25 +230,31 @@ export function registerStaging(program: Command): void {
     });
 
   staging
-    .command('purge')
-    .option('--older-than <duration>', 'Only purge snapshots older than duration (e.g. 7d, 24h)')
-    .description('Permanently delete staged files')
-    .action((opts: { olderThan?: string }) => {
+    .command('clean')
+    .option(
+      '--older-than <duration>',
+      'Only remove snapshots older than duration (default: 7d)',
+      '7d',
+    )
+    .option('--all', 'Remove all snapshots regardless of age')
+    .option('--dry-run', 'Show what would be removed without deleting')
+    .description('Remove staging backups older than 7 days (or --all)')
+    .action((opts: { olderThan: string; all?: boolean; dryRun?: boolean }) => {
       if (!existsSync(STAGING_ROOT)) {
-        log.info('No staging directory found. Nothing to purge.');
+        log.info('No staging directory found. Nothing to clean.');
         return;
       }
 
       const entries = listStaged();
 
       if (entries.length === 0) {
-        log.info('No staged files to purge.');
+        log.info('No staged files to clean.');
         return;
       }
 
-      let toPurge = entries;
+      let toClean = entries;
 
-      if (opts.olderThan) {
+      if (!opts.all) {
         const maxAge = parseDuration(opts.olderThan);
         if (!maxAge) {
           log.fail(`Invalid duration: "${opts.olderThan}". Use format like 7d, 24h, 30m`);
@@ -187,22 +262,70 @@ export function registerStaging(program: Command): void {
         }
 
         const cutoff = Date.now() - maxAge;
-        toPurge = entries.filter((entry) => {
+        toClean = entries.filter((entry) => {
           const stat = statSync(entry.path);
           return stat.mtimeMs < cutoff;
         });
       }
 
-      if (toPurge.length === 0) {
-        log.info('No snapshots match the purge criteria.');
+      if (toClean.length === 0) {
+        log.info('No snapshots match the clean criteria.');
         return;
       }
 
-      for (const entry of toPurge) {
+      if (opts.dryRun) {
+        log.heading('Dry run — would remove:');
+        for (const entry of toClean) {
+          log.warn(`${entry.id}`, formatSize(entry.size));
+        }
+        log.info(`Would remove ${toClean.length} staging snapshot(s)`);
+        return;
+      }
+
+      for (const entry of toClean) {
         rmSync(entry.path, { recursive: true, force: true });
-        log.warn(`Purged ${entry.id}`);
+        log.warn(`Removed ${entry.id}`);
+      }
+
+      log.info(`Removed ${toClean.length} staging snapshot(s)`);
+    });
+
+  staging
+    .command('cleanup')
+    .option('--older-than <duration>', 'Max age for stale entries (default: 7d)', '7d')
+    .option('--yes', 'Skip confirmation prompt')
+    .description('Check for and remove stale staging backups (default: older than 7 days)')
+    .action((opts: { olderThan: string; yes?: boolean }) => {
+      const maxAge = parseDuration(opts.olderThan);
+      if (!maxAge) {
+        log.fail(`Invalid duration: "${opts.olderThan}". Use format like 7d, 24h, 30m`);
+        process.exit(1);
+      }
+
+      const info = getStaleStagingInfo(maxAge);
+
+      if (!info) {
+        log.info('No stale staging backups found.');
+        return;
+      }
+
+      log.heading('Stale Staging Backups');
+      log.info(
+        `Found ${info.count} staging backup(s) older than ${opts.olderThan} (${info.totalSize}).`,
+      );
+
+      for (const entry of info.staleEntries) {
+        log.dim(`  ${entry.id}  ${formatSize(entry.size)}`);
+      }
+
+      if (!opts.yes) {
+        log.info(
+          `Run with --yes to remove, or use: soleri staging purge --older-than ${opts.olderThan}`,
+        );
+        return;
       }
 
-      log.info(`Purged ${toPurge.length} staging snapshot(s)`);
+      const removed = purgeStagingEntries(info.staleEntries);
+      log.pass(`Cleaned up ${removed} stale staging backup(s), freed ${info.totalSize}.`);
     });
 }

package/src/commands/yolo.ts

@@ -0,0 +1,103 @@
+import { spawn } from 'node:child_process';
+import type { Command } from 'commander';
+import { isPackInstalled, installPack } from '../hook-packs/installer.js';
+import { getPack } from '../hook-packs/registry.js';
+import * as log from '../utils/logger.js';
+
+const YOLO_PACK = 'yolo-safety';
+
+const RESET = '\x1b[0m';
+const BOLD = '\x1b[1m';
+const RED = '\x1b[31m';
+const YELLOW = '\x1b[33m';
+
+export function registerYolo(program: Command): void {
+  program
+    .command('yolo')
+    .description('Launch Claude Code in YOLO mode with safety guardrails')
+    .option('--dry-run', 'Show what would happen without launching Claude')
+    .option('--project', 'Install safety hooks to project .claude/ instead of global ~/.claude/')
+    .action((opts: { dryRun?: boolean; project?: boolean }) => {
+      runYolo(opts);
+    });
+}
+
+function runYolo(opts: { dryRun?: boolean; project?: boolean }): void {
+  // 1. Verify the yolo-safety pack exists in registry
+  const pack = getPack(YOLO_PACK);
+  if (!pack) {
+    log.fail(`Hook pack "${YOLO_PACK}" not found in registry. Is @soleri/cli up to date?`);
+    process.exit(1);
+  }
+
+  // 2. Check if already installed, install if not
+  const projectDir = opts.project ? process.cwd() : undefined;
+  const installed = isPackInstalled(YOLO_PACK, { projectDir });
+
+  if (installed === true) {
+    log.pass(`${YOLO_PACK} hook pack already installed`);
+  } else {
+    if (installed === 'partial') {
+      log.warn(`${YOLO_PACK} hook pack partially installed — reinstalling`);
+    }
+    const result = installPack(YOLO_PACK, { projectDir });
+    const target = opts.project ? '.claude/' : '~/.claude/';
+    for (const script of result.scripts) {
+      log.pass(`Installed ${script} → ${target}`);
+    }
+    for (const lc of result.lifecycleHooks) {
+      log.pass(`Registered lifecycle hook: ${lc}`);
+    }
+    const totalInstalled =
+      result.installed.length + result.scripts.length + result.lifecycleHooks.length;
+    if (totalInstalled > 0) {
+      log.pass(`${YOLO_PACK} hook pack installed (${totalInstalled} items)`);
+    }
+  }
+
+  // 3. Print safety warning
+  console.log();
+  console.log(`  ${RED}${BOLD}⚡ YOLO MODE${RESET}`);
+  console.log();
+  console.log(
+    `  ${YELLOW}Approval gates skipped — Claude will execute commands without asking.${RESET}`,
+  );
+  console.log(
+    `  ${YELLOW}Safety hooks active — destructive commands (rm, git push --force,${RESET}`,
+  );
+  console.log(`  ${YELLOW}git reset --hard, drop table, docker rm) are intercepted.${RESET}`);
+  console.log();
+
+  if (opts.dryRun) {
+    log.info('Dry run — would launch:');
+    log.dim('  claude --dangerously-skip-permissions');
+    return;
+  }
+
+  // 4. Launch Claude Code with permissions skipped
+  log.info('Launching Claude Code in YOLO mode...');
+  console.log();
+
+  const child = spawn('claude', ['--dangerously-skip-permissions'], {
+    stdio: 'inherit',
+    env: { ...process.env },
+  });
+
+  child.on('error', (err) => {
+    if ((err as NodeJS.ErrnoException).code === 'ENOENT') {
+      log.fail(
+        'Claude CLI not found. Install it first: https://docs.anthropic.com/en/docs/claude-code',
+      );
+    } else {
+      log.fail(`Failed to launch Claude: ${err.message}`);
+    }
+    process.exit(1);
+  });
+
+  child.on('exit', (code, signal) => {
+    if (signal) {
+      process.exit(1);
+    }
+    process.exit(code ?? 0);
+  });
+}

package/src/hook-packs/yolo-safety/manifest.json

@@ -1,7 +1,7 @@
 {
   "name": "yolo-safety",
   "version": "1.0.0",
-  "description": "Anti-deletion guardrail for YOLO mode — intercepts destructive commands, stages files for review",
+  "description": "Safety guardrails for YOLO mode — intercepts destructive commands (rm, git push --force, git reset --hard, git clean, drop table, docker rm), stages files before deletion, blocks everything else",
   "hooks": [],
   "scripts": [
     {
@@ -15,7 +15,7 @@
       "event": "PreToolUse",
       "matcher": "Bash",
       "type": "command",
-      "command": "bash ~/.claude/hooks/anti-deletion.sh",
+      "command": "sh ~/.claude/hooks/anti-deletion.sh",
       "timeout": 10,
       "statusMessage": "Checking for destructive commands..."
     }

package/src/hook-packs/yolo-safety/scripts/anti-deletion.sh

@@ -1,21 +1,31 @@
-#!/usr/bin/env bash
+#!/bin/sh
 # Anti-Deletion Staging Hook for Claude Code (Soleri Hook Pack: yolo-safety)
-# PreToolUse -> Bash: intercepts rm, rmdir, mv (of project dirs), git clean, reset --hard
-# Copies target files to ~/.soleri/staging/<timestamp>/ then blocks the command.
+# PreToolUse -> Bash: intercepts destructive commands, stages files, blocks execution.
+#
+# Intercepted patterns:
+#   - rm / rmdir          (files/dirs — stages first, then blocks)
+#   - git push --force    (blocks outright)
+#   - git reset --hard    (blocks outright)
+#   - git clean           (blocks outright)
+#   - git checkout -- .   (blocks outright)
+#   - git restore .       (blocks outright)
+#   - mv ~/projects/...   (blocks outright)
+#   - drop table          (SQL — blocks outright)
+#   - docker rm / rmi     (blocks outright)
 #
 # Catastrophic commands (rm -rf /, rm -rf ~) should stay in deny rules —
 # this hook handles targeted deletes only.
 #
-# Dependencies: jq (required), perl (optional, for heredoc stripping)
+# Dependencies: jq (required)
+# POSIX sh compatible — no bash-specific features.
 
-set -euo pipefail
+set -eu
 
 STAGING_ROOT="$HOME/.soleri/staging"
-PROJECTS_DIR="$HOME/projects"
 INPUT=$(cat)
 
 # Extract the command from stdin JSON
-CMD=$(echo "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
+CMD=$(printf '%s' "$INPUT" | jq -r '.tool_input.command // empty' 2>/dev/null)
 
 # No command found — let it through
 if [ -z "$CMD" ]; then
@@ -26,12 +36,17 @@ fi
 # Commands like: gh issue comment --body "$(cat <<'EOF' ... rmdir ... EOF)"
 # contain destructive keywords in text, not as actual commands.
 
-# Remove heredoc blocks: <<'EOF'...EOF and <<EOF...EOF (multiline)
-STRIPPED=$(echo "$CMD" | perl -0777 -pe "s/<<'?\\w+'?.*?^\\w+$//gms" 2>/dev/null || echo "$CMD")
-# Remove double-quoted strings (greedy but good enough for this check)
-STRIPPED=$(echo "$STRIPPED" | sed -E 's/"[^"]*"//g' 2>/dev/null || echo "$STRIPPED")
+# Remove heredoc blocks (best-effort with sed)
+STRIPPED=$(printf '%s' "$CMD" | sed -e "s/<<'[A-Za-z_]*'.*//g" -e 's/<<[A-Za-z_]*.*//g' 2>/dev/null || printf '%s' "$CMD")
+# Remove double-quoted strings
+STRIPPED=$(printf '%s' "$STRIPPED" | sed 's/"[^"]*"//g' 2>/dev/null || printf '%s' "$STRIPPED")
 # Remove single-quoted strings
-STRIPPED=$(echo "$STRIPPED" | sed -E "s/'[^']*'//g" 2>/dev/null || echo "$STRIPPED")
+STRIPPED=$(printf '%s' "$STRIPPED" | sed "s/'[^']*'//g" 2>/dev/null || printf '%s' "$STRIPPED")
+
+# --- Helper: check if pattern matches stripped command ---
+matches() {
+  printf '%s' "$STRIPPED" | grep -qE "$1"
+}
 
 # --- Detect destructive commands (on stripped command only) ---
 
@@ -42,56 +57,78 @@ IS_GIT_CLEAN=false
 IS_RESET_HARD=false
 IS_GIT_CHECKOUT_DOT=false
 IS_GIT_RESTORE_DOT=false
+IS_GIT_PUSH_FORCE=false
+IS_DROP_TABLE=false
+IS_DOCKER_RM=false
 
-# Check for rm commands (but not git rm which is safe — it stages, doesn't destroy)
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)rm\s'; then
-  if ! echo "$STRIPPED" | grep -qE '(^|\s)git\s+rm\s'; then
+# rm (but not git rm which stages, doesn't destroy)
+if matches '(^|\s|;|&&|\|\|)rm\s'; then
+  if ! matches '(^|\s)git\s+rm\s'; then
     IS_RM=true
   fi
 fi
 
-# Check for rmdir commands
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)rmdir\s'; then
+# rmdir
+if matches '(^|\s|;|&&|\|\|)rmdir\s'; then
   IS_RMDIR=true
 fi
 
-# Check for mv commands that move project directories or git repos
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)mv\s'; then
-  MV_SOURCES=$(echo "$STRIPPED" | sed -E 's/^.*\bmv\s+//' | sed -E 's/-(f|i|n|v)\s+//g')
-  if echo "$MV_SOURCES" | grep -qE "(~/projects|$HOME/projects|\\\$HOME/projects|\\.git)"; then
+# mv of project directories or git repos
+if matches '(^|\s|;|&&|\|\|)mv\s'; then
+  MV_TAIL=$(printf '%s' "$STRIPPED" | sed 's/^.*\bmv //' | sed 's/-[finv] //g')
+  if printf '%s' "$MV_TAIL" | grep -qE '(~/projects|\.git)'; then
     IS_MV_PROJECT=true
   fi
 fi
 
-# Check for git clean
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)git\s+clean\b'; then
+# git clean
+if matches '(^|\s|;|&&|\|\|)git\s+clean\b'; then
   IS_GIT_CLEAN=true
 fi
 
-# Check for git reset --hard
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)git\s+reset\s+--hard'; then
+# git reset --hard
+if matches '(^|\s|;|&&|\|\|)git\s+reset\s+--hard'; then
   IS_RESET_HARD=true
 fi
 
-# Check for git checkout -- . (restores all files, discards changes)
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)git\s+checkout\s+--\s+\.'; then
+# git checkout -- .
+if matches '(^|\s|;|&&|\|\|)git\s+checkout\s+--\s+\.'; then
   IS_GIT_CHECKOUT_DOT=true
 fi
 
-# Check for git restore . (restores all files, discards changes)
-if echo "$STRIPPED" | grep -qE '(^|\s|;|&&|\|\|)git\s+restore\s+\.'; then
+# git restore .
+if matches '(^|\s|;|&&|\|\|)git\s+restore\s+\.'; then
   IS_GIT_RESTORE_DOT=true
 fi
 
-# Not a destructive command — let it through
+# git push --force / -f (but not --force-with-lease which is safer)
+if matches '(^|\s|;|&&|\|\|)git\s+push\s'; then
+  if matches 'git\s+push\s.*--force([^-]|$)' || matches 'git\s+push\s+-f(\s|$)' || matches 'git\s+push\s.*\s-f(\s|$)'; then
+    IS_GIT_PUSH_FORCE=true
+  fi
+fi
+
+# SQL drop table (case-insensitive)
+if printf '%s' "$STRIPPED" | grep -qiE '(^|\s|;)drop\s+table'; then
+  IS_DROP_TABLE=true
+fi
+
+# docker rm / docker rmi
+if matches '(^|\s|;|&&|\|\|)docker\s+(rm|rmi)\b'; then
+  IS_DOCKER_RM=true
+fi
+
+# --- Not a destructive command — let it through ---
+
 if [ "$IS_RM" = false ] && [ "$IS_RMDIR" = false ] && [ "$IS_MV_PROJECT" = false ] && \
    [ "$IS_GIT_CLEAN" = false ] && [ "$IS_RESET_HARD" = false ] && \
-   [ "$IS_GIT_CHECKOUT_DOT" = false ] && [ "$IS_GIT_RESTORE_DOT" = false ]; then
+   [ "$IS_GIT_CHECKOUT_DOT" = false ] && [ "$IS_GIT_RESTORE_DOT" = false ] && \
+   [ "$IS_GIT_PUSH_FORCE" = false ] && [ "$IS_DROP_TABLE" = false ] && \
+   [ "$IS_DOCKER_RM" = false ]; then
   exit 0
 fi
 
-# --- Handle git clean (block outright) ---
-
+# --- Block: git clean ---
 if [ "$IS_GIT_CLEAN" = true ]; then
   jq -n '{
     continue: false,
@@ -100,8 +137,7 @@ if [ "$IS_GIT_CLEAN" = true ]; then
   exit 0
 fi
 
-# --- Handle git reset --hard (block outright) ---
-
+# --- Block: git reset --hard ---
 if [ "$IS_RESET_HARD" = true ]; then
   jq -n '{
     continue: false,
@@ -110,8 +146,7 @@ if [ "$IS_RESET_HARD" = true ]; then
   exit 0
 fi
 
-# --- Handle git checkout -- . (block outright) ---
-
+# --- Block: git checkout -- . ---
 if [ "$IS_GIT_CHECKOUT_DOT" = true ]; then
   jq -n '{
     continue: false,
@@ -120,8 +155,7 @@ if [ "$IS_GIT_CHECKOUT_DOT" = true ]; then
   exit 0
 fi
 
-# --- Handle git restore . (block outright) ---
-
+# --- Block: git restore . ---
 if [ "$IS_GIT_RESTORE_DOT" = true ]; then
   jq -n '{
     continue: false,
@@ -130,8 +164,16 @@ if [ "$IS_GIT_RESTORE_DOT" = true ]; then
   exit 0
 fi
 
-# --- Handle mv of project directories (block outright) ---
+# --- Block: git push --force ---
+if [ "$IS_GIT_PUSH_FORCE" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: git push --force can overwrite remote history and cause data loss for collaborators. Use --force-with-lease instead, or ask the user to run this manually."
+  }'
+  exit 0
+fi
 
+# --- Block: mv of project directories ---
 if [ "$IS_MV_PROJECT" = true ]; then
   jq -n '{
     continue: false,
@@ -140,8 +182,7 @@ if [ "$IS_MV_PROJECT" = true ]; then
   exit 0
 fi
 
-# --- Handle rmdir (block outright) ---
-
+# --- Block: rmdir ---
 if [ "$IS_RMDIR" = true ]; then
   jq -n '{
     continue: false,
@@ -150,6 +191,24 @@ if [ "$IS_RMDIR" = true ]; then
   exit 0
 fi
 
+# --- Block: drop table ---
+if [ "$IS_DROP_TABLE" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: DROP TABLE detected. This would permanently destroy database data. Ask the user to run this SQL statement manually after confirming intent."
+  }'
+  exit 0
+fi
+
+# --- Block: docker rm / rmi ---
+if [ "$IS_DOCKER_RM" = true ]; then
+  jq -n '{
+    continue: false,
+    stopReason: "BLOCKED: docker rm/rmi detected. Removing containers or images can cause data loss. Ask the user to run this manually."
+  }'
+  exit 0
+fi
+
 # --- Handle rm commands — copy to staging, then block ---
 
 # Create timestamped staging directory
@@ -158,7 +217,7 @@ STAGE_DIR="$STAGING_ROOT/$TIMESTAMP"
 
 # Extract file paths from the rm command
 # Strip rm and its flags, keeping only the file arguments
-FILES=$(echo "$CMD" | sed -E 's/^.*\brm\s+//' | sed -E 's/-(r|f|rf|fr|v|i|rv|fv|rfv|frv)\s+//g' | tr ' ' '\n' | grep -v '^-' | grep -v '^$')
+FILES=$(printf '%s' "$CMD" | sed 's/^.*\brm //' | sed 's/-[rRfivd]* //g' | tr ' ' '\n' | grep -v '^-' | grep -v '^$' || true)
 
 if [ -z "$FILES" ]; then
   jq -n '{
@@ -168,14 +227,15 @@ if [ -z "$FILES" ]; then
   exit 0
 fi
 
-STAGED=()
-MISSING=()
+STAGED_COUNT=0
+STAGED_LIST=""
+MISSING_COUNT=0
 
 mkdir -p "$STAGE_DIR"
 
-while IFS= read -r filepath; do
+printf '%s\n' "$FILES" | while IFS= read -r filepath; do
   # Expand path (handle ~, relative paths)
-  expanded=$(eval echo "$filepath" 2>/dev/null || echo "$filepath")
+  expanded=$(eval printf '%s' "$filepath" 2>/dev/null || printf '%s' "$filepath")
 
   if [ -e "$expanded" ]; then
     # Preserve directory structure in staging
@@ -183,32 +243,32 @@ while IFS= read -r filepath; do
     mkdir -p "$target_dir"
     # COPY instead of MOVE — originals stay intact, staging is a backup
     if [ -d "$expanded" ]; then
-      cp -R "$expanded" "$target_dir/" 2>/dev/null && STAGED+=("$expanded") || MISSING+=("$expanded")
+      # Use rsync if available (excludes node_modules/dist/.git), fall back to cp
+      if command -v rsync >/dev/null 2>&1; then
+        rsync -a --exclude='node_modules' --exclude='dist' --exclude='.git' "$expanded/" "$target_dir/$(basename "$expanded")/" 2>/dev/null
+      else
+        cp -R "$expanded" "$target_dir/" 2>/dev/null
+      fi
     else
-      cp "$expanded" "$target_dir/" 2>/dev/null && STAGED+=("$expanded") || MISSING+=("$expanded")
+      cp "$expanded" "$target_dir/" 2>/dev/null
     fi
-  else
-    MISSING+=("$expanded")
   fi
-done <<< "$FILES"
+done
 
-# Build response
-STAGED_COUNT=${#STAGED[@]}
-MISSING_COUNT=${#MISSING[@]}
+# Count what was staged (check if staging dir has content)
+if [ -d "$STAGE_DIR" ] && [ "$(ls -A "$STAGE_DIR" 2>/dev/null)" ]; then
+  STAGED_COUNT=$(find "$STAGE_DIR" -mindepth 1 -maxdepth 1 | wc -l | tr -d ' ')
+fi
 
-if [ "$STAGED_COUNT" -eq 0 ] && [ "$MISSING_COUNT" -gt 0 ]; then
+if [ "$STAGED_COUNT" -eq 0 ]; then
   # All files were missing — let the rm fail naturally
   rmdir "$STAGE_DIR" 2>/dev/null || true
   exit 0
 fi
 
-STAGED_LIST=$(printf '%s, ' "${STAGED[@]}" | sed 's/, $//')
-
 jq -n \
-  --arg staged "$STAGED_LIST" \
   --arg dir "$STAGE_DIR" \
-  --argjson count "$STAGED_COUNT" \
   '{
     continue: false,
-    stopReason: ("BLOCKED & BACKED UP: " + ($count | tostring) + " item(s) copied to " + $dir + " — files: " + $staged + ". The originals are untouched. To proceed with deletion, ask the user to run the rm command manually.")
+    stopReason: ("BLOCKED & BACKED UP: Files copied to " + $dir + ". The originals are untouched. To proceed with deletion, ask the user to run the rm command manually.")
   }'