npm - @travisennis/acai - Versions diffs - 0.0.9 → 0.0.10 - Mend

@travisennis/acai 0.0.9 → 0.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (371) hide show

package/README.md +49 -762
package/bin/acai +52 -0
package/dist/agent/index.d.ts +12 -2
package/dist/agent/index.d.ts.map +1 -1
package/dist/agent/index.js +378 -199
package/dist/agent/sub-agent.d.ts +23 -0
package/dist/agent/sub-agent.d.ts.map +1 -0
package/dist/agent/sub-agent.js +109 -0
package/dist/cli/index.d.ts +26 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/{cli.js → cli/index.js} +84 -77
package/dist/cli/stdin.d.ts.map +1 -0
package/dist/{stdin.js → cli/stdin.js} +11 -0
package/dist/commands/copy/index.js +2 -2
package/dist/commands/copy/utils.d.ts.map +1 -1
package/dist/commands/copy/utils.js +15 -13
package/dist/commands/generate-rules/index.d.ts +1 -1
package/dist/commands/generate-rules/index.d.ts.map +1 -1
package/dist/commands/generate-rules/index.js +16 -101
package/dist/commands/generate-rules/service.d.ts +21 -0
package/dist/commands/generate-rules/service.d.ts.map +1 -0
package/dist/commands/generate-rules/service.js +103 -0
package/dist/commands/handoff/index.js +2 -2
package/dist/commands/health/index.js +1 -1
package/dist/commands/health/utils.d.ts.map +1 -1
package/dist/commands/health/utils.js +6 -0
package/dist/commands/history/index.d.ts +1 -1
package/dist/commands/history/index.d.ts.map +1 -1
package/dist/commands/history/index.js +17 -18
package/dist/commands/history/types.d.ts +38 -0
package/dist/commands/history/types.d.ts.map +1 -1
package/dist/commands/history/utils.d.ts.map +1 -1
package/dist/commands/history/utils.js +63 -58
package/dist/commands/init/index.d.ts.map +1 -1
package/dist/commands/init/index.js +3 -8
package/dist/commands/init-project/index.d.ts.map +1 -1
package/dist/commands/init-project/index.js +3 -3
package/dist/commands/init-project/utils.d.ts.map +1 -1
package/dist/commands/init-project/utils.js +10 -2
package/dist/commands/list-tools/index.d.ts.map +1 -1
package/dist/commands/list-tools/index.js +7 -31
package/dist/commands/manager.d.ts +2 -2
package/dist/commands/manager.d.ts.map +1 -1
package/dist/commands/manager.js +55 -33
package/dist/commands/model/index.d.ts.map +1 -1
package/dist/commands/model/index.js +20 -151
package/dist/commands/model/model-panel.d.ts +4 -0
package/dist/commands/model/model-panel.d.ts.map +1 -0
package/dist/commands/model/model-panel.js +144 -0
package/dist/commands/paste/index.d.ts.map +1 -1
package/dist/commands/paste/index.js +59 -62
package/dist/commands/paste/utils.d.ts.map +1 -1
package/dist/commands/paste/utils.js +88 -58
package/dist/commands/pickup/index.d.ts.map +1 -1
package/dist/commands/pickup/index.js +6 -3
package/dist/commands/pickup/utils.js +3 -3
package/dist/commands/resources/index.d.ts.map +1 -1
package/dist/commands/resources/index.js +33 -50
package/dist/commands/review/index.d.ts.map +1 -1
package/dist/commands/review/index.js +3 -117
package/dist/commands/review/review-panel.d.ts +3 -0
package/dist/commands/review/review-panel.d.ts.map +1 -0
package/dist/commands/review/review-panel.js +186 -0
package/dist/commands/review/utils.d.ts +9 -0
package/dist/commands/review/utils.d.ts.map +1 -1
package/dist/commands/review/utils.js +127 -68
package/dist/commands/session/index.d.ts +1 -1
package/dist/commands/session/index.d.ts.map +1 -1
package/dist/commands/session/index.js +124 -135
package/dist/commands/shell/index.d.ts.map +1 -1
package/dist/commands/shell/index.js +16 -1
package/dist/commands/types.d.ts +2 -2
package/dist/commands/types.d.ts.map +1 -1
package/dist/{config.d.ts → config/index.d.ts} +20 -9
package/dist/config/index.d.ts.map +1 -0
package/dist/{config.js → config/index.js} +43 -42
package/dist/execution/index.d.ts.map +1 -1
package/dist/execution/index.js +75 -55
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +148 -141
package/dist/middleware/cache.d.ts.map +1 -1
package/dist/middleware/cache.js +18 -36
package/dist/models/ai-config.d.ts +1 -0
package/dist/models/ai-config.d.ts.map +1 -1
package/dist/models/ai-config.js +4 -3
package/dist/models/anthropic-provider.d.ts +2 -5
package/dist/models/anthropic-provider.d.ts.map +1 -1
package/dist/models/anthropic-provider.js +3 -70
package/dist/models/deepseek-provider.d.ts +1 -0
package/dist/models/deepseek-provider.d.ts.map +1 -1
package/dist/models/google-provider.d.ts +2 -3
package/dist/models/google-provider.d.ts.map +1 -1
package/dist/models/google-provider.js +0 -26
package/dist/models/groq-provider.d.ts +1 -0
package/dist/models/groq-provider.d.ts.map +1 -1
package/dist/models/manager.d.ts +13 -2
package/dist/models/manager.d.ts.map +1 -1
package/dist/models/manager.js +20 -8
package/dist/models/openai-provider.d.ts +2 -5
package/dist/models/openai-provider.d.ts.map +1 -1
package/dist/models/openai-provider.js +0 -52
package/dist/models/opencode-zen-provider.d.ts +7 -3
package/dist/models/opencode-zen-provider.d.ts.map +1 -1
package/dist/models/opencode-zen-provider.js +49 -10
package/dist/models/openrouter-provider.d.ts +24 -31
package/dist/models/openrouter-provider.d.ts.map +1 -1
package/dist/models/openrouter-provider.js +84 -182
package/dist/models/providers.d.ts +1 -1
package/dist/models/providers.d.ts.map +1 -1
package/dist/models/xai-provider.d.ts +4 -3
package/dist/models/xai-provider.d.ts.map +1 -1
package/dist/models/xai-provider.js +18 -18
package/dist/modes/manager.d.ts +23 -0
package/dist/modes/manager.d.ts.map +1 -0
package/dist/modes/manager.js +77 -0
package/dist/modes/prompts.d.ts +2 -0
package/dist/modes/prompts.d.ts.map +1 -0
package/dist/modes/prompts.js +143 -0
package/dist/prompts/mentions.d.ts +11 -0
package/dist/prompts/mentions.d.ts.map +1 -0
package/dist/{mentions.js → prompts/mentions.js} +21 -80
package/dist/{prompts.d.ts → prompts/system-prompt.d.ts} +7 -2
package/dist/prompts/system-prompt.d.ts.map +1 -0
package/dist/{prompts.js → prompts/system-prompt.js} +31 -16
package/dist/repl/index.d.ts +174 -0
package/dist/repl/index.d.ts.map +1 -0
package/dist/{repl-new.js → repl/index.js} +389 -76
package/dist/repl/project-status.d.ts +1 -0
package/dist/repl/project-status.d.ts.map +1 -1
package/dist/repl/project-status.js +4 -1
package/dist/sessions/manager.d.ts +93 -1
package/dist/sessions/manager.d.ts.map +1 -1
package/dist/sessions/manager.js +262 -9
package/dist/sessions/summary.d.ts +4 -0
package/dist/sessions/summary.d.ts.map +1 -0
package/dist/sessions/summary.js +30 -0
package/dist/{skills.d.ts → skills/index.d.ts} +14 -2
package/dist/skills/index.d.ts.map +1 -0
package/dist/skills/index.js +294 -0
package/dist/subagents/index.d.ts +15 -0
package/dist/subagents/index.d.ts.map +1 -0
package/dist/subagents/index.js +231 -0
package/dist/terminal/control.d.ts +1 -1
package/dist/terminal/control.d.ts.map +1 -1
package/dist/terminal/control.js +3 -3
package/dist/terminal/east-asian-width.d.ts.map +1 -1
package/dist/terminal/east-asian-width.js +404 -351
package/dist/terminal/keys.d.ts +17 -0
package/dist/terminal/keys.d.ts.map +1 -1
package/dist/terminal/keys.js +37 -0
package/dist/terminal/select-prompt.d.ts.map +1 -1
package/dist/terminal/select-prompt.js +24 -12
package/dist/terminal/string-width.d.ts.map +1 -1
package/dist/terminal/string-width.js +25 -27
package/dist/terminal/style.d.ts.map +1 -1
package/dist/terminal/style.js +4 -7
package/dist/terminal/supports-color.d.ts.map +1 -1
package/dist/terminal/supports-color.js +41 -27
package/dist/terminal/table/cell.d.ts +12 -0
package/dist/terminal/table/cell.d.ts.map +1 -1
package/dist/terminal/table/cell.js +40 -25
package/dist/terminal/table/layout-manager.d.ts.map +1 -1
package/dist/terminal/table/layout-manager.js +100 -68
package/dist/terminal/table/utils.d.ts.map +1 -1
package/dist/terminal/table/utils.js +17 -10
package/dist/terminal/wrap-ansi.d.ts.map +1 -1
package/dist/terminal/wrap-ansi.js +172 -103
package/dist/tokens/tracker.d.ts +1 -0
package/dist/tokens/tracker.d.ts.map +1 -1
package/dist/tokens/tracker.js +3 -0
package/dist/tools/agent.d.ts +27 -0
package/dist/tools/agent.d.ts.map +1 -0
package/dist/tools/agent.js +81 -0
package/dist/tools/bash.d.ts +4 -3
package/dist/tools/bash.d.ts.map +1 -1
package/dist/tools/bash.js +324 -137
package/dist/tools/code-search.d.ts +41 -0
package/dist/tools/code-search.d.ts.map +1 -0
package/dist/tools/code-search.js +195 -0
package/dist/tools/directory-tree.d.ts +3 -3
package/dist/tools/directory-tree.d.ts.map +1 -1
package/dist/tools/directory-tree.js +8 -5
package/dist/tools/dynamic-tool-loader.d.ts +2 -5
package/dist/tools/dynamic-tool-loader.d.ts.map +1 -1
package/dist/tools/dynamic-tool-loader.js +20 -4
package/dist/tools/edit-file.d.ts +7 -7
package/dist/tools/edit-file.d.ts.map +1 -1
package/dist/tools/edit-file.js +164 -66
package/dist/tools/glob.d.ts +6 -6
package/dist/tools/glob.d.ts.map +1 -1
package/dist/tools/glob.js +95 -55
package/dist/tools/grep.d.ts +15 -12
package/dist/tools/grep.d.ts.map +1 -1
package/dist/tools/grep.js +300 -192
package/dist/tools/index.d.ts +143 -5
package/dist/tools/index.d.ts.map +1 -1
package/dist/tools/index.js +39 -24
package/dist/tools/ls.d.ts +2 -2
package/dist/tools/ls.d.ts.map +1 -1
package/dist/tools/ls.js +7 -5
package/dist/tools/read-file.d.ts +3 -3
package/dist/tools/read-file.d.ts.map +1 -1
package/dist/tools/read-file.js +74 -34
package/dist/tools/save-file.d.ts +3 -3
package/dist/tools/save-file.d.ts.map +1 -1
package/dist/tools/save-file.js +11 -11
package/dist/tools/skill.d.ts +23 -0
package/dist/tools/skill.d.ts.map +1 -0
package/dist/tools/skill.js +65 -0
package/dist/tools/think.d.ts.map +1 -1
package/dist/tools/think.js +2 -9
package/dist/tools/utils.d.ts +2 -0
package/dist/tools/utils.d.ts.map +1 -1
package/dist/tools/utils.js +12 -0
package/dist/tools/web-fetch.d.ts +62 -0
package/dist/tools/web-fetch.d.ts.map +1 -0
package/dist/tools/web-fetch.js +429 -0
package/dist/tools/web-search.d.ts +62 -0
package/dist/tools/web-search.d.ts.map +1 -0
package/dist/tools/web-search.js +226 -0
package/dist/tui/autocomplete/attachment-provider.d.ts +3 -6
package/dist/tui/autocomplete/attachment-provider.d.ts.map +1 -1
package/dist/tui/autocomplete/attachment-provider.js +25 -78
package/dist/tui/autocomplete/base-provider.d.ts +1 -0
package/dist/tui/autocomplete/base-provider.d.ts.map +1 -1
package/dist/tui/autocomplete/combined-provider.d.ts +1 -4
package/dist/tui/autocomplete/combined-provider.d.ts.map +1 -1
package/dist/tui/autocomplete/combined-provider.js +3 -17
package/dist/tui/autocomplete/command-provider.d.ts +1 -0
package/dist/tui/autocomplete/command-provider.d.ts.map +1 -1
package/dist/tui/autocomplete/command-provider.js +3 -0
package/dist/tui/autocomplete/file-search-provider.d.ts +2 -1
package/dist/tui/autocomplete/file-search-provider.d.ts.map +1 -1
package/dist/tui/autocomplete/file-search-provider.js +36 -16
package/dist/tui/autocomplete/skill-provider.d.ts +17 -0
package/dist/tui/autocomplete/skill-provider.d.ts.map +1 -0
package/dist/tui/autocomplete/skill-provider.js +49 -0
package/dist/tui/autocomplete.d.ts +2 -2
package/dist/tui/autocomplete.d.ts.map +1 -1
package/dist/tui/autocomplete.js +3 -5
package/dist/tui/components/assistant-message.d.ts.map +1 -1
package/dist/tui/components/assistant-message.js +0 -4
package/dist/tui/components/editor.d.ts +16 -2
package/dist/tui/components/editor.d.ts.map +1 -1
package/dist/tui/components/editor.js +211 -237
package/dist/tui/components/footer.d.ts +6 -4
package/dist/tui/components/footer.d.ts.map +1 -1
package/dist/tui/components/footer.js +49 -25
package/dist/tui/components/markdown.d.ts +8 -5
package/dist/tui/components/markdown.d.ts.map +1 -1
package/dist/tui/components/markdown.js +57 -39
package/dist/tui/components/modal.d.ts.map +1 -1
package/dist/tui/components/modal.js +35 -33
package/dist/tui/components/notification.d.ts +13 -2
package/dist/tui/components/notification.d.ts.map +1 -1
package/dist/tui/components/notification.js +36 -2
package/dist/tui/components/progress-bar.js +1 -1
package/dist/tui/components/select-list.d.ts +1 -0
package/dist/tui/components/select-list.d.ts.map +1 -1
package/dist/tui/components/select-list.js +14 -11
package/dist/tui/components/text.d.ts +16 -0
package/dist/tui/components/text.d.ts.map +1 -1
package/dist/tui/components/text.js +72 -57
package/dist/tui/components/thinking-block.d.ts +9 -0
package/dist/tui/components/thinking-block.d.ts.map +1 -1
package/dist/tui/components/thinking-block.js +43 -11
package/dist/tui/components/tool-execution.d.ts +5 -1
package/dist/tui/components/tool-execution.d.ts.map +1 -1
package/dist/tui/components/tool-execution.js +19 -10
package/dist/tui/components/user-message.d.ts.map +1 -1
package/dist/tui/components/user-message.js +0 -3
package/dist/tui/components/welcome.js +2 -2
package/dist/tui/terminal.d.ts.map +1 -1
package/dist/tui/terminal.js +10 -2
package/dist/tui/tui.d.ts +42 -0
package/dist/tui/tui.d.ts.map +1 -1
package/dist/tui/tui.js +157 -41
package/dist/utils/bash/parse.d.ts +19 -0
package/dist/utils/bash/parse.d.ts.map +1 -0
package/dist/utils/bash/parse.js +223 -0
package/dist/utils/bash/quote.d.ts +6 -0
package/dist/utils/bash/quote.d.ts.map +1 -0
package/dist/utils/bash/quote.js +23 -0
package/dist/utils/bash.d.ts.map +1 -1
package/dist/utils/bash.js +211 -126
package/dist/utils/command-protection.d.ts +28 -0
package/dist/utils/command-protection.d.ts.map +1 -0
package/dist/utils/command-protection.js +324 -0
package/dist/utils/dedent.d.ts.map +1 -0
package/dist/utils/env-expand.d.ts +2 -0
package/dist/utils/env-expand.d.ts.map +1 -0
package/dist/utils/env-expand.js +8 -0
package/dist/utils/filesystem/path-display.d.ts +11 -0
package/dist/utils/filesystem/path-display.d.ts.map +1 -0
package/dist/utils/filesystem/path-display.js +32 -0
package/dist/utils/filesystem/security.d.ts +2 -2
package/dist/utils/filesystem/security.d.ts.map +1 -1
package/dist/utils/filesystem/security.js +28 -30
package/dist/utils/formatting.d.ts.map +1 -0
package/dist/{formatting.js → utils/formatting.js} +1 -1
package/dist/utils/git.d.ts +4 -0
package/dist/utils/git.d.ts.map +1 -1
package/dist/utils/git.js +30 -0
package/dist/utils/glob.d.ts +1 -1
package/dist/utils/glob.d.ts.map +1 -1
package/dist/utils/logger.d.ts.map +1 -0
package/dist/{logger.js → utils/logger.js} +1 -1
package/dist/utils/parsing.d.ts.map +1 -0
package/dist/utils/process.d.ts.map +1 -1
package/dist/utils/process.js +90 -37
package/dist/utils/templates.d.ts +2 -0
package/dist/utils/templates.d.ts.map +1 -0
package/dist/utils/templates.js +24 -0
package/dist/utils/version.d.ts.map +1 -0
package/dist/{version.js → utils/version.js} +1 -1
package/package.json +34 -25
package/dist/cli.d.ts +0 -23
package/dist/cli.d.ts.map +0 -1
package/dist/commands/exit/index.d.ts +0 -10
package/dist/commands/exit/index.d.ts.map +0 -1
package/dist/commands/exit/index.js +0 -21
package/dist/commands/exit/types.d.ts +0 -8
package/dist/commands/exit/types.d.ts.map +0 -1
package/dist/commands/exit/types.js +0 -1
package/dist/commands/exit/utils.d.ts +0 -2
package/dist/commands/exit/utils.d.ts.map +0 -1
package/dist/commands/exit/utils.js +0 -13
package/dist/commands/prompt/index.d.ts +0 -5
package/dist/commands/prompt/index.d.ts.map +0 -1
package/dist/commands/prompt/index.js +0 -122
package/dist/commands/prompt/types.d.ts +0 -15
package/dist/commands/prompt/types.d.ts.map +0 -1
package/dist/commands/prompt/types.js +0 -1
package/dist/commands/prompt/utils.d.ts +0 -12
package/dist/commands/prompt/utils.d.ts.map +0 -1
package/dist/commands/prompt/utils.js +0 -107
package/dist/commands/reset/index.d.ts +0 -3
package/dist/commands/reset/index.d.ts.map +0 -1
package/dist/commands/reset/index.js +0 -25
package/dist/commands/reset/types.d.ts +0 -1
package/dist/commands/reset/types.d.ts.map +0 -1
package/dist/commands/reset/types.js +0 -3
package/dist/commands/save/index.d.ts +0 -3
package/dist/commands/save/index.d.ts.map +0 -1
package/dist/commands/save/index.js +0 -19
package/dist/config.d.ts.map +0 -1
package/dist/dedent.d.ts.map +0 -1
package/dist/formatting.d.ts.map +0 -1
package/dist/logger.d.ts.map +0 -1
package/dist/mentions.d.ts +0 -14
package/dist/mentions.d.ts.map +0 -1
package/dist/parsing.d.ts.map +0 -1
package/dist/prompts.d.ts.map +0 -1
package/dist/repl-new.d.ts +0 -65
package/dist/repl-new.d.ts.map +0 -1
package/dist/skills.d.ts.map +0 -1
package/dist/skills.js +0 -233
package/dist/stdin.d.ts.map +0 -1
package/dist/tui/autocomplete/path-provider.d.ts +0 -21
package/dist/tui/autocomplete/path-provider.d.ts.map +0 -1
package/dist/tui/autocomplete/path-provider.js +0 -164
package/dist/version.d.ts.map +0 -1
/package/dist/{stdin.d.ts → cli/stdin.d.ts} +0 -0
/package/dist/{dedent.d.ts → utils/dedent.d.ts} +0 -0
/package/dist/{dedent.js → utils/dedent.js} +0 -0
/package/dist/{formatting.d.ts → utils/formatting.d.ts} +0 -0
/package/dist/{logger.d.ts → utils/logger.d.ts} +0 -0
/package/dist/{parsing.d.ts → utils/parsing.d.ts} +0 -0
/package/dist/{parsing.js → utils/parsing.js} +0 -0
/package/dist/{version.d.ts → utils/version.d.ts} +0 -0

package/dist/utils/bash.js CHANGED Viewed

@@ -2,63 +2,158 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { isPathWithinAllowedDirs } from "./filesystem/security.js";
-// Validate path arguments to ensure they're within the project
-export function validatePaths(command, allowedDirs, cwd) {
-    // Simple tokenization - split on spaces but respect quotes
-    const tokens = [];
-    let current = "";
-    let inQuotes = false;
-    let quoteChar = "";
-    for (let i = 0; i < command.length; i++) {
-        const char = command[i] ?? "";
-        if ((char === '"' || char === "'") && !inQuotes) {
-            inQuotes = true;
-            quoteChar = char;
-            current += char;
+function handleNormalMode(state, char, command, tokens) {
+    if (/\s/.test(char)) {
+        if (state.current) {
+            tokens.push(state.current);
+            state.current = "";
         }
-        else if (char === quoteChar && inQuotes) {
-            inQuotes = false;
-            quoteChar = "";
-            current += char;
+        return;
+    }
+    if (char === "'") {
+        state.mode = "single";
+        state.current += char;
+        return;
+    }
+    if (char === '"') {
+        state.mode = "double";
+        state.current += char;
+        return;
+    }
+    if (char === "\\") {
+        const next = command[state.i + 1];
+        if (next !== undefined) {
+            state.current += char + next;
+            state.i++;
+            return;
         }
-        else if (char === " " && !inQuotes) {
-            if (current) {
-                tokens.push(current);
-                current = "";
-            }
+    }
+    state.current += char;
+}
+function handleSingleQuoteMode(state, char) {
+    state.current += char;
+    if (char === "'")
+        state.mode = "normal";
+}
+function handleDoubleQuoteMode(state, char, command) {
+    state.current += char;
+    if (char === "\\") {
+        const next = command[state.i + 1];
+        if (next !== undefined) {
+            state.current += next;
+            state.i++;
         }
-        else {
-            current += char;
+        return;
+    }
+    if (char === '"')
+        state.mode = "normal";
+}
+// Tokenize shell command respecting quotes and escapes
+function tokenizeShellWords(command) {
+    const tokens = [];
+    const state = { current: "", mode: "normal", i: 0 };
+    for (state.i = 0; state.i < command.length; state.i++) {
+        const char = command[state.i] ?? "";
+        if (state.mode === "normal")
+            handleNormalMode(state, char, command, tokens);
+        else if (state.mode === "single")
+            handleSingleQuoteMode(state, char);
+        else
+            handleDoubleQuoteMode(state, char, command);
+    }
+    if (state.current)
+        tokens.push(state.current);
+    return tokens;
+}
+// Strip surrounding quotes from a token
+function stripQuotes(token) {
+    if ((token.startsWith('"') && token.endsWith('"')) ||
+        (token.startsWith("'") && token.endsWith("'"))) {
+        return token.slice(1, -1);
+    }
+    return token;
+}
+// Check if a token is fully quoted (content should not be path-validated)
+function isFullyQuoted(token) {
+    if (token.length < 2)
+        return false;
+    const first = token[0];
+    const last = token[token.length - 1];
+    return (first === '"' && last === '"') || (first === "'" && last === "'");
+}
+// Compute which tokens should be skipped from path validation
+function computeSkipTokenMask(tokens) {
+    const skip = new Array(tokens.length).fill(false);
+    const bin = stripQuotes(tokens[0] ?? "");
+    const sub = stripQuotes(tokens[1] ?? "");
+    // Commands where -m/--message is a string argument (not a path)
+    const gitMessageSubs = new Set(["commit", "merge", "tag", "revert", "notes"]);
+    if (bin === "git" && gitMessageSubs.has(sub)) {
+        let seenDoubleDash = false;
+        for (let i = 2; i < tokens.length; i++) {
+            const t = stripQuotes(tokens[i] ?? "");
+            if (t === "--") {
+                seenDoubleDash = true;
+                continue;
+            }
+            if (seenDoubleDash)
+                continue;
+            // --message=<msg> - skip this entire token
+            if (t.startsWith("--message=")) {
+                skip[i] = true;
+                continue;
+            }
+            // -m<msg> (attached message) - skip this entire token
+            if (/^-m.+/.test(t)) {
+                skip[i] = true;
+                continue;
+            }
+            // -m or --message consumes next token
+            if (t === "-m" || t === "--message") {
+                if (i + 1 < tokens.length)
+                    skip[i + 1] = true;
+                continue;
+            }
+            // Combined short opts containing m, e.g. -am, -avm
+            if (/^-[^-]+$/.test(t) && t.includes("m")) {
+                if (i + 1 < tokens.length)
+                    skip[i + 1] = true;
+            }
         }
     }
-    if (current)
-        tokens.push(current);
+    return skip;
+}
+// Validate path arguments to ensure they're within the project
+export function validatePaths(command, allowedDirs, cwd) {
+    const tokens = tokenizeShellWords(command);
+    const skip = computeSkipTokenMask(tokens);
     // Check each token that looks like a path
     for (let i = 1; i < tokens.length; i++) {
-        // Skip the command itself
         const token = tokens[i];
         if (!token)
             continue;
+        // Skip tokens marked by command-aware logic
+        if (skip[i])
+            continue;
+        // Skip fully quoted tokens - they're string arguments, not paths
+        // (paths are typically unquoted or only quoted to handle spaces)
+        if (isFullyQuoted(token) && token.includes("\n")) {
+            continue;
+        }
         // Remove quotes for path checking
-        const cleanToken = token.replace(/^['"]|['"]$/g, "");
+        const cleanToken = stripQuotes(token);
         // Skip if it's clearly not a path
         if (cleanToken.startsWith("-") ||
             cleanToken.includes("://") ||
             (!cleanToken.includes("/") && cleanToken !== "~")) {
             continue;
         }
-        // Skip git commit messages and other special cases
-        const prevToken = tokens[i - 1]?.replace(/^['"]|['"]$/g, "");
-        if (prevToken === "-m" || prevToken === "--message") {
-            continue;
-        }
         try {
             // Expand ~ to home directory for proper validation
             const expandedToken = cleanToken.startsWith("~/") || cleanToken === "~"
                 ? path.join(os.homedir(), cleanToken.slice(1))
                 : cleanToken;
             const resolvedPath = path.resolve(cwd, expandedToken);
-            // Allow access to explicitly allowed paths
             if (!isPathWithinAllowedDirs(resolvedPath, allowedDirs)) {
                 return {
                     isValid: false,
@@ -125,6 +220,87 @@ export const resolveCwd = (cwdInput, workingDir, allowedDirs) => {
     }
     return target;
 };
+const mutatingBinaries = new Set([
+    "rm",
+    "mv",
+    "cp",
+    "mkdir",
+    "rmdir",
+    "touch",
+    "chmod",
+    "chown",
+    "ln",
+    "truncate",
+    "dd",
+    "tee",
+]);
+const npmMutating = new Set([
+    "install",
+    "uninstall",
+    "update",
+    "ci",
+    "publish",
+    "link",
+    "dedupe",
+    "prune",
+    "rebuild",
+    "add",
+]);
+const gitMutating = new Set([
+    "add",
+    "am",
+    "apply",
+    "branch",
+    "checkout",
+    "switch",
+    "cherry-pick",
+    "clean",
+    "commit",
+    "merge",
+    "mv",
+    "pull",
+    "push",
+    "rebase",
+    "reset",
+    "revert",
+    "stash",
+    "tag",
+    "worktree",
+    "submodule",
+    "config",
+]);
+const actionMutating = new Set(["create", "update", "upgrade", "install"]);
+const packageManagers = new Set(["npm", "pnpm", "yarn"]);
+function isSegmentMutating(seg) {
+    const tokens = seg.split(/\s+/);
+    if (tokens.length === 0)
+        return false;
+    const bin = tokens[0];
+    if (!bin)
+        return false;
+    if (tokens.some((t) => actionMutating.has(t))) {
+        return true;
+    }
+    if (bin === "sed" && tokens.some((t) => /^-i/.test(t))) {
+        return true;
+    }
+    if (mutatingBinaries.has(bin)) {
+        return true;
+    }
+    if (bin === "git" && tokens.length > 1) {
+        const sub = tokens[1];
+        if (typeof sub === "string" && gitMutating.has(sub)) {
+            return true;
+        }
+    }
+    if (packageManagers.has(bin) && tokens.length > 1) {
+        const sub = tokens[1];
+        if (typeof sub === "string" && npmMutating.has(sub)) {
+            return true;
+        }
+    }
+    return false;
+}
 export const isMutatingCommand = (rawCommand) => {
     const command = rawCommand.trim();
     // Redirections that write to disk
@@ -136,96 +312,5 @@ export const isMutatingCommand = (rawCommand) => {
         .split(/\s*(?:&&|\|\||;|\|)\s*/)
         .map((s) => s.trim())
         .filter((s) => s.length > 0);
-    const mutatingBinaries = new Set([
-        "rm",
-        "mv",
-        "cp",
-        "mkdir",
-        "rmdir",
-        "touch",
-        "chmod",
-        "chown",
-        "ln",
-        "truncate",
-        "dd",
-        "tee",
-    ]);
-    const npmMutating = new Set([
-        "install",
-        "uninstall",
-        "update",
-        "ci",
-        "publish",
-        "link",
-        "dedupe",
-        "prune",
-        "rebuild",
-        "add",
-    ]);
-    const gitMutating = new Set([
-        "add",
-        "am",
-        "apply",
-        "branch",
-        "checkout",
-        "switch",
-        "cherry-pick",
-        "clean",
-        "commit",
-        "merge",
-        "mv",
-        "pull",
-        "push",
-        "rebase",
-        "reset",
-        "revert",
-        "stash",
-        "tag",
-        "worktree",
-        "submodule",
-        "config",
-    ]);
-    // Generic action words that should be considered mutating when present in the command
-    const actionMutating = new Set(["create", "update", "upgrade", "install"]);
-    for (const seg of segments) {
-        const tokens = seg.split(/\s+/);
-        if (tokens.length === 0)
-            continue;
-        const bin = tokens[0];
-        if (!bin)
-            continue;
-        // If any token is an action-like mutating word, consider mutating
-        if (tokens.some((t) => actionMutating.has(t))) {
-            return true;
-        }
-        // sed -i is mutating
-        if (bin === "sed") {
-            if (tokens.some((t) => /^-i/.test(t))) {
-                return true;
-            }
-            // sed without -i is not mutating
-        }
-        if (mutatingBinaries.has(bin)) {
-            return true;
-        }
-        if (bin === "git" && tokens.length > 1) {
-            const sub = tokens[1];
-            if (typeof sub === "string" && gitMutating.has(sub)) {
-                return true;
-            }
-        }
-        if (bin === "npm" && tokens.length > 1) {
-            const sub = tokens[1];
-            if (typeof sub === "string" && npmMutating.has(sub)) {
-                return true;
-            }
-        }
-        if ((bin === "pnpm" || bin === "yarn") && tokens.length > 1) {
-            const sub = tokens[1];
-            if (typeof sub === "string" && npmMutating.has(sub)) {
-                return true;
-            }
-        }
-    }
-    return false;
+    return segments.some((seg) => isSegmentMutating(seg));
 };

package/dist/utils/command-protection.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Command Protection Module
+ * Detects and blocks destructive commands that could cause data loss
+ */
+export interface BlockedCommandResult {
+    blocked: true;
+    reason: string;
+    command: string;
+    tip: string;
+}
+export interface SafeCommandResult {
+    blocked: false;
+}
+/**
+ * Result type for command safety check
+ */
+export type CommandSafetyResult = BlockedCommandResult | SafeCommandResult;
+/**
+ * Detects if a command is destructive and should be blocked
+ * @param command - The full command string to check
+ * @returns BlockedCommandResult if destructive, SafeCommandResult if safe
+ */
+export declare function detectDestructiveCommand(command: string): CommandSafetyResult;
+/**
+ * Generate a user-friendly blocked command message
+ */
+export declare function formatBlockedCommandMessage(result: BlockedCommandResult): string;
+//# sourceMappingURL=command-protection.d.ts.map

package/dist/utils/command-protection.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"command-protection.d.ts","sourceRoot":"","sources":["../../source/utils/command-protection.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,IAAI,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,KAAK,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,oBAAoB,GAAG,iBAAiB,CAAC;AAE3E;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,mBAAmB,CA4B7E;AA8UD;;GAEG;AACH,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,oBAAoB,GAC3B,MAAM,CAQR"}