npm - @travisennis/acai - Versions diffs - 0.0.9 → 0.0.11 - Mend

@travisennis/acai 0.0.9 → 0.0.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (403) hide show

package/README.md +51 -760
package/bin/acai +52 -0
package/dist/agent/index.d.ts +12 -2
package/dist/agent/index.d.ts.map +1 -1
package/dist/agent/index.js +380 -199
package/dist/agent/sub-agent.d.ts +23 -0
package/dist/agent/sub-agent.d.ts.map +1 -0
package/dist/agent/sub-agent.js +109 -0
package/dist/cli/index.d.ts +26 -0
package/dist/cli/index.d.ts.map +1 -0
package/dist/{cli.js → cli/index.js} +84 -77
package/dist/{stdin.d.ts → cli/stdin.d.ts} +2 -1
package/dist/cli/stdin.d.ts.map +1 -0
package/dist/{stdin.js → cli/stdin.js} +11 -0
package/dist/commands/copy/index.js +2 -2
package/dist/commands/copy/utils.d.ts.map +1 -1
package/dist/commands/copy/utils.js +15 -13
package/dist/commands/generate-rules/index.d.ts +1 -1
package/dist/commands/generate-rules/index.d.ts.map +1 -1
package/dist/commands/generate-rules/index.js +16 -101
package/dist/commands/generate-rules/service.d.ts +22 -0
package/dist/commands/generate-rules/service.d.ts.map +1 -0
package/dist/commands/generate-rules/service.js +103 -0
package/dist/commands/handoff/index.js +2 -2
package/dist/commands/health/index.js +1 -1
package/dist/commands/health/utils.d.ts +3 -2
package/dist/commands/health/utils.d.ts.map +1 -1
package/dist/commands/health/utils.js +6 -0
package/dist/commands/history/index.d.ts +1 -1
package/dist/commands/history/index.d.ts.map +1 -1
package/dist/commands/history/index.js +17 -18
package/dist/commands/history/types.d.ts +38 -0
package/dist/commands/history/types.d.ts.map +1 -1
package/dist/commands/history/utils.d.ts.map +1 -1
package/dist/commands/history/utils.js +63 -58
package/dist/commands/init/index.d.ts.map +1 -1
package/dist/commands/init/index.js +3 -8
package/dist/commands/init-project/index.d.ts.map +1 -1
package/dist/commands/init-project/index.js +3 -3
package/dist/commands/init-project/utils.d.ts +2 -1
package/dist/commands/init-project/utils.d.ts.map +1 -1
package/dist/commands/init-project/utils.js +10 -2
package/dist/commands/list-tools/index.d.ts.map +1 -1
package/dist/commands/list-tools/index.js +7 -31
package/dist/commands/manager.d.ts +2 -2
package/dist/commands/manager.d.ts.map +1 -1
package/dist/commands/manager.js +55 -33
package/dist/commands/model/index.d.ts.map +1 -1
package/dist/commands/model/index.js +20 -151
package/dist/commands/model/model-panel.d.ts +4 -0
package/dist/commands/model/model-panel.d.ts.map +1 -0
package/dist/commands/model/model-panel.js +144 -0
package/dist/commands/paste/index.d.ts.map +1 -1
package/dist/commands/paste/index.js +59 -62
package/dist/commands/paste/utils.d.ts.map +1 -1
package/dist/commands/paste/utils.js +88 -58
package/dist/commands/pickup/index.d.ts.map +1 -1
package/dist/commands/pickup/index.js +6 -3
package/dist/commands/pickup/utils.js +3 -3
package/dist/commands/resources/index.d.ts.map +1 -1
package/dist/commands/resources/index.js +33 -50
package/dist/commands/review/index.d.ts.map +1 -1
package/dist/commands/review/index.js +3 -117
package/dist/commands/review/review-panel.d.ts +3 -0
package/dist/commands/review/review-panel.d.ts.map +1 -0
package/dist/commands/review/review-panel.js +186 -0
package/dist/commands/review/utils.d.ts +15 -1
package/dist/commands/review/utils.d.ts.map +1 -1
package/dist/commands/review/utils.js +127 -68
package/dist/commands/session/index.d.ts +1 -1
package/dist/commands/session/index.d.ts.map +1 -1
package/dist/commands/session/index.js +124 -135
package/dist/commands/shell/index.d.ts.map +1 -1
package/dist/commands/shell/index.js +16 -1
package/dist/commands/types.d.ts +2 -2
package/dist/commands/types.d.ts.map +1 -1
package/dist/{config.d.ts → config/index.d.ts} +20 -9
package/dist/config/index.d.ts.map +1 -0
package/dist/{config.js → config/index.js} +43 -42
package/dist/execution/index.d.ts.map +1 -1
package/dist/execution/index.js +75 -55
package/dist/index.d.ts +1 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +148 -141
package/dist/middleware/cache.d.ts.map +1 -1
package/dist/middleware/cache.js +18 -36
package/dist/models/ai-config.d.ts +1 -0
package/dist/models/ai-config.d.ts.map +1 -1
package/dist/models/ai-config.js +4 -3
package/dist/models/anthropic-provider.d.ts +2 -5
package/dist/models/anthropic-provider.d.ts.map +1 -1
package/dist/models/anthropic-provider.js +3 -70
package/dist/models/deepseek-provider.d.ts +1 -0
package/dist/models/deepseek-provider.d.ts.map +1 -1
package/dist/models/google-provider.d.ts +2 -3
package/dist/models/google-provider.d.ts.map +1 -1
package/dist/models/google-provider.js +0 -26
package/dist/models/groq-provider.d.ts +1 -0
package/dist/models/groq-provider.d.ts.map +1 -1
package/dist/models/manager.d.ts +13 -2
package/dist/models/manager.d.ts.map +1 -1
package/dist/models/manager.js +20 -8
package/dist/models/openai-provider.d.ts +2 -5
package/dist/models/openai-provider.d.ts.map +1 -1
package/dist/models/openai-provider.js +0 -52
package/dist/models/opencode-go-provider.d.ts +25 -0
package/dist/models/opencode-go-provider.d.ts.map +1 -0
package/dist/models/opencode-go-provider.js +78 -0
package/dist/models/opencode-zen-provider.d.ts +7 -3
package/dist/models/opencode-zen-provider.d.ts.map +1 -1
package/dist/models/opencode-zen-provider.js +49 -10
package/dist/models/openrouter-provider.d.ts +27 -31
package/dist/models/openrouter-provider.d.ts.map +1 -1
package/dist/models/openrouter-provider.js +121 -180
package/dist/models/providers.d.ts +3 -3
package/dist/models/providers.d.ts.map +1 -1
package/dist/models/providers.js +6 -0
package/dist/models/xai-provider.d.ts +4 -3
package/dist/models/xai-provider.d.ts.map +1 -1
package/dist/models/xai-provider.js +18 -18
package/dist/modes/manager.d.ts +24 -0
package/dist/modes/manager.d.ts.map +1 -0
package/dist/modes/manager.js +77 -0
package/dist/modes/prompts.d.ts +2 -0
package/dist/modes/prompts.d.ts.map +1 -0
package/dist/modes/prompts.js +142 -0
package/dist/prompts/mentions.d.ts +11 -0
package/dist/prompts/mentions.d.ts.map +1 -0
package/dist/{mentions.js → prompts/mentions.js} +55 -85
package/dist/{prompts.d.ts → prompts/system-prompt.d.ts} +7 -2
package/dist/prompts/system-prompt.d.ts.map +1 -0
package/dist/{prompts.js → prompts/system-prompt.js} +31 -16
package/dist/repl/index.d.ts +174 -0
package/dist/repl/index.d.ts.map +1 -0
package/dist/{repl-new.js → repl/index.js} +397 -76
package/dist/repl/project-status.d.ts +1 -0
package/dist/repl/project-status.d.ts.map +1 -1
package/dist/repl/project-status.js +4 -1
package/dist/sessions/manager.d.ts +92 -0
package/dist/sessions/manager.d.ts.map +1 -1
package/dist/sessions/manager.js +262 -9
package/dist/sessions/summary.d.ts +4 -0
package/dist/sessions/summary.d.ts.map +1 -0
package/dist/sessions/summary.js +30 -0
package/dist/skills/index.d.ts +29 -0
package/dist/skills/index.d.ts.map +1 -0
package/dist/skills/index.js +294 -0
package/dist/subagents/index.d.ts +16 -0
package/dist/subagents/index.d.ts.map +1 -0
package/dist/subagents/index.js +231 -0
package/dist/terminal/control.d.ts +1 -1
package/dist/terminal/control.d.ts.map +1 -1
package/dist/terminal/control.js +3 -3
package/dist/terminal/east-asian-width.d.ts.map +1 -1
package/dist/terminal/east-asian-width.js +404 -351
package/dist/terminal/keys.d.ts +17 -0
package/dist/terminal/keys.d.ts.map +1 -1
package/dist/terminal/keys.js +37 -0
package/dist/terminal/select-prompt.d.ts.map +1 -1
package/dist/terminal/select-prompt.js +24 -12
package/dist/terminal/string-width.d.ts.map +1 -1
package/dist/terminal/string-width.js +25 -27
package/dist/terminal/style.d.ts.map +1 -1
package/dist/terminal/style.js +4 -7
package/dist/terminal/supports-color.d.ts.map +1 -1
package/dist/terminal/supports-color.js +41 -27
package/dist/terminal/table/cell.d.ts +12 -0
package/dist/terminal/table/cell.d.ts.map +1 -1
package/dist/terminal/table/cell.js +40 -25
package/dist/terminal/table/layout-manager.d.ts.map +1 -1
package/dist/terminal/table/layout-manager.js +100 -68
package/dist/terminal/table/utils.d.ts +1 -1
package/dist/terminal/table/utils.d.ts.map +1 -1
package/dist/terminal/table/utils.js +17 -10
package/dist/terminal/wrap-ansi.d.ts.map +1 -1
package/dist/terminal/wrap-ansi.js +174 -105
package/dist/tokens/tracker.d.ts +1 -0
package/dist/tokens/tracker.d.ts.map +1 -1
package/dist/tokens/tracker.js +3 -0
package/dist/tools/agent.d.ts +27 -0
package/dist/tools/agent.d.ts.map +1 -0
package/dist/tools/agent.js +81 -0
package/dist/tools/apply-patch.d.ts +62 -0
package/dist/tools/apply-patch.d.ts.map +1 -0
package/dist/tools/apply-patch.js +377 -0
package/dist/tools/bash.d.ts +4 -3
package/dist/tools/bash.d.ts.map +1 -1
package/dist/tools/bash.js +349 -141
package/dist/tools/directory-tree.d.ts +3 -3
package/dist/tools/directory-tree.d.ts.map +1 -1
package/dist/tools/directory-tree.js +8 -5
package/dist/tools/dynamic-tool-loader.d.ts +3 -6
package/dist/tools/dynamic-tool-loader.d.ts.map +1 -1
package/dist/tools/dynamic-tool-loader.js +20 -4
package/dist/tools/edit-file.d.ts +7 -7
package/dist/tools/edit-file.d.ts.map +1 -1
package/dist/tools/edit-file.js +292 -85
package/dist/tools/glob.d.ts +6 -6
package/dist/tools/glob.d.ts.map +1 -1
package/dist/tools/glob.js +110 -63
package/dist/tools/grep.d.ts +15 -12
package/dist/tools/grep.d.ts.map +1 -1
package/dist/tools/grep.js +315 -193
package/dist/tools/index.d.ts +114 -9
package/dist/tools/index.d.ts.map +1 -1
package/dist/tools/index.js +39 -24
package/dist/tools/ls.d.ts +2 -2
package/dist/tools/ls.d.ts.map +1 -1
package/dist/tools/ls.js +7 -5
package/dist/tools/read-file.d.ts +4 -6
package/dist/tools/read-file.d.ts.map +1 -1
package/dist/tools/read-file.js +84 -39
package/dist/tools/save-file.d.ts +3 -3
package/dist/tools/save-file.d.ts.map +1 -1
package/dist/tools/save-file.js +36 -31
package/dist/tools/skill.d.ts +23 -0
package/dist/tools/skill.d.ts.map +1 -0
package/dist/tools/skill.js +65 -0
package/dist/tools/think.d.ts.map +1 -1
package/dist/tools/think.js +2 -9
package/dist/tools/utils.d.ts +2 -0
package/dist/tools/utils.d.ts.map +1 -1
package/dist/tools/utils.js +12 -0
package/dist/tools/web-fetch.d.ts +50 -0
package/dist/tools/web-fetch.d.ts.map +1 -0
package/dist/tools/web-fetch.js +446 -0
package/dist/tools/web-search.d.ts +44 -0
package/dist/tools/web-search.d.ts.map +1 -0
package/dist/tools/web-search.js +226 -0
package/dist/tui/autocomplete/attachment-provider.d.ts +3 -6
package/dist/tui/autocomplete/attachment-provider.d.ts.map +1 -1
package/dist/tui/autocomplete/attachment-provider.js +25 -78
package/dist/tui/autocomplete/base-provider.d.ts +1 -0
package/dist/tui/autocomplete/base-provider.d.ts.map +1 -1
package/dist/tui/autocomplete/combined-provider.d.ts +1 -4
package/dist/tui/autocomplete/combined-provider.d.ts.map +1 -1
package/dist/tui/autocomplete/combined-provider.js +3 -17
package/dist/tui/autocomplete/command-provider.d.ts +1 -0
package/dist/tui/autocomplete/command-provider.d.ts.map +1 -1
package/dist/tui/autocomplete/command-provider.js +3 -0
package/dist/tui/autocomplete/file-search-provider.d.ts +2 -1
package/dist/tui/autocomplete/file-search-provider.d.ts.map +1 -1
package/dist/tui/autocomplete/file-search-provider.js +37 -17
package/dist/tui/autocomplete/skill-provider.d.ts +17 -0
package/dist/tui/autocomplete/skill-provider.d.ts.map +1 -0
package/dist/tui/autocomplete/skill-provider.js +49 -0
package/dist/tui/autocomplete/utils.d.ts +2 -1
package/dist/tui/autocomplete/utils.d.ts.map +1 -1
package/dist/tui/autocomplete/utils.js +25 -23
package/dist/tui/autocomplete.d.ts +2 -2
package/dist/tui/autocomplete.d.ts.map +1 -1
package/dist/tui/autocomplete.js +3 -5
package/dist/tui/components/assistant-message.d.ts.map +1 -1
package/dist/tui/components/assistant-message.js +0 -4
package/dist/tui/components/editor.d.ts +18 -3
package/dist/tui/components/editor.d.ts.map +1 -1
package/dist/tui/components/editor.js +211 -237
package/dist/tui/components/footer.d.ts +6 -4
package/dist/tui/components/footer.d.ts.map +1 -1
package/dist/tui/components/footer.js +49 -25
package/dist/tui/components/markdown.d.ts +10 -7
package/dist/tui/components/markdown.d.ts.map +1 -1
package/dist/tui/components/markdown.js +57 -39
package/dist/tui/components/modal.d.ts.map +1 -1
package/dist/tui/components/modal.js +35 -33
package/dist/tui/components/notification.d.ts +13 -2
package/dist/tui/components/notification.d.ts.map +1 -1
package/dist/tui/components/notification.js +36 -2
package/dist/tui/components/progress-bar.js +1 -1
package/dist/tui/components/select-list.d.ts +1 -0
package/dist/tui/components/select-list.d.ts.map +1 -1
package/dist/tui/components/select-list.js +14 -11
package/dist/tui/components/text.d.ts +16 -0
package/dist/tui/components/text.d.ts.map +1 -1
package/dist/tui/components/text.js +72 -57
package/dist/tui/components/thinking-block.d.ts +9 -0
package/dist/tui/components/thinking-block.d.ts.map +1 -1
package/dist/tui/components/thinking-block.js +43 -11
package/dist/tui/components/tool-execution.d.ts +5 -1
package/dist/tui/components/tool-execution.d.ts.map +1 -1
package/dist/tui/components/tool-execution.js +19 -10
package/dist/tui/components/user-message.d.ts.map +1 -1
package/dist/tui/components/user-message.js +0 -3
package/dist/tui/components/welcome.d.ts +2 -1
package/dist/tui/components/welcome.d.ts.map +1 -1
package/dist/tui/components/welcome.js +2 -2
package/dist/tui/editor-launcher.d.ts +3 -2
package/dist/tui/editor-launcher.d.ts.map +1 -1
package/dist/tui/index.d.ts +0 -1
package/dist/tui/index.d.ts.map +1 -1
package/dist/tui/terminal.d.ts.map +1 -1
package/dist/tui/terminal.js +10 -2
package/dist/tui/tui.d.ts +43 -0
package/dist/tui/tui.d.ts.map +1 -1
package/dist/tui/tui.js +166 -41
package/dist/tui/utils.d.ts +1 -5
package/dist/tui/utils.d.ts.map +1 -1
package/dist/tui/utils.js +271 -44
package/dist/utils/bash/parse.d.ts +19 -0
package/dist/utils/bash/parse.d.ts.map +1 -0
package/dist/utils/bash/parse.js +223 -0
package/dist/utils/bash/quote.d.ts +6 -0
package/dist/utils/bash/quote.d.ts.map +1 -0
package/dist/utils/bash/quote.js +23 -0
package/dist/utils/bash.d.ts.map +1 -1
package/dist/utils/bash.js +211 -126
package/dist/utils/command-protection.d.ts +28 -0
package/dist/utils/command-protection.d.ts.map +1 -0
package/dist/utils/command-protection.js +324 -0
package/dist/utils/dedent.d.ts.map +1 -0
package/dist/utils/env-expand.d.ts +2 -0
package/dist/utils/env-expand.d.ts.map +1 -0
package/dist/utils/env-expand.js +8 -0
package/dist/utils/filesystem/path-display.d.ts +11 -0
package/dist/utils/filesystem/path-display.d.ts.map +1 -0
package/dist/utils/filesystem/path-display.js +32 -0
package/dist/utils/filesystem/security.d.ts +2 -2
package/dist/utils/filesystem/security.d.ts.map +1 -1
package/dist/utils/filesystem/security.js +28 -30
package/dist/utils/formatting.d.ts.map +1 -0
package/dist/{formatting.js → utils/formatting.js} +1 -1
package/dist/utils/git.d.ts +4 -0
package/dist/utils/git.d.ts.map +1 -1
package/dist/utils/git.js +30 -0
package/dist/utils/glob.d.ts +1 -1
package/dist/utils/glob.d.ts.map +1 -1
package/dist/utils/logger.d.ts.map +1 -0
package/dist/{logger.js → utils/logger.js} +1 -1
package/dist/utils/parsing.d.ts.map +1 -0
package/dist/utils/process.d.ts.map +1 -1
package/dist/utils/process.js +90 -37
package/dist/utils/templates.d.ts +2 -0
package/dist/utils/templates.d.ts.map +1 -0
package/dist/utils/templates.js +24 -0
package/dist/utils/version.d.ts.map +1 -0
package/dist/{version.js → utils/version.js} +1 -1
package/package.json +35 -26
package/dist/cli.d.ts +0 -23
package/dist/cli.d.ts.map +0 -1
package/dist/commands/add-directory/types.d.ts +0 -6
package/dist/commands/add-directory/types.d.ts.map +0 -1
package/dist/commands/add-directory/types.js +0 -1
package/dist/commands/copy/types.d.ts +0 -3
package/dist/commands/copy/types.d.ts.map +0 -1
package/dist/commands/copy/types.js +0 -1
package/dist/commands/exit/index.d.ts +0 -10
package/dist/commands/exit/index.d.ts.map +0 -1
package/dist/commands/exit/index.js +0 -21
package/dist/commands/exit/types.d.ts +0 -8
package/dist/commands/exit/types.d.ts.map +0 -1
package/dist/commands/exit/types.js +0 -1
package/dist/commands/exit/utils.d.ts +0 -2
package/dist/commands/exit/utils.d.ts.map +0 -1
package/dist/commands/exit/utils.js +0 -13
package/dist/commands/prompt/index.d.ts +0 -5
package/dist/commands/prompt/index.d.ts.map +0 -1
package/dist/commands/prompt/index.js +0 -122
package/dist/commands/prompt/types.d.ts +0 -15
package/dist/commands/prompt/types.d.ts.map +0 -1
package/dist/commands/prompt/types.js +0 -1
package/dist/commands/prompt/utils.d.ts +0 -12
package/dist/commands/prompt/utils.d.ts.map +0 -1
package/dist/commands/prompt/utils.js +0 -107
package/dist/commands/reset/index.d.ts +0 -3
package/dist/commands/reset/index.d.ts.map +0 -1
package/dist/commands/reset/index.js +0 -25
package/dist/commands/reset/types.d.ts +0 -1
package/dist/commands/reset/types.d.ts.map +0 -1
package/dist/commands/reset/types.js +0 -3
package/dist/commands/review/types.d.ts +0 -12
package/dist/commands/review/types.d.ts.map +0 -1
package/dist/commands/review/types.js +0 -1
package/dist/commands/save/index.d.ts +0 -3
package/dist/commands/save/index.d.ts.map +0 -1
package/dist/commands/save/index.js +0 -19
package/dist/config.d.ts.map +0 -1
package/dist/dedent.d.ts.map +0 -1
package/dist/formatting.d.ts.map +0 -1
package/dist/logger.d.ts.map +0 -1
package/dist/mentions.d.ts +0 -14
package/dist/mentions.d.ts.map +0 -1
package/dist/parsing.d.ts.map +0 -1
package/dist/prompts.d.ts.map +0 -1
package/dist/repl-new.d.ts +0 -65
package/dist/repl-new.d.ts.map +0 -1
package/dist/skills.d.ts +0 -16
package/dist/skills.d.ts.map +0 -1
package/dist/skills.js +0 -233
package/dist/stdin.d.ts.map +0 -1
package/dist/tui/autocomplete/path-provider.d.ts +0 -21
package/dist/tui/autocomplete/path-provider.d.ts.map +0 -1
package/dist/tui/autocomplete/path-provider.js +0 -164
package/dist/utils/iterables.d.ts +0 -2
package/dist/utils/iterables.d.ts.map +0 -1
package/dist/utils/iterables.js +0 -6
package/dist/version.d.ts.map +0 -1
/package/dist/{dedent.d.ts → utils/dedent.d.ts} +0 -0
/package/dist/{dedent.js → utils/dedent.js} +0 -0
/package/dist/{formatting.d.ts → utils/formatting.d.ts} +0 -0
/package/dist/{logger.d.ts → utils/logger.d.ts} +0 -0
/package/dist/{parsing.d.ts → utils/parsing.d.ts} +0 -0
/package/dist/{parsing.js → utils/parsing.js} +0 -0
/package/dist/{version.d.ts → utils/version.d.ts} +0 -0

package/dist/utils/bash/parse.js ADDED Viewed

@@ -0,0 +1,223 @@
+// '<(' is process substitution operator and
+// can be parsed the same as control operator
+const CONTROL = `(?:${[
+    "\\|\\|",
+    "\\&\\&",
+    ";;",
+    "\\|\\&",
+    "\\<\\(",
+    "\\<\\<\\<",
+    ">>",
+    ">\\&",
+    "<\\&",
+    "[&;()|<>]",
+].join("|")})`;
+const controlRe = new RegExp(`^${CONTROL}$`);
+const META = "|&;()<> \t";
+const SINGLE_QUOTE = '"((\\\\"|[^"])*?)"';
+const DOUBLE_QUOTE = "'((\\\\'|[^'])*?)'";
+const hash = /^#$/;
+const SQ = "'";
+const DQ = '"';
+const DS = "$";
+let Token = "";
+const mult = 0x100000000; // Math.pow(16, 8);
+for (let i = 0; i < 4; i++) {
+    Token += (mult * Math.random()).toString(16);
+}
+const startsWithToken = new RegExp(`^${Token}`);
+function matchAll(s, r) {
+    const origIndex = r.lastIndex;
+    const matches = [];
+    let matchObj = r.exec(s);
+    while (matchObj !== null) {
+        matches.push(matchObj);
+        if (r.lastIndex === matchObj.index) {
+            r.lastIndex += 1;
+        }
+        matchObj = r.exec(s);
+    }
+    r.lastIndex = origIndex;
+    return matches;
+}
+function getVar(env, pre, key) {
+    let r = typeof env === "function" ? env(key) : env[key];
+    if (typeof r === "undefined" && key !== "") {
+        r = "";
+    }
+    else if (typeof r === "undefined") {
+        r = "$";
+    }
+    if (typeof r === "object") {
+        return pre + Token + JSON.stringify(r) + Token;
+    }
+    return pre + String(r);
+}
+function parseInternal(string, env, opts = {}) {
+    const Bs = opts.escape || "\\";
+    const Bareword = `(\\${Bs}["'${META}]|[^\\s'""${META}])+`;
+    const chunker = new RegExp([
+        `(${CONTROL})`, // control chars
+        `(${Bareword}|${SINGLE_QUOTE}|${DOUBLE_QUOTE})+`,
+    ].join("|"), "g");
+    const matches = matchAll(string, chunker);
+    if (matches.length === 0) {
+        return [];
+    }
+    const envToUse = env ?? {};
+    let commented = false;
+    return matches
+        .map(
+    // biome-ignore lint:noExcessiveCognitiveComplexity
+    (match) => {
+        const s = match[0];
+        if (!s || commented) {
+            return undefined;
+        }
+        if (controlRe.test(s)) {
+            return { op: s };
+        }
+        // Hand-written scanner/parser for Bash quoting rules:
+        //
+        // 1. inside single quotes, all characters are printed literally.
+        // 2. inside double quotes, all characters are printed literally
+        //    except variables prefixed by '$' and backslashes followed by
+        //    either a double quote or another backslash.
+        // 3. outside of any quotes, backslashes are treated as escape
+        //    characters and not printed (unless they are themselves escaped)
+        // 4. quote context can switch mid-token if there is no whitespace
+        //     between the two quote contexts (e.g. all'one'"token" parses as
+        //     "allonetoken")
+        let quote = false;
+        let esc = false;
+        let out = "";
+        let isGlob = false;
+        let i = 0;
+        function parseEnvVar() {
+            i += 1;
+            let varend;
+            let varname;
+            const char = s.charAt(i);
+            if (char === "{") {
+                i += 1;
+                if (s.charAt(i) === "}") {
+                    throw new Error(`Bad substitution: ${s.slice(i - 2, i + 1)}`);
+                }
+                varend = s.indexOf("}", i);
+                if (varend < 0) {
+                    throw new Error(`Bad substitution: ${s.slice(i)}`);
+                }
+                varname = s.slice(i, varend);
+                i = varend;
+            }
+            else if (/[*@#?$!_-]/.test(char)) {
+                varname = char;
+                i += 1;
+            }
+            else {
+                const slicedFromI = s.slice(i);
+                const varendMatch = slicedFromI.match(/[^\w\d_]/);
+                if (!varendMatch) {
+                    varname = slicedFromI;
+                    i = s.length;
+                }
+                else {
+                    varname = slicedFromI.slice(0, varendMatch.index);
+                    i += (varendMatch.index ?? 0) - 1;
+                }
+            }
+            return getVar(envToUse, "", varname);
+        }
+        for (i = 0; i < s.length; i++) {
+            const c = s.charAt(i);
+            isGlob = isGlob || (!quote && (c === "*" || c === "?"));
+            if (esc) {
+                out += c;
+                esc = false;
+            }
+            else if (quote) {
+                if (c === quote) {
+                    quote = false;
+                }
+                else if (quote === SQ) {
+                    out += c;
+                }
+                else {
+                    // Double quote
+                    if (c === Bs) {
+                        i += 1;
+                        const charAtI = s.charAt(i);
+                        if (charAtI === DQ || charAtI === Bs || charAtI === DS) {
+                            out += charAtI;
+                        }
+                        else {
+                            out += Bs + charAtI;
+                        }
+                    }
+                    else if (c === DS) {
+                        out += parseEnvVar();
+                    }
+                    else {
+                        out += c;
+                    }
+                }
+            }
+            else if (c === DQ || c === SQ) {
+                quote = c;
+            }
+            else if (controlRe.test(c)) {
+                return { op: s };
+            }
+            else if (hash.test(c)) {
+                commented = true;
+                const matchIndex = match.index;
+                const commentObj = {
+                    comment: string.slice((matchIndex ?? 0) + i + 1),
+                };
+                if (out.length) {
+                    return [out, commentObj];
+                }
+                return [commentObj];
+            }
+            else if (c === Bs) {
+                esc = true;
+            }
+            else if (c === DS) {
+                out += parseEnvVar();
+            }
+            else {
+                out += c;
+            }
+        }
+        if (isGlob) {
+            return { op: "glob", pattern: out };
+        }
+        return out;
+    })
+        .reduce((prev, arg) => {
+        // TODO: replace this whole reduce with a concat
+        return typeof arg === "undefined" ? prev : prev.concat(arg);
+    }, []);
+}
+export function parse(s, env = {}, opts) {
+    const mapped = parseInternal(s, env, opts);
+    if (typeof env !== "function") {
+        return mapped;
+    }
+    return mapped.reduce((acc, s) => {
+        if (typeof s === "object") {
+            return acc.concat(s);
+        }
+        const xs = s.split(RegExp(`(${Token}.*?${Token})`, "g"));
+        if (xs.length === 1) {
+            return acc.concat(xs[0]);
+        }
+        return acc.concat(xs.filter(Boolean).map((x) => {
+            if (startsWithToken.test(x)) {
+                const parts = x.split(Token);
+                return JSON.parse(parts[1]);
+            }
+            return x;
+        }));
+    }, []);
+}

package/dist/utils/bash/quote.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+type QuoteArg = string | number | boolean | {
+    op: string;
+} | null | undefined;
+export declare function quote(xs: readonly QuoteArg[]): string;
+export {};
+//# sourceMappingURL=quote.d.ts.map

package/dist/utils/bash/quote.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"quote.d.ts","sourceRoot":"","sources":["../../../source/utils/bash/quote.ts"],"names":[],"mappings":"AAAA,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,GAAG,OAAO,GAAG;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,GAAG,SAAS,CAAC;AAE9E,wBAAgB,KAAK,CAAC,EAAE,EAAE,SAAS,QAAQ,EAAE,GAAG,MAAM,CAyBrD"}

package/dist/utils/bash/quote.js ADDED Viewed

@@ -0,0 +1,23 @@
+export function quote(xs) {
+    return xs
+        .map((s) => {
+        if (s === null || s === undefined) {
+            return String(s);
+        }
+        const str = String(s);
+        if (str === "") {
+            return "''";
+        }
+        if (s && typeof s === "object") {
+            return s.op.replace(/(.)/g, "\\$1");
+        }
+        if (/["\s\\]/.test(str) && !/'/.test(str)) {
+            return `'${str.replace(/(['])/g, "\\$1")}'`;
+        }
+        if (/["'\s]/.test(str)) {
+            return `"${str.replace(/(["\\$`!])/g, "\\$1")}"`;
+        }
+        return str.replace(/([A-Za-z]:)?([#!"$&'()*,:;<=>?@[\\\]^`{|}])/g, "$1\\$2");
+    })
+        .join(" ");
+}

package/dist/utils/bash.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"bash.d.ts","sourceRoot":"","sources":["../../source/utils/bash.ts"],"names":[],"mappings":"~~AAMA~~,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,EAAE,EACrB,GAAG,EAAE,MAAM,GACV;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,~~CA0EtC~~;AAED,eAAO,MAAM,UAAU,GACrB,UAAU,MAAM,GAAG,IAAI,GAAG,SAAS,EACnC,YAAY,MAAM,EAClB,cAAc,MAAM,EAAE,KACrB,MAkEF,CAAC;~~AAEF~~,eAAO,MAAM,iBAAiB,GAAI,YAAY,MAAM,KAAG,~~OAmHtD~~,CAAC"}
1	+ {"version":3,"file":"bash.d.ts","sourceRoot":"","sources":["../../source/utils/bash.ts"],"names":[],"mappings":"AAuJA,wBAAgB,aAAa,CAC3B,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,EAAE,EACrB,GAAG,EAAE,MAAM,GACV;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAiDtC;AAED,eAAO,MAAM,UAAU,GACrB,UAAU,MAAM,GAAG,IAAI,GAAG,SAAS,EACnC,YAAY,MAAM,EAClB,cAAc,MAAM,EAAE,KACrB,MAkEF,CAAC;AA6FF,eAAO,MAAM,iBAAiB,GAAI,YAAY,MAAM,KAAG,OAetD,CAAC"}

package/dist/utils/bash.js CHANGED Viewed

@@ -2,63 +2,158 @@ import fs from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { isPathWithinAllowedDirs } from "./filesystem/security.js";
-// Validate path arguments to ensure they're within the project
-export function validatePaths(command, allowedDirs, cwd) {
-    // Simple tokenization - split on spaces but respect quotes
-    const tokens = [];
-    let current = "";
-    let inQuotes = false;
-    let quoteChar = "";
-    for (let i = 0; i < command.length; i++) {
-        const char = command[i] ?? "";
-        if ((char === '"' || char === "'") && !inQuotes) {
-            inQuotes = true;
-            quoteChar = char;
-            current += char;
+function handleNormalMode(state, char, command, tokens) {
+    if (/\s/.test(char)) {
+        if (state.current) {
+            tokens.push(state.current);
+            state.current = "";
         }
-        else if (char === quoteChar && inQuotes) {
-            inQuotes = false;
-            quoteChar = "";
-            current += char;
+        return;
+    }
+    if (char === "'") {
+        state.mode = "single";
+        state.current += char;
+        return;
+    }
+    if (char === '"') {
+        state.mode = "double";
+        state.current += char;
+        return;
+    }
+    if (char === "\\") {
+        const next = command[state.i + 1];
+        if (next !== undefined) {
+            state.current += char + next;
+            state.i++;
+            return;
         }
-        else if (char === " " && !inQuotes) {
-            if (current) {
-                tokens.push(current);
-                current = "";
-            }
+    }
+    state.current += char;
+}
+function handleSingleQuoteMode(state, char) {
+    state.current += char;
+    if (char === "'")
+        state.mode = "normal";
+}
+function handleDoubleQuoteMode(state, char, command) {
+    state.current += char;
+    if (char === "\\") {
+        const next = command[state.i + 1];
+        if (next !== undefined) {
+            state.current += next;
+            state.i++;
         }
-        else {
-            current += char;
+        return;
+    }
+    if (char === '"')
+        state.mode = "normal";
+}
+// Tokenize shell command respecting quotes and escapes
+function tokenizeShellWords(command) {
+    const tokens = [];
+    const state = { current: "", mode: "normal", i: 0 };
+    for (state.i = 0; state.i < command.length; state.i++) {
+        const char = command[state.i] ?? "";
+        if (state.mode === "normal")
+            handleNormalMode(state, char, command, tokens);
+        else if (state.mode === "single")
+            handleSingleQuoteMode(state, char);
+        else
+            handleDoubleQuoteMode(state, char, command);
+    }
+    if (state.current)
+        tokens.push(state.current);
+    return tokens;
+}
+// Strip surrounding quotes from a token
+function stripQuotes(token) {
+    if ((token.startsWith('"') && token.endsWith('"')) ||
+        (token.startsWith("'") && token.endsWith("'"))) {
+        return token.slice(1, -1);
+    }
+    return token;
+}
+// Check if a token is fully quoted (content should not be path-validated)
+function isFullyQuoted(token) {
+    if (token.length < 2)
+        return false;
+    const first = token[0];
+    const last = token[token.length - 1];
+    return (first === '"' && last === '"') || (first === "'" && last === "'");
+}
+// Compute which tokens should be skipped from path validation
+function computeSkipTokenMask(tokens) {
+    const skip = new Array(tokens.length).fill(false);
+    const bin = stripQuotes(tokens[0] ?? "");
+    const sub = stripQuotes(tokens[1] ?? "");
+    // Commands where -m/--message is a string argument (not a path)
+    const gitMessageSubs = new Set(["commit", "merge", "tag", "revert", "notes"]);
+    if (bin === "git" && gitMessageSubs.has(sub)) {
+        let seenDoubleDash = false;
+        for (let i = 2; i < tokens.length; i++) {
+            const t = stripQuotes(tokens[i] ?? "");
+            if (t === "--") {
+                seenDoubleDash = true;
+                continue;
+            }
+            if (seenDoubleDash)
+                continue;
+            // --message=<msg> - skip this entire token
+            if (t.startsWith("--message=")) {
+                skip[i] = true;
+                continue;
+            }
+            // -m<msg> (attached message) - skip this entire token
+            if (/^-m.+/.test(t)) {
+                skip[i] = true;
+                continue;
+            }
+            // -m or --message consumes next token
+            if (t === "-m" || t === "--message") {
+                if (i + 1 < tokens.length)
+                    skip[i + 1] = true;
+                continue;
+            }
+            // Combined short opts containing m, e.g. -am, -avm
+            if (/^-[^-]+$/.test(t) && t.includes("m")) {
+                if (i + 1 < tokens.length)
+                    skip[i + 1] = true;
+            }
         }
     }
-    if (current)
-        tokens.push(current);
+    return skip;
+}
+// Validate path arguments to ensure they're within the project
+export function validatePaths(command, allowedDirs, cwd) {
+    const tokens = tokenizeShellWords(command);
+    const skip = computeSkipTokenMask(tokens);
     // Check each token that looks like a path
     for (let i = 1; i < tokens.length; i++) {
-        // Skip the command itself
         const token = tokens[i];
         if (!token)
             continue;
+        // Skip tokens marked by command-aware logic
+        if (skip[i])
+            continue;
+        // Skip fully quoted tokens - they're string arguments, not paths
+        // (paths are typically unquoted or only quoted to handle spaces)
+        if (isFullyQuoted(token) && token.includes("\n")) {
+            continue;
+        }
         // Remove quotes for path checking
-        const cleanToken = token.replace(/^['"]|['"]$/g, "");
+        const cleanToken = stripQuotes(token);
         // Skip if it's clearly not a path
         if (cleanToken.startsWith("-") ||
             cleanToken.includes("://") ||
             (!cleanToken.includes("/") && cleanToken !== "~")) {
             continue;
         }
-        // Skip git commit messages and other special cases
-        const prevToken = tokens[i - 1]?.replace(/^['"]|['"]$/g, "");
-        if (prevToken === "-m" || prevToken === "--message") {
-            continue;
-        }
         try {
             // Expand ~ to home directory for proper validation
             const expandedToken = cleanToken.startsWith("~/") || cleanToken === "~"
                 ? path.join(os.homedir(), cleanToken.slice(1))
                 : cleanToken;
             const resolvedPath = path.resolve(cwd, expandedToken);
-            // Allow access to explicitly allowed paths
             if (!isPathWithinAllowedDirs(resolvedPath, allowedDirs)) {
                 return {
                     isValid: false,
@@ -125,6 +220,87 @@ export const resolveCwd = (cwdInput, workingDir, allowedDirs) => {
     }
     return target;
 };
+const mutatingBinaries = new Set([
+    "rm",
+    "mv",
+    "cp",
+    "mkdir",
+    "rmdir",
+    "touch",
+    "chmod",
+    "chown",
+    "ln",
+    "truncate",
+    "dd",
+    "tee",
+]);
+const npmMutating = new Set([
+    "install",
+    "uninstall",
+    "update",
+    "ci",
+    "publish",
+    "link",
+    "dedupe",
+    "prune",
+    "rebuild",
+    "add",
+]);
+const gitMutating = new Set([
+    "add",
+    "am",
+    "apply",
+    "branch",
+    "checkout",
+    "switch",
+    "cherry-pick",
+    "clean",
+    "commit",
+    "merge",
+    "mv",
+    "pull",
+    "push",
+    "rebase",
+    "reset",
+    "revert",
+    "stash",
+    "tag",
+    "worktree",
+    "submodule",
+    "config",
+]);
+const actionMutating = new Set(["create", "update", "upgrade", "install"]);
+const packageManagers = new Set(["npm", "pnpm", "yarn"]);
+function isSegmentMutating(seg) {
+    const tokens = seg.split(/\s+/);
+    if (tokens.length === 0)
+        return false;
+    const bin = tokens[0];
+    if (!bin)
+        return false;
+    if (tokens.some((t) => actionMutating.has(t))) {
+        return true;
+    }
+    if (bin === "sed" && tokens.some((t) => /^-i/.test(t))) {
+        return true;
+    }
+    if (mutatingBinaries.has(bin)) {
+        return true;
+    }
+    if (bin === "git" && tokens.length > 1) {
+        const sub = tokens[1];
+        if (typeof sub === "string" && gitMutating.has(sub)) {
+            return true;
+        }
+    }
+    if (packageManagers.has(bin) && tokens.length > 1) {
+        const sub = tokens[1];
+        if (typeof sub === "string" && npmMutating.has(sub)) {
+            return true;
+        }
+    }
+    return false;
+}
 export const isMutatingCommand = (rawCommand) => {
     const command = rawCommand.trim();
     // Redirections that write to disk
@@ -136,96 +312,5 @@ export const isMutatingCommand = (rawCommand) => {
         .split(/\s*(?:&&|\|\||;|\|)\s*/)
         .map((s) => s.trim())
         .filter((s) => s.length > 0);
-    const mutatingBinaries = new Set([
-        "rm",
-        "mv",
-        "cp",
-        "mkdir",
-        "rmdir",
-        "touch",
-        "chmod",
-        "chown",
-        "ln",
-        "truncate",
-        "dd",
-        "tee",
-    ]);
-    const npmMutating = new Set([
-        "install",
-        "uninstall",
-        "update",
-        "ci",
-        "publish",
-        "link",
-        "dedupe",
-        "prune",
-        "rebuild",
-        "add",
-    ]);
-    const gitMutating = new Set([
-        "add",
-        "am",
-        "apply",
-        "branch",
-        "checkout",
-        "switch",
-        "cherry-pick",
-        "clean",
-        "commit",
-        "merge",
-        "mv",
-        "pull",
-        "push",
-        "rebase",
-        "reset",
-        "revert",
-        "stash",
-        "tag",
-        "worktree",
-        "submodule",
-        "config",
-    ]);
-    // Generic action words that should be considered mutating when present in the command
-    const actionMutating = new Set(["create", "update", "upgrade", "install"]);
-    for (const seg of segments) {
-        const tokens = seg.split(/\s+/);
-        if (tokens.length === 0)
-            continue;
-        const bin = tokens[0];
-        if (!bin)
-            continue;
-        // If any token is an action-like mutating word, consider mutating
-        if (tokens.some((t) => actionMutating.has(t))) {
-            return true;
-        }
-        // sed -i is mutating
-        if (bin === "sed") {
-            if (tokens.some((t) => /^-i/.test(t))) {
-                return true;
-            }
-            // sed without -i is not mutating
-        }
-        if (mutatingBinaries.has(bin)) {
-            return true;
-        }
-        if (bin === "git" && tokens.length > 1) {
-            const sub = tokens[1];
-            if (typeof sub === "string" && gitMutating.has(sub)) {
-                return true;
-            }
-        }
-        if (bin === "npm" && tokens.length > 1) {
-            const sub = tokens[1];
-            if (typeof sub === "string" && npmMutating.has(sub)) {
-                return true;
-            }
-        }
-        if ((bin === "pnpm" || bin === "yarn") && tokens.length > 1) {
-            const sub = tokens[1];
-            if (typeof sub === "string" && npmMutating.has(sub)) {
-                return true;
-            }
-        }
-    }
-    return false;
+    return segments.some((seg) => isSegmentMutating(seg));
 };

package/dist/utils/command-protection.d.ts ADDED Viewed

@@ -0,0 +1,28 @@
+/**
+ * Command Protection Module
+ * Detects and blocks destructive commands that could cause data loss
+ */
+export interface BlockedCommandResult {
+    blocked: true;
+    reason: string;
+    command: string;
+    tip: string;
+}
+export interface SafeCommandResult {
+    blocked: false;
+}
+/**
+ * Result type for command safety check
+ */
+export type CommandSafetyResult = BlockedCommandResult | SafeCommandResult;
+/**
+ * Detects if a command is destructive and should be blocked
+ * @param command - The full command string to check
+ * @returns BlockedCommandResult if destructive, SafeCommandResult if safe
+ */
+export declare function detectDestructiveCommand(command: string): CommandSafetyResult;
+/**
+ * Generate a user-friendly blocked command message
+ */
+export declare function formatBlockedCommandMessage(result: BlockedCommandResult): string;
+//# sourceMappingURL=command-protection.d.ts.map

package/dist/utils/command-protection.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"command-protection.d.ts","sourceRoot":"","sources":["../../source/utils/command-protection.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,MAAM,WAAW,oBAAoB;IACnC,OAAO,EAAE,IAAI,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,KAAK,CAAC;CAChB;AAED;;GAEG;AACH,MAAM,MAAM,mBAAmB,GAAG,oBAAoB,GAAG,iBAAiB,CAAC;AAE3E;;;;GAIG;AACH,wBAAgB,wBAAwB,CAAC,OAAO,EAAE,MAAM,GAAG,mBAAmB,CA4B7E;AA8UD;;GAEG;AACH,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,oBAAoB,GAC3B,MAAM,CAQR"}