@vibe-agent-toolkit/utils 0.1.0-rc.7

package/dist/safe-exec.js

@@ -0,0 +1,393 @@
+import { spawnSync } from 'node:child_process';
+import which from 'which';
+/**
+ * Error thrown when command execution fails
+ */
+export class CommandExecutionError extends Error {
+    status;
+    stdout;
+    stderr;
+    constructor(message, status, stdout, stderr) {
+        super(message);
+        this.name = 'CommandExecutionError';
+        this.status = status;
+        this.stdout = stdout;
+        this.stderr = stderr;
+    }
+}
+/**
+ * Determine if shell should be used for command execution on Windows
+ *
+ * ## Security Context
+ *
+ * This package's primary security model is `shell: false` to prevent command injection.
+ * Windows requires `shell: true` only for shell scripts (.cmd/.bat/.ps1) which require
+ * a shell interpreter by design (not executable binaries).
+ *
+ * ## Node.js on Windows - NO SHELL REQUIRED
+ *
+ * **Previous behavior (REMOVED):** Used shell:true for 'node' command
+ * **Problem discovered:** Node.js DEP0190 deprecation warning - passing args array with
+ * shell:true leads to incorrect command execution. Exit codes are ignored (always returns 0).
+ *
+ * **Testing shows:**
+ * - ✅ `shell: false` + absolute path from `which.sync('node')` → Works correctly
+ * - ❌ `shell: true` + args array → Exit codes ignored, security warning
+ *
+ * **Root Cause of Previous ENOENT Issues:** Likely resolved in newer Node.js versions.
+ * Current testing (Node 20+) shows shell:false works correctly with absolute path.
+ *
+ * ## Why This Is Secure
+ *
+ * 1. **Minimal Shell Usage:** Shell only used for .cmd/.bat/.ps1 files (required)
+ * 2. **Path Validation:** Command paths resolved via `which.sync()` before execution
+ * 3. **Array-Based Arguments:** Arguments passed as array, preventing injection
+ * 4. **Controlled Environment:** Commands from trusted configuration, not user input
+ * 5. **No String Interpolation:** Never concatenate user input into command strings
+ *
+ * ## References
+ *
+ * - Node.js deprecation: https://nodejs.org/api/deprecations.html#DEP0190
+ * - Security tests: `packages/utils/test/safe-exec.test.ts`
+ * - Windows fix: PR #94 (fix/windows-shell-independence-v2)
+ *
+ * @param commandPath - Resolved absolute path to command
+ * @returns true if shell should be used, false otherwise
+ */
+function shouldUseShell(commandPath) {
+    if (process.platform !== 'win32') {
+        return false;
+    }
+    // Node.js deprecation warning (DEP0190): Passing args with shell:true leads to incorrect
+    // command execution and security vulnerabilities. Testing shows shell:false works correctly
+    // with absolute path from which.sync('node') on Windows.
+    // Previous ENOENT issues may have been resolved in newer Node.js versions.
+    //
+    // REMOVED: if (command === 'node') return true;
+    // Reason: shell:true causes exit codes to be ignored (always returns 0)
+    // Fix: Use shell:false with absolute path - works correctly
+    // Windows shell scripts require shell by design (case-insensitive check)
+    const lowerPath = commandPath.toLowerCase();
+    return lowerPath.endsWith('.cmd') || lowerPath.endsWith('.bat') || lowerPath.endsWith('.ps1');
+}
+/**
+ * Safe command execution using spawnSync + which pattern
+ *
+ * More secure than execSync:
+ * - Resolves PATH once using pure Node.js (which package)
+ * - Executes with absolute path and shell: false
+ * - No shell interpreter = no command injection risk
+ * - Supports custom env vars (e.g., GIT_INDEX_FILE)
+ *
+ * @param command - Command name (e.g., 'git', 'gitleaks', 'node')
+ * @param args - Array of arguments
+ * @param options - Execution options
+ * @returns Buffer or string output
+ * @throws Error if command not found or execution fails
+ *
+ * @example
+ * // Tool detection
+ * safeExecSync('gitleaks', ['--version'], { stdio: 'ignore' });
+ *
+ * @example
+ * // Git with custom env
+ * safeExecSync('git', ['add', '--all'], {
+ *   env: { ...process.env, GIT_INDEX_FILE: tempFile }
+ * });
+ *
+ * @example
+ * // Get output as string
+ * const version = safeExecSync('node', ['--version'], { encoding: 'utf8' });
+ */
+export function safeExecSync(command, args = [], options = {}) {
+    // Resolve command path using which (pure Node.js, no shell)
+    const commandPath = which.sync(command);
+    // Determine if shell is needed (Windows-specific logic)
+    const useShell = shouldUseShell(commandPath);
+    const spawnOptions = {
+        shell: useShell, // shell:true on Windows for node and shell scripts, shell:false otherwise for security
+        stdio: options.stdio ?? 'pipe',
+        env: options.env,
+        cwd: options.cwd,
+        maxBuffer: options.maxBuffer,
+        timeout: options.timeout,
+        encoding: options.encoding,
+    };
+    // Execute with absolute path (or command name if using shell on Windows)
+    // When shell:true, use command name so shell can resolve it properly
+    const execCommand = useShell ? command : commandPath;
+    const result = spawnSync(execCommand, args, spawnOptions);
+    // Check for spawn errors
+    if (result.error) {
+        throw result.error;
+    }
+    // Check exit code
+    if (result.status !== 0) {
+        throw new CommandExecutionError(`Command failed with exit code ${result.status ?? 'unknown'}: ${command} ${args.join(' ')}`, result.status ?? -1, result.stdout, result.stderr);
+    }
+    return result.stdout;
+}
+/**
+ * Safe command execution that returns detailed result (doesn't throw)
+ *
+ * Use this when you need to handle errors programmatically
+ * instead of catching exceptions.
+ *
+ * @param command - Command name (e.g., 'git', 'node')
+ * @param args - Array of arguments
+ * @param options - Execution options
+ * @returns Detailed execution result
+ *
+ * @example
+ * const result = safeExecResult('git', ['status']);
+ * if (result.status === 0) {
+ *   console.log(result.stdout.toString());
+ * } else {
+ *   console.error(`Failed: ${result.stderr.toString()}`);
+ * }
+ */
+export function safeExecResult(command, args = [], options = {}) {
+    try {
+        const commandPath = which.sync(command);
+        // Determine if shell is needed (Windows-specific logic)
+        const useShell = shouldUseShell(commandPath);
+        const spawnOptions = {
+            shell: useShell,
+            stdio: options.stdio ?? 'pipe',
+            env: options.env,
+            cwd: options.cwd,
+            maxBuffer: options.maxBuffer,
+            timeout: options.timeout,
+            encoding: options.encoding,
+        };
+        // When shell:true, use command name so shell can resolve it properly
+        const execCommand = useShell ? command : commandPath;
+        const result = spawnSync(execCommand, args, spawnOptions);
+        const execResult = {
+            status: result.status ?? -1,
+            stdout: result.stdout ?? Buffer.from(''),
+            stderr: result.stderr ?? Buffer.from(''),
+        };
+        // Only include error property if it exists (exactOptionalPropertyTypes compliance)
+        if (result.error) {
+            execResult.error = result.error;
+        }
+        return execResult;
+    }
+    catch (error) {
+        // which.sync throws if command not found
+        return {
+            status: -1,
+            stdout: Buffer.from(''),
+            stderr: Buffer.from(''),
+            error: error instanceof Error ? error : new Error(String(error)),
+        };
+    }
+}
+/**
+ * Check if a command-line tool is available
+ *
+ * @param toolName - Name of tool to check (e.g., 'gh', 'gitleaks', 'node')
+ * @returns true if tool is available, false otherwise
+ *
+ * @example
+ * if (isToolAvailable('gh')) {
+ *   console.log('GitHub CLI is installed');
+ * }
+ */
+export function isToolAvailable(toolName) {
+    try {
+        safeExecSync(toolName, ['--version'], { stdio: 'ignore' });
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Get tool version if available
+ *
+ * @param toolName - Name of tool (e.g., 'node', 'pnpm')
+ * @param versionArg - Argument to get version (default: '--version')
+ * @returns Version string or null if not available
+ *
+ * @example
+ * const nodeVersion = getToolVersion('node');
+ * console.log(nodeVersion); // "v20.11.0"
+ *
+ * @example
+ * const gitVersion = getToolVersion('git', 'version');
+ * console.log(gitVersion); // "git version 2.39.2"
+ */
+export function getToolVersion(toolName, versionArg = '--version') {
+    try {
+        const version = safeExecSync(toolName, [versionArg], {
+            encoding: 'utf8',
+            stdio: 'pipe',
+        });
+        return version.trim();
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Shell syntax character sets for hyper-efficient single-pass detection
+ *
+ * Used by hasShellSyntax() and safeExecFromString() for shift-left validation.
+ *
+ * Performance: O(n) single pass with O(1) Set lookups - no regex backtracking.
+ */
+const QUOTE_CHARS = new Set(['"', "'", '`']);
+const GLOB_CHARS = new Set(['*', '?', '[', ']']);
+const OPERATOR_CHARS = new Set(['|', '>', '<', '&', ';']);
+/**
+ * Metadata for each shell syntax type (used for error messages)
+ */
+const SHELL_SYNTAX_METADATA = {
+    quotes: { name: 'quotes', example: 'echo "hello"' },
+    globs: { name: 'glob patterns', example: 'ls *.txt' },
+    variables: { name: 'variable expansion', example: 'echo $HOME' },
+    operators: { name: 'pipes/redirects/operators', example: 'cat file | grep text' },
+};
+/**
+ * Check if a command string contains shell-specific syntax
+ *
+ * Detects patterns that require shell interpretation:
+ * - Quotes (", ', `)
+ * - Glob patterns (*, ?, [])
+ * - Variable expansion ($)
+ * - Pipes/redirects/operators (|, >, <, &, ;, &&, ||)
+ *
+ * Performance: Single-pass O(n) algorithm with O(1) Set lookups.
+ * Short-circuits on first match (no backtracking, no regex overhead).
+ *
+ * @param commandString - Command string to check
+ * @returns Object with detection result and details
+ *
+ * @example
+ * ```typescript
+ * const check1 = hasShellSyntax('npm test');
+ * console.log(check1); // { hasShellSyntax: false }
+ *
+ * const check2 = hasShellSyntax('npm test && npm run build');
+ * console.log(check2);
+ * // {
+ * //   hasShellSyntax: true,
+ * //   pattern: 'pipes/redirects/operators',
+ * //   example: 'cat file | grep text'
+ * // }
+ * ```
+ */
+export function hasShellSyntax(commandString) {
+    // Single-pass check with early return on first match
+    for (const char of commandString) {
+        // Check quotes: " ' `
+        if (QUOTE_CHARS.has(char)) {
+            return {
+                hasShellSyntax: true,
+                pattern: SHELL_SYNTAX_METADATA.quotes.name,
+                example: SHELL_SYNTAX_METADATA.quotes.example,
+            };
+        }
+        // Check glob patterns: * ? [ ]
+        if (GLOB_CHARS.has(char)) {
+            return {
+                hasShellSyntax: true,
+                pattern: SHELL_SYNTAX_METADATA.globs.name,
+                example: SHELL_SYNTAX_METADATA.globs.example,
+            };
+        }
+        // Check variable expansion: $
+        if (char === '$') {
+            return {
+                hasShellSyntax: true,
+                pattern: SHELL_SYNTAX_METADATA.variables.name,
+                example: SHELL_SYNTAX_METADATA.variables.example,
+            };
+        }
+        // Check operators: | > < & ;
+        if (OPERATOR_CHARS.has(char)) {
+            return {
+                hasShellSyntax: true,
+                pattern: SHELL_SYNTAX_METADATA.operators.name,
+                example: SHELL_SYNTAX_METADATA.operators.example,
+            };
+        }
+    }
+    return { hasShellSyntax: false };
+}
+/**
+ * Execute a command from a simple command string (convenience wrapper)
+ *
+ * **IMPORTANT: Shift-Left Validation** - This function actively rejects shell syntax
+ * to prevent subtle bugs where shell features are expected but not executed.
+ *
+ * **Supported:**
+ * - Simple commands: `git status`, `pnpm test`, `node --version`
+ * - Commands with flags: `git log --oneline --max-count 10`
+ * - Multiple unquoted arguments: `gh pr view 123`
+ *
+ * **NOT Supported (will throw error):**
+ * - Quotes: `echo "hello world"` ❌
+ * - Glob patterns: `ls *.txt` ❌
+ * - Variable expansion: `echo $HOME` ❌
+ * - Pipes/redirects: `cat file | grep text` ❌
+ * - Command chaining: `build && test` ❌
+ *
+ * **Why these restrictions?**
+ * We don't use a shell interpreter (for security), so shell features like
+ * glob expansion, variable substitution, and pipes don't work. By detecting
+ * and rejecting these patterns, we force you to use the safer `safeExecSync()`
+ * API with explicit argument arrays.
+ *
+ * @param commandString - Simple command string (no shell syntax)
+ * @param options - Execution options
+ * @returns Command output (Buffer or string depending on encoding option)
+ * @throws Error if command contains shell-specific syntax
+ *
+ * @example
+ * ```typescript
+ * // ✅ Simple commands (these work)
+ * safeExecFromString('git status');
+ * safeExecFromString('pnpm test --watch');
+ * safeExecFromString('gh pr view 123');
+ * ```
+ *
+ * @example
+ * ```typescript
+ * // ❌ Shell syntax (these throw errors)
+ * safeExecFromString('echo "hello"');         // Quotes
+ * safeExecFromString('ls *.txt');             // Glob pattern
+ * safeExecFromString('cat file | grep text'); // Pipe
+ * safeExecFromString('echo $HOME');           // Variable expansion
+ *
+ * // ✅ Use safeExecSync() instead with explicit arguments
+ * safeExecSync('echo', ['hello']);
+ * safeExecSync('ls', ['file1.txt', 'file2.txt']); // Or use glob library
+ * safeExecSync('grep', ['text', 'file']);
+ * safeExecSync('echo', [process.env.HOME || '']);
+ * ```
+ *
+ */
+export function safeExecFromString(commandString, options = {}) {
+    // Detect shell-specific syntax (shift-left validation)
+    // This prevents subtle bugs where shell features are expected but not executed
+    const check = hasShellSyntax(commandString);
+    if (check.hasShellSyntax) {
+        throw new Error(`safeExecFromString does not support ${check.pattern}.\n` +
+            `Found in: ${commandString}\n\n` +
+            `Use safeExecSync() with explicit argument array instead:\n` +
+            `  // Bad: safeExecFromString('${check.example}')\n` +
+            `  // Good: safeExecSync('command', ['arg1', 'arg2'], options)\n\n` +
+            `This ensures no shell interpreter is used and arguments are explicit.`);
+    }
+    const parts = commandString.trim().split(/\s+/);
+    const command = parts[0];
+    if (!command) {
+        throw new Error('Empty command string');
+    }
+    const args = parts.slice(1);
+    return safeExecSync(command, args, options);
+}
+//# sourceMappingURL=safe-exec.js.map

package/dist/safe-exec.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"safe-exec.js","sourceRoot":"","sources":["../src/safe-exec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAyB,MAAM,oBAAoB,CAAC;AAEtE,OAAO,KAAK,MAAM,OAAO,CAAC;AAkC1B;;GAEG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9B,MAAM,CAAS;IACf,MAAM,CAAkB;IACxB,MAAM,CAAkB;IAExC,YACE,OAAe,EACf,MAAc,EACd,MAAuB,EACvB,MAAuB;QAEvB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsCG;AACH,SAAS,cAAc,CAAC,WAAmB;IACzC,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,yFAAyF;IACzF,4FAA4F;IAC5F,yDAAyD;IACzD,2EAA2E;IAC3E,EAAE;IACF,gDAAgD;IAChD,wEAAwE;IACxE,4DAA4D;IAE5D,yEAAyE;IACzE,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC5C,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAChG,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAe,EACf,OAAiB,EAAE,EACnB,UAA2B,EAAE;IAE7B,4DAA4D;IAC5D,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAExC,wDAAwD;IACxD,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;IAE7C,MAAM,YAAY,GAAqB;QACrC,KAAK,EAAE,QAAQ,EAAE,uFAAuF;QACxG,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,MAAM;QAC9B,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;IAEF,yEAAyE;IACzE,qEAAqE;IACrE,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC;IACrD,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;IAE1D,yBAAyB;IACzB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,MAAM,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,kBAAkB;IAClB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,qBAAqB,CAC7B,iCAAiC,MAAM,CAAC,MAAM,IAAI,SAAS,KAAK,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAC3F,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,EACnB,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,MAAM,CACd,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC;AACvB,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAe,EACf,OAAiB,EAAE,EACnB,UAA2B,EAAE;IAE7B,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAExC,wDAAwD;QACxD,MAAM,QAAQ,GAAG,cAAc,CAAC,WAAW,CAAC,CAAC;QAE7C,MAAM,YAAY,GAAqB;YACrC,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,MAAM;YAC9B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,qEAAqE;QACrE,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC;QACrD,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;QAE1D,MAAM,UAAU,GAAmB;YACjC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;SACzC,CAAC;QAEF,mFAAmF;QACnF,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;YACjB,UAAU,CAAC,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;QAClC,CAAC;QAED,OAAO,UAAU,CAAC;IACpB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,yCAAyC;QACzC,OAAO;YACL,MAAM,EAAE,CAAC,CAAC;YACV,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,IAAI,CAAC;QACH,YAAY,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAgB,EAChB,aAAqB,WAAW;IAEhC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;YACnD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,MAAM;SACd,CAAC,CAAC;QACH,OAAQ,OAAkB,CAAC,IAAI,EAAE,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AAC7C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AACjD,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AAE1D;;GAEG;AACH,MAAM,qBAAqB,GAAG;IAC5B,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE;IACnD,KAAK,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,UAAU,EAAE;IACrD,SAAS,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,YAAY,EAAE;IAChE,SAAS,EAAE,EAAE,IAAI,EAAE,2BAA2B,EAAE,OAAO,EAAE,sBAAsB,EAAE;CACzE,CAAC;AAEX;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,UAAU,cAAc,CAAC,aAAqB;IAKlD,qDAAqD;IACrD,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QAEjC,sBAAsB;QACtB,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,qBAAqB,CAAC,MAAM,CAAC,IAAI;gBAC1C,OAAO,EAAE,qBAAqB,CAAC,MAAM,CAAC,OAAO;aAC9C,CAAC;QACJ,CAAC;QAED,+BAA+B;QAC/B,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO;gBACL,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,qBAAqB,CAAC,KAAK,CAAC,IAAI;gBACzC,OAAO,EAAE,qBAAqB,CAAC,KAAK,CAAC,OAAO;aAC7C,CAAC;QACJ,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACjB,OAAO;gBACL,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,qBAAqB,CAAC,SAAS,CAAC,IAAI;gBAC7C,OAAO,EAAE,qBAAqB,CAAC,SAAS,CAAC,OAAO;aACjD,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO;gBACL,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,qBAAqB,CAAC,SAAS,CAAC,IAAI;gBAC7C,OAAO,EAAE,qBAAqB,CAAC,SAAS,CAAC,OAAO;aACjD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;AACnC,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AACH,MAAM,UAAU,kBAAkB,CAChC,aAAqB,EACrB,UAA2B,EAAE;IAE7B,uDAAuD;IACvD,+EAA+E;IAC/E,MAAM,KAAK,GAAG,cAAc,CAAC,aAAa,CAAC,CAAC;IAC5C,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,uCAAuC,KAAK,CAAC,OAAO,KAAK;YACvD,aAAa,aAAa,MAAM;YAChC,4DAA4D;YAC5D,iCAAiC,KAAK,CAAC,OAAO,MAAM;YACpD,mEAAmE;YACnE,uEAAuE,CAC1E,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAEzB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE5B,OAAO,YAAY,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC"}

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@vibe-agent-toolkit/utils",
+  "version": "0.1.0-rc.7",
+  "type": "module",
+  "description": "Core utility functions with no external dependencies",
+  "keywords": [
+    "typescript",
+    "utilities",
+    "toolkit"
+  ],
+  "author": "Jeff Dutton",
+  "license": "MIT",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "typecheck": "tsc --noEmit",
+    "clean": "rimraf dist *.tsbuildinfo"
+  },
+  "dependencies": {
+    "ignore": "^7.0.5",
+    "picomatch": "^4.0.3",
+    "which": "^5.0.0"
+  },
+  "devDependencies": {
+    "@types/picomatch": "^4.0.2",
+    "@types/which": "^3.0.4",
+    "rimraf": "^6.0.1",
+    "typescript": "^5.9.3",
+    "vitest": "^3.2.4"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/jdutton/vibe-agent-toolkit.git"
+  }
+}