@vibe-validate/utils 0.17.6-rc.2 → 0.18.0-rc.1

package/dist/index.d.ts

@@ -6,6 +6,6 @@
  *
  * @package @vibe-validate/utils
  */
-export { safeExecSync, safeExecFromString, safeExecResult, isToolAvailable, getToolVersion, CommandExecutionError, type SafeExecOptions, type SafeExecResult } from './safe-exec.js';
+export { safeExecSync, safeExecFromString, safeExecResult, isToolAvailable, getToolVersion, hasShellSyntax, CommandExecutionError, type SafeExecOptions, type SafeExecResult } from './safe-exec.js';
 export { normalizedTmpdir, mkdirSyncReal, normalizePath } from './path-helpers.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,cAAc,EACd,eAAe,EACf,cAAc,EACd,qBAAqB,EACrB,KAAK,eAAe,EACpB,KAAK,cAAc,EACpB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,aAAa,EACd,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,cAAc,EACd,eAAe,EACf,cAAc,EACd,cAAc,EACd,qBAAqB,EACrB,KAAK,eAAe,EACpB,KAAK,cAAc,EACpB,MAAM,gBAAgB,CAAC;AAGxB,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,aAAa,EACd,MAAM,mBAAmB,CAAC"}

package/dist/index.js

@@ -7,7 +7,7 @@
  * @package @vibe-validate/utils
  */
 // Safe command execution (security-critical)
-export { safeExecSync, safeExecFromString, safeExecResult, isToolAvailable, getToolVersion, CommandExecutionError } from './safe-exec.js';
+export { safeExecSync, safeExecFromString, safeExecResult, isToolAvailable, getToolVersion, hasShellSyntax, CommandExecutionError } from './safe-exec.js';
 // Cross-platform path helpers (Windows 8.3 short name handling)
 export { normalizedTmpdir, mkdirSyncReal, normalizePath } from './path-helpers.js';
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,6CAA6C;AAC7C,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,cAAc,EACd,eAAe,EACf,cAAc,EACd,qBAAqB,EAGtB,MAAM,gBAAgB,CAAC;AAExB,gEAAgE;AAChE,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,aAAa,EACd,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,6CAA6C;AAC7C,OAAO,EACL,YAAY,EACZ,kBAAkB,EAClB,cAAc,EACd,eAAe,EACf,cAAc,EACd,cAAc,EACd,qBAAqB,EAGtB,MAAM,gBAAgB,CAAC;AAExB,gEAAgE;AAChE,OAAO,EACL,gBAAgB,EAChB,aAAa,EACb,aAAa,EACd,MAAM,mBAAmB,CAAC"}

package/dist/path-helpers.d.ts

@@ -69,17 +69,22 @@ export declare function mkdirSyncReal(path: string, options?: Parameters<typeof
  * Normalize any path (resolve short names on Windows)
  *
  * Utility to normalize paths without creating directories.
- * Useful when you have an existing path that might contain short names.
+ * Accepts multiple path segments like path.resolve() for convenience.
  *
- * @param path - Path to normalize
- * @returns Real (normalized) path, or original if normalization fails
+ * @param paths - Path segments to join and normalize
+ * @returns Real (normalized) path, or resolved path if normalization fails
  *
  * @example
  * ```typescript
+ * // Single path
  * const shortPath = 'C:\\PROGRA~1\\nodejs';
  * const longPath = normalizePath(shortPath);
  * // Result: 'C:\\Program Files\\nodejs'
+ *
+ * // Multiple segments (like path.resolve)
+ * const cliPath = normalizePath(__dirname, '../../dist/bin.js');
+ * // Resolves to absolute path AND normalizes short names
  * ```
  */
-export declare function normalizePath(path: string): string;
+export declare function normalizePath(...paths: string[]): string;
 //# sourceMappingURL=path-helpers.d.ts.map

package/dist/path-helpers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"path-helpers.d.ts","sourceRoot":"","sources":["../src/path-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAgB,MAAM,SAAS,CAAC;AAGlD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAUzC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,UAAU,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,GACxC,MAAM,CAYR;AAED;;;;;;;;;;;;;;;GAeG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAOlD"}
+{"version":3,"file":"path-helpers.d.ts","sourceRoot":"","sources":["../src/path-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAgB,MAAM,SAAS,CAAC;AAKlD;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAgBzC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE,UAAU,CAAC,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC,GACxC,MAAM,CAiBR;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,aAAa,CAAC,GAAG,KAAK,EAAE,MAAM,EAAE,GAAG,MAAM,CAmBxD"}

package/dist/path-helpers.js

@@ -36,13 +36,19 @@ import { tmpdir } from 'node:os';
 export function normalizedTmpdir() {
     const temp = tmpdir();
     try {
-        // eslint-disable-next-line security/detect-non-literal-fs-filename -- Safe: temp is from tmpdir() (OS-provided system temp directory), not user input
-        return realpathSync(temp);
+        // Use native OS realpath for better Windows compatibility
+        return realpathSync.native(temp);
     }
     catch {
-        // Fallback: if realpathSync fails, return original
-        // (shouldn't happen, but safety first)
-        return temp;
+        // Fallback to regular realpathSync
+        try {
+            // eslint-disable-next-line security/detect-non-literal-fs-filename -- Safe: temp is from tmpdir()
+            return realpathSync(temp);
+        }
+        catch {
+            // Last resort: return original
+            return temp;
+        }
     }
 }
 /**
@@ -77,41 +83,64 @@ export function normalizedTmpdir() {
  * ```
  */
 export function mkdirSyncReal(path, options) {
-    // eslint-disable-next-line security/detect-non-literal-fs-filename -- Safe: path is function parameter from test setup (tmpdir + test name), not user input
+    // eslint-disable-next-line security/detect-non-literal-fs-filename -- This IS the mkdirSyncReal() implementation
     mkdirSync(path, options);
     try {
-        // eslint-disable-next-line security/detect-non-literal-fs-filename -- Safe: path is function parameter from test setup (tmpdir + test name), not user input
-        return realpathSync(path);
+        // Use native OS realpath for better Windows compatibility
+        return realpathSync.native(path);
     }
     catch {
-        // Fallback: if realpathSync fails, return original
-        // (might happen if directory creation failed)
-        return path;
+        // Fallback to regular realpathSync
+        try {
+            // eslint-disable-next-line security/detect-non-literal-fs-filename -- Safe: path is function parameter
+            return realpathSync(path);
+        }
+        catch {
+            // Last resort: return original
+            return path;
+        }
     }
 }
 /**
  * Normalize any path (resolve short names on Windows)
  *
  * Utility to normalize paths without creating directories.
- * Useful when you have an existing path that might contain short names.
+ * Accepts multiple path segments like path.resolve() for convenience.
  *
- * @param path - Path to normalize
- * @returns Real (normalized) path, or original if normalization fails
+ * @param paths - Path segments to join and normalize
+ * @returns Real (normalized) path, or resolved path if normalization fails
  *
  * @example
  * ```typescript
+ * // Single path
  * const shortPath = 'C:\\PROGRA~1\\nodejs';
  * const longPath = normalizePath(shortPath);
  * // Result: 'C:\\Program Files\\nodejs'
+ *
+ * // Multiple segments (like path.resolve)
+ * const cliPath = normalizePath(__dirname, '../../dist/bin.js');
+ * // Resolves to absolute path AND normalizes short names
  * ```
  */
-export function normalizePath(path) {
+export function normalizePath(...paths) {
+    // First resolve to absolute path (handles multiple segments)
+    const resolved = paths.length === 1
+        ? paths[0]
+        : require('node:path').resolve(...paths);
     try {
-        // eslint-disable-next-line security/detect-non-literal-fs-filename -- Safe: path is function parameter from test setup (tmpdir + test name), not user input
-        return realpathSync(path);
+        // Use native OS realpath for better Windows compatibility
+        return realpathSync.native(resolved);
     }
     catch {
-        return path;
+        // Fallback to regular realpathSync
+        try {
+            // eslint-disable-next-line security/detect-non-literal-fs-filename -- Safe: resolved is from path.resolve
+            return realpathSync(resolved);
+        }
+        catch {
+            // Last resort: return resolved path (better than original input)
+            return resolved;
+        }
     }
 }
 //# sourceMappingURL=path-helpers.js.map

package/dist/path-helpers.js.map

@@ -1 +1 @@
-{"version":3,"file":"path-helpers.js","sourceRoot":"","sources":["../src/path-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEjC;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC;IACtB,IAAI,CAAC;QACH,sJAAsJ;QACtJ,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,mDAAmD;QACnD,uCAAuC;QACvC,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,UAAU,aAAa,CAC3B,IAAY,EACZ,OAAyC;IAEzC,4JAA4J;IAC5J,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAEzB,IAAI,CAAC;QACH,4JAA4J;QAC5J,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,mDAAmD;QACnD,8CAA8C;QAC9C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,UAAU,aAAa,CAAC,IAAY;IACxC,IAAI,CAAC;QACH,4JAA4J;QAC5J,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}
+{"version":3,"file":"path-helpers.js","sourceRoot":"","sources":["../src/path-helpers.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAClD,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAIjC;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AACH,MAAM,UAAU,gBAAgB;IAE9B,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC;IACtB,IAAI,CAAC;QACH,0DAA0D;QAC1D,OAAO,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,mCAAmC;QACnC,IAAI,CAAC;YACH,kGAAkG;YAClG,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,MAAM,UAAU,aAAa,CAC3B,IAAY,EACZ,OAAyC;IAEzC,iHAAiH;IACjH,SAAS,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAEzB,IAAI,CAAC;QACH,0DAA0D;QAC1D,OAAO,YAAY,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC;IAAC,MAAM,CAAC;QACP,mCAAmC;QACnC,IAAI,CAAC;YACH,uGAAuG;YACvG,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC;QAC5B,CAAC;QAAC,MAAM,CAAC;YACP,+BAA+B;YAC/B,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,MAAM,UAAU,aAAa,CAAC,GAAG,KAAe;IAC9C,6DAA6D;IAC7D,MAAM,QAAQ,GAAG,KAAK,CAAC,MAAM,KAAK,CAAC;QACjC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC;QACV,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,OAAO,CAAC,GAAG,KAAK,CAAC,CAAC;IAE3C,IAAI,CAAC;QACH,0DAA0D;QAC1D,OAAO,YAAY,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,mCAAmC;QACnC,IAAI,CAAC;YACH,0GAA0G;YAC1G,OAAO,YAAY,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;QAAC,MAAM,CAAC;YACP,iEAAiE;YACjE,OAAO,QAAQ,CAAC;QAClB,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/safe-exec.d.ts

@@ -116,38 +116,91 @@ export declare function isToolAvailable(toolName: string): boolean;
  */
 export declare function getToolVersion(toolName: string, versionArg?: string): string | null;
 /**
- * Execute a command from a command string (convenience wrapper)
+ * Check if a command string contains shell-specific syntax
  *
- * **WARNING**: This function parses command strings using simple whitespace splitting.
- * It does NOT handle shell quoting, escaping, or complex command syntax.
- * Use only for simple commands like "gitleaks protect --staged --verbose".
+ * Detects patterns that require shell interpretation:
+ * - Quotes (", ', `)
+ * - Glob patterns (*, ?, [])
+ * - Variable expansion ($)
+ * - Pipes/redirects/operators (|, >, <, &, ;, &&, ||)
  *
- * For complex commands with quoted arguments, pipes, or shell features,
- * use `safeExecSync()` directly with an explicit args array.
+ * Performance: Single-pass O(n) algorithm with O(1) Set lookups.
+ * Short-circuits on first match (no backtracking, no regex overhead).
  *
- * @param commandString - Command string to execute (e.g., "git status --short")
+ * @param commandString - Command string to check
+ * @returns Object with detection result and details
+ *
+ * @example
+ * ```typescript
+ * const check1 = hasShellSyntax('npm test');
+ * console.log(check1); // { hasShellSyntax: false }
+ *
+ * const check2 = hasShellSyntax('npm test && npm run build');
+ * console.log(check2);
+ * // {
+ * //   hasShellSyntax: true,
+ * //   pattern: 'pipes/redirects/operators',
+ * //   example: 'cat file | grep text'
+ * // }
+ * ```
+ */
+export declare function hasShellSyntax(commandString: string): {
+    hasShellSyntax: boolean;
+    pattern?: string;
+    example?: string;
+};
+/**
+ * Execute a command from a simple command string (convenience wrapper)
+ *
+ * **IMPORTANT: Shift-Left Validation** - This function actively rejects shell syntax
+ * to prevent subtle bugs where shell features are expected but not executed.
+ *
+ * **Supported:**
+ * - Simple commands: `git status`, `pnpm test`, `node --version`
+ * - Commands with flags: `git log --oneline --max-count 10`
+ * - Multiple unquoted arguments: `gh pr view 123`
+ *
+ * **NOT Supported (will throw error):**
+ * - Quotes: `echo "hello world"` ❌
+ * - Glob patterns: `ls *.txt` ❌
+ * - Variable expansion: `echo $HOME` ❌
+ * - Pipes/redirects: `cat file | grep text` ❌
+ * - Command chaining: `build && test` ❌
+ *
+ * **Why these restrictions?**
+ * We don't use a shell interpreter (for security), so shell features like
+ * glob expansion, variable substitution, and pipes don't work. By detecting
+ * and rejecting these patterns, we force you to use the safer `safeExecSync()`
+ * API with explicit argument arrays.
+ *
+ * @param commandString - Simple command string (no shell syntax)
  * @param options - Execution options
  * @returns Command output (Buffer or string depending on encoding option)
+ * @throws Error if command contains shell-specific syntax
  *
  * @example
  * ```typescript
- * // Simple command with flags
- * safeExecFromString('gitleaks protect --staged --verbose');
- *
- * // Multiple arguments
- * safeExecFromString('gh pr view --json number,title');
+ * // ✅ Simple commands (these work)
+ * safeExecFromString('git status');
+ * safeExecFromString('pnpm test --watch');
+ * safeExecFromString('gh pr view 123');
  * ```
  *
  * @example
  * ```typescript
- * // ❌ DON'T: Complex shell features won't work
- * safeExecFromString('cat file.txt | grep "error"'); // Pipe ignored
- * safeExecFromString('echo "hello world"'); // Quotes not parsed correctly
- *
- * // ✅ DO: Use safeExecSync directly for these cases
- * safeExecSync('grep', ['error', 'file.txt']);
- * safeExecSync('echo', ['hello world']);
+ * // ❌ Shell syntax (these throw errors)
+ * safeExecFromString('echo "hello"');         // Quotes
+ * safeExecFromString('ls *.txt');             // Glob pattern
+ * safeExecFromString('cat file | grep text'); // Pipe
+ * safeExecFromString('echo $HOME');           // Variable expansion
+ *
+ * // ✅ Use safeExecSync() instead with explicit arguments
+ * safeExecSync('echo', ['hello']);
+ * safeExecSync('ls', ['file1.txt', 'file2.txt']); // Or use glob library
+ * safeExecSync('grep', ['text', 'file']);
+ * safeExecSync('echo', [process.env.HOME || '']);
  * ```
+ *
  */
 export declare function safeExecFromString(commandString: string, options?: SafeExecOptions): Buffer | string;
 //# sourceMappingURL=safe-exec.d.ts.map

package/dist/safe-exec.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"safe-exec.d.ts","sourceRoot":"","sources":["../src/safe-exec.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,kEAAkE;IAClE,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC,CAAC;IACjE,6EAA6E;IAC7E,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,wBAAwB;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,0CAA0C;IAC1C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACxB,qBAAqB;IACrB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACxB,8CAA8C;IAC9C,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;IAC9C,SAAgB,MAAM,EAAE,MAAM,CAAC;IAC/B,SAAgB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACxC,SAAgB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;gBAGtC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,GAAG,MAAM,EACvB,MAAM,EAAE,MAAM,GAAG,MAAM;CAQ1B;AAwED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,MAAM,EACf,IAAI,GAAE,MAAM,EAAO,EACnB,OAAO,GAAE,eAAoB,GAC5B,MAAM,GAAG,MAAM,CAsCjB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,IAAI,GAAE,MAAM,EAAO,EACnB,OAAO,GAAE,eAAoB,GAC5B,cAAc,CAoChB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAOzD;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,MAAM,EAChB,UAAU,GAAE,MAAoB,GAC/B,MAAM,GAAG,IAAI,CAUf;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,MAAM,EACrB,OAAO,GAAE,eAAoB,GAC5B,MAAM,GAAG,MAAM,CAMjB"}
+{"version":3,"file":"safe-exec.d.ts","sourceRoot":"","sources":["../src/safe-exec.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,eAAe;IAC9B,kEAAkE;IAClE,QAAQ,CAAC,EAAE,cAAc,CAAC;IAC1B,iCAAiC;IACjC,KAAK,CAAC,EAAE,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC,MAAM,GAAG,QAAQ,GAAG,SAAS,CAAC,CAAC;IACjE,6EAA6E;IAC7E,GAAG,CAAC,EAAE,MAAM,CAAC,UAAU,CAAC;IACxB,wBAAwB;IACxB,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,0CAA0C;IAC1C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8BAA8B;IAC9B,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB;AAED;;GAEG;AACH,MAAM,WAAW,cAAc;IAC7B,8BAA8B;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,sBAAsB;IACtB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACxB,qBAAqB;IACrB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACxB,8CAA8C;IAC9C,KAAK,CAAC,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,qBAAa,qBAAsB,SAAQ,KAAK;IAC9C,SAAgB,MAAM,EAAE,MAAM,CAAC;IAC/B,SAAgB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;IACxC,SAAgB,MAAM,EAAE,MAAM,GAAG,MAAM,CAAC;gBAGtC,OAAO,EAAE,MAAM,EACf,MAAM,EAAE,MAAM,EACd,MAAM,EAAE,MAAM,GAAG,MAAM,EACvB,MAAM,EAAE,MAAM,GAAG,MAAM;CAQ1B;AAwED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,YAAY,CAC1B,OAAO,EAAE,MAAM,EACf,IAAI,GAAE,MAAM,EAAO,EACnB,OAAO,GAAE,eAAoB,GAC5B,MAAM,GAAG,MAAM,CAsCjB;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,IAAI,GAAE,MAAM,EAAO,EACnB,OAAO,GAAE,eAAoB,GAC5B,cAAc,CAoChB;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAOzD;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,cAAc,CAC5B,QAAQ,EAAE,MAAM,EAChB,UAAU,GAAE,MAAoB,GAC/B,MAAM,GAAG,IAAI,CAUf;AAuBD;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,wBAAgB,cAAc,CAAC,aAAa,EAAE,MAAM,GAAG;IACrD,cAAc,EAAE,OAAO,CAAC;IACxB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,OAAO,CAAC,EAAE,MAAM,CAAC;CAClB,CA0CA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,MAAM,EACrB,OAAO,GAAE,eAAoB,GAC5B,MAAM,GAAG,MAAM,CAoBjB"}

package/dist/safe-exec.js

@@ -240,40 +240,156 @@ export function getToolVersion(toolName, versionArg = '--version') {
     }
 }
 /**
- * Execute a command from a command string (convenience wrapper)
+ * Shell syntax character sets for hyper-efficient single-pass detection
  *
- * **WARNING**: This function parses command strings using simple whitespace splitting.
- * It does NOT handle shell quoting, escaping, or complex command syntax.
- * Use only for simple commands like "gitleaks protect --staged --verbose".
+ * Used by hasShellSyntax() and safeExecFromString() for shift-left validation.
  *
- * For complex commands with quoted arguments, pipes, or shell features,
- * use `safeExecSync()` directly with an explicit args array.
+ * Performance: O(n) single pass with O(1) Set lookups - no regex backtracking.
+ */
+const QUOTE_CHARS = new Set(['"', "'", '`']);
+const GLOB_CHARS = new Set(['*', '?', '[', ']']);
+const OPERATOR_CHARS = new Set(['|', '>', '<', '&', ';']);
+/**
+ * Metadata for each shell syntax type (used for error messages)
+ */
+const SHELL_SYNTAX_METADATA = {
+    quotes: { name: 'quotes', example: 'echo "hello"' },
+    globs: { name: 'glob patterns', example: 'ls *.txt' },
+    variables: { name: 'variable expansion', example: 'echo $HOME' },
+    operators: { name: 'pipes/redirects/operators', example: 'cat file | grep text' },
+};
+/**
+ * Check if a command string contains shell-specific syntax
+ *
+ * Detects patterns that require shell interpretation:
+ * - Quotes (", ', `)
+ * - Glob patterns (*, ?, [])
+ * - Variable expansion ($)
+ * - Pipes/redirects/operators (|, >, <, &, ;, &&, ||)
  *
- * @param commandString - Command string to execute (e.g., "git status --short")
+ * Performance: Single-pass O(n) algorithm with O(1) Set lookups.
+ * Short-circuits on first match (no backtracking, no regex overhead).
+ *
+ * @param commandString - Command string to check
+ * @returns Object with detection result and details
+ *
+ * @example
+ * ```typescript
+ * const check1 = hasShellSyntax('npm test');
+ * console.log(check1); // { hasShellSyntax: false }
+ *
+ * const check2 = hasShellSyntax('npm test && npm run build');
+ * console.log(check2);
+ * // {
+ * //   hasShellSyntax: true,
+ * //   pattern: 'pipes/redirects/operators',
+ * //   example: 'cat file | grep text'
+ * // }
+ * ```
+ */
+export function hasShellSyntax(commandString) {
+    // Single-pass check with early return on first match
+    for (const char of commandString) {
+        // Check quotes: " ' `
+        if (QUOTE_CHARS.has(char)) {
+            return {
+                hasShellSyntax: true,
+                pattern: SHELL_SYNTAX_METADATA.quotes.name,
+                example: SHELL_SYNTAX_METADATA.quotes.example,
+            };
+        }
+        // Check glob patterns: * ? [ ]
+        if (GLOB_CHARS.has(char)) {
+            return {
+                hasShellSyntax: true,
+                pattern: SHELL_SYNTAX_METADATA.globs.name,
+                example: SHELL_SYNTAX_METADATA.globs.example,
+            };
+        }
+        // Check variable expansion: $
+        if (char === '$') {
+            return {
+                hasShellSyntax: true,
+                pattern: SHELL_SYNTAX_METADATA.variables.name,
+                example: SHELL_SYNTAX_METADATA.variables.example,
+            };
+        }
+        // Check operators: | > < & ;
+        if (OPERATOR_CHARS.has(char)) {
+            return {
+                hasShellSyntax: true,
+                pattern: SHELL_SYNTAX_METADATA.operators.name,
+                example: SHELL_SYNTAX_METADATA.operators.example,
+            };
+        }
+    }
+    return { hasShellSyntax: false };
+}
+/**
+ * Execute a command from a simple command string (convenience wrapper)
+ *
+ * **IMPORTANT: Shift-Left Validation** - This function actively rejects shell syntax
+ * to prevent subtle bugs where shell features are expected but not executed.
+ *
+ * **Supported:**
+ * - Simple commands: `git status`, `pnpm test`, `node --version`
+ * - Commands with flags: `git log --oneline --max-count 10`
+ * - Multiple unquoted arguments: `gh pr view 123`
+ *
+ * **NOT Supported (will throw error):**
+ * - Quotes: `echo "hello world"` ❌
+ * - Glob patterns: `ls *.txt` ❌
+ * - Variable expansion: `echo $HOME` ❌
+ * - Pipes/redirects: `cat file | grep text` ❌
+ * - Command chaining: `build && test` ❌
+ *
+ * **Why these restrictions?**
+ * We don't use a shell interpreter (for security), so shell features like
+ * glob expansion, variable substitution, and pipes don't work. By detecting
+ * and rejecting these patterns, we force you to use the safer `safeExecSync()`
+ * API with explicit argument arrays.
+ *
+ * @param commandString - Simple command string (no shell syntax)
  * @param options - Execution options
  * @returns Command output (Buffer or string depending on encoding option)
+ * @throws Error if command contains shell-specific syntax
  *
  * @example
  * ```typescript
- * // Simple command with flags
- * safeExecFromString('gitleaks protect --staged --verbose');
- *
- * // Multiple arguments
- * safeExecFromString('gh pr view --json number,title');
+ * // ✅ Simple commands (these work)
+ * safeExecFromString('git status');
+ * safeExecFromString('pnpm test --watch');
+ * safeExecFromString('gh pr view 123');
  * ```
  *
  * @example
  * ```typescript
- * // ❌ DON'T: Complex shell features won't work
- * safeExecFromString('cat file.txt | grep "error"'); // Pipe ignored
- * safeExecFromString('echo "hello world"'); // Quotes not parsed correctly
- *
- * // ✅ DO: Use safeExecSync directly for these cases
- * safeExecSync('grep', ['error', 'file.txt']);
- * safeExecSync('echo', ['hello world']);
+ * // ❌ Shell syntax (these throw errors)
+ * safeExecFromString('echo "hello"');         // Quotes
+ * safeExecFromString('ls *.txt');             // Glob pattern
+ * safeExecFromString('cat file | grep text'); // Pipe
+ * safeExecFromString('echo $HOME');           // Variable expansion
+ *
+ * // ✅ Use safeExecSync() instead with explicit arguments
+ * safeExecSync('echo', ['hello']);
+ * safeExecSync('ls', ['file1.txt', 'file2.txt']); // Or use glob library
+ * safeExecSync('grep', ['text', 'file']);
+ * safeExecSync('echo', [process.env.HOME || '']);
  * ```
+ *
  */
 export function safeExecFromString(commandString, options = {}) {
+    // Detect shell-specific syntax (shift-left validation)
+    // This prevents subtle bugs where shell features are expected but not executed
+    const check = hasShellSyntax(commandString);
+    if (check.hasShellSyntax) {
+        throw new Error(`safeExecFromString does not support ${check.pattern}.\n` +
+            `Found in: ${commandString}\n\n` +
+            `Use safeExecSync() with explicit argument array instead:\n` +
+            `  // Bad: safeExecFromString('${check.example}')\n` +
+            `  // Good: safeExecSync('command', ['arg1', 'arg2'], options)\n\n` +
+            `This ensures no shell interpreter is used and arguments are explicit.`);
+    }
     const parts = commandString.trim().split(/\s+/);
     const command = parts[0];
     const args = parts.slice(1);

package/dist/safe-exec.js.map

@@ -1 +1 @@
-{"version":3,"file":"safe-exec.js","sourceRoot":"","sources":["../src/safe-exec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAyB,MAAM,oBAAoB,CAAC;AAEtE,OAAO,KAAK,MAAM,OAAO,CAAC;AAkC1B;;GAEG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9B,MAAM,CAAS;IACf,MAAM,CAAkB;IACxB,MAAM,CAAkB;IAExC,YACE,OAAe,EACf,MAAc,EACd,MAAuB,EACvB,MAAuB;QAEvB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,WAAmB;IAC1D,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,wFAAwF;IACxF,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yEAAyE;IACzE,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC5C,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAChG,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAe,EACf,OAAiB,EAAE,EACnB,UAA2B,EAAE;IAE7B,4DAA4D;IAC5D,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAExC,wDAAwD;IACxD,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAEtD,MAAM,YAAY,GAAqB;QACrC,KAAK,EAAE,QAAQ,EAAE,uFAAuF;QACxG,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,MAAM;QAC9B,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;IAEF,yEAAyE;IACzE,qEAAqE;IACrE,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC;IACrD,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;IAE1D,yBAAyB;IACzB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,MAAM,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,kBAAkB;IAClB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,qBAAqB,CAC7B,iCAAiC,MAAM,CAAC,MAAM,IAAI,SAAS,KAAK,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAC3F,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,EACnB,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,MAAM,CACd,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC;AACvB,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAe,EACf,OAAiB,EAAE,EACnB,UAA2B,EAAE;IAE7B,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAExC,wDAAwD;QACxD,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAEtD,MAAM,YAAY,GAAqB;YACrC,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,MAAM;YAC9B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,qEAAqE;QACrE,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC;QACrD,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;QAE1D,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,yCAAyC;QACzC,OAAO;YACL,MAAM,EAAE,CAAC,CAAC;YACV,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,IAAI,CAAC;QACH,YAAY,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAgB,EAChB,aAAqB,WAAW;IAEhC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;YACnD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,MAAM;SACd,CAAC,CAAC;QACH,OAAQ,OAAkB,CAAC,IAAI,EAAE,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AACH,MAAM,UAAU,kBAAkB,CAChC,aAAqB,EACrB,UAA2B,EAAE;IAE7B,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE5B,OAAO,YAAY,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC"}
+{"version":3,"file":"safe-exec.js","sourceRoot":"","sources":["../src/safe-exec.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAyB,MAAM,oBAAoB,CAAC;AAEtE,OAAO,KAAK,MAAM,OAAO,CAAC;AAkC1B;;GAEG;AACH,MAAM,OAAO,qBAAsB,SAAQ,KAAK;IAC9B,MAAM,CAAS;IACf,MAAM,CAAkB;IACxB,MAAM,CAAkB;IAExC,YACE,OAAe,EACf,MAAc,EACd,MAAuB,EACvB,MAAuB;QAEvB,KAAK,CAAC,OAAO,CAAC,CAAC;QACf,IAAI,CAAC,IAAI,GAAG,uBAAuB,CAAC;QACpC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;CACF;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AACH,SAAS,cAAc,CAAC,OAAe,EAAE,WAAmB;IAC1D,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;QACjC,OAAO,KAAK,CAAC;IACf,CAAC;IAED,wFAAwF;IACxF,IAAI,OAAO,KAAK,MAAM,EAAE,CAAC;QACvB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,yEAAyE;IACzE,MAAM,SAAS,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;IAC5C,OAAO,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAChG,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,UAAU,YAAY,CAC1B,OAAe,EACf,OAAiB,EAAE,EACnB,UAA2B,EAAE;IAE7B,4DAA4D;IAC5D,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAExC,wDAAwD;IACxD,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IAEtD,MAAM,YAAY,GAAqB;QACrC,KAAK,EAAE,QAAQ,EAAE,uFAAuF;QACxG,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,MAAM;QAC9B,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,GAAG,EAAE,OAAO,CAAC,GAAG;QAChB,SAAS,EAAE,OAAO,CAAC,SAAS;QAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;IAEF,yEAAyE;IACzE,qEAAqE;IACrE,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC;IACrD,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;IAE1D,yBAAyB;IACzB,IAAI,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,MAAM,MAAM,CAAC,KAAK,CAAC;IACrB,CAAC;IAED,kBAAkB;IAClB,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACxB,MAAM,IAAI,qBAAqB,CAC7B,iCAAiC,MAAM,CAAC,MAAM,IAAI,SAAS,KAAK,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAC3F,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC,EACnB,MAAM,CAAC,MAAM,EACb,MAAM,CAAC,MAAM,CACd,CAAC;IACJ,CAAC;IAED,OAAO,MAAM,CAAC,MAAM,CAAC;AACvB,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,cAAc,CAC5B,OAAe,EACf,OAAiB,EAAE,EACnB,UAA2B,EAAE;IAE7B,IAAI,CAAC;QACH,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAExC,wDAAwD;QACxD,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;QAEtD,MAAM,YAAY,GAAqB;YACrC,KAAK,EAAE,QAAQ;YACf,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,MAAM;YAC9B,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,SAAS,EAAE,OAAO,CAAC,SAAS;YAC5B,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,QAAQ,EAAE,OAAO,CAAC,QAAQ;SAC3B,CAAC;QAEF,qEAAqE;QACrE,MAAM,WAAW,GAAG,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC;QACrD,MAAM,MAAM,GAAG,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,YAAY,CAAC,CAAC;QAE1D,OAAO;YACL,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,CAAC;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACxC,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,yCAAyC;QACzC,OAAO;YACL,MAAM,EAAE,CAAC,CAAC;YACV,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;YACvB,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SACjE,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe,CAAC,QAAgB;IAC9C,IAAI,CAAC;QACH,YAAY,CAAC,QAAQ,EAAE,CAAC,WAAW,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC3D,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,cAAc,CAC5B,QAAgB,EAChB,aAAqB,WAAW;IAEhC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC,UAAU,CAAC,EAAE;YACnD,QAAQ,EAAE,MAAM;YAChB,KAAK,EAAE,MAAM;SACd,CAAC,CAAC;QACH,OAAQ,OAAkB,CAAC,IAAI,EAAE,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;GAMG;AACH,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AAC7C,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AACjD,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;AAE1D;;GAEG;AACH,MAAM,qBAAqB,GAAG;IAC5B,MAAM,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,cAAc,EAAE;IACnD,KAAK,EAAE,EAAE,IAAI,EAAE,eAAe,EAAE,OAAO,EAAE,UAAU,EAAE;IACrD,SAAS,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,YAAY,EAAE;IAChE,SAAS,EAAE,EAAE,IAAI,EAAE,2BAA2B,EAAE,OAAO,EAAE,sBAAsB,EAAE;CACzE,CAAC;AAEX;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AACH,MAAM,UAAU,cAAc,CAAC,aAAqB;IAKlD,qDAAqD;IACrD,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QAEjC,sBAAsB;QACtB,IAAI,WAAW,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC1B,OAAO;gBACL,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,qBAAqB,CAAC,MAAM,CAAC,IAAI;gBAC1C,OAAO,EAAE,qBAAqB,CAAC,MAAM,CAAC,OAAO;aAC9C,CAAC;QACJ,CAAC;QAED,+BAA+B;QAC/B,IAAI,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACzB,OAAO;gBACL,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,qBAAqB,CAAC,KAAK,CAAC,IAAI;gBACzC,OAAO,EAAE,qBAAqB,CAAC,KAAK,CAAC,OAAO;aAC7C,CAAC;QACJ,CAAC;QAED,8BAA8B;QAC9B,IAAI,IAAI,KAAK,GAAG,EAAE,CAAC;YACjB,OAAO;gBACL,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,qBAAqB,CAAC,SAAS,CAAC,IAAI;gBAC7C,OAAO,EAAE,qBAAqB,CAAC,SAAS,CAAC,OAAO;aACjD,CAAC;QACJ,CAAC;QAED,6BAA6B;QAC7B,IAAI,cAAc,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YAC7B,OAAO;gBACL,cAAc,EAAE,IAAI;gBACpB,OAAO,EAAE,qBAAqB,CAAC,SAAS,CAAC,IAAI;gBAC7C,OAAO,EAAE,qBAAqB,CAAC,SAAS,CAAC,OAAO;aACjD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,cAAc,EAAE,KAAK,EAAE,CAAC;AACnC,CAAC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoDG;AACH,MAAM,UAAU,kBAAkB,CAChC,aAAqB,EACrB,UAA2B,EAAE;IAE7B,uDAAuD;IACvD,+EAA+E;IAC/E,MAAM,KAAK,GAAG,cAAc,CAAC,aAAa,CAAC,CAAC;IAC5C,IAAI,KAAK,CAAC,cAAc,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,uCAAuC,KAAK,CAAC,OAAO,KAAK;YACvD,aAAa,aAAa,MAAM;YAChC,4DAA4D;YAC5D,iCAAiC,KAAK,CAAC,OAAO,MAAM;YACpD,mEAAmE;YACnE,uEAAuE,CAC1E,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAE5B,OAAO,YAAY,CAAC,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC;AAC9C,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibe-validate/utils",
-  "version": "0.17.6-rc.2",
+  "version": "0.18.0-rc.1",
   "description": "Common utilities for vibe-validate packages (command execution, path normalization)",
   "type": "module",
   "main": "./dist/index.js",