clawsec 0.0.1

package/dist/src/detectors/destructive/index.js

@@ -0,0 +1,168 @@
+/**
+ * Destructive Detector
+ * Main detector that combines shell, cloud, git, and code pattern detection
+ */
+import { createShellDetector } from './shell-detector.js';
+import { createCloudDetector } from './cloud-detector.js';
+import { createCodeDetector } from './code-detector.js';
+// Re-export types
+export * from './types.js';
+// Re-export sub-detectors
+export { ShellDetector, createShellDetector } from './shell-detector.js';
+export { CloudDetector, createCloudDetector } from './cloud-detector.js';
+export { CodeDetector, createCodeDetector } from './code-detector.js';
+// Re-export utility functions
+export { isDangerousPath, matchRmCommand, matchSqlCommand, matchSystemCommand, matchShellCommand, } from './shell-detector.js';
+export { matchAwsCommand, matchGcpCommand, matchAzureCommand, matchKubernetesCommand, matchTerraformCommand, matchGitCommand, matchCloudCommand, } from './cloud-detector.js';
+export { matchPythonCode, matchNodeCode, matchGoCode, matchRustCode, matchRubyCode, matchJavaCode, matchCSharpCode, matchPhpCode, matchCodePattern, } from './code-detector.js';
+/**
+ * No detection result (used when disabled or no match)
+ */
+function noDetection(severity) {
+    return {
+        detected: false,
+        category: 'destructive',
+        severity,
+        confidence: 0,
+        reason: 'No destructive operation detected',
+    };
+}
+/**
+ * Combine multiple detection results, taking the highest confidence
+ */
+function combineResults(results, severity) {
+    const validResults = results.filter((r) => r !== null && r.detected);
+    if (validResults.length === 0) {
+        return noDetection(severity);
+    }
+    // Sort by confidence (highest first)
+    validResults.sort((a, b) => b.confidence - a.confidence);
+    // Take the highest confidence result as primary
+    const primary = validResults[0];
+    // Build combined reason if multiple detections
+    let reason = primary.reason;
+    if (validResults.length > 1) {
+        const additionalReasons = validResults.slice(1).map((r) => r.reason);
+        reason = `${primary.reason}. Additional signals: ${additionalReasons.join('; ')}`;
+    }
+    // Boost confidence if multiple detectors triggered
+    let confidence = primary.confidence;
+    if (validResults.length >= 2) {
+        // Boost confidence but cap at 0.99
+        confidence = Math.min(0.99, confidence + 0.05 * (validResults.length - 1));
+    }
+    return {
+        detected: true,
+        category: 'destructive',
+        severity,
+        confidence,
+        reason,
+        metadata: primary.metadata,
+    };
+}
+/**
+ * Main destructive detector implementation
+ */
+export class DestructiveDetectorImpl {
+    config;
+    shellDetector;
+    cloudDetector;
+    codeDetector;
+    constructor(config) {
+        this.config = config;
+        // Initialize sub-detectors based on config
+        this.shellDetector =
+            config.shell?.enabled !== false
+                ? createShellDetector(config.severity)
+                : null;
+        this.cloudDetector =
+            config.cloud?.enabled !== false
+                ? createCloudDetector(config.severity)
+                : null;
+        this.codeDetector =
+            config.code?.enabled !== false
+                ? createCodeDetector(config.severity)
+                : null;
+    }
+    async detect(context) {
+        // Check if detector is enabled
+        if (!this.config.enabled) {
+            return noDetection(this.config.severity);
+        }
+        const results = [];
+        // Run shell detector
+        if (this.shellDetector) {
+            results.push(this.shellDetector.detect(context));
+        }
+        // Run cloud detector (includes git commands)
+        if (this.cloudDetector) {
+            results.push(this.cloudDetector.detect(context));
+        }
+        // Run code detector
+        if (this.codeDetector) {
+            results.push(this.codeDetector.detect(context));
+        }
+        // Combine results
+        return combineResults(results, this.config.severity);
+    }
+    /**
+     * Get the configured action for detected destructive operations
+     */
+    getAction() {
+        return this.config.action;
+    }
+    /**
+     * Check if the detector is enabled
+     */
+    isEnabled() {
+        return this.config.enabled;
+    }
+    /**
+     * Check if shell detection is enabled
+     */
+    isShellEnabled() {
+        return this.config.shell?.enabled !== false;
+    }
+    /**
+     * Check if cloud detection is enabled
+     */
+    isCloudEnabled() {
+        return this.config.cloud?.enabled !== false;
+    }
+    /**
+     * Check if code detection is enabled
+     */
+    isCodeEnabled() {
+        return this.config.code?.enabled !== false;
+    }
+}
+/**
+ * Create a destructive detector from DestructiveRule configuration
+ */
+export function createDestructiveDetector(rule) {
+    const config = {
+        enabled: rule.enabled,
+        severity: rule.severity,
+        action: rule.action,
+        shell: rule.shell,
+        cloud: rule.cloud,
+        code: rule.code,
+    };
+    return new DestructiveDetectorImpl(config);
+}
+/**
+ * Create a destructive detector with default configuration
+ */
+export function createDefaultDestructiveDetector() {
+    return new DestructiveDetectorImpl({
+        enabled: true,
+        severity: 'critical',
+        action: 'confirm',
+        shell: { enabled: true },
+        cloud: { enabled: true },
+        code: { enabled: true },
+    });
+}
+// Default export
+export default DestructiveDetectorImpl;
+//# sourceMappingURL=index.js.map

package/dist/src/detectors/destructive/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/detectors/destructive/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,OAAO,EAAiB,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAAiB,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAAgB,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAGtE,kBAAkB;AAClB,cAAc,YAAY,CAAC;AAE3B,0BAA0B;AAC1B,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEtE,8BAA8B;AAC9B,OAAO,EACL,eAAe,EACf,cAAc,EACd,eAAe,EACf,kBAAkB,EAClB,iBAAiB,GAClB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,eAAe,EACf,eAAe,EACf,iBAAiB,EACjB,sBAAsB,EACtB,qBAAqB,EACrB,eAAe,EACf,iBAAiB,GAClB,MAAM,qBAAqB,CAAC;AAE7B,OAAO,EACL,eAAe,EACf,aAAa,EACb,WAAW,EACX,aAAa,EACb,aAAa,EACb,aAAa,EACb,eAAe,EACf,YAAY,EACZ,gBAAgB,GACjB,MAAM,oBAAoB,CAAC;AAE5B;;GAEG;AACH,SAAS,WAAW,CAAC,QAAkB;IACrC,OAAO;QACL,QAAQ,EAAE,KAAK;QACf,QAAQ,EAAE,aAAa;QACvB,QAAQ;QACR,UAAU,EAAE,CAAC;QACb,MAAM,EAAE,mCAAmC;KAC5C,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CACrB,OAA8C,EAC9C,QAAkB;IAElB,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CACjC,CAAC,CAAC,EAAmC,EAAE,CAAC,CAAC,KAAK,IAAI,IAAI,CAAC,CAAC,QAAQ,CACjE,CAAC;IAEF,IAAI,YAAY,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC,QAAQ,CAAC,CAAC;IAC/B,CAAC;IAED,qCAAqC;IACrC,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC;IAEzD,gDAAgD;IAChD,MAAM,OAAO,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;IAEhC,+CAA+C;IAC/C,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAC5B,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC5B,MAAM,iBAAiB,GAAG,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;QACrE,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,yBAAyB,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IACpF,CAAC;IAED,mDAAmD;IACnD,IAAI,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;IACpC,IAAI,YAAY,CAAC,MAAM,IAAI,CAAC,EAAE,CAAC;QAC7B,mCAAmC;QACnC,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,UAAU,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,QAAQ,EAAE,aAAa;QACvB,QAAQ;QACR,UAAU;QACV,MAAM;QACN,QAAQ,EAAE,OAAO,CAAC,QAAQ;KAC3B,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,uBAAuB;IAC1B,MAAM,CAA4B;IAClC,aAAa,CAAuB;IACpC,aAAa,CAAuB;IACpC,YAAY,CAAsB;IAE1C,YAAY,MAAiC;QAC3C,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,2CAA2C;QAC3C,IAAI,CAAC,aAAa;YAChB,MAAM,CAAC,KAAK,EAAE,OAAO,KAAK,KAAK;gBAC7B,CAAC,CAAC,mBAAmB,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACtC,CAAC,CAAC,IAAI,CAAC;QAEX,IAAI,CAAC,aAAa;YAChB,MAAM,CAAC,KAAK,EAAE,OAAO,KAAK,KAAK;gBAC7B,CAAC,CAAC,mBAAmB,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACtC,CAAC,CAAC,IAAI,CAAC;QAEX,IAAI,CAAC,YAAY;YACf,MAAM,CAAC,IAAI,EAAE,OAAO,KAAK,KAAK;gBAC5B,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,QAAQ,CAAC;gBACrC,CAAC,CAAC,IAAI,CAAC;IACb,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,OAAyB;QACpC,+BAA+B;QAC/B,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,OAAO,GAA0C,EAAE,CAAC;QAE1D,qBAAqB;QACrB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,6CAA6C;QAC7C,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QACnD,CAAC;QAED,oBAAoB;QACpB,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC;QAClD,CAAC;QAED,kBAAkB;QAClB,OAAO,cAAc,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IAC5B,CAAC;IAED;;OAEG;IACH,SAAS;QACP,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,KAAK,KAAK,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,OAAO,KAAK,KAAK,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,aAAa;QACX,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,OAAO,KAAK,KAAK,CAAC;IAC7C,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,yBAAyB,CACvC,IAAqB;IAErB,MAAM,MAAM,GAA8B;QACxC,OAAO,EAAE,IAAI,CAAC,OAAO;QACrB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI;KAChB,CAAC;IAEF,OAAO,IAAI,uBAAuB,CAAC,MAAM,CAAC,CAAC;AAC7C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gCAAgC;IAC9C,OAAO,IAAI,uBAAuB,CAAC;QACjC,OAAO,EAAE,IAAI;QACb,QAAQ,EAAE,UAAU;QACpB,MAAM,EAAE,SAAS;QACjB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QACxB,KAAK,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;QACxB,IAAI,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE;KACxB,CAAC,CAAC;AACL,CAAC;AAED,iBAAiB;AACjB,eAAe,uBAAuB,CAAC"}

package/dist/src/detectors/destructive/shell-detector.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Shell Detector
+ * Detects dangerous shell commands including file deletion, SQL operations, and system commands
+ */
+import type { ShellMatchResult, DetectionContext, DestructiveDetectionResult, SubDetector } from './types.js';
+import type { Severity } from '../../config/index.js';
+/**
+ * Check if a path is dangerous for recursive deletion
+ */
+export declare function isDangerousPath(path: string): boolean;
+/**
+ * Match rm commands for dangerous operations
+ */
+export declare function matchRmCommand(command: string): ShellMatchResult;
+/**
+ * Match SQL destructive operations
+ */
+export declare function matchSqlCommand(text: string): ShellMatchResult;
+/**
+ * Match system destructive commands
+ */
+export declare function matchSystemCommand(command: string): ShellMatchResult;
+/**
+ * Comprehensive shell command matching
+ */
+export declare function matchShellCommand(command: string): ShellMatchResult;
+/**
+ * Shell detector class
+ */
+export declare class ShellDetector implements SubDetector {
+    private severity;
+    constructor(severity?: Severity);
+    /**
+     * Extract command from tool context
+     */
+    private extractCommand;
+    detect(context: DetectionContext): DestructiveDetectionResult | null;
+}
+/**
+ * Create a shell detector with the given severity
+ */
+export declare function createShellDetector(severity?: Severity): ShellDetector;
+//# sourceMappingURL=shell-detector.d.ts.map

package/dist/src/detectors/destructive/shell-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell-detector.d.ts","sourceRoot":"","sources":["../../../../src/detectors/destructive/shell-detector.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EACV,gBAAgB,EAChB,gBAAgB,EAChB,0BAA0B,EAC1B,WAAW,EACZ,MAAM,YAAY,CAAC;AACpB,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AA6EtD;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CA+BrD;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,CAyDhE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,gBAAgB,CAgB9D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,CAgBpE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,CAoBnE;AAED;;GAEG;AACH,qBAAa,aAAc,YAAW,WAAW;IAC/C,OAAO,CAAC,QAAQ,CAAW;gBAEf,QAAQ,GAAE,QAAqB;IAI3C;;OAEG;IACH,OAAO,CAAC,cAAc;IAuDtB,MAAM,CAAC,OAAO,EAAE,gBAAgB,GAAG,0BAA0B,GAAG,IAAI;CA0BrE;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,GAAE,QAAqB,GAAG,aAAa,CAElF"}

package/dist/src/detectors/destructive/shell-detector.js

@@ -0,0 +1,302 @@
+/**
+ * Shell Detector
+ * Detects dangerous shell commands including file deletion, SQL operations, and system commands
+ */
+/**
+ * Dangerous paths that should never be deleted recursively
+ */
+const DANGEROUS_PATHS = [
+    '/',
+    '/home',
+    '/etc',
+    '/var',
+    '/usr',
+    '/bin',
+    '/sbin',
+    '/lib',
+    '/lib64',
+    '/boot',
+    '/root',
+    '/sys',
+    '/proc',
+    '/dev',
+    '~',
+    '$HOME',
+    '%USERPROFILE%',
+    'C:\\',
+    'C:\\Windows',
+    'C:\\Program Files',
+];
+/**
+ * Patterns for rm commands with recursive/force flags
+ */
+const RM_DANGEROUS_PATTERNS = [
+    // rm with -rf, -r -f, -fr flags
+    /\brm\s+(?:-[rRfvP]+\s+)*(?:-[rR][^\s]*|-[^\s]*[rR])\s*(?:-[^\s]+\s+)*(\S+)/i,
+    // rm -r or rm -R alone
+    /\brm\s+(?:-[^\s]+\s+)*-[rR]\s+(\S+)/i,
+    // rm -f (force) which can be dangerous
+    /\brm\s+(?:-[^\s]+\s+)*-[fF]\s+(\S+)/i,
+];
+/**
+ * SQL destructive operations
+ */
+const SQL_PATTERNS = [
+    // DROP DATABASE
+    { pattern: /\bDROP\s+DATABASE\s+(?:IF\s+EXISTS\s+)?[`"']?(\w+)[`"']?/i, operation: 'DROP DATABASE', critical: true },
+    // DROP TABLE
+    { pattern: /\bDROP\s+TABLE\s+(?:IF\s+EXISTS\s+)?[`"']?(\w+)[`"']?/i, operation: 'DROP TABLE', critical: true },
+    // TRUNCATE TABLE
+    { pattern: /\bTRUNCATE\s+(?:TABLE\s+)?[`"']?(\w+)[`"']?/i, operation: 'TRUNCATE TABLE', critical: true },
+    // DELETE FROM without WHERE (dangerous)
+    { pattern: /\bDELETE\s+FROM\s+[`"']?(\w+)[`"']?\s*(?:;|$)/i, operation: 'DELETE FROM (no WHERE)', critical: true },
+    // DROP SCHEMA
+    { pattern: /\bDROP\s+SCHEMA\s+(?:IF\s+EXISTS\s+)?[`"']?(\w+)[`"']?/i, operation: 'DROP SCHEMA', critical: true },
+];
+/**
+ * System destructive commands
+ */
+const SYSTEM_DESTRUCTIVE_PATTERNS = [
+    // mkfs - format filesystem
+    { pattern: /\bmkfs(?:\.\w+)?\s+(\S+)/i, operation: 'mkfs', description: 'Format filesystem' },
+    // dd writing to block device
+    { pattern: /\bdd\s+.*\bof=\s*\/dev\/(\S+)/i, operation: 'dd to device', description: 'Write to block device' },
+    // chmod 777 (world-writable) on dangerous paths
+    { pattern: /\bchmod\s+(?:-[rR]\s+)?777\s+(\S+)/i, operation: 'chmod 777', description: 'Set world-writable permissions' },
+    // Fork bomb patterns
+    { pattern: /:\(\)\s*\{\s*:\|:&\s*\}\s*;?\s*:/i, operation: 'fork bomb', description: 'Fork bomb detected' },
+    { pattern: /\bforkbomb\b/i, operation: 'fork bomb', description: 'Fork bomb detected' },
+    // shred - secure delete
+    { pattern: /\bshred\s+(?:-[^\s]+\s+)*(\S+)/i, operation: 'shred', description: 'Secure file deletion' },
+    // Overwrite with /dev/null or /dev/zero
+    { pattern: /\bcat\s+\/dev\/(?:null|zero)\s*>\s*(\S+)/i, operation: 'overwrite file', description: 'Overwrite file with null/zero' },
+    // wipefs
+    { pattern: /\bwipefs\s+(?:-[^\s]+\s+)*(\S+)/i, operation: 'wipefs', description: 'Wipe filesystem signatures' },
+];
+/**
+ * Check if a path is dangerous for recursive deletion
+ */
+export function isDangerousPath(path) {
+    // Normalize path - keep the leading slash, remove trailing slashes
+    const trimmed = path.trim();
+    // Handle root path explicitly
+    if (trimmed === '/' || trimmed === '//' || trimmed === '///') {
+        return true;
+    }
+    // Remove trailing slashes for comparison (but not leading)
+    const normalizedPath = trimmed.replace(/\/+$/, '').toLowerCase();
+    // Check exact matches
+    for (const dangerous of DANGEROUS_PATHS) {
+        const dangerousLower = dangerous.toLowerCase().replace(/\/+$/, '');
+        if (normalizedPath === dangerousLower) {
+            return true;
+        }
+    }
+    // Check if path is just a wildcard or root-level wildcard
+    if (normalizedPath === '*' || normalizedPath === '/*' || normalizedPath === '.*') {
+        return true;
+    }
+    // Check for home directory patterns
+    if (/^~\/?$/.test(trimmed) || /^~\/?\*$/.test(trimmed) || /^\$HOME\/?$/i.test(trimmed) || /^\$HOME\/?\*$/i.test(trimmed)) {
+        return true;
+    }
+    return false;
+}
+/**
+ * Match rm commands for dangerous operations
+ */
+export function matchRmCommand(command) {
+    const commandLower = command.toLowerCase();
+    // Quick check for rm command
+    if (!commandLower.includes('rm ') && !commandLower.includes('rm\t')) {
+        return { matched: false, confidence: 0 };
+    }
+    // Check for recursive/force flags
+    const hasRecursive = /-[rR]/.test(command) || /-[^\s]*[rR]/.test(command);
+    const hasForce = /-[fF]/.test(command) || /-[^\s]*[fF]/.test(command);
+    // Extract the target path(s)
+    for (const pattern of RM_DANGEROUS_PATTERNS) {
+        const match = command.match(pattern);
+        if (match) {
+            const targetPath = match[1];
+            // Check if path is dangerous
+            if (isDangerousPath(targetPath)) {
+                return {
+                    matched: true,
+                    command,
+                    operation: hasRecursive && hasForce ? 'rm -rf' : (hasRecursive ? 'rm -r' : 'rm -f'),
+                    affectedResource: targetPath,
+                    confidence: 0.95,
+                    riskDescription: `Attempting to delete critical system path: ${targetPath}`,
+                };
+            }
+            // Even if not a dangerous path, rm -rf is risky
+            if (hasRecursive && hasForce) {
+                return {
+                    matched: true,
+                    command,
+                    operation: 'rm -rf',
+                    affectedResource: targetPath,
+                    confidence: 0.85,
+                    riskDescription: `Recursive force deletion of: ${targetPath}`,
+                };
+            }
+            // rm -r alone is still risky
+            if (hasRecursive) {
+                return {
+                    matched: true,
+                    command,
+                    operation: 'rm -r',
+                    affectedResource: targetPath,
+                    confidence: 0.75,
+                    riskDescription: `Recursive deletion of: ${targetPath}`,
+                };
+            }
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Match SQL destructive operations
+ */
+export function matchSqlCommand(text) {
+    for (const { pattern, operation, critical } of SQL_PATTERNS) {
+        const match = text.match(pattern);
+        if (match) {
+            return {
+                matched: true,
+                command: text,
+                operation,
+                affectedResource: match[1],
+                confidence: critical ? 0.95 : 0.85,
+                riskDescription: `SQL ${operation} operation on: ${match[1]}`,
+            };
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Match system destructive commands
+ */
+export function matchSystemCommand(command) {
+    for (const { pattern, operation, description } of SYSTEM_DESTRUCTIVE_PATTERNS) {
+        const match = command.match(pattern);
+        if (match) {
+            return {
+                matched: true,
+                command,
+                operation,
+                affectedResource: match[1] || undefined,
+                confidence: 0.9,
+                riskDescription: description,
+            };
+        }
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Comprehensive shell command matching
+ */
+export function matchShellCommand(command) {
+    // Try rm command matching first
+    const rmResult = matchRmCommand(command);
+    if (rmResult.matched) {
+        return rmResult;
+    }
+    // Try SQL matching
+    const sqlResult = matchSqlCommand(command);
+    if (sqlResult.matched) {
+        return sqlResult;
+    }
+    // Try system command matching
+    const systemResult = matchSystemCommand(command);
+    if (systemResult.matched) {
+        return systemResult;
+    }
+    return { matched: false, confidence: 0 };
+}
+/**
+ * Shell detector class
+ */
+export class ShellDetector {
+    severity;
+    constructor(severity = 'critical') {
+        this.severity = severity;
+    }
+    /**
+     * Extract command from tool context
+     */
+    extractCommand(context) {
+        const input = context.toolInput;
+        // Direct command field
+        if (typeof input.command === 'string') {
+            return input.command;
+        }
+        // Shell/bash command field
+        if (typeof input.shell === 'string') {
+            return input.shell;
+        }
+        if (typeof input.bash === 'string') {
+            return input.bash;
+        }
+        // Script field
+        if (typeof input.script === 'string') {
+            return input.script;
+        }
+        // Code field (might contain shell commands)
+        if (typeof input.code === 'string') {
+            return input.code;
+        }
+        // Query field (for SQL)
+        if (typeof input.query === 'string') {
+            return input.query;
+        }
+        // SQL field
+        if (typeof input.sql === 'string') {
+            return input.sql;
+        }
+        // Statement field
+        if (typeof input.statement === 'string') {
+            return input.statement;
+        }
+        // Text content that might contain commands
+        if (typeof input.text === 'string') {
+            return input.text;
+        }
+        // Content field
+        if (typeof input.content === 'string') {
+            return input.content;
+        }
+        return null;
+    }
+    detect(context) {
+        const command = this.extractCommand(context);
+        if (!command) {
+            return null;
+        }
+        const result = matchShellCommand(command);
+        if (!result.matched) {
+            return null;
+        }
+        return {
+            detected: true,
+            category: 'destructive',
+            severity: this.severity,
+            confidence: result.confidence,
+            reason: result.riskDescription || `Dangerous shell operation detected: ${result.operation}`,
+            metadata: {
+                command: result.command,
+                type: 'shell',
+                operation: result.operation,
+                affectedResource: result.affectedResource,
+            },
+        };
+    }
+}
+/**
+ * Create a shell detector with the given severity
+ */
+export function createShellDetector(severity = 'critical') {
+    return new ShellDetector(severity);
+}
+//# sourceMappingURL=shell-detector.js.map

package/dist/src/detectors/destructive/shell-detector.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"shell-detector.js","sourceRoot":"","sources":["../../../../src/detectors/destructive/shell-detector.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH;;GAEG;AACH,MAAM,eAAe,GAAG;IACtB,GAAG;IACH,OAAO;IACP,MAAM;IACN,MAAM;IACN,MAAM;IACN,MAAM;IACN,OAAO;IACP,MAAM;IACN,QAAQ;IACR,OAAO;IACP,OAAO;IACP,MAAM;IACN,OAAO;IACP,MAAM;IACN,GAAG;IACH,OAAO;IACP,eAAe;IACf,MAAM;IACN,aAAa;IACb,mBAAmB;CACpB,CAAC;AAEF;;GAEG;AACH,MAAM,qBAAqB,GAAG;IAC5B,gCAAgC;IAChC,6EAA6E;IAC7E,uBAAuB;IACvB,sCAAsC;IACtC,uCAAuC;IACvC,sCAAsC;CACvC,CAAC;AAEF;;GAEG;AACH,MAAM,YAAY,GAAG;IACnB,gBAAgB;IAChB,EAAE,OAAO,EAAE,2DAA2D,EAAE,SAAS,EAAE,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE;IACpH,aAAa;IACb,EAAE,OAAO,EAAE,wDAAwD,EAAE,SAAS,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,EAAE;IAC9G,iBAAiB;IACjB,EAAE,OAAO,EAAE,8CAA8C,EAAE,SAAS,EAAE,gBAAgB,EAAE,QAAQ,EAAE,IAAI,EAAE;IACxG,wCAAwC;IACxC,EAAE,OAAO,EAAE,gDAAgD,EAAE,SAAS,EAAE,wBAAwB,EAAE,QAAQ,EAAE,IAAI,EAAE;IAClH,cAAc;IACd,EAAE,OAAO,EAAE,yDAAyD,EAAE,SAAS,EAAE,aAAa,EAAE,QAAQ,EAAE,IAAI,EAAE;CACjH,CAAC;AAEF;;GAEG;AACH,MAAM,2BAA2B,GAAG;IAClC,2BAA2B;IAC3B,EAAE,OAAO,EAAE,2BAA2B,EAAE,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,mBAAmB,EAAE;IAC7F,6BAA6B;IAC7B,EAAE,OAAO,EAAE,gCAAgC,EAAE,SAAS,EAAE,cAAc,EAAE,WAAW,EAAE,uBAAuB,EAAE;IAC9G,gDAAgD;IAChD,EAAE,OAAO,EAAE,qCAAqC,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,gCAAgC,EAAE;IACzH,qBAAqB;IACrB,EAAE,OAAO,EAAE,mCAAmC,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,oBAAoB,EAAE;IAC3G,EAAE,OAAO,EAAE,eAAe,EAAE,SAAS,EAAE,WAAW,EAAE,WAAW,EAAE,oBAAoB,EAAE;IACvF,wBAAwB;IACxB,EAAE,OAAO,EAAE,iCAAiC,EAAE,SAAS,EAAE,OAAO,EAAE,WAAW,EAAE,sBAAsB,EAAE;IACvG,wCAAwC;IACxC,EAAE,OAAO,EAAE,2CAA2C,EAAE,SAAS,EAAE,gBAAgB,EAAE,WAAW,EAAE,+BAA+B,EAAE;IACnI,SAAS;IACT,EAAE,OAAO,EAAE,kCAAkC,EAAE,SAAS,EAAE,QAAQ,EAAE,WAAW,EAAE,4BAA4B,EAAE;CAChH,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,mEAAmE;IACnE,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;IAE5B,8BAA8B;IAC9B,IAAI,OAAO,KAAK,GAAG,IAAI,OAAO,KAAK,IAAI,IAAI,OAAO,KAAK,KAAK,EAAE,CAAC;QAC7D,OAAO,IAAI,CAAC;IACd,CAAC;IAED,2DAA2D;IAC3D,MAAM,cAAc,GAAG,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IAEjE,sBAAsB;IACtB,KAAK,MAAM,SAAS,IAAI,eAAe,EAAE,CAAC;QACxC,MAAM,cAAc,GAAG,SAAS,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;QACnE,IAAI,cAAc,KAAK,cAAc,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,IAAI,cAAc,KAAK,GAAG,IAAI,cAAc,KAAK,IAAI,IAAI,cAAc,KAAK,IAAI,EAAE,CAAC;QACjF,OAAO,IAAI,CAAC;IACd,CAAC;IAED,oCAAoC;IACpC,IAAI,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,gBAAgB,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QACzH,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,OAAe;IAC5C,MAAM,YAAY,GAAG,OAAO,CAAC,WAAW,EAAE,CAAC;IAE3C,6BAA6B;IAC7B,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,MAAM,CAAC,EAAE,CAAC;QACpE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;IAC3C,CAAC;IAED,kCAAkC;IAClC,MAAM,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC1E,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAEtE,6BAA6B;IAC7B,KAAK,MAAM,OAAO,IAAI,qBAAqB,EAAE,CAAC;QAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,UAAU,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YAE5B,6BAA6B;YAC7B,IAAI,eAAe,CAAC,UAAU,CAAC,EAAE,CAAC;gBAChC,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO;oBACP,SAAS,EAAE,YAAY,IAAI,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC;oBACnF,gBAAgB,EAAE,UAAU;oBAC5B,UAAU,EAAE,IAAI;oBAChB,eAAe,EAAE,8CAA8C,UAAU,EAAE;iBAC5E,CAAC;YACJ,CAAC;YAED,gDAAgD;YAChD,IAAI,YAAY,IAAI,QAAQ,EAAE,CAAC;gBAC7B,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO;oBACP,SAAS,EAAE,QAAQ;oBACnB,gBAAgB,EAAE,UAAU;oBAC5B,UAAU,EAAE,IAAI;oBAChB,eAAe,EAAE,gCAAgC,UAAU,EAAE;iBAC9D,CAAC;YACJ,CAAC;YAED,6BAA6B;YAC7B,IAAI,YAAY,EAAE,CAAC;gBACjB,OAAO;oBACL,OAAO,EAAE,IAAI;oBACb,OAAO;oBACP,SAAS,EAAE,OAAO;oBAClB,gBAAgB,EAAE,UAAU;oBAC5B,UAAU,EAAE,IAAI;oBAChB,eAAe,EAAE,0BAA0B,UAAU,EAAE;iBACxD,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY;IAC1C,KAAK,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,YAAY,EAAE,CAAC;QAC5D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAClC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO,EAAE,IAAI;gBACb,SAAS;gBACT,gBAAgB,EAAE,KAAK,CAAC,CAAC,CAAC;gBAC1B,UAAU,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI;gBAClC,eAAe,EAAE,OAAO,SAAS,kBAAkB,KAAK,CAAC,CAAC,CAAC,EAAE;aAC9D,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAe;IAChD,KAAK,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,WAAW,EAAE,IAAI,2BAA2B,EAAE,CAAC;QAC9E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO;gBACL,OAAO,EAAE,IAAI;gBACb,OAAO;gBACP,SAAS;gBACT,gBAAgB,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,SAAS;gBACvC,UAAU,EAAE,GAAG;gBACf,eAAe,EAAE,WAAW;aAC7B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAe;IAC/C,gCAAgC;IAChC,MAAM,QAAQ,GAAG,cAAc,CAAC,OAAO,CAAC,CAAC;IACzC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;QACrB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,mBAAmB;IACnB,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;IAC3C,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;QACtB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,8BAA8B;IAC9B,MAAM,YAAY,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAC;IACjD,IAAI,YAAY,CAAC,OAAO,EAAE,CAAC;QACzB,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,EAAE,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,OAAO,aAAa;IAChB,QAAQ,CAAW;IAE3B,YAAY,WAAqB,UAAU;QACzC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,OAAyB;QAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,SAAS,CAAC;QAEhC,uBAAuB;QACvB,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO,KAAK,CAAC,OAAO,CAAC;QACvB,CAAC;QAED,2BAA2B;QAC3B,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,CAAC;QAED,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,eAAe;QACf,IAAI,OAAO,KAAK,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC,MAAM,CAAC;QACtB,CAAC;QAED,4CAA4C;QAC5C,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,wBAAwB;QACxB,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC,KAAK,CAAC;QACrB,CAAC;QAED,YAAY;QACZ,IAAI,OAAO,KAAK,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC,GAAG,CAAC;QACnB,CAAC;QAED,kBAAkB;QAClB,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YACxC,OAAO,KAAK,CAAC,SAAS,CAAC;QACzB,CAAC;QAED,2CAA2C;QAC3C,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO,KAAK,CAAC,IAAI,CAAC;QACpB,CAAC;QAED,gBAAgB;QAChB,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;YACtC,OAAO,KAAK,CAAC,OAAO,CAAC;QACvB,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,CAAC,OAAyB;QAC9B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,CAAC,CAAC;QAC7C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;QAE1C,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,aAAa;YACvB,QAAQ,EAAE,IAAI,CAAC,QAAQ;YACvB,UAAU,EAAE,MAAM,CAAC,UAAU;YAC7B,MAAM,EAAE,MAAM,CAAC,eAAe,IAAI,uCAAuC,MAAM,CAAC,SAAS,EAAE;YAC3F,QAAQ,EAAE;gBACR,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI,EAAE,OAAO;gBACb,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,gBAAgB,EAAE,MAAM,CAAC,gBAAgB;aAC1C;SACF,CAAC;IACJ,CAAC;CACF;AAED;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAAC,WAAqB,UAAU;IACjE,OAAO,IAAI,aAAa,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC"}

package/dist/src/detectors/destructive/types.d.ts

@@ -0,0 +1,143 @@
+/**
+ * Destructive Detector Types
+ * Type definitions for detecting dangerous/destructive operations
+ */
+import type { Severity, Action } from '../../config/index.js';
+/**
+ * Detection context passed to detectors
+ */
+export interface DetectionContext {
+    /** Name of the tool being invoked */
+    toolName: string;
+    /** Input parameters to the tool */
+    toolInput: Record<string, unknown>;
+    /** URL being accessed (for browser/navigation tools) */
+    url?: string;
+}
+/**
+ * Type of destructive operation detected
+ */
+export type DestructiveType = 'shell' | 'cloud' | 'git' | 'code';
+/**
+ * Result of a destructive operation detection
+ */
+export interface DestructiveDetectionResult {
+    /** Whether a destructive operation was detected */
+    detected: boolean;
+    /** Category of the detection */
+    category: 'destructive';
+    /** Severity level of the detection */
+    severity: Severity;
+    /** Confidence score from 0 to 1 */
+    confidence: number;
+    /** Human-readable reason for the detection */
+    reason: string;
+    /** Additional metadata about the detection */
+    metadata?: {
+        /** The command that triggered detection */
+        command?: string;
+        /** Type of destructive operation */
+        type: DestructiveType;
+        /** Specific operation detected (e.g., 'rm -rf', 'DROP DATABASE') */
+        operation?: string;
+        /** Resource affected (e.g., path, database name) */
+        affectedResource?: string;
+    };
+}
+/**
+ * Configuration for the destructive detector
+ */
+export interface DestructiveDetectorConfig {
+    /** Whether the detector is enabled */
+    enabled: boolean;
+    /** Severity level to assign to detections */
+    severity: Severity;
+    /** Action to take when destructive operation is detected */
+    action: Action;
+    /** Shell command protection settings */
+    shell?: {
+        enabled: boolean;
+    };
+    /** Cloud operation protection settings */
+    cloud?: {
+        enabled: boolean;
+    };
+    /** Code pattern protection settings */
+    code?: {
+        enabled: boolean;
+    };
+}
+/**
+ * Interface for the main destructive detector
+ */
+export interface DestructiveDetector {
+    /**
+     * Detect destructive operations
+     * @param context Detection context with tool information
+     * @returns Detection result
+     */
+    detect(context: DetectionContext): Promise<DestructiveDetectionResult>;
+}
+/**
+ * Interface for sub-detectors (shell, cloud, code)
+ */
+export interface SubDetector {
+    /**
+     * Check if the given context matches this detector's patterns
+     * @param context Detection context
+     * @returns Detection result or null if no match
+     */
+    detect(context: DetectionContext): DestructiveDetectionResult | null;
+}
+/**
+ * Shell command match result
+ */
+export interface ShellMatchResult {
+    /** Whether a match was found */
+    matched: boolean;
+    /** The command that matched */
+    command?: string;
+    /** The operation type (e.g., 'rm', 'dd', 'DROP DATABASE') */
+    operation?: string;
+    /** The affected resource (path, database, etc.) */
+    affectedResource?: string;
+    /** Confidence score */
+    confidence: number;
+    /** Additional description of the risk */
+    riskDescription?: string;
+}
+/**
+ * Cloud operation match result
+ */
+export interface CloudMatchResult {
+    /** Whether a match was found */
+    matched: boolean;
+    /** The command that matched */
+    command?: string;
+    /** The cloud provider (aws, gcp, azure, k8s, terraform) */
+    provider?: string;
+    /** The operation detected */
+    operation?: string;
+    /** The affected resource */
+    affectedResource?: string;
+    /** Confidence score */
+    confidence: number;
+}
+/**
+ * Code pattern match result
+ */
+export interface CodeMatchResult {
+    /** Whether a match was found */
+    matched: boolean;
+    /** The code/command that matched */
+    code?: string;
+    /** The language detected (python, node, go, etc.) */
+    language?: string;
+    /** The operation detected (e.g., 'rmtree', 'removeAll') */
+    operation?: string;
+    /** The affected path/resource */
+    affectedResource?: string;
+    /** Confidence score */
+    confidence: number;
+}
+//# sourceMappingURL=types.d.ts.map