pi-gitbox 0.1.2 → 0.2.0

package/README.md

@@ -13,13 +13,16 @@ After enabling gitbox, verify that impersonations are working correctly:
 
 ## Features
 
-- **Gitignored file impersonation** — gitignored files and directories are automatically mirrored into a private gitbox directory
+- **Gitignored file impersonation** — gitignored files are automatically mirrored into a private gitbox directory
+- **Directory impersonation** — gitignored directories can also be mirrored (opt-in)
 - **Command & path interception** — bash commands and file operations (read, edit, write, find, grep, ls) are internally redirected to the impersonated paths
 - **Directory access control** — restricts agent access to allowed directories by default; prompts for approval when accessing paths outside the allowed list
 - **Configurable directory bypass** — optionally disable directory restrictions
 - **Status bar indicators** — color-coded status showing whether the gitbox is enabled, available, not required, unavailable or bypassed
 - **Auto cleanup** — optionally delete the gitbox when the session exits
 
+> **Note on directory impersonation:** By default, only gitignored files are impersonated. Enabling `impersonateDirs` also mirrors directories into the gitbox. This is useful when you want the agent to operate on the project without disrupting your current folders — for example, a Node project with `node_modules/` ignored by git can be used from the working directory (when `impersonateDirs: false`), or can be recreated to be available in the gitbox instead (when `impersonateDirs: true`).
+
 ## Status Bar
 
 The status bar displays `📦 Gitbox:` followed by the current status:
@@ -58,6 +61,7 @@ You can customize Gitbox options via the interactive menu (`/gitbox`) for common
     "baseDir": "~/.pi/agent/gitbox",
     "statusBar": true,
     "deleteOnExit": false,
+    "impersonateDirs": false,
     "bypassGitbox": false,
     "bypassPaths": false,
     "allowedPaths": []
@@ -67,24 +71,25 @@ You can customize Gitbox options via the interactive menu (`/gitbox`) for common
 
 ### Configuration Options
 
-| Option         | Type     | Default              | Description                               |
-| -------------- | -------- | -------------------- | ----------------------------------------- |
-| `baseDir`      | string   | `~/.pi/agent/gitbox` | Base directory where gitboxes are created |
-| `statusBar`    | boolean  | `true`               | Show gitbox status in the status bar      |
-| `deleteOnExit` | boolean  | `false`              | Delete the gitbox when the session exits  |
-| `bypassGitbox` | boolean  | `false`              | Skip impersonation of gitignored paths    |
-| `bypassPaths`  | boolean  | `false`              | Bypass path access restrictions entirely  |
-| `allowedPaths` | string[] | `[]`                 | Additional paths to allow access to       |
+| Option            | Type     | Default              | Description                               |
+| ----------------- | -------- | -------------------- | ----------------------------------------- |
+| `baseDir`         | string   | `~/.pi/agent/gitbox` | Base directory where gitboxes are created |
+| `statusBar`       | boolean  | `true`               | Show gitbox status in the status bar      |
+| `deleteOnExit`    | boolean  | `false`              | Delete the gitbox when the session exits  |
+| `impersonateDirs` | boolean  | `false`              | Also impersonate gitignored directories   |
+| `bypassGitbox`    | boolean  | `false`              | Skip impersonation of gitignored paths    |
+| `bypassPaths`     | boolean  | `false`              | Bypass path access restrictions entirely  |
+| `allowedPaths`    | string[] | `[]`                 | Additional paths to allow access to       |
 
-> **Note:** The interactive menu (`/gitbox`) exposes `statusBar`, `deleteOnExit`, `bypassGitbox`, and `bypassPaths`. The remaining options (`baseDir`, `allowedPaths`) must be configured directly in `settings.json`.
+> **Note:** The interactive menu (`/gitbox`) only exposes boolean keys. The remaining options (`baseDir`, `allowedPaths`) must be configured directly in `settings.json`.
 
 ### Directory Access
 
 By default, the extension allows access to:
 
 - The current working directory (`process.cwd()`)
-- The Pi agent directory (`~/.pi/agent`)
-- The extension package directory
+- The Pi agent directory (`~/.pi/agent/`)
+- The Pi package directory (`<...>/@earendil-works/pi-coding-agent`)
 - `/dev/null`
 
 If the agent attempts to access a path outside these allowed directories, a confirmation dialog appears:
@@ -115,12 +120,12 @@ Set `bypassPaths: true` to skip this check entirely.
 
 1. **Session Start** — On `session_start`, the extension checks whether the current directory is a git repository with `git` available
 2. **Gitignored Path Detection** — Uses git-specific commands to discover all gitignored files and directories
-3. **Gitbox Creation** — If the directory is a git repository, creates a private directory at `~/.pi/agent/gitbox/<project-name>` and mirrors gitignored paths into it: files get placeholder content (`{}` for `.json` and ` ` (empty space) for others)
+3. **Gitbox Creation** — If the directory is a git repository, creates a private directory at `~/.pi/agent/gitbox/<project-name>` and mirrors gitignored files into it (files get placeholder content (`{}` for `.json` and ` ` (empty space) for others)). With `impersonateDirs: true`, gitignored directories are also mirrored.
 4. **Path Mapping** — Builds a mapper from original absolute paths to their impersonated counterparts
 5. **Event Interception** — On every `tool_call` event:
    - **Bash commands** — Extracts paths from the command using `shell-quote`, checks directory restrictions, then rewrites paths to their impersonated versions
    - **Path-based tools** (read, edit, write, find, grep, ls) — Checks directory restrictions, then resolves the path to its impersonated equivalent
-   - **Dynamic fallback** — If a path wasn't detected during initialization, the extension performs a real-time `git check-ignore` lookup and creates the impersonation on the fly
+   - **Dynamic fallback** — For paths within gitignored directories that weren't explicitly detected during initialization (e.g., nested files inside an ignored directory), the extension performs a real-time `git check-ignore` lookup and creates the impersonation on the fly. Files are explicitly detected during initialization, so this fallback is primarily useful for directories
 6. **Status Bar** — Updates the status bar with the current gitbox state (enabled, available, not required, or unavailable)
 7. **Session Shutdown** — Optionally removes the gitbox directory if `deleteOnExit` is enabled
 

package/index.ts

@@ -9,7 +9,7 @@ import { BASE_ALLOWED_PATHS } from "./src/defaults";
 import { Detector } from "./src/detector";
 import { Gitbox } from "./src/gitbox";
 import { Impersonator } from "./src/impersonator";
-import { askUserOrBlock } from "./src/prompts";
+import { askUserOrBlock, checkPathsAccess } from "./src/prompts";
 import { settings } from "./src/settings";
 
 export default async (pi: ExtensionAPI) => {
@@ -37,7 +37,6 @@ export default async (pi: ExtensionAPI) => {
 
   pi.on("tool_call", async (event: ToolCallEvent, ctx: ExtensionContext) => {
     const { config } = await settings.getConfig();
-
     const resolvedDirs = [...BASE_ALLOWED_PATHS, ...config.allowedPaths];
 
     if (gitbox.isBashEvent(event)) {
@@ -46,13 +45,8 @@ export default async (pi: ExtensionAPI) => {
       // First, scan if we can even access the paths
       if (!config.bypassPaths) {
         const paths = await impersonator.extractFromCommand(command);
-
-        for (const path of paths) {
-          if (Detector.isPathAllowed(resolvedDirs, path, ctx)) continue;
-
-          const response = await askUserOrBlock(ctx, path);
-          if (response.block) return response;
-        }
+        const blocked = await checkPathsAccess(paths, resolvedDirs, ctx);
+        if (blocked) return blocked;
       }
 
       // Then, impersonate the command
@@ -62,11 +56,12 @@ export default async (pi: ExtensionAPI) => {
       const { path } = event.input as { path: string };
 
       // First, scan if we can even access the paths
-      if (!config.bypassPaths) {
-        if (!Detector.isPathAllowed(resolvedDirs, path, ctx)) {
-          const response = await askUserOrBlock(ctx, path);
-          if (response.block) return response;
-        }
+      if (
+        !config.bypassPaths &&
+        !Detector.isPathAllowed(resolvedDirs, path, ctx)
+      ) {
+        const response = await askUserOrBlock(ctx, path);
+        if (response.block) return response;
       }
 
       // Then, impersonate the path

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pi-gitbox",
-  "version": "0.1.2",
+  "version": "0.2.0",
   "description": "Pi extension that impersonates gitignored paths to reduce secrets exposure.",
   "keywords": [
     "pi",
@@ -22,6 +22,9 @@
       "./index.ts"
     ]
   },
+  "scripts": {
+    "test": "vitest run"
+  },
   "prettier": {
     "plugins": [
       "prettier-plugin-organize-imports"
@@ -32,11 +35,12 @@
     "@earendil-works/pi-tui": "*"
   },
   "devDependencies": {
-    "@types/node": "^26.0.0",
+    "@types/node": "^26.0.1",
     "@types/shell-quote": "^1.7.5",
-    "prettier-plugin-organize-imports": "^4.3.0"
+    "prettier-plugin-organize-imports": "^4.3.0",
+    "vitest": "^4.1.9"
   },
   "dependencies": {
-    "shell-quote": "^1.8.4"
+    "shell-quote": "^1.9.0"
   }
 }

package/src/commands.ts

@@ -15,6 +15,7 @@ import { settings } from "./settings";
 enum Options {
   STATUS_BAR = "statusBar",
   DELETE_ON_EXIT = "deleteOnExit",
+  IMPERSONATE_DIRS = "impersonateDirs",
   BYPASS_GITBOX = "bypassGitbox",
   BYPASS_PATHS = "bypassPaths",
 }
@@ -72,10 +73,14 @@ export class CommandManager {
    * @param ctx The extension context
    */
   private async runGitboxPaths(ctx: ExtensionCommandContext): Promise<void> {
-    const mapper = this.gitbox.getMapper(ctx);
+    const fileMapper = this.gitbox.getFileMapper(ctx);
+    const dirMapper = this.gitbox.getDirMapper(ctx);
 
-    const lines = Object.entries(mapper)
-      .map(([source, target]) => `  ${source} -> ${target}`)
+    const lines = Object.entries({ ...fileMapper, ...dirMapper })
+      .map(([source, target]) => {
+        const icon = source in dirMapper ? "📁" : "📄";
+        return `  ${icon} ${source} -> ${target}`;
+      })
       .join("\n");
 
     const content = lines
@@ -148,6 +153,13 @@ export class CommandManager {
         currentValue: config.deleteOnExit ? "on" : "off",
         values: ["on", "off"],
       },
+      {
+        id: Options.IMPERSONATE_DIRS,
+        label: "Impersonate directories",
+        description: "Also impersonate gitignored directories",
+        currentValue: config.impersonateDirs ? "on" : "off",
+        values: ["on", "off"],
+      },
       {
         id: Options.BYPASS_GITBOX,
         label: "Bypass impersonation",

package/src/config-types.ts

@@ -6,7 +6,10 @@ export interface GitboxConfig {
   baseDir: string;
   statusBar: boolean;
   deleteOnExit: boolean;
+  // Impersonation
+  impersonateDirs: boolean;
   bypassGitbox: boolean;
+  // Permissions
   bypassPaths: boolean;
   allowedPaths: string[];
 }

package/src/defaults.ts

@@ -21,6 +21,16 @@ export const GITBOX_STATUSBAR = true;
  */
 export const DELETE_ON_EXIT = false;
 
+/**
+ * Whether to also impersonate gitignored directories
+ */
+export const IMPERSONATE_DIRS = false;
+
+/**
+ * Whether to bypass impersonation entirely
+ */
+export const BYPASS_GITBOX = false;
+
 /**
  * Default paths that are always allowed.
  */
@@ -48,8 +58,3 @@ export const ALLOWED_PATHS: string[] = [];
  * Whether to bypass path restrictions
  */
 export const BYPASS_PATHS = false;
-
-/**
- * Whether to bypass impersonation entirely
- */
-export const BYPASS_GITBOX = false;

package/src/detector.ts

@@ -1,7 +1,7 @@
 import { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { execSync } from "child_process";
+import { statSync } from "fs";
 import { access } from "fs/promises";
-import { sep } from "node:path";
 import { normalizePath, PATH_SEP, resolvePaths } from "./compat";
 
 export const Detector = new (class {
@@ -154,6 +154,11 @@ export const Detector = new (class {
    * @returns True if the path is a directory
    */
   isDirectory(path: string): boolean {
-    return path.endsWith(PATH_SEP) || path.endsWith(sep);
+    try {
+      const absPath = resolvePaths(path);
+      return statSync(absPath).isDirectory();
+    } catch {
+      return false;
+    }
   }
 })();

package/src/gitbox.ts

@@ -87,6 +87,28 @@ export class Gitbox {
     return this.impersonator.getMapper(ctx.cwd);
   }
 
+  /**
+   * Returns the file mapper from the impersonator.
+   * Delegates to impersonator instance
+   *
+   * @param ctx The extension context
+   * @returns The source -> target path mapping for files
+   */
+  getFileMapper(ctx: ExtensionContext): Record<string, string> {
+    return this.impersonator.getFileMapper(ctx.cwd);
+  }
+
+  /**
+   * Returns the directory mapper from the impersonator.
+   * Delegates to impersonator instance
+   *
+   * @param ctx The extension context
+   * @returns The source -> target path mapping for directories
+   */
+  getDirMapper(ctx: ExtensionContext): Record<string, string> {
+    return this.impersonator.getDirMapper(ctx.cwd);
+  }
+
   /**
    * Validates the configuration settings
    *

package/src/impersonator.ts

@@ -1,13 +1,23 @@
 import { ExtensionContext } from "@earendil-works/pi-coding-agent";
 import { mkdir, writeFile } from "node:fs/promises";
 import { basename, dirname, relative } from "node:path";
+import type { GlobPattern } from "shell-quote";
 import { parse } from "shell-quote";
 import { joinPaths, resolvePaths } from "./compat";
 import { Detector } from "./detector";
 import { settings } from "./settings";
 
 export class Impersonator {
-  private mapper: Record<string, string> = {};
+  private fileMapper: Record<string, string> = {};
+  private dirMapper: Record<string, string> = {};
+
+  /**
+   * Returns a combined mapper of both file and directory impersonations
+   * @returns Combined source -> target path mapping
+   */
+  get pathMapper(): Record<string, string> {
+    return { ...this.fileMapper, ...this.dirMapper };
+  }
 
   /**
    * Fills the mapper with paths that are gitignored
@@ -15,11 +25,15 @@ export class Impersonator {
    * @param ctx The extension context
    */
   async initialize(ctx: ExtensionContext): Promise<void> {
-    this.mapper = {};
+    this.fileMapper = {};
+    this.dirMapper = {};
     const { config } = await settings.getConfig();
 
-    await this.initializeDirectories(config.baseDir, ctx);
     await this.initializeFiles(config.baseDir, ctx);
+
+    if (config.impersonateDirs) {
+      await this.initializeDirectories(config.baseDir, ctx);
+    }
   }
 
   /**
@@ -37,7 +51,7 @@ export class Impersonator {
       const absPath = resolvePaths(ctx.cwd, path);
 
       if (impersonation) {
-        this.mapper[absPath] = impersonation;
+        this.dirMapper[absPath] = impersonation;
       }
     }
   }
@@ -57,7 +71,7 @@ export class Impersonator {
       const absPath = resolvePaths(ctx.cwd, path);
 
       if (impersonation) {
-        this.mapper[absPath] = impersonation;
+        this.fileMapper[absPath] = impersonation;
       }
     }
   }
@@ -140,7 +154,39 @@ export class Impersonator {
   getMapper(baseDir: string): Record<string, string> {
     const result: Record<string, string> = {};
 
-    for (const [absSource, target] of Object.entries(this.mapper)) {
+    for (const [absSource, target] of Object.entries(this.pathMapper)) {
+      result[relative(baseDir, absSource)] = target;
+    }
+
+    return result;
+  }
+
+  /**
+   * Returns the file mapper, with sources relative to the given base directory.
+   *
+   * @param baseDir The base directory to resolve relative paths against
+   * @returns The source -> target path mapping for files
+   */
+  getFileMapper(baseDir: string): Record<string, string> {
+    const result: Record<string, string> = {};
+
+    for (const [absSource, target] of Object.entries(this.fileMapper)) {
+      result[relative(baseDir, absSource)] = target;
+    }
+
+    return result;
+  }
+
+  /**
+   * Returns the directory mapper, with sources relative to the given base directory.
+   *
+   * @param baseDir The base directory to resolve relative paths against
+   * @returns The source -> target path mapping for directories
+   */
+  getDirMapper(baseDir: string): Record<string, string> {
+    const result: Record<string, string> = {};
+
+    for (const [absSource, target] of Object.entries(this.dirMapper)) {
       result[relative(baseDir, absSource)] = target;
     }
 
@@ -174,31 +220,41 @@ export class Impersonator {
    * @returns The impersonated path, if available
    */
   async resolvePath(path: string, ctx: ExtensionContext): Promise<string> {
-    // Path could be a file/dir
     const absPath = resolvePaths(ctx.cwd, path);
-    if (this.mapper[absPath]) return this.mapper[absPath];
 
-    // Dynamic checking => Not yet in the mapper
+    // Check file mapper first
+    if (this.fileMapper[absPath]) return this.fileMapper[absPath];
+
+    // Check directory mapper only if impersonateDirs is enabled
+    const { config } = await settings.getConfig();
+    if (!config.impersonateDirs) return path;
+
+    // Check existence in dirMapper
+    if (this.dirMapper[absPath]) return this.dirMapper[absPath];
+
+    // Not yet in the mapper => Dynamic checking
     // We'll need to create the path on-the-fly
     if (Detector.dynamicCheck(absPath)) {
-      const { config } = await settings.getConfig();
-
       const relPath = relative(ctx.cwd, path);
       const projectDir = joinPaths(config.baseDir, basename(ctx.cwd));
 
-      if (await Detector.isDirectory(relPath)) {
+      if (Detector.isDirectory(absPath)) {
         // E.g.: `.vscode/myfolder/` when only `.vscode/` is gitignored)
-        this.mapper[absPath] = await this.createDirectory(
+        this.dirMapper[absPath] = await this.createDirectory(
           relPath,
           projectDir,
           ctx,
         );
+        return this.dirMapper[absPath];
       } else {
         // E.g.: `.vscode/launch.json` when only `.vscode/` is gitignored)
-        this.mapper[absPath] = await this.createFile(relPath, projectDir, ctx);
+        this.fileMapper[absPath] = await this.createFile(
+          relPath,
+          projectDir,
+          ctx,
+        );
+        return this.fileMapper[absPath];
       }
-
-      return this.mapper[absPath];
     }
 
     // Couldn't find anything to impersonate, return the original path
@@ -220,7 +276,37 @@ export class Impersonator {
       .filter((token) => typeof token === "string")
       .filter(this.isPathLike);
 
-    return paths;
+    // Collect paths from glob tokens
+    // e.g.: `file dist/*` → extracts 'dist' from the glob token
+    const globPaths = tokens
+      .filter(
+        (token): token is GlobPattern =>
+          typeof token === "object" &&
+          token !== null &&
+          "op" in token &&
+          token.op === "glob",
+      )
+      .map((token) => this.stripGlobPattern(token.pattern))
+      .filter(this.isPathLike);
+
+    return [...paths, ...globPaths];
+  }
+
+  /**
+   * Strips a simple glob pattern (`*`) from a path, returning the base path.
+   *
+   * e.g.: `dist/*` → `dist`, `*` → ``, `src/file.ts` → `src/file.ts`
+   *
+   * @param value The glob pattern value from shell-quote
+   * @returns The path with the glob suffix removed, or the original if no glob
+   */
+  private stripGlobPattern(value: string): string {
+    const starIndex = value.indexOf("*");
+    if (starIndex === -1) return value;
+
+    // Strip from the last `/` before the `*` to the end
+    const lastSlash = value.lastIndexOf("/", starIndex);
+    return lastSlash === -1 ? "" : value.substring(0, lastSlash);
   }
 
   /**
@@ -239,9 +325,6 @@ export class Impersonator {
     // Command flags and options
     if (candidate.startsWith("-")) return false;
 
-    // Pure numbers (e.g., 42, 3.14, -0)
-    if (/^-?\d+(\.\d+)?$/.test(candidate)) return false;
-
     // URLs (e.g., https://example.com, ftp://...)
     if (/^[a-z]+:\/\//i.test(candidate)) return false;
 

package/src/prompts.ts

@@ -1,4 +1,5 @@
 import { ExtensionContext } from "@earendil-works/pi-coding-agent";
+import { Detector } from "./detector";
 import { settings } from "./settings";
 
 /**
@@ -19,10 +20,10 @@ enum Options {
  * @param path The path to check
  * @returns An object with `block: true` and a `reason` if blocked, or `{ block: false }` if allowed
  */
-export async function askUserOrBlock(
+export const askUserOrBlock = async (
   ctx: ExtensionContext,
   path: string,
-): Promise<{ block: boolean; reason?: string }> {
+): Promise<{ block: boolean; reason?: string }> => {
   const reason = `Path "${path}" is outside allowed directories and was denied.`;
 
   // Check if UI is available
@@ -45,4 +46,26 @@ export async function askUserOrBlock(
   }
 
   return { block: false };
-}
+};
+
+/**
+ * Checks if all paths are allowed, prompting the user if needed.
+ *
+ * @param paths Paths to check
+ * @param resolvedDirs Allowed directories
+ * @param ctx The extension context
+ * @returns The blocked response if any path was denied, or null
+ */
+export const checkPathsAccess = async (
+  paths: string[],
+  resolvedDirs: string[],
+  ctx: ExtensionContext,
+): Promise<{ block: boolean; reason?: string } | null> => {
+  for (const path of paths) {
+    if (Detector.isPathAllowed(resolvedDirs, path, ctx)) continue;
+
+    const response = await askUserOrBlock(ctx, path);
+    if (response.block) return response;
+  }
+  return null;
+};

package/src/settings.ts

@@ -9,6 +9,7 @@ import {
   DELETE_ON_EXIT,
   GITBOX_BASEDIR,
   GITBOX_STATUSBAR,
+  IMPERSONATE_DIRS,
   STATUS_KEY,
 } from "./defaults";
 
@@ -40,6 +41,7 @@ class Settings {
       baseDir: GITBOX_BASEDIR,
       statusBar: GITBOX_STATUSBAR,
       deleteOnExit: DELETE_ON_EXIT,
+      impersonateDirs: IMPERSONATE_DIRS,
       bypassGitbox: BYPASS_GITBOX,
       bypassPaths: BYPASS_PATHS,
       allowedPaths: ALLOWED_PATHS,

package/tests/impersonator.test.ts

@@ -0,0 +1,92 @@
+import { beforeEach, describe, expect, it } from "vitest";
+import { Impersonator } from "../src/impersonator";
+
+describe("Impersonator", () => {
+  let imp: Impersonator;
+
+  beforeEach(() => {
+    imp = new Impersonator();
+  });
+
+  describe("extractFromCommand", () => {
+    it("extracts paths from a simple command", async () => {
+      const result = await imp.extractFromCommand("cat file.txt");
+      expect(result).toEqual(["cat", "file.txt"]);
+    });
+
+    it("extracts paths from glob patterns", async () => {
+      const result = await imp.extractFromCommand("file dist/*");
+      expect(result).toContain("file");
+      expect(result).toContain("dist");
+    });
+
+    it("handles bare glob by excluding it", async () => {
+      const result = await imp.extractFromCommand("ls *");
+      expect(result).toEqual(["ls"]);
+    });
+
+    it("extracts paths from multiple globs", async () => {
+      const result = await imp.extractFromCommand("src/*.ts test/*.test.ts");
+      expect(result).toContain("src");
+      expect(result).toContain("test");
+    });
+
+    it("does not extract shell operators", async () => {
+      const result = await imp.extractFromCommand("cat a.txt && cat b.txt");
+      expect(result).toContain("cat");
+      expect(result).toContain("a.txt");
+      expect(result).toContain("b.txt");
+      expect(result).not.toContain("&&");
+    });
+
+    it("does not extract command flags", async () => {
+      const result = await imp.extractFromCommand("ls -la -R");
+      expect(result).toEqual(["ls"]);
+    });
+
+    it("does not extract URLs", async () => {
+      const result = await imp.extractFromCommand(
+        "curl https://example.com/file.txt",
+      );
+      expect(result).toContain("curl");
+      expect(result).not.toContain("https://example.com/file.txt");
+    });
+
+    it("does not extract environment variable assignments", async () => {
+      const result = await imp.extractFromCommand(
+        "NODE_ENV=production node app.js",
+      );
+      expect(result).toContain("node");
+      expect(result).toContain("app.js");
+      expect(result).not.toContain("NODE_ENV=production");
+    });
+
+    it("handles mixed paths and globs", async () => {
+      const result = await imp.extractFromCommand(
+        "cp src/main.ts dist/main.ts",
+      );
+      expect(result).toContain("cp");
+      expect(result).toContain("src/main.ts");
+      expect(result).toContain("dist/main.ts");
+    });
+
+    it("handles nested glob paths", async () => {
+      const result = await imp.extractFromCommand("build src/**/*");
+      expect(result).toContain("build");
+      expect(result).toContain("src");
+    });
+
+    it("handles empty command", async () => {
+      const result = await imp.extractFromCommand("");
+      expect(result).toEqual([]);
+    });
+
+    it("rejects shell reserved words", async () => {
+      const result = await imp.extractFromCommand("if true then else fi");
+      expect(result).not.toContain("true");
+      expect(result).not.toContain("then");
+      expect(result).not.toContain("else");
+      expect(result).not.toContain("fi");
+    });
+  });
+});