npm - sentinelayer-cli - Versions diffs - 0.1.2 → 0.3.0 - Mend

sentinelayer-cli 0.1.2 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (127) hide show

package/README.md +996 -996
package/bin/create-sentinelayer.js +5 -5
package/bin/sentinelayer-cli.js +4 -4
package/bin/sl.js +5 -5
package/package.json +62 -54
package/src/agents/jules/config/definition.js +209 -209
package/src/agents/jules/config/system-prompt.js +175 -175
package/src/agents/jules/error-intake.js +51 -51
package/src/agents/jules/fix-cycle.js +377 -377
package/src/agents/jules/loop.js +367 -367
package/src/agents/jules/pulse.js +319 -319
package/src/agents/jules/stream.js +186 -186
package/src/agents/jules/swarm/file-scanner.js +74 -74
package/src/agents/jules/swarm/index.js +11 -11
package/src/agents/jules/swarm/orchestrator.js +362 -362
package/src/agents/jules/swarm/pattern-hunter.js +123 -123
package/src/agents/jules/swarm/sub-agent.js +308 -308
package/src/agents/jules/tools/auth-audit.js +226 -222
package/src/agents/jules/tools/dispatch.js +327 -327
package/src/agents/jules/tools/file-edit.js +180 -180
package/src/agents/jules/tools/file-read.js +100 -100
package/src/agents/jules/tools/frontend-analyze.js +570 -570
package/src/agents/jules/tools/glob.js +168 -168
package/src/agents/jules/tools/grep.js +228 -228
package/src/agents/jules/tools/index.js +29 -29
package/src/agents/jules/tools/path-guards.js +161 -161
package/src/agents/jules/tools/runtime-audit.js +493 -493
package/src/agents/jules/tools/shell.js +383 -383
package/src/ai/aidenid.js +972 -945
package/src/ai/client.js +508 -508
package/src/ai/domain-target-store.js +268 -268
package/src/ai/identity-store.js +270 -270
package/src/ai/site-store.js +145 -145
package/src/audit/agents/architecture.js +180 -180
package/src/audit/agents/compliance.js +179 -179
package/src/audit/agents/documentation.js +165 -165
package/src/audit/agents/performance.js +145 -145
package/src/audit/agents/security.js +215 -215
package/src/audit/agents/testing.js +172 -172
package/src/audit/orchestrator.js +557 -557
package/src/audit/package.js +204 -204
package/src/audit/registry.js +284 -284
package/src/audit/replay.js +103 -103
package/src/auth/http.js +113 -113
package/src/auth/service.js +891 -848
package/src/auth/session-store.js +359 -345
package/src/cli.js +252 -252
package/src/commands/ai/identity-lifecycle.js +1338 -1337
package/src/commands/ai/provision-governance.js +1272 -1246
package/src/commands/ai/shared.js +147 -147
package/src/commands/ai.js +11 -11
package/src/commands/apply.js +12 -12
package/src/commands/audit.js +1166 -1166
package/src/commands/auth.js +375 -366
package/src/commands/chat.js +191 -191
package/src/commands/config.js +184 -184
package/src/commands/cost.js +311 -311
package/src/commands/daemon/core.js +850 -850
package/src/commands/daemon/extended.js +1048 -1048
package/src/commands/daemon/shared.js +213 -213
package/src/commands/daemon.js +11 -11
package/src/commands/guide.js +174 -174
package/src/commands/ingest.js +58 -58
package/src/commands/init.js +55 -55
package/src/commands/legacy-args.js +10 -10
package/src/commands/mcp.js +461 -404
package/src/commands/omargate.js +15 -15
package/src/commands/persona.js +20 -20
package/src/commands/plugin.js +260 -260
package/src/commands/policy.js +132 -132
package/src/commands/prompt.js +238 -238
package/src/commands/review.js +704 -704
package/src/commands/scan.js +866 -788
package/src/commands/spec.js +716 -716
package/src/commands/swarm.js +651 -651
package/src/commands/telemetry.js +202 -202
package/src/commands/watch.js +510 -510
package/src/config/agent-dictionary.js +182 -182
package/src/config/io.js +56 -56
package/src/config/paths.js +18 -18
package/src/config/schema.js +55 -55
package/src/config/service.js +184 -184
package/src/cost/budget.js +235 -235
package/src/cost/history.js +188 -188
package/src/cost/tracker.js +171 -171
package/src/daemon/artifact-lineage.js +534 -534
package/src/daemon/assignment-ledger.js +770 -770
package/src/daemon/ast-parser-layer.js +258 -258
package/src/daemon/budget-governor.js +633 -633
package/src/daemon/callgraph-overlay.js +646 -646
package/src/daemon/error-worker.js +626 -626
package/src/daemon/hybrid-mapper.js +929 -929
package/src/daemon/jira-lifecycle.js +632 -632
package/src/daemon/operator-control.js +657 -657
package/src/daemon/reliability-lane.js +471 -471
package/src/daemon/watchdog.js +971 -971
package/src/guide/generator.js +316 -316
package/src/ingest/engine.js +918 -918
package/src/legacy-cli.js +2548 -2435
package/src/mcp/registry.js +695 -695
package/src/memory/blackboard.js +301 -301
package/src/memory/retrieval.js +581 -581
package/src/plugin/manifest.js +553 -553
package/src/policy/packs.js +144 -144
package/src/prompt/generator.js +118 -106
package/src/review/ai-review.js +669 -669
package/src/review/local-review.js +1284 -1284
package/src/review/replay.js +235 -235
package/src/review/report.js +664 -664
package/src/review/spec-binding.js +487 -487
package/src/scaffold/generator.js +67 -0
package/src/scaffold/templates.js +150 -0
package/src/scan/generator.js +418 -351
package/src/scan/gh-secrets.js +107 -0
package/src/spec/generator.js +519 -519
package/src/spec/regenerate.js +237 -237
package/src/spec/templates.js +91 -91
package/src/swarm/dashboard.js +247 -247
package/src/swarm/factory.js +363 -363
package/src/swarm/pentest.js +934 -934
package/src/swarm/registry.js +419 -419
package/src/swarm/report.js +158 -158
package/src/swarm/runtime.js +576 -576
package/src/swarm/scenario-dsl.js +272 -272
package/src/telemetry/ledger.js +302 -302
package/src/telemetry/sync.js +96 -59
package/src/ui/markdown.js +220 -220

package/src/agents/jules/tools/shell.js CHANGED Viewed

@@ -1,383 +1,383 @@
-import { execSync } from "node:child_process";
-import path from "node:path";
-const DEFAULT_TIMEOUT_MS = 120_000;
-const MAX_OUTPUT_CHARS = 30_000;
-const DEFAULT_ALLOWED_FETCH_HOSTS = [
-  "github.com",
-  "api.github.com",
-  "raw.githubusercontent.com",
-  "*.githubusercontent.com",
-  "registry.npmjs.org",
-  "registry.yarnpkg.com",
-  "pypi.org",
-  "files.pythonhosted.org",
-  "rubygems.org",
-  "crates.io",
-  "static.crates.io",
-];
-/**
- * Patterns that are BLOCKED unconditionally.
- * Sourced from review/local-review.js security rules + src bash security patterns.
- */
-const BLOCKED_PATTERNS = [
-  { pattern: /rm\s+(-[rR]f?|--recursive)\s+\/($|\s)/, desc: "rm -rf /" },
-  { pattern: /:\(\)\s*\{[^}]*\}\s*;?\s*:/, desc: "fork bomb" },
-  { pattern: /\beval\s*\(/, desc: "eval injection" },
-  { pattern: /curl[^|]*\|\s*(ba)?sh/, desc: "pipe to shell" },
-  { pattern: /wget[^|]*\|\s*(ba)?sh/, desc: "wget pipe to shell" },
-  { pattern: />\s*\/dev\/sd[a-z]/, desc: "write to raw device" },
-  { pattern: /mkfs\./, desc: "filesystem format" },
-  { pattern: /dd\s+.*of=\/dev\//, desc: "dd to device" },
-  { pattern: /chmod\s+777\s+\//, desc: "chmod 777 root" },
-  { pattern: />\s*\/etc\//, desc: "write to /etc" },
-  { pattern: /rm\s+-rf?\s+~/, desc: "rm home directory" },
-  { pattern: /git\s+push\s+.*--force\s+.*main/, desc: "force push to main" },
-  { pattern: /git\s+reset\s+--hard/, desc: "git reset hard" },
-  { pattern: /DROP\s+TABLE|DROP\s+DATABASE/i, desc: "SQL drop" },
-  { pattern: /TRUNCATE\s+TABLE/i, desc: "SQL truncate" },
-];
-/**
- * Patterns that trigger a WARNING but are allowed.
- */
-const WARN_PATTERNS = [
-  { pattern: /npm\s+install|yarn\s+add|pnpm\s+add/, desc: "package install" },
-  { pattern: /git\s+push/, desc: "git push" },
-  { pattern: /curl\s|wget\s|fetch\(/, desc: "network request" },
-  { pattern: /rm\s+-/, desc: "file deletion" },
-  { pattern: /sudo\s/, desc: "elevated privileges" },
-];
-/**
- * Environment variables to strip from child process env.
- * Prevents credential leakage to spawned commands.
- */
-const EXACT_ENV_KEYS_TO_STRIP = new Set([
-  "ANTHROPIC_API_KEY",
-  "OPENAI_API_KEY",
-  "GOOGLE_API_KEY",
-  "GEMINI_API_KEY",
-  "SENTINELAYER_TOKEN",
-  "AIDENID_API_KEY",
-  "AIDENID_TOKEN",
-  "AWS_ACCESS_KEY_ID",
-  "AWS_SECRET_ACCESS_KEY",
-  "AWS_SESSION_TOKEN",
-  "AWS_WEB_IDENTITY_TOKEN_FILE",
-  "AZURE_CLIENT_SECRET",
-  "GOOGLE_APPLICATION_CREDENTIALS",
-  "GITHUB_TOKEN",
-  "GH_TOKEN",
-  "GITLAB_TOKEN",
-  "BITBUCKET_TOKEN",
-  "NPM_TOKEN",
-  "NODE_AUTH_TOKEN",
-  "PYPI_API_TOKEN",
-  "RUBYGEMS_API_KEY",
-  "CARGO_REGISTRY_TOKEN",
-  "ACTIONS_ID_TOKEN_REQUEST_TOKEN",
-  "ACTIONS_RUNTIME_TOKEN",
-  "CI_JOB_TOKEN",
-  "CI_JOB_JWT",
-  "STRIPE_SECRET_KEY",
-  "SLACK_BOT_TOKEN",
-  "TELEGRAM_BOT_TOKEN",
-  "DISCORD_BOT_TOKEN",
-  "TWILIO_AUTH_TOKEN",
-  "SENDGRID_API_KEY",
-  "RESEND_API_KEY",
-  "DATABASE_URL",
-  "REDIS_URL",
-  "MONGODB_URI",
-  "SSH_SIGNING_KEY",
-  "SSH_PRIVATE_KEY",
-  "KUBECONFIG",
-  "KUBE_CONFIG_DATA",
-]);
-const ENV_KEY_PREFIX_PATTERNS = [
-  /^AIDENID_/i,
-  /^SENTINELAYER_/i,
-  /^OPENAI_/i,
-  /^ANTHROPIC_/i,
-  /^GOOGLE_/i,
-  /^GITHUB_/i,
-  /^GH_/i,
-  /^AWS_/i,
-  /^AZURE_/i,
-  /^SLACK_/i,
-  /^STRIPE_/i,
-  /^TELEGRAM_/i,
-  /^DISCORD_/i,
-  /^TWILIO_/i,
-  /^SENDGRID_/i,
-  /^RESEND_/i,
-];
-const ENV_KEY_SUFFIX_PATTERNS = [
-  /_TOKEN$/i,
-  /_API_KEY$/i,
-  /_SECRET$/i,
-  /_SECRET_KEY$/i,
-  /_PASSWORD$/i,
-  /_PRIVATE_KEY$/i,
-  /_ACCESS_KEY$/i,
-  /_AUTH_TOKEN$/i,
-  /_SESSION_TOKEN$/i,
-];
-/**
- * Execute a shell command with security analysis, timeout, and env scrubbing.
- *
- * @param {object} input
- * @param {string} input.command - The shell command to execute.
- * @param {string} [input.cwd] - Working directory (default: process.cwd()).
- * @param {number} [input.timeout] - Timeout in ms (default: 120000).
- * @returns {{ stdout, stderr, exitCode, durationMs, command, security }}
- */
-export function shell(input) {
-  if (!input.command || typeof input.command !== "string") {
-    throw new ShellError("command is required and must be a non-empty string.");
-  }
-  const command = input.command.trim();
-  const cwd = input.cwd ? path.resolve(input.cwd) : process.cwd();
-  const timeout = input.timeout ?? DEFAULT_TIMEOUT_MS;
-  // Security analysis
-  const security = analyzeCommand(command);
-  if (security.risk === "blocked") {
-    throw new ShellBlockedError(
-      `Command blocked: ${security.patterns[0].desc}`,
-      security,
-    );
-  }
-  // Build scrubbed environment
-  const env = buildScrubbedEnv();
-  const startMs = Date.now();
-  let stdout = "";
-  let stderr = "";
-  let exitCode = 0;
-  try {
-    stdout = execSync(command, {
-      cwd,
-      encoding: "utf-8",
-      timeout,
-      env,
-      maxBuffer: 10 * 1024 * 1024,
-      stdio: ["pipe", "pipe", "pipe"],
-    });
-  } catch (err) {
-    exitCode = err.status ?? 1;
-    stdout = err.stdout ?? "";
-    stderr = err.stderr ?? "";
-    if (err.killed) {
-      stderr += `\n[Process killed: timeout after ${timeout}ms]`;
-    }
-  }
-  const durationMs = Date.now() - startMs;
-  // Truncate large outputs
-  if (stdout.length > MAX_OUTPUT_CHARS) {
-    stdout = stdout.slice(0, MAX_OUTPUT_CHARS) + "\n[... truncated]";
-  }
-  if (stderr.length > MAX_OUTPUT_CHARS) {
-    stderr = stderr.slice(0, MAX_OUTPUT_CHARS) + "\n[... truncated]";
-  }
-  return { stdout, stderr, exitCode, durationMs, command, security };
-}
-/**
- * Analyze a command for security risks.
- * @param {object} [options]
- * @param {Record<string, string|undefined>} [options.env]
- * @returns {{ risk: "safe"|"warn"|"blocked", patterns: Array<{desc}>, networkPolicy?: object }}
- */
-export function analyzeCommand(command, options = {}) {
-  const networkPolicy = evaluateNetworkPolicy(command, options.env);
-  if (networkPolicy.blocking) {
-    return {
-      risk: "blocked",
-      patterns: [{ desc: networkPolicy.reason }],
-      networkPolicy,
-    };
-  }
-  for (const rule of BLOCKED_PATTERNS) {
-    if (rule.pattern.test(command)) {
-      return { risk: "blocked", patterns: [rule], networkPolicy };
-    }
-  }
-  const warnings = [];
-  for (const rule of WARN_PATTERNS) {
-    if (rule.pattern.test(command)) {
-      warnings.push(rule);
-    }
-  }
-  if (warnings.length > 0) {
-    return { risk: "warn", patterns: warnings, networkPolicy };
-  }
-  return { risk: "safe", patterns: [], networkPolicy };
-}
-export function buildScrubbedEnv(sourceEnv = process.env) {
-  const env = { ...sourceEnv };
-  for (const key of Object.keys(env)) {
-    if (shouldStripEnvKey(key)) {
-      delete env[key];
-    }
-  }
-  return env;
-}
-function shouldStripEnvKey(key) {
-  if (!key) {
-    return false;
-  }
-  const upperKey = String(key).toUpperCase();
-  if (EXACT_ENV_KEYS_TO_STRIP.has(upperKey)) {
-    return true;
-  }
-  if (upperKey.startsWith("INPUT_")) {
-    const baseKey = upperKey.slice("INPUT_".length);
-    if (EXACT_ENV_KEYS_TO_STRIP.has(baseKey)) {
-      return true;
-    }
-    if (ENV_KEY_PREFIX_PATTERNS.some((pattern) => pattern.test(baseKey))) {
-      return true;
-    }
-    if (ENV_KEY_SUFFIX_PATTERNS.some((pattern) => pattern.test(baseKey))) {
-      return true;
-    }
-  }
-  if (ENV_KEY_PREFIX_PATTERNS.some((pattern) => pattern.test(upperKey))) {
-    return true;
-  }
-  return ENV_KEY_SUFFIX_PATTERNS.some((pattern) => pattern.test(upperKey));
-}
-function evaluateNetworkPolicy(command, sourceEnv = process.env) {
-  if (!/\b(curl|wget)\b/i.test(command)) {
-    return {
-      blocking: false,
-      hosts: [],
-      deniedHosts: [],
-    };
-  }
-  const hosts = extractNetworkHosts(command);
-  if (hosts.length === 0) {
-    return {
-      blocking: true,
-      hosts: [],
-      deniedHosts: [],
-      reason: "network command requires explicit URL host",
-    };
-  }
-  const allowlist = resolveAllowedFetchHosts(sourceEnv);
-  const deniedHosts = hosts.filter((host) => !isAllowedHost(host, allowlist));
-  if (deniedHosts.length > 0) {
-    return {
-      blocking: true,
-      hosts,
-      deniedHosts,
-      reason: `network host not allowlisted: ${deniedHosts.join(", ")}`,
-    };
-  }
-  return {
-    blocking: false,
-    hosts,
-    deniedHosts: [],
-  };
-}
-function resolveAllowedFetchHosts(sourceEnv = process.env) {
-  const configured = String(sourceEnv.SENTINELAYER_ALLOWED_FETCH_HOSTS || "")
-    .split(",")
-    .map((item) => normalizeHostPattern(item))
-    .filter(Boolean);
-  const allPatterns = [...DEFAULT_ALLOWED_FETCH_HOSTS, ...configured]
-    .map((item) => normalizeHostPattern(item))
-    .filter(Boolean);
-  return Array.from(new Set(allPatterns));
-}
-function extractNetworkHosts(command) {
-  const matches = command.matchAll(/\bhttps?:\/\/([^\s"'`]+)/gi);
-  const hosts = new Set();
-  for (const match of matches) {
-    const candidate = match?.[0];
-    if (!candidate) {
-      continue;
-    }
-    try {
-      const parsed = new URL(candidate);
-      const host = normalizeHostPattern(parsed.hostname);
-      if (host) {
-        hosts.add(host);
-      }
-    } catch {
-      // Skip malformed URL segments.
-    }
-  }
-  return Array.from(hosts);
-}
-function isAllowedHost(host, allowlist) {
-  const normalizedHost = normalizeHostPattern(host);
-  if (!normalizedHost) {
-    return false;
-  }
-  return allowlist.some((pattern) => {
-    if (!pattern) {
-      return false;
-    }
-    if (pattern.startsWith("*.")) {
-      const suffix = pattern.slice(2);
-      return normalizedHost === suffix || normalizedHost.endsWith(`.${suffix}`);
-    }
-    return normalizedHost === pattern;
-  });
-}
-function normalizeHostPattern(value) {
-  return String(value || "")
-    .trim()
-    .toLowerCase()
-    .replace(/\.$/, "");
-}
-export class ShellError extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "ShellError";
-  }
-}
-export class ShellBlockedError extends ShellError {
-  constructor(message, security) {
-    super(message);
-    this.name = "ShellBlockedError";
-    this.security = security;
-  }
-}
+import { execSync } from "node:child_process";
+import path from "node:path";
+const DEFAULT_TIMEOUT_MS = 120_000;
+const MAX_OUTPUT_CHARS = 30_000;
+const DEFAULT_ALLOWED_FETCH_HOSTS = [
+  "github.com",
+  "api.github.com",
+  "raw.githubusercontent.com",
+  "*.githubusercontent.com",
+  "registry.npmjs.org",
+  "registry.yarnpkg.com",
+  "pypi.org",
+  "files.pythonhosted.org",
+  "rubygems.org",
+  "crates.io",
+  "static.crates.io",
+];
+/**
+ * Patterns that are BLOCKED unconditionally.
+ * Sourced from review/local-review.js security rules + src bash security patterns.
+ */
+const BLOCKED_PATTERNS = [
+  { pattern: /rm\s+(-[rR]f?|--recursive)\s+\/($|\s)/, desc: "rm -rf /" },
+  { pattern: /:\(\)\s*\{[^}]*\}\s*;?\s*:/, desc: "fork bomb" },
+  { pattern: /\beval\s*\(/, desc: "eval injection" },
+  { pattern: /curl[^|]*\|\s*(ba)?sh/, desc: "pipe to shell" },
+  { pattern: /wget[^|]*\|\s*(ba)?sh/, desc: "wget pipe to shell" },
+  { pattern: />\s*\/dev\/sd[a-z]/, desc: "write to raw device" },
+  { pattern: /mkfs\./, desc: "filesystem format" },
+  { pattern: /dd\s+.*of=\/dev\//, desc: "dd to device" },
+  { pattern: /chmod\s+777\s+\//, desc: "chmod 777 root" },
+  { pattern: />\s*\/etc\//, desc: "write to /etc" },
+  { pattern: /rm\s+-rf?\s+~/, desc: "rm home directory" },
+  { pattern: /git\s+push\s+.*--force\s+.*main/, desc: "force push to main" },
+  { pattern: /git\s+reset\s+--hard/, desc: "git reset hard" },
+  { pattern: /DROP\s+TABLE|DROP\s+DATABASE/i, desc: "SQL drop" },
+  { pattern: /TRUNCATE\s+TABLE/i, desc: "SQL truncate" },
+];
+/**
+ * Patterns that trigger a WARNING but are allowed.
+ */
+const WARN_PATTERNS = [
+  { pattern: /npm\s+install|yarn\s+add|pnpm\s+add/, desc: "package install" },
+  { pattern: /git\s+push/, desc: "git push" },
+  { pattern: /curl\s|wget\s|fetch\(/, desc: "network request" },
+  { pattern: /rm\s+-/, desc: "file deletion" },
+  { pattern: /sudo\s/, desc: "elevated privileges" },
+];
+/**
+ * Environment variables to strip from child process env.
+ * Prevents credential leakage to spawned commands.
+ */
+const EXACT_ENV_KEYS_TO_STRIP = new Set([
+  "ANTHROPIC_API_KEY",
+  "OPENAI_API_KEY",
+  "GOOGLE_API_KEY",
+  "GEMINI_API_KEY",
+  "SENTINELAYER_TOKEN",
+  "AIDENID_API_KEY",
+  "AIDENID_TOKEN",
+  "AWS_ACCESS_KEY_ID",
+  "AWS_SECRET_ACCESS_KEY",
+  "AWS_SESSION_TOKEN",
+  "AWS_WEB_IDENTITY_TOKEN_FILE",
+  "AZURE_CLIENT_SECRET",
+  "GOOGLE_APPLICATION_CREDENTIALS",
+  "GITHUB_TOKEN",
+  "GH_TOKEN",
+  "GITLAB_TOKEN",
+  "BITBUCKET_TOKEN",
+  "NPM_TOKEN",
+  "NODE_AUTH_TOKEN",
+  "PYPI_API_TOKEN",
+  "RUBYGEMS_API_KEY",
+  "CARGO_REGISTRY_TOKEN",
+  "ACTIONS_ID_TOKEN_REQUEST_TOKEN",
+  "ACTIONS_RUNTIME_TOKEN",
+  "CI_JOB_TOKEN",
+  "CI_JOB_JWT",
+  "STRIPE_SECRET_KEY",
+  "SLACK_BOT_TOKEN",
+  "TELEGRAM_BOT_TOKEN",
+  "DISCORD_BOT_TOKEN",
+  "TWILIO_AUTH_TOKEN",
+  "SENDGRID_API_KEY",
+  "RESEND_API_KEY",
+  "DATABASE_URL",
+  "REDIS_URL",
+  "MONGODB_URI",
+  "SSH_SIGNING_KEY",
+  "SSH_PRIVATE_KEY",
+  "KUBECONFIG",
+  "KUBE_CONFIG_DATA",
+]);
+const ENV_KEY_PREFIX_PATTERNS = [
+  /^AIDENID_/i,
+  /^SENTINELAYER_/i,
+  /^OPENAI_/i,
+  /^ANTHROPIC_/i,
+  /^GOOGLE_/i,
+  /^GITHUB_/i,
+  /^GH_/i,
+  /^AWS_/i,
+  /^AZURE_/i,
+  /^SLACK_/i,
+  /^STRIPE_/i,
+  /^TELEGRAM_/i,
+  /^DISCORD_/i,
+  /^TWILIO_/i,
+  /^SENDGRID_/i,
+  /^RESEND_/i,
+];
+const ENV_KEY_SUFFIX_PATTERNS = [
+  /_TOKEN$/i,
+  /_API_KEY$/i,
+  /_SECRET$/i,
+  /_SECRET_KEY$/i,
+  /_PASSWORD$/i,
+  /_PRIVATE_KEY$/i,
+  /_ACCESS_KEY$/i,
+  /_AUTH_TOKEN$/i,
+  /_SESSION_TOKEN$/i,
+];
+/**
+ * Execute a shell command with security analysis, timeout, and env scrubbing.
+ *
+ * @param {object} input
+ * @param {string} input.command - The shell command to execute.
+ * @param {string} [input.cwd] - Working directory (default: process.cwd()).
+ * @param {number} [input.timeout] - Timeout in ms (default: 120000).
+ * @returns {{ stdout, stderr, exitCode, durationMs, command, security }}
+ */
+export function shell(input) {
+  if (!input.command || typeof input.command !== "string") {
+    throw new ShellError("command is required and must be a non-empty string.");
+  }
+  const command = input.command.trim();
+  const cwd = input.cwd ? path.resolve(input.cwd) : process.cwd();
+  const timeout = input.timeout ?? DEFAULT_TIMEOUT_MS;
+  // Security analysis
+  const security = analyzeCommand(command);
+  if (security.risk === "blocked") {
+    throw new ShellBlockedError(
+      `Command blocked: ${security.patterns[0].desc}`,
+      security,
+    );
+  }
+  // Build scrubbed environment
+  const env = buildScrubbedEnv();
+  const startMs = Date.now();
+  let stdout = "";
+  let stderr = "";
+  let exitCode = 0;
+  try {
+    stdout = execSync(command, {
+      cwd,
+      encoding: "utf-8",
+      timeout,
+      env,
+      maxBuffer: 10 * 1024 * 1024,
+      stdio: ["pipe", "pipe", "pipe"],
+    });
+  } catch (err) {
+    exitCode = err.status ?? 1;
+    stdout = err.stdout ?? "";
+    stderr = err.stderr ?? "";
+    if (err.killed) {
+      stderr += `\n[Process killed: timeout after ${timeout}ms]`;
+    }
+  }
+  const durationMs = Date.now() - startMs;
+  // Truncate large outputs
+  if (stdout.length > MAX_OUTPUT_CHARS) {
+    stdout = stdout.slice(0, MAX_OUTPUT_CHARS) + "\n[... truncated]";
+  }
+  if (stderr.length > MAX_OUTPUT_CHARS) {
+    stderr = stderr.slice(0, MAX_OUTPUT_CHARS) + "\n[... truncated]";
+  }
+  return { stdout, stderr, exitCode, durationMs, command, security };
+}
+/**
+ * Analyze a command for security risks.
+ * @param {object} [options]
+ * @param {Record<string, string|undefined>} [options.env]
+ * @returns {{ risk: "safe"|"warn"|"blocked", patterns: Array<{desc}>, networkPolicy?: object }}
+ */
+export function analyzeCommand(command, options = {}) {
+  const networkPolicy = evaluateNetworkPolicy(command, options.env);
+  if (networkPolicy.blocking) {
+    return {
+      risk: "blocked",
+      patterns: [{ desc: networkPolicy.reason }],
+      networkPolicy,
+    };
+  }
+  for (const rule of BLOCKED_PATTERNS) {
+    if (rule.pattern.test(command)) {
+      return { risk: "blocked", patterns: [rule], networkPolicy };
+    }
+  }
+  const warnings = [];
+  for (const rule of WARN_PATTERNS) {
+    if (rule.pattern.test(command)) {
+      warnings.push(rule);
+    }
+  }
+  if (warnings.length > 0) {
+    return { risk: "warn", patterns: warnings, networkPolicy };
+  }
+  return { risk: "safe", patterns: [], networkPolicy };
+}
+export function buildScrubbedEnv(sourceEnv = process.env) {
+  const env = { ...sourceEnv };
+  for (const key of Object.keys(env)) {
+    if (shouldStripEnvKey(key)) {
+      delete env[key];
+    }
+  }
+  return env;
+}
+function shouldStripEnvKey(key) {
+  if (!key) {
+    return false;
+  }
+  const upperKey = String(key).toUpperCase();
+  if (EXACT_ENV_KEYS_TO_STRIP.has(upperKey)) {
+    return true;
+  }
+  if (upperKey.startsWith("INPUT_")) {
+    const baseKey = upperKey.slice("INPUT_".length);
+    if (EXACT_ENV_KEYS_TO_STRIP.has(baseKey)) {
+      return true;
+    }
+    if (ENV_KEY_PREFIX_PATTERNS.some((pattern) => pattern.test(baseKey))) {
+      return true;
+    }
+    if (ENV_KEY_SUFFIX_PATTERNS.some((pattern) => pattern.test(baseKey))) {
+      return true;
+    }
+  }
+  if (ENV_KEY_PREFIX_PATTERNS.some((pattern) => pattern.test(upperKey))) {
+    return true;
+  }
+  return ENV_KEY_SUFFIX_PATTERNS.some((pattern) => pattern.test(upperKey));
+}
+function evaluateNetworkPolicy(command, sourceEnv = process.env) {
+  if (!/\b(curl|wget)\b/i.test(command)) {
+    return {
+      blocking: false,
+      hosts: [],
+      deniedHosts: [],
+    };
+  }
+  const hosts = extractNetworkHosts(command);
+  if (hosts.length === 0) {
+    return {
+      blocking: true,
+      hosts: [],
+      deniedHosts: [],
+      reason: "network command requires explicit URL host",
+    };
+  }
+  const allowlist = resolveAllowedFetchHosts(sourceEnv);
+  const deniedHosts = hosts.filter((host) => !isAllowedHost(host, allowlist));
+  if (deniedHosts.length > 0) {
+    return {
+      blocking: true,
+      hosts,
+      deniedHosts,
+      reason: `network host not allowlisted: ${deniedHosts.join(", ")}`,
+    };
+  }
+  return {
+    blocking: false,
+    hosts,
+    deniedHosts: [],
+  };
+}
+function resolveAllowedFetchHosts(sourceEnv = process.env) {
+  const configured = String(sourceEnv.SENTINELAYER_ALLOWED_FETCH_HOSTS || "")
+    .split(",")
+    .map((item) => normalizeHostPattern(item))
+    .filter(Boolean);
+  const allPatterns = [...DEFAULT_ALLOWED_FETCH_HOSTS, ...configured]
+    .map((item) => normalizeHostPattern(item))
+    .filter(Boolean);
+  return Array.from(new Set(allPatterns));
+}
+function extractNetworkHosts(command) {
+  const matches = command.matchAll(/\bhttps?:\/\/([^\s"'`]+)/gi);
+  const hosts = new Set();
+  for (const match of matches) {
+    const candidate = match?.[0];
+    if (!candidate) {
+      continue;
+    }
+    try {
+      const parsed = new URL(candidate);
+      const host = normalizeHostPattern(parsed.hostname);
+      if (host) {
+        hosts.add(host);
+      }
+    } catch {
+      // Skip malformed URL segments.
+    }
+  }
+  return Array.from(hosts);
+}
+function isAllowedHost(host, allowlist) {
+  const normalizedHost = normalizeHostPattern(host);
+  if (!normalizedHost) {
+    return false;
+  }
+  return allowlist.some((pattern) => {
+    if (!pattern) {
+      return false;
+    }
+    if (pattern.startsWith("*.")) {
+      const suffix = pattern.slice(2);
+      return normalizedHost === suffix || normalizedHost.endsWith(`.${suffix}`);
+    }
+    return normalizedHost === pattern;
+  });
+}
+function normalizeHostPattern(value) {
+  return String(value || "")
+    .trim()
+    .toLowerCase()
+    .replace(/\.$/, "");
+}
+export class ShellError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "ShellError";
+  }
+}
+export class ShellBlockedError extends ShellError {
+  constructor(message, security) {
+    super(message);
+    this.name = "ShellBlockedError";
+    this.security = security;
+  }
+}