specweave 1.0.464 → 1.0.466

package/dist/plugins/specweave/lib/vendor/utils/chalk-fallback.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chalk-fallback.js","sourceRoot":"","sources":["../../../src/utils/chalk-fallback.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,8CAA8C;AAC9C,MAAM,IAAI,GAAG;IACX,KAAK,EAAE,SAAS;IAChB,IAAI,EAAE,SAAS;IACf,GAAG,EAAE,UAAU;IACf,KAAK,EAAE,UAAU;IACjB,MAAM,EAAE,UAAU;IAClB,IAAI,EAAE,UAAU;IAChB,IAAI,EAAE,UAAU;CACjB,CAAC;AAEF,+CAA+C;AAC/C,MAAM,aAAa,GAAG,OAAO,CAAC,MAAM,EAAE,KAAK,IAAI,KAAK,CAAC;AAKrD;;GAEG;AACH,SAAS,aAAa,CAAC,SAAiB;IACtC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAgB,EAAE,EAAE;QAC/B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC,aAAa;YAAE,OAAO,GAAG,CAAC;QAC/B,OAAO,GAAG,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;IAC3C,CAAC,CAAY,CAAC;IAEd,0BAA0B;IAC1B,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,IAAgB,EAAE,EAAE;QAC9B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC,aAAa;YAAE,OAAO,GAAG,CAAC;QAC/B,OAAO,GAAG,IAAI,CAAC,IAAI,GAAG,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;IACvD,CAAC,CAAY,CAAC;IAEd,OAAO,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,SAAiB;IAC1C,MAAM,EAAE,GAAG,CAAC,CAAC,IAAgB,EAAE,EAAE;QAC/B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC,aAAa;YAAE,OAAO,GAAG,CAAC;QAC/B,OAAO,GAAG,IAAI,CAAC,IAAI,GAAG,SAAS,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;IACvD,CAAC,CAAY,CAAC;IAEd,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC;IACb,OAAO,EAAE,CAAC;AACZ,CAAC;AAkBD;;;GAGG;AACH,MAAM,CAAC,MAAM,aAAa,GAAkB;IAC1C,GAAG,EAAE,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC;IAC5B,KAAK,EAAE,aAAa,CAAC,IAAI,CAAC,KAAK,CAAC;IAChC,MAAM,EAAE,aAAa,CAAC,IAAI,CAAC,MAAM,CAAC;IAClC,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;IAC9B,IAAI,EAAE,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC;IAC9B,IAAI,EAAE,MAAM,CAAC,MAAM,CACjB,CAAC,CAAC,IAAgB,EAAE,EAAE;QACpB,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;QACzB,IAAI,CAAC,aAAa;YAAE,OAAO,GAAG,CAAC;QAC/B,OAAO,GAAG,IAAI,CAAC,IAAI,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;IAC3C,CAAC,CAAY,EACb;QACE,IAAI,EAAE,CAAC,CAAC,IAAgB,EAAE,EAAE;YAC1B,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;YACzB,IAAI,CAAC,aAAa;gBAAE,OAAO,GAAG,CAAC;YAC/B,OAAO,GAAG,IAAI,CAAC,IAAI,GAAG,GAAG,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;QAC3C,CAAC,CAAY;KACd,CACF;CACF,CAAC;AAEF,mCAAmC;AAClC,aAAa,CAAC,IAAY,CAAC,GAAG,GAAG,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC7D,aAAa,CAAC,IAAY,CAAC,KAAK,GAAG,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACjE,aAAa,CAAC,IAAY,CAAC,MAAM,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACnE,aAAa,CAAC,IAAY,CAAC,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC/D,aAAa,CAAC,IAAY,CAAC,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEhE,0EAA0E;AAC1E,aAAa,CAAC,GAAG,CAAC,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AACrD,aAAa,CAAC,KAAK,CAAC,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACzD,aAAa,CAAC,MAAM,CAAC,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC3D,aAAa,CAAC,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACvD,aAAa,CAAC,IAAI,CAAC,IAAI,GAAG,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAEvD;;GAEG;AACH,IAAI,aAAa,GAAyB,IAAI,CAAC;AAE/C,MAAM,CAAC,KAAK,UAAU,QAAQ;IAC5B,IAAI,aAAa;QAAE,OAAO,aAAa,CAAC;IAExC,IAAI,CAAC;QACH,kCAAkC;QAClC,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,OAAO,CAAC,CAAC;QAC1C,aAAa,GAAG,WAAW,CAAC,OAAmC,CAAC;QAChE,OAAO,aAAa,CAAC;IACvB,CAAC;IAAC,MAAM,CAAC;QACP,oCAAoC;QACpC,aAAa,GAAG,aAAa,CAAC;QAC9B,OAAO,aAAa,CAAC;IACvB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,YAAY;IAC1B,OAAO,aAAa,IAAI,aAAa,CAAC;AACxC,CAAC;AAED,eAAe,aAAa,CAAC"}

package/dist/plugins/specweave/lib/vendor/utils/clean-env.d.ts

@@ -0,0 +1,47 @@
+/**
+ * Clean Environment Utility
+ *
+ * CRITICAL: This module MUST have NO imports from modules that spawn child processes
+ * to avoid circular dependencies. This is a foundational utility.
+ *
+ * This utility is used by:
+ * - execFileNoThrow.ts (core exec utility)
+ * - claude-cli-detector.ts (CLI detection)
+ * - Test files (via tests/test-utils/clean-env.ts)
+ *
+ * @module clean-env
+ */
+/**
+ * Create a clean environment for spawning child processes.
+ *
+ * CRITICAL: Removes env vars that can cause child processes to fail:
+ *
+ * - CLAUDECODE: Nested session guard (Claude Code v2.1.39+) blocks `claude -p`
+ *   when running inside a Claude Code session. Unsetting is the official bypass.
+ *   See: https://github.com/anthropics/claude-code/issues/25434
+ *   Same fix applied in Python Agent SDK PR #594.
+ * - VSCode Debug: NODE_OPTIONS contains --inspect-brk flags
+ * - WebStorm/IntelliJ: NODE_OPTIONS or IDEA-specific vars
+ * - CI/CD (GitHub Actions, etc.): May set NODE_OPTIONS for coverage
+ * - Jest/Vitest: May set NODE_OPTIONS for debugging
+ *
+ * This function is safe to use in ALL environments:
+ * - Windows, macOS, Linux
+ * - Local development, CI/CD pipelines
+ * - Debug mode, run mode, production
+ *
+ * If a variable is not set, delete is a no-op (safe).
+ *
+ * @returns A copy of process.env with problematic vars removed
+ *
+ * @example
+ * ```typescript
+ * import { getCleanEnv } from './clean-env.js';
+ *
+ * // Spawn a child process without debugger interference
+ * execSync('node script.js', { env: getCleanEnv() });
+ * spawnSync('claude', ['--version'], { env: getCleanEnv() });
+ * ```
+ */
+export declare function getCleanEnv(): NodeJS.ProcessEnv;
+//# sourceMappingURL=clean-env.d.ts.map

package/dist/plugins/specweave/lib/vendor/utils/clean-env.js

@@ -0,0 +1,63 @@
+/**
+ * Clean Environment Utility
+ *
+ * CRITICAL: This module MUST have NO imports from modules that spawn child processes
+ * to avoid circular dependencies. This is a foundational utility.
+ *
+ * This utility is used by:
+ * - execFileNoThrow.ts (core exec utility)
+ * - claude-cli-detector.ts (CLI detection)
+ * - Test files (via tests/test-utils/clean-env.ts)
+ *
+ * @module clean-env
+ */
+/**
+ * Create a clean environment for spawning child processes.
+ *
+ * CRITICAL: Removes env vars that can cause child processes to fail:
+ *
+ * - CLAUDECODE: Nested session guard (Claude Code v2.1.39+) blocks `claude -p`
+ *   when running inside a Claude Code session. Unsetting is the official bypass.
+ *   See: https://github.com/anthropics/claude-code/issues/25434
+ *   Same fix applied in Python Agent SDK PR #594.
+ * - VSCode Debug: NODE_OPTIONS contains --inspect-brk flags
+ * - WebStorm/IntelliJ: NODE_OPTIONS or IDEA-specific vars
+ * - CI/CD (GitHub Actions, etc.): May set NODE_OPTIONS for coverage
+ * - Jest/Vitest: May set NODE_OPTIONS for debugging
+ *
+ * This function is safe to use in ALL environments:
+ * - Windows, macOS, Linux
+ * - Local development, CI/CD pipelines
+ * - Debug mode, run mode, production
+ *
+ * If a variable is not set, delete is a no-op (safe).
+ *
+ * @returns A copy of process.env with problematic vars removed
+ *
+ * @example
+ * ```typescript
+ * import { getCleanEnv } from './clean-env.js';
+ *
+ * // Spawn a child process without debugger interference
+ * execSync('node script.js', { env: getCleanEnv() });
+ * spawnSync('claude', ['--version'], { env: getCleanEnv() });
+ * ```
+ */
+export function getCleanEnv() {
+    const cleanEnv = { ...process.env };
+    // Remove Claude Code nested session guard (v2.1.39+)
+    // When CLAUDECODE=1, `claude -p` refuses to start with:
+    //   "Claude Code cannot be launched inside another Claude Code session"
+    // This is safe: we're spawning a one-shot pipe-mode call, not a competing session.
+    delete cleanEnv.CLAUDECODE;
+    // Remove Node.js debugger/inspector flags (VSCode, WebStorm, etc.)
+    delete cleanEnv.NODE_OPTIONS;
+    delete cleanEnv.NODE_INSPECT;
+    delete cleanEnv.NODE_INSPECT_RESUME_ON_START;
+    // Remove coverage instrumentation that can interfere with spawned processes
+    delete cleanEnv.NODE_V8_COVERAGE;
+    // Remove test runner debug vars
+    delete cleanEnv.VSCODE_INSPECTOR_OPTIONS;
+    return cleanEnv;
+}
+//# sourceMappingURL=clean-env.js.map

package/dist/plugins/specweave/lib/vendor/utils/clean-env.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"clean-env.js","sourceRoot":"","sources":["../../../src/utils/clean-env.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,UAAU,WAAW;IACzB,MAAM,QAAQ,GAAG,EAAE,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC;IAEpC,qDAAqD;IACrD,wDAAwD;IACxD,wEAAwE;IACxE,mFAAmF;IACnF,OAAO,QAAQ,CAAC,UAAU,CAAC;IAE3B,mEAAmE;IACnE,OAAO,QAAQ,CAAC,YAAY,CAAC;IAC7B,OAAO,QAAQ,CAAC,YAAY,CAAC;IAC7B,OAAO,QAAQ,CAAC,4BAA4B,CAAC;IAE7C,4EAA4E;IAC5E,OAAO,QAAQ,CAAC,gBAAgB,CAAC;IAEjC,gCAAgC;IAChC,OAAO,QAAQ,CAAC,wBAAwB,CAAC;IAEzC,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/plugins/specweave/lib/vendor/utils/credential-masker.d.ts

@@ -0,0 +1,118 @@
+/**
+ * Credential Masker - Security Utility
+ *
+ * Automatically masks sensitive credentials in logs, console output, and file writes.
+ * Prevents accidental exposure of secrets in debugging output and log files.
+ *
+ * Features:
+ * - Pattern-based detection of common credential formats
+ * - Context-aware masking (preserves first/last characters for debugging)
+ * - Zero-config (works out of the box)
+ * - Handles JSON, environment variables, URLs, and more
+ */
+/**
+ * Masking options
+ */
+export interface MaskOptions {
+    /**
+     * Show first N characters (default: 4)
+     */
+    showFirst?: number;
+    /**
+     * Show last N characters (default: 4)
+     */
+    showLast?: number;
+    /**
+     * Mask character (default: '*')
+     */
+    maskChar?: string;
+    /**
+     * Minimum length to mask (default: 8)
+     * Shorter values are completely masked
+     */
+    minLength?: number;
+    /**
+     * Enable aggressive mode (masks more patterns)
+     */
+    aggressive?: boolean;
+}
+/**
+ * Mask a credential value
+ *
+ * @param value - Credential to mask
+ * @param options - Masking options
+ * @returns Masked credential
+ *
+ * @example
+ * maskValue('ghp_1234567890abcdef') // 'ghp_****def'
+ * maskValue('short') // '********'
+ */
+export declare function maskValue(value: string, options?: MaskOptions): string;
+/**
+ * Mask all credentials in a string
+ *
+ * @param text - Text potentially containing credentials
+ * @param options - Masking options
+ * @returns Text with credentials masked
+ *
+ * @example
+ * maskCredentials('GITHUB_TOKEN=ghp_123456') // 'GITHUB_TOKEN=ghp_****'
+ * maskCredentials('Bearer eyJhbGc...') // 'Bearer eyJh****...'
+ */
+export declare function maskCredentials(text: string, options?: MaskOptions): string;
+/**
+ * Mask credentials in structured data (objects, arrays)
+ *
+ * @param data - Data structure
+ * @param options - Masking options
+ * @returns Data with credentials masked
+ */
+export declare function maskCredentialsInData(data: any, options?: MaskOptions): any;
+/**
+ * Sanitize bash command output
+ *
+ * Masks credentials in bash command outputs (especially grep results)
+ *
+ * @param output - Command output
+ * @param options - Masking options
+ * @returns Sanitized output
+ *
+ * @example
+ * sanitizeBashOutput('GITHUB_TOKEN=ghp_123456\nAPI_KEY=sk_test_123')
+ * // 'GITHUB_TOKEN=ghp_****\nAPI_KEY=sk_t****123'
+ */
+export declare function sanitizeBashOutput(output: string, options?: MaskOptions): string;
+/**
+ * Check if text contains potential credentials
+ *
+ * @param text - Text to check
+ * @returns True if credentials detected
+ */
+export declare function containsCredentials(text: string): boolean;
+/**
+ * Create a credential-safe logger wrapper
+ *
+ * Wraps a logger to automatically mask credentials
+ *
+ * @param logger - Original logger
+ * @param options - Masking options
+ * @returns Wrapped logger with automatic masking
+ */
+export declare function createSecureLogger(logger: any, options?: MaskOptions): {
+    log: (message: string, ...args: any[]) => void;
+    info: (message: string, ...args: any[]) => void;
+    error: (message: string, error?: any) => void;
+    warn: (message: string) => void;
+    debug: (message: string) => void;
+};
+/**
+ * Environment variable masking helper
+ *
+ * Masks sensitive environment variables before logging
+ *
+ * @param env - Environment object
+ * @param options - Masking options
+ * @returns Masked environment object
+ */
+export declare function maskEnvironment(env?: NodeJS.ProcessEnv, options?: MaskOptions): Record<string, string>;
+//# sourceMappingURL=credential-masker.d.ts.map

package/dist/plugins/specweave/lib/vendor/utils/credential-masker.js

@@ -0,0 +1,275 @@
+/**
+ * Credential Masker - Security Utility
+ *
+ * Automatically masks sensitive credentials in logs, console output, and file writes.
+ * Prevents accidental exposure of secrets in debugging output and log files.
+ *
+ * Features:
+ * - Pattern-based detection of common credential formats
+ * - Context-aware masking (preserves first/last characters for debugging)
+ * - Zero-config (works out of the box)
+ * - Handles JSON, environment variables, URLs, and more
+ */
+/**
+ * Sensitive patterns to mask
+ */
+const SENSITIVE_PATTERNS = [
+    // Environment variable assignments
+    { pattern: /\b(GITHUB_TOKEN|GH_TOKEN)=([^\s]+)/gi, name: 'GitHub Token' },
+    { pattern: /\b(JIRA_API_TOKEN|JIRA_TOKEN)=([^\s]+)/gi, name: 'JIRA Token' },
+    { pattern: /\b(JIRA_EMAIL)=([^\s@]+@[^\s]+)/gi, name: 'JIRA Email' },
+    { pattern: /\b(AZURE_DEVOPS_PAT|AZURE_DEVOPS_TOKEN|ADO_PAT)=([^\s]+)/gi, name: 'Azure DevOps PAT' },
+    { pattern: /\b(AWS_SECRET_ACCESS_KEY)=([^\s]+)/gi, name: 'AWS Secret Key' },
+    { pattern: /\b(AWS_ACCESS_KEY_ID)=([^\s]+)/gi, name: 'AWS Access Key' },
+    { pattern: /\b(OPENAI_API_KEY|ANTHROPIC_API_KEY)=([^\s]+)/gi, name: 'API Key' },
+    { pattern: /\b(DATABASE_URL|DB_URL|POSTGRES_URL|MYSQL_URL)=([^\s]+)/gi, name: 'Database URL' },
+    { pattern: /\b(SUPABASE_KEY|SUPABASE_ANON_KEY|SUPABASE_SERVICE_KEY)=([^\s]+)/gi, name: 'Supabase Key' },
+    { pattern: /\b(CF_API_TOKEN|CLOUDFLARE_API_TOKEN)=([^\s]+)/gi, name: 'Cloudflare Token' },
+    { pattern: /\b(VERCEL_TOKEN)=([^\s]+)/gi, name: 'Vercel Token' },
+    // JSON-style credentials
+    { pattern: /"(token|apiToken|api_token|accessToken|access_token|password|secret|apiKey|api_key)"\s*:\s*"([^"]{8,})"/gi, name: 'JSON Token' },
+    // URLs with credentials (http/https)
+    { pattern: /https?:\/\/[^:]+:([^@]{8,})@[^\s]+/gi, name: 'HTTP URL with credentials' },
+    // URLs with credentials (redis, postgresql, mysql, mongodb)
+    { pattern: /(redis|postgresql|postgres|mysql|mongodb):\/\/[^:]*:([^@]{6,})@[^\s]+/gi, name: 'Database URL with credentials' },
+    // Bearer tokens
+    { pattern: /Bearer\s+([A-Za-z0-9\-_=]+\.[A-Za-z0-9\-_=]+\.[A-Za-z0-9\-_.+/=]+)/gi, name: 'Bearer JWT' },
+    { pattern: /Bearer\s+([A-Za-z0-9_\-]{20,})/gi, name: 'Bearer Token' },
+    // Generic tokens (alphanumeric strings 32+ chars)
+    { pattern: /\b([a-zA-Z0-9_\-]{40,})\b/g, name: 'Generic Token' },
+];
+/**
+ * Default masking options
+ */
+const DEFAULT_OPTIONS = {
+    showFirst: 4,
+    showLast: 4,
+    maskChar: '*',
+    minLength: 8,
+    aggressive: false,
+};
+/**
+ * Mask a credential value
+ *
+ * @param value - Credential to mask
+ * @param options - Masking options
+ * @returns Masked credential
+ *
+ * @example
+ * maskValue('ghp_1234567890abcdef') // 'ghp_****def'
+ * maskValue('short') // '********'
+ */
+export function maskValue(value, options = {}) {
+    const opts = { ...DEFAULT_OPTIONS, ...options };
+    if (!value || value.length < opts.minLength) {
+        // Short values - completely mask
+        return opts.maskChar.repeat(8);
+    }
+    const showCount = opts.showFirst + opts.showLast;
+    if (value.length <= showCount) {
+        // Value too short to show partial
+        return opts.maskChar.repeat(8);
+    }
+    const first = value.slice(0, opts.showFirst);
+    const last = value.slice(-opts.showLast);
+    const maskLength = Math.max(8, value.length - showCount);
+    const mask = opts.maskChar.repeat(maskLength);
+    return `${first}${mask}${last}`;
+}
+/**
+ * Mask all credentials in a string
+ *
+ * @param text - Text potentially containing credentials
+ * @param options - Masking options
+ * @returns Text with credentials masked
+ *
+ * @example
+ * maskCredentials('GITHUB_TOKEN=ghp_123456') // 'GITHUB_TOKEN=ghp_****'
+ * maskCredentials('Bearer eyJhbGc...') // 'Bearer eyJh****...'
+ */
+export function maskCredentials(text, options = {}) {
+    if (!text)
+        return text;
+    let maskedText = text;
+    for (const { pattern, name } of SENSITIVE_PATTERNS) {
+        maskedText = maskedText.replace(pattern, (match, key, value) => {
+            // For environment variables: KEY=value
+            if (key && value && typeof value === 'string') {
+                return `${key}=${maskValue(value, options)}`;
+            }
+            // For JSON: "key": "value"
+            if (match.includes(':') && value && typeof value === 'string') {
+                return match.replace(value, maskValue(value, options));
+            }
+            // For URLs: http://user:pass@host
+            if (match.includes('://') && value && typeof value === 'string') {
+                return match.replace(value, maskValue(value, options));
+            }
+            // For Bearer tokens: Bearer <token>
+            if (match.toLowerCase().includes('bearer') && key && typeof key === 'string') {
+                return `Bearer ${maskValue(key, options)}`;
+            }
+            // Generic token (single capture group)
+            if (key && !value && typeof key === 'string') {
+                return maskValue(key, options);
+            }
+            // Fallback: mask the whole match
+            return maskValue(match, options);
+        });
+    }
+    return maskedText;
+}
+/**
+ * Mask credentials in structured data (objects, arrays)
+ *
+ * @param data - Data structure
+ * @param options - Masking options
+ * @returns Data with credentials masked
+ */
+export function maskCredentialsInData(data, options = {}) {
+    if (typeof data === 'string') {
+        return maskCredentials(data, options);
+    }
+    if (Array.isArray(data)) {
+        return data.map(item => maskCredentialsInData(item, options));
+    }
+    if (data && typeof data === 'object') {
+        const masked = {};
+        for (const [key, value] of Object.entries(data)) {
+            const lowerKey = key.toLowerCase();
+            // Check if key suggests sensitive data
+            const isSensitiveKey = [
+                'token', 'password', 'secret', 'key', 'credential',
+                'apitoken', 'api_token', 'accesstoken', 'access_token',
+                'pat', 'apikey', 'api_key'
+            ].some(sensitive => lowerKey.includes(sensitive));
+            if (isSensitiveKey && typeof value === 'string') {
+                masked[key] = maskValue(value, options);
+            }
+            else if (typeof value === 'object') {
+                masked[key] = maskCredentialsInData(value, options);
+            }
+            else {
+                masked[key] = value;
+            }
+        }
+        return masked;
+    }
+    return data;
+}
+/**
+ * Sanitize bash command output
+ *
+ * Masks credentials in bash command outputs (especially grep results)
+ *
+ * @param output - Command output
+ * @param options - Masking options
+ * @returns Sanitized output
+ *
+ * @example
+ * sanitizeBashOutput('GITHUB_TOKEN=ghp_123456\nAPI_KEY=sk_test_123')
+ * // 'GITHUB_TOKEN=ghp_****\nAPI_KEY=sk_t****123'
+ */
+export function sanitizeBashOutput(output, options = {}) {
+    if (!output)
+        return output;
+    // Mask line-by-line to preserve structure
+    return output
+        .split('\n')
+        .map(line => maskCredentials(line, options))
+        .join('\n');
+}
+/**
+ * Check if text contains potential credentials
+ *
+ * @param text - Text to check
+ * @returns True if credentials detected
+ */
+export function containsCredentials(text) {
+    if (!text)
+        return false;
+    return SENSITIVE_PATTERNS.some(({ pattern }) => {
+        // Reset regex state
+        pattern.lastIndex = 0;
+        return pattern.test(text);
+    });
+}
+/**
+ * Create a credential-safe logger wrapper
+ *
+ * Wraps a logger to automatically mask credentials
+ *
+ * @param logger - Original logger
+ * @param options - Masking options
+ * @returns Wrapped logger with automatic masking
+ */
+export function createSecureLogger(logger, options = {}) {
+    return {
+        log: (message, ...args) => {
+            const maskedMsg = maskCredentials(message, options);
+            const maskedArgs = args.map(arg => typeof arg === 'string' ? maskCredentials(arg, options) : arg);
+            logger.log(maskedMsg, ...maskedArgs);
+        },
+        info: (message, ...args) => {
+            const maskedMsg = maskCredentials(message, options);
+            const maskedArgs = args.map(arg => typeof arg === 'string' ? maskCredentials(arg, options) : arg);
+            logger.info(maskedMsg, ...maskedArgs);
+        },
+        error: (message, error) => {
+            const maskedMsg = maskCredentials(message, options);
+            let maskedError = error;
+            if (error && typeof error === 'object') {
+                maskedError = maskCredentialsInData(error, options);
+            }
+            else if (typeof error === 'string') {
+                maskedError = maskCredentials(error, options);
+            }
+            logger.error(maskedMsg, maskedError);
+        },
+        warn: (message) => {
+            const maskedMsg = maskCredentials(message, options);
+            logger.warn(maskedMsg);
+        },
+        debug: (message) => {
+            const maskedMsg = maskCredentials(message, options);
+            logger.debug(maskedMsg);
+        }
+    };
+}
+/**
+ * Environment variable masking helper
+ *
+ * Masks sensitive environment variables before logging
+ *
+ * @param env - Environment object
+ * @param options - Masking options
+ * @returns Masked environment object
+ */
+export function maskEnvironment(env = process.env, options = {}) {
+    const masked = {};
+    // Never mask these common environment variables
+    const neverMask = new Set([
+        'PATH', 'HOME', 'USER', 'SHELL', 'LANG', 'PWD', 'OLDPWD',
+        'NODE_ENV', 'NODE_VERSION', 'NPM_VERSION', 'TERM', 'EDITOR',
+        'TMPDIR', 'TMP', 'TEMP', 'HOSTNAME', 'OSTYPE'
+    ]);
+    for (const [key, value] of Object.entries(env)) {
+        if (!value) {
+            masked[key] = '';
+            continue;
+        }
+        // Never mask whitelisted vars
+        if (neverMask.has(key.toUpperCase())) {
+            masked[key] = value;
+            continue;
+        }
+        const lowerKey = key.toLowerCase();
+        const isSensitive = [
+            'token', 'password', 'secret', 'key', 'credential',
+            'pat', 'api', 'auth'
+        ].some(word => lowerKey.includes(word));
+        masked[key] = isSensitive ? maskValue(value, options) : value;
+    }
+    return masked;
+}
+//# sourceMappingURL=credential-masker.js.map

package/dist/plugins/specweave/lib/vendor/utils/credential-masker.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credential-masker.js","sourceRoot":"","sources":["../../../src/utils/credential-masker.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH;;GAEG;AACH,MAAM,kBAAkB,GAAG;IACzB,mCAAmC;IACnC,EAAE,OAAO,EAAE,sCAAsC,EAAE,IAAI,EAAE,cAAc,EAAE;IACzE,EAAE,OAAO,EAAE,0CAA0C,EAAE,IAAI,EAAE,YAAY,EAAE;IAC3E,EAAE,OAAO,EAAE,mCAAmC,EAAE,IAAI,EAAE,YAAY,EAAE;IACpE,EAAE,OAAO,EAAE,4DAA4D,EAAE,IAAI,EAAE,kBAAkB,EAAE;IACnG,EAAE,OAAO,EAAE,sCAAsC,EAAE,IAAI,EAAE,gBAAgB,EAAE;IAC3E,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,gBAAgB,EAAE;IACvE,EAAE,OAAO,EAAE,iDAAiD,EAAE,IAAI,EAAE,SAAS,EAAE;IAC/E,EAAE,OAAO,EAAE,2DAA2D,EAAE,IAAI,EAAE,cAAc,EAAE;IAC9F,EAAE,OAAO,EAAE,oEAAoE,EAAE,IAAI,EAAE,cAAc,EAAE;IACvG,EAAE,OAAO,EAAE,kDAAkD,EAAE,IAAI,EAAE,kBAAkB,EAAE;IACzF,EAAE,OAAO,EAAE,6BAA6B,EAAE,IAAI,EAAE,cAAc,EAAE;IAEhE,yBAAyB;IACzB,EAAE,OAAO,EAAE,2GAA2G,EAAE,IAAI,EAAE,YAAY,EAAE;IAE5I,qCAAqC;IACrC,EAAE,OAAO,EAAE,sCAAsC,EAAE,IAAI,EAAE,2BAA2B,EAAE;IAEtF,4DAA4D;IAC5D,EAAE,OAAO,EAAE,yEAAyE,EAAE,IAAI,EAAE,+BAA+B,EAAE;IAE7H,gBAAgB;IAChB,EAAE,OAAO,EAAE,sEAAsE,EAAE,IAAI,EAAE,YAAY,EAAE;IACvG,EAAE,OAAO,EAAE,kCAAkC,EAAE,IAAI,EAAE,cAAc,EAAE;IAErE,kDAAkD;IAClD,EAAE,OAAO,EAAE,4BAA4B,EAAE,IAAI,EAAE,eAAe,EAAE;CACjE,CAAC;AAiCF;;GAEG;AACH,MAAM,eAAe,GAA0B;IAC7C,SAAS,EAAE,CAAC;IACZ,QAAQ,EAAE,CAAC;IACX,QAAQ,EAAE,GAAG;IACb,SAAS,EAAE,CAAC;IACZ,UAAU,EAAE,KAAK;CAClB,CAAC;AAEF;;;;;;;;;;GAUG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,UAAuB,EAAE;IAChE,MAAM,IAAI,GAAG,EAAE,GAAG,eAAe,EAAE,GAAG,OAAO,EAAE,CAAC;IAEhD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QAC5C,iCAAiC;QACjC,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC;IAEjD,IAAI,KAAK,CAAC,MAAM,IAAI,SAAS,EAAE,CAAC;QAC9B,kCAAkC;QAClC,OAAO,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACjC,CAAC;IAED,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC,CAAC;IACzD,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAE9C,OAAO,GAAG,KAAK,GAAG,IAAI,GAAG,IAAI,EAAE,CAAC;AAClC,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,eAAe,CAAC,IAAY,EAAE,UAAuB,EAAE;IACrE,IAAI,CAAC,IAAI;QAAE,OAAO,IAAI,CAAC;IAEvB,IAAI,UAAU,GAAG,IAAI,CAAC;IAEtB,KAAK,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,kBAAkB,EAAE,CAAC;QACnD,UAAU,GAAG,UAAU,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,EAAE;YAC7D,uCAAuC;YACvC,IAAI,GAAG,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9C,OAAO,GAAG,GAAG,IAAI,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC;YAC/C,CAAC;YAED,2BAA2B;YAC3B,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9D,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;YACzD,CAAC;YAED,kCAAkC;YAClC,IAAI,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAChE,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;YACzD,CAAC;YAED,oCAAoC;YACpC,IAAI,KAAK,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC7E,OAAO,UAAU,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,EAAE,CAAC;YAC7C,CAAC;YAED,uCAAuC;YACvC,IAAI,GAAG,IAAI,CAAC,KAAK,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC7C,OAAO,SAAS,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACjC,CAAC;YAED,iCAAiC;YACjC,OAAO,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAS,EAAE,UAAuB,EAAE;IACxE,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACxC,CAAC;IAED,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,qBAAqB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,MAAM,GAAQ,EAAE,CAAC;QAEvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;YAChD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;YAEnC,uCAAuC;YACvC,MAAM,cAAc,GAAG;gBACrB,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY;gBAClD,UAAU,EAAE,WAAW,EAAE,aAAa,EAAE,cAAc;gBACtD,KAAK,EAAE,QAAQ,EAAE,SAAS;aAC3B,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;YAElD,IAAI,cAAc,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAChD,MAAM,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAC1C,CAAC;iBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrC,MAAM,CAAC,GAAG,CAAC,GAAG,qBAAqB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACtB,CAAC;QACH,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAc,EAAE,UAAuB,EAAE;IAC1E,IAAI,CAAC,MAAM;QAAE,OAAO,MAAM,CAAC;IAE3B,0CAA0C;IAC1C,OAAO,MAAM;SACV,KAAK,CAAC,IAAI,CAAC;SACX,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;SAC3C,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,IAAY;IAC9C,IAAI,CAAC,IAAI;QAAE,OAAO,KAAK,CAAC;IAExB,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,EAAE,EAAE,EAAE;QAC7C,oBAAoB;QACpB,OAAO,CAAC,SAAS,GAAG,CAAC,CAAC;QACtB,OAAO,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAAW,EAAE,UAAuB,EAAE;IACvE,OAAO;QACL,GAAG,EAAE,CAAC,OAAe,EAAE,GAAG,IAAW,EAAE,EAAE;YACvC,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAChC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAC9D,CAAC;YACF,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,UAAU,CAAC,CAAC;QACvC,CAAC;QAED,IAAI,EAAE,CAAC,OAAe,EAAE,GAAG,IAAW,EAAE,EAAE;YACxC,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAChC,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAC9D,CAAC;YACF,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,UAAU,CAAC,CAAC;QACxC,CAAC;QAED,KAAK,EAAE,CAAC,OAAe,EAAE,KAAW,EAAE,EAAE;YACtC,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACpD,IAAI,WAAW,GAAG,KAAK,CAAC;YAExB,IAAI,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACvC,WAAW,GAAG,qBAAqB,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YACtD,CAAC;iBAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBACrC,WAAW,GAAG,eAAe,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;YAChD,CAAC;YAED,MAAM,CAAC,KAAK,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACvC,CAAC;QAED,IAAI,EAAE,CAAC,OAAe,EAAE,EAAE;YACxB,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QACzB,CAAC;QAED,KAAK,EAAE,CAAC,OAAe,EAAE,EAAE;YACzB,MAAM,SAAS,GAAG,eAAe,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YACpD,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC1B,CAAC;KACF,CAAC;AACJ,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,MAAyB,OAAO,CAAC,GAAG,EAAE,UAAuB,EAAE;IAC7F,MAAM,MAAM,GAA2B,EAAE,CAAC;IAE1C,gDAAgD;IAChD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC;QACxB,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,QAAQ;QACxD,UAAU,EAAE,cAAc,EAAE,aAAa,EAAE,MAAM,EAAE,QAAQ;QAC3D,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,QAAQ;KAC9C,CAAC,CAAC;IAEH,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;YACjB,SAAS;QACX,CAAC;QAED,8BAA8B;QAC9B,IAAI,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;YACpB,SAAS;QACX,CAAC;QAED,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;QACnC,MAAM,WAAW,GAAG;YAClB,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,KAAK,EAAE,YAAY;YAClD,KAAK,EAAE,KAAK,EAAE,MAAM;SACrB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;QAExC,MAAM,CAAC,GAAG,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;IAChE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/plugins/specweave/lib/vendor/utils/execFileNoThrow.d.ts

@@ -0,0 +1,99 @@
+import { ExecFileException } from 'child_process';
+/**
+ * Result from command execution
+ */
+export interface ExecResult {
+    /** Standard output from command */
+    stdout: string;
+    /** Standard error from command */
+    stderr: string;
+    /** Exit code (0 = success) */
+    exitCode: number;
+    /** Whether command succeeded (exitCode === 0) */
+    success: boolean;
+    /** Error object if command failed */
+    error?: ExecFileException;
+}
+/**
+ * Safely execute a command without throwing errors
+ *
+ * This utility uses child_process.execFile instead of exec/execSync:
+ * - ✅ Prevents command injection vulnerabilities (no shell interpolation)
+ * - ✅ Cross-platform compatible (Windows, Mac, Linux)
+ * - ✅ Proper error handling (returns result instead of throwing)
+ * - ✅ Structured output (stdout, stderr, exitCode)
+ *
+ * @param command - Command to execute (must be in PATH or absolute path)
+ * @param args - Array of arguments (safely escaped automatically)
+ * @param options - Additional execution options
+ * @returns Promise resolving to execution result
+ *
+ * @example
+ * ```typescript
+ * // ✅ Safe: Arguments automatically escaped
+ * const result = await execFileNoThrow('git', ['add', userProvidedFilename]);
+ * if (result.success) {
+ *   console.log('Git add succeeded:', result.stdout);
+ * } else {
+ *   console.error('Git add failed:', result.stderr);
+ * }
+ *
+ * // ✅ Check if command exists
+ * const which = process.platform === 'win32' ? 'where' : 'which';
+ * const checkResult = await execFileNoThrow(which, ['claude']);
+ * if (checkResult.success) {
+ *   console.log('Claude CLI found at:', checkResult.stdout.trim());
+ * }
+ * ```
+ */
+export declare function execFileNoThrow(command: string, args?: string[], options?: {
+    cwd?: string;
+    env?: NodeJS.ProcessEnv;
+    timeout?: number;
+    maxBuffer?: number;
+    shell?: boolean;
+}): Promise<ExecResult>;
+/**
+ * Synchronous version of execFileNoThrow
+ *
+ * Use sparingly - prefer async version when possible.
+ * Useful for initialization code that needs to be synchronous.
+ *
+ * @example
+ * ```typescript
+ * const result = execFileNoThrowSync('claude', ['--version']);
+ * if (result.success) {
+ *   console.log('Claude version:', result.stdout.trim());
+ * }
+ * ```
+ */
+export declare function execFileNoThrowSync(command: string, args?: string[], options?: {
+    cwd?: string;
+    env?: NodeJS.ProcessEnv;
+    timeout?: number;
+    maxBuffer?: number;
+    shell?: boolean;
+}): ExecResult;
+/**
+ * Check if a command is available in PATH
+ *
+ * Cross-platform helper that uses 'which' (Unix) or 'where' (Windows)
+ *
+ * @param command - Command name to check (e.g., 'claude', 'git', 'node')
+ * @returns Promise resolving to true if command exists, false otherwise
+ *
+ * @example
+ * ```typescript
+ * if (await isCommandAvailable('claude')) {
+ *   console.log('Claude CLI is installed');
+ * } else {
+ *   console.log('Claude CLI not found - install from https://claude.com/code');
+ * }
+ * ```
+ */
+export declare function isCommandAvailable(command: string): Promise<boolean>;
+/**
+ * Synchronous version of isCommandAvailable
+ */
+export declare function isCommandAvailableSync(command: string): boolean;
+//# sourceMappingURL=execFileNoThrow.d.ts.map