npm - ummaya - Versions diffs - 0.2.4 → 0.2.5 - Mend

ummaya 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (477) hide show

package/README.md +15 -2
package/bin/ummaya +10 -1
package/npm-shrinkwrap.json +253 -2
package/package.json +5 -1
package/prompts/manifest.yaml +1 -1
package/prompts/system_v1.md +1 -0
package/pyproject.toml +26 -2
package/specs/2803-document-production-hardening/contracts/document-tools.schema.json +1043 -0
package/src/ummaya/_canonical/__init__.py +2 -0
package/src/ummaya/engine/engine.py +29 -132
package/src/ummaya/evidence/__init__.py +21 -2
package/src/ummaya/evidence/dataset_contract.py +193 -0
package/src/ummaya/evidence/document_authoring_cases.py +33 -0
package/src/ummaya/evidence/document_harness.py +313 -0
package/src/ummaya/evidence/document_viewer_ux.py +391 -0
package/src/ummaya/evidence/gates.py +70 -0
package/src/ummaya/evidence/json_types.py +20 -0
package/src/ummaya/evidence/models.py +88 -1
package/src/ummaya/evidence/output_payload.py +89 -0
package/src/ummaya/evidence/payload_documents.py +233 -0
package/src/ummaya/evidence/route_contracts.py +224 -0
package/src/ummaya/evidence/route_helpers.py +150 -0
package/src/ummaya/evidence/runner.py +81 -212
package/src/ummaya/evidence/source_provenance.py +246 -0
package/src/ummaya/evidence/source_provenance_redaction.py +176 -0
package/src/ummaya/evidence/tool_layer.py +39 -0
package/src/ummaya/evidence/tool_layer_models.py +151 -0
package/src/ummaya/ipc/adapter_manifest_emitter.py +26 -10
package/src/ummaya/ipc/document_intent_normalization.py +185 -0
package/src/ummaya/ipc/frame_schema.py +5 -5
package/src/ummaya/ipc/route_diagnostics.py +73 -0
package/src/ummaya/ipc/stdio.py +1109 -477
package/src/ummaya/llm/client.py +102 -3
package/src/ummaya/llm/config.py +8 -3
package/src/ummaya/primitives/__init__.py +6 -2
package/src/ummaya/primitives/delegation.py +1 -1
package/src/ummaya/primitives/document.py +28 -0
package/src/ummaya/settings.py +0 -3
package/src/ummaya/tools/discovery_bridge.py +17 -1
package/src/ummaya/tools/documents/__init__.py +297 -0
package/src/ummaya/tools/documents/adapter_registry.py +487 -0
package/src/ummaya/tools/documents/archive_container_probe.py +167 -0
package/src/ummaya/tools/documents/artifact_store.py +454 -0
package/src/ummaya/tools/documents/authoring.py +283 -0
package/src/ummaya/tools/documents/baselines.py +114 -0
package/src/ummaya/tools/documents/capability.py +331 -0
package/src/ummaya/tools/documents/contracts.py +112 -0
package/src/ummaya/tools/documents/conversion.py +521 -0
package/src/ummaya/tools/documents/diff.py +275 -0
package/src/ummaya/tools/documents/engines.py +163 -0
package/src/ummaya/tools/documents/evaluation.py +291 -0
package/src/ummaya/tools/documents/explicit_values.py +108 -0
package/src/ummaya/tools/documents/fixtures.py +174 -0
package/src/ummaya/tools/documents/format_completion_audit.py +471 -0
package/src/ummaya/tools/documents/formats/__init__.py +2 -0
package/src/ummaya/tools/documents/formats/archive.py +528 -0
package/src/ummaya/tools/documents/formats/base.py +41 -0
package/src/ummaya/tools/documents/formats/code_file.py +211 -0
package/src/ummaya/tools/documents/formats/data_file.py +272 -0
package/src/ummaya/tools/documents/formats/hwp.py +284 -0
package/src/ummaya/tools/documents/formats/hwpx.py +1837 -0
package/src/ummaya/tools/documents/formats/odf.py +435 -0
package/src/ummaya/tools/documents/formats/ooxml.py +1030 -0
package/src/ummaya/tools/documents/formats/passive.py +766 -0
package/src/ummaya/tools/documents/formats/pdf.py +702 -0
package/src/ummaya/tools/documents/formats/text_web.py +268 -0
package/src/ummaya/tools/documents/hwp_conversion_probe.py +178 -0
package/src/ummaya/tools/documents/hwp_direct_candidate.py +141 -0
package/src/ummaya/tools/documents/inspection.py +289 -0
package/src/ummaya/tools/documents/intake.py +1079 -0
package/src/ummaya/tools/documents/legacy_office_promotion_probe.py +366 -0
package/src/ummaya/tools/documents/models.py +1598 -0
package/src/ummaya/tools/documents/odf_promotion_probe.py +167 -0
package/src/ummaya/tools/documents/orchestrator.py +96 -0
package/src/ummaya/tools/documents/passive_capability_probe.py +251 -0
package/src/ummaya/tools/documents/patch.py +170 -0
package/src/ummaya/tools/documents/pdfa_conformance.py +284 -0
package/src/ummaya/tools/documents/pdfa_promotion_probe.py +198 -0
package/src/ummaya/tools/documents/permissions.py +110 -0
package/src/ummaya/tools/documents/planner.py +616 -0
package/src/ummaya/tools/documents/registry.py +2733 -0
package/src/ummaya/tools/documents/render.py +978 -0
package/src/ummaya/tools/documents/render_comparison.py +113 -0
package/src/ummaya/tools/documents/render_comparison_models.py +74 -0
package/src/ummaya/tools/documents/render_comparison_regions.py +73 -0
package/src/ummaya/tools/documents/render_comparison_style.py +161 -0
package/src/ummaya/tools/documents/reread.py +157 -0
package/src/ummaya/tools/documents/runtime_authoring.py +244 -0
package/src/ummaya/tools/documents/runtime_authoring_bundle.py +76 -0
package/src/ummaya/tools/documents/scorecard.py +184 -0
package/src/ummaya/tools/documents/socratic_planner.py +193 -0
package/src/ummaya/tools/documents/style.py +48 -0
package/src/ummaya/tools/documents/tool_defs.py +523 -0
package/src/ummaya/tools/documents/validate.py +347 -0
package/src/ummaya/tools/executor.py +29 -0
package/src/ummaya/tools/live_proxy.py +0 -3
package/src/ummaya/tools/models.py +5 -1
package/src/ummaya/tools/register_all.py +8 -0
package/src/ummaya/tools/registry.py +10 -1
package/src/ummaya/tools/routing/__init__.py +59 -0
package/src/ummaya/tools/routing/builder.py +105 -0
package/src/ummaya/tools/routing/cards.py +29 -0
package/src/ummaya/tools/routing/decision_service.py +534 -0
package/src/ummaya/tools/routing/decision_types.py +74 -0
package/src/ummaya/tools/routing/feasibility.py +122 -0
package/src/ummaya/tools/routing/intent.py +17 -0
package/src/ummaya/tools/routing/intent_extractor.py +207 -0
package/src/ummaya/tools/routing/intent_patterns.py +160 -0
package/src/ummaya/tools/routing/intent_public_data.py +150 -0
package/src/ummaya/tools/routing/intent_types.py +48 -0
package/src/ummaya/tools/routing/lint.py +78 -0
package/src/ummaya/tools/routing/metadata.py +174 -0
package/src/ummaya/tools/routing/projection.py +340 -0
package/src/ummaya/tools/routing/retrieval_policy.py +629 -0
package/src/ummaya/tools/routing/schema.py +81 -0
package/src/ummaya/tools/routing/types.py +96 -0
package/src/ummaya/tools/routing_index.py +2 -2
package/src/ummaya/tools/search.py +34 -746
package/tests/fixtures/documents/public_forms/baselines.yaml +113 -0
package/tui/package.json +1 -1
package/tui/src/.cc-byte-identical-whitelist.yaml +266 -0
package/tui/src/QueryEngine.ts +12 -8
package/tui/src/bridge/inboundAttachments.ts +3 -3
package/tui/src/cli/handlers/auth.ts +3 -12
package/tui/src/cli/print.ts +7 -7
package/tui/src/commands/insights.ts +1 -1
package/tui/src/commands/install-github-app/types.ts +8 -30
package/tui/src/commands/plugin/types.ts +6 -28
package/tui/src/commands/plugin/unifiedTypes.ts +4 -26
package/tui/src/commands/rename/generateSessionName.ts +1 -1
package/tui/src/components/Feedback.tsx +1 -1
package/tui/src/components/LogoV2/EmergencyTip.tsx +11 -2
package/tui/src/components/LogoV2/WelcomeV2.tsx +1 -3
package/tui/src/components/ScrollKeybindingHandler.tsx +6 -6
package/tui/src/components/Spinner/types.ts +6 -28
package/tui/src/components/agents/generateAgent.ts +1 -1
package/tui/src/components/agents/new-agent-creation/types.ts +4 -26
package/tui/src/components/config/EnvSecretIsolatedEditor.tsx +1 -1
package/tui/src/components/mcp/types.ts +16 -38
package/tui/src/components/messages/AssistantToolUseMessage.tsx +3 -2
package/tui/src/components/messages/UserCrossSessionMessage.ts +16 -4
package/tui/src/components/messages/UserForkBoilerplateMessage.ts +16 -4
package/tui/src/components/messages/UserGitHubWebhookMessage.ts +16 -4
package/tui/src/components/messages/UserToolResultMessage/utils.tsx +3 -2
package/tui/src/components/permissions/MonitorPermissionRequest/MonitorPermissionRequest.ts +9 -4
package/tui/src/components/permissions/ReviewArtifactPermissionRequest/ReviewArtifactPermissionRequest.ts +9 -4
package/tui/src/components/primitive/DocumentSocraticReviewBlock.tsx +129 -0
package/tui/src/components/primitive/DocumentToolResultCard.tsx +224 -0
package/tui/src/components/primitive/documentSocraticReview.ts +215 -0
package/tui/src/components/primitive/index.tsx +43 -1
package/tui/src/components/primitive/types.ts +137 -0
package/tui/src/components/ui/option.ts +4 -26
package/tui/src/constants/common.ts +0 -2
package/tui/src/constants/prompts.ts +4 -3
package/tui/src/constants/querySource.ts +4 -26
package/tui/src/entrypoints/sdk/controlTypes.ts +26 -48
package/tui/src/entrypoints/sdk/coreTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/runtimeTypes.ts +38 -60
package/tui/src/entrypoints/sdk/sdkUtilityTypes.ts +4 -26
package/tui/src/entrypoints/sdk/settingsTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/toolTypes.ts +3 -25
package/tui/src/hooks/toolPermission/handlers/interactiveHandler.ts +10 -0
package/tui/src/hooks/useApiKeyVerification.ts +1 -1
package/tui/src/hooks/useVirtualScroll.ts +1 -1
package/tui/src/ink/ink.tsx +33 -14
package/tui/src/ink/reconciler.ts +2 -3
package/tui/src/ink/render-to-screen.ts +30 -10
package/tui/src/ipc/bridge.ts +62 -15
package/tui/src/ipc/bridgeSingleton.ts +5 -1
package/tui/src/ipc/codec.ts +3 -3
package/tui/src/ipc/frames.generated.ts +12 -12
package/tui/src/ipc/llmClient.ts +151 -27
package/tui/src/ipc/schema/frame.schema.json +1 -1
package/tui/src/keybindings/defaultBindings.ts +4 -0
package/tui/src/main.tsx +29 -11
package/tui/src/native-ts/file-index/index.ts +33 -3
package/tui/src/observability/surface.ts +2 -2
package/tui/src/probes/toolRegistryProbe.tsx +3 -1
package/tui/src/projectOnboardingState.ts +7 -6
package/tui/src/query/chatMessageTypes.ts +18 -0
package/tui/src/query/chatMessagesBuilder.ts +1 -1
package/tui/src/query/deps.ts +1 -1
package/tui/src/query/messageGuards.ts +106 -0
package/tui/src/query/publicDataTerminalRepair.ts +384 -0
package/tui/src/query/run.ts +1075 -0
package/tui/src/query/supportBoundary.ts +168 -0
package/tui/src/query/toolResultErrors.ts +103 -0
package/tui/src/query/toolRunner.ts +687 -0
package/tui/src/query/unavailableToolRepair.ts +118 -0
package/tui/src/query.ts +9 -2186
package/tui/src/screens/REPL.tsx +40 -29
package/tui/src/services/api/adapterManifest.ts +4 -0
package/tui/src/services/api/backendChat/events.ts +117 -0
package/tui/src/services/api/backendChat/finalMessage.ts +40 -0
package/tui/src/services/api/backendChat/frame.ts +9 -0
package/tui/src/services/api/backendChat/streaming.ts +430 -0
package/tui/src/services/api/backendChat/types.ts +62 -0
package/tui/src/services/api/backendChat.ts +1 -0
package/tui/src/services/api/client.ts +65 -2
package/tui/src/services/api/errorUtils.ts +5 -5
package/tui/src/services/api/errors.ts +1 -1
package/tui/src/services/api/logging.ts +1 -1
package/tui/src/services/api/ummaya/evidence.ts +194 -0
package/tui/src/services/api/ummaya/messages.ts +255 -0
package/tui/src/services/api/ummaya/nonStreaming.ts +66 -0
package/tui/src/services/api/ummaya/provider.ts +200 -0
package/tui/src/services/api/ummaya/reasoning.ts +24 -0
package/tui/src/services/api/ummaya/request.ts +200 -0
package/tui/src/services/api/ummaya/selectionContext.ts +240 -0
package/tui/src/services/api/ummaya/streaming.ts +365 -0
package/tui/src/services/api/ummaya/streamingPayload.ts +129 -0
package/tui/src/services/api/ummaya/streamingReader.ts +40 -0
package/tui/src/services/api/ummaya/toolSelection.ts +217 -0
package/tui/src/services/api/ummaya/types.ts +110 -0
package/tui/src/services/api/ummaya/usage.ts +30 -0
package/tui/src/services/api/ummaya.ts +26 -418
package/tui/src/services/api/withRetry.ts +1 -1
package/tui/src/services/awaySummary.ts +2 -2
package/tui/src/services/claudeAiLimits.ts +1 -1
package/tui/src/services/compact/autoCompact.ts +1 -1
package/tui/src/services/compact/compact.ts +1 -1
package/tui/src/services/lsp/types.ts +8 -30
package/tui/src/services/tips/types.ts +6 -28
package/tui/src/services/tokenEstimation.ts +1 -1
package/tui/src/services/toolRegistry/bootGuard.ts +5 -5
package/tui/src/services/toolUseSummary/toolUseSummaryGenerator.ts +1 -1
package/tui/src/services/tools/toolExecution.ts +94 -1
package/tui/src/store/pendingPermissionSlot.ts +1 -1
package/tui/src/store/session-store.ts +10 -36
package/tui/src/stubs/any-stub.ts +15 -10
package/tui/src/stubs/color-diff-napi.ts +37 -23
package/tui/src/stubs/globals.d.ts +3 -3
package/tui/src/stubs/macro-preload.ts +23 -12
package/tui/src/tools/AdapterTool/AdapterTool.ts +1207 -714
package/tui/src/tools/AdapterTool/routeDiagnostics.ts +75 -0
package/tui/src/tools/AgentTool/AgentTool.tsx +84 -1371
package/tui/src/tools/AgentTool/agentToolHandoff.ts +114 -0
package/tui/src/tools/AgentTool/agentToolPartialResult.ts +16 -0
package/tui/src/tools/AgentTool/agentToolProgress.ts +32 -0
package/tui/src/tools/AgentTool/agentToolResolver.ts +161 -0
package/tui/src/tools/AgentTool/agentToolResult.ts +163 -0
package/tui/src/tools/AgentTool/agentToolUtils.ts +14 -686
package/tui/src/tools/AgentTool/asyncAgentLifecycle.ts +208 -0
package/tui/src/tools/AgentTool/asyncLifecycle.ts +153 -0
package/tui/src/tools/AgentTool/backgroundedCompletion.ts +126 -0
package/tui/src/tools/AgentTool/backgroundedLifecycle.ts +174 -0
package/tui/src/tools/AgentTool/foregroundBackground.ts +83 -0
package/tui/src/tools/AgentTool/foregroundDrain.tsx +133 -0
package/tui/src/tools/AgentTool/foregroundFinalize.ts +98 -0
package/tui/src/tools/AgentTool/foregroundLifecycle.tsx +237 -0
package/tui/src/tools/AgentTool/foregroundProgress.tsx +169 -0
package/tui/src/tools/AgentTool/foregroundTask.ts +89 -0
package/tui/src/tools/AgentTool/forkSubagent.ts +1 -12
package/tui/src/tools/AgentTool/forkSubagentGate.ts +34 -0
package/tui/src/tools/AgentTool/launchRouting.ts +203 -0
package/tui/src/tools/AgentTool/lifecycle.ts +244 -0
package/tui/src/tools/AgentTool/mcpRouting.ts +73 -0
package/tui/src/tools/AgentTool/orchestrationSupport.ts +70 -0
package/tui/src/tools/AgentTool/permissions.ts +39 -0
package/tui/src/tools/AgentTool/promptSetup.ts +181 -0
package/tui/src/tools/AgentTool/remoteRouting.ts +62 -0
package/tui/src/tools/AgentTool/resultMapping.ts +116 -0
package/tui/src/tools/AgentTool/resumeAgent.ts +39 -107
package/tui/src/tools/AgentTool/resumeAgentHelpers.ts +140 -0
package/tui/src/tools/AgentTool/runAgent.ts +1 -1
package/tui/src/tools/AgentTool/runtimeConfig.ts +57 -0
package/tui/src/tools/AgentTool/schemas.ts +196 -0
package/tui/src/tools/AgentTool/sourceVerificationPropagation.ts +263 -0
package/tui/src/tools/AgentTool/worktreeLifecycle.ts +105 -0
package/tui/src/tools/AskUserQuestionTool/AskUserQuestionTool.tsx +174 -202
package/tui/src/tools/BashTool/BashTool.tsx +71 -1072
package/tui/src/tools/BashTool/bashCommandHelpers.ts +12 -12
package/tui/src/tools/BashTool/bashPermissions/astPreflight.ts +173 -0
package/tui/src/tools/BashTool/bashPermissions/classifierChecks.ts +199 -0
package/tui/src/tools/BashTool/bashPermissions/compoundGuards.ts +53 -0
package/tui/src/tools/BashTool/bashPermissions/constants.ts +99 -0
package/tui/src/tools/BashTool/bashPermissions/index.ts +38 -0
package/tui/src/tools/BashTool/bashPermissions/legacyMisparsing.ts +62 -0
package/tui/src/tools/BashTool/bashPermissions/main.ts +135 -0
package/tui/src/tools/BashTool/bashPermissions/normalizedCommands.ts +33 -0
package/tui/src/tools/BashTool/bashPermissions/operatorFlow.ts +98 -0
package/tui/src/tools/BashTool/bashPermissions/permissionChecks.ts +200 -0
package/tui/src/tools/BashTool/bashPermissions/prefixSuggestions.ts +88 -0
package/tui/src/tools/BashTool/bashPermissions/promptClassifierRules.ts +125 -0
package/tui/src/tools/BashTool/bashPermissions/ruleDelegates.ts +19 -0
package/tui/src/tools/BashTool/bashPermissions/ruleMatching.ts +145 -0
package/tui/src/tools/BashTool/bashPermissions/sandboxAutoAllow.ts +75 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandFlow.ts +205 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandGuards.ts +73 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandResultHelpers.ts +116 -0
package/tui/src/tools/BashTool/bashPermissions/types.ts +26 -0
package/tui/src/tools/BashTool/bashPermissions/wrapperStripping.ts +139 -0
package/tui/src/tools/BashTool/bashPermissions.ts +26 -2621
package/tui/src/tools/BashTool/call.ts +202 -0
package/tui/src/tools/BashTool/callLoader.ts +35 -0
package/tui/src/tools/BashTool/commandClassification.ts +151 -0
package/tui/src/tools/BashTool/commandClassificationLoader.ts +40 -0
package/tui/src/tools/BashTool/cwdReset.ts +33 -0
package/tui/src/tools/BashTool/lineTruncation.ts +11 -0
package/tui/src/tools/BashTool/modeValidation.ts +13 -1
package/tui/src/tools/BashTool/outputPersistence.ts +42 -0
package/tui/src/tools/BashTool/permissionClassification.ts +66 -0
package/tui/src/tools/BashTool/permissionLoader.ts +44 -0
package/tui/src/tools/BashTool/resultLoader.ts +29 -0
package/tui/src/tools/BashTool/resultMapping.ts +83 -0
package/tui/src/tools/BashTool/sandboxPolicy.ts +79 -0
package/tui/src/tools/BashTool/schemas.ts +65 -0
package/tui/src/tools/BashTool/sedEditExecution.ts +59 -0
package/tui/src/tools/BashTool/shellExecution.tsx +245 -0
package/tui/src/tools/BashTool/shellOutputUtils.ts +85 -0
package/tui/src/tools/BashTool/shellPermissionGauntlet.ts +97 -0
package/tui/src/tools/BashTool/uiLoader.ts +37 -0
package/tui/src/tools/BriefTool/upload.ts +1 -1
package/tui/src/tools/CalculatorTool/parser.ts +2 -2
package/tui/src/tools/DocumentPrimitive/DocumentPrimitive.ts +262 -0
package/tui/src/tools/DocumentPrimitive/dispatchNormalization.ts +270 -0
package/tui/src/tools/DocumentPrimitive/documentDestinationPath.ts +18 -0
package/tui/src/tools/DocumentPrimitive/documentMutationGuard.ts +22 -0
package/tui/src/tools/DocumentPrimitive/documentPatchNormalization.ts +248 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerification.ts +245 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerificationFields.ts +103 -0
package/tui/src/tools/DocumentPrimitive/modelVisibleOutput.ts +40 -0
package/tui/src/tools/DocumentPrimitive/prompt.ts +35 -0
package/tui/src/tools/FileEditTool/FileEditTool.ts +9 -507
package/tui/src/tools/FileEditTool/call.ts +228 -0
package/tui/src/tools/FileEditTool/validateInput.ts +196 -0
package/tui/src/tools/FileReadTool/imageProcessor.ts +13 -0
package/tui/src/tools/FileWriteTool/FileWriteTool.ts +7 -300
package/tui/src/tools/FileWriteTool/call.ts +223 -0
package/tui/src/tools/FileWriteTool/validateInput.ts +80 -0
package/tui/src/tools/ListMcpResourcesTool/ListMcpResourcesTool.ts +19 -3
package/tui/src/tools/LookupPrimitive/LookupPrimitive.ts +25 -32
package/tui/src/tools/LookupPrimitive/prompt.ts +0 -2
package/tui/src/tools/MCPTool/trustPolicy.ts +118 -0
package/tui/src/tools/McpAuthTool/McpAuthTool.ts +21 -3
package/tui/src/tools/NotebookEditTool/NotebookEditTool.ts +7 -326
package/tui/src/tools/NotebookEditTool/call.ts +254 -0
package/tui/src/tools/NotebookEditTool/notebookModel.ts +51 -0
package/tui/src/tools/NotebookEditTool/validateInput.ts +142 -0
package/tui/src/tools/PowerShellTool/PowerShellTool.tsx +46 -937
package/tui/src/tools/PowerShellTool/acceptEditsCommandValidation.ts +162 -0
package/tui/src/tools/PowerShellTool/call.ts +179 -0
package/tui/src/tools/PowerShellTool/callLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/commandClassification.ts +86 -0
package/tui/src/tools/PowerShellTool/modeValidation.ts +25 -332
package/tui/src/tools/PowerShellTool/outputPersistence.ts +42 -0
package/tui/src/tools/PowerShellTool/permissionClassification.ts +28 -0
package/tui/src/tools/PowerShellTool/resultLoader.ts +31 -0
package/tui/src/tools/PowerShellTool/resultMapping.ts +75 -0
package/tui/src/tools/PowerShellTool/schemas.ts +40 -0
package/tui/src/tools/PowerShellTool/shellExecution.tsx +258 -0
package/tui/src/tools/PowerShellTool/symlinkModeValidation.ts +44 -0
package/tui/src/tools/PowerShellTool/uiLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/validation.ts +39 -0
package/tui/src/tools/ReadMcpResourceTool/ReadMcpResourceTool.ts +19 -3
package/tui/src/tools/ResolveLocationPrimitive/ResolveLocationPrimitive.ts +1 -11
package/tui/src/tools/ResolveLocationPrimitive/prompt.ts +2 -6
package/tui/src/tools/SkillTool/SkillTool.ts +2 -2
package/tui/src/tools/SubmitPrimitive/SubmitPrimitive.ts +27 -10
package/tui/src/tools/TaskCreateTool/TaskCreateTool.ts +16 -2
package/tui/src/tools/TaskGetTool/TaskGetTool.ts +23 -3
package/tui/src/tools/TaskListTool/TaskListTool.ts +22 -4
package/tui/src/tools/TaskOutputTool/TaskOutputTool.tsx +46 -547
package/tui/src/tools/TaskOutputTool/lookup.ts +216 -0
package/tui/src/tools/TaskOutputTool/render.tsx +257 -0
package/tui/src/tools/TaskOutputTool/schemas.ts +55 -0
package/tui/src/tools/TaskOutputTool/serialization.ts +36 -0
package/tui/src/tools/TaskStopTool/TaskStopTool.ts +10 -0
package/tui/src/tools/TaskUpdateTool/TaskUpdateTool.ts +14 -364
package/tui/src/tools/TaskUpdateTool/completion.ts +62 -0
package/tui/src/tools/TaskUpdateTool/schemas.ts +62 -0
package/tui/src/tools/TaskUpdateTool/serialization.ts +46 -0
package/tui/src/tools/TaskUpdateTool/statusUpdate.ts +247 -0
package/tui/src/tools/TodoWriteTool/TodoWriteTool.ts +21 -2
package/tui/src/tools/ToolSearchTool/ToolSearchTool.ts +21 -302
package/tui/src/tools/ToolSearchTool/ccSupportTools.ts +223 -0
package/tui/src/tools/ToolSearchTool/descriptionCache.ts +50 -0
package/tui/src/tools/ToolSearchTool/keywordSearch.ts +216 -0
package/tui/src/tools/ToolSearchTool/prompt.ts +10 -4
package/tui/src/tools/ToolSearchTool/resultMapping.ts +30 -0
package/tui/src/tools/ToolSearchTool/schemas.ts +30 -0
package/tui/src/tools/ToolSearchTool/searchPool.ts +47 -0
package/tui/src/tools/ToolSearchTool/supportIntentHints.ts +140 -0
package/tui/src/tools/TranslateTool/TranslateTool.ts +1 -1
package/tui/src/tools/VerifyPrimitive/VerifyPrimitive.ts +2 -1
package/tui/src/tools/WebFetchTool/WebFetchTool.ts +43 -138
package/tui/src/tools/WebFetchTool/call.ts +227 -0
package/tui/src/tools/WebFetchTool/resolvedAddressSafety.ts +78 -0
package/tui/src/tools/WebFetchTool/sourceVerification.ts +204 -0
package/tui/src/tools/WebFetchTool/types.ts +23 -0
package/tui/src/tools/WebFetchTool/urlSafety.ts +181 -0
package/tui/src/tools/WebFetchTool/utils.ts +1 -1
package/tui/src/tools/WebSearchTool/UI.tsx +0 -1
package/tui/src/tools/WebSearchTool/WebSearchTool.ts +9 -313
package/tui/src/tools/WebSearchTool/call.ts +33 -0
package/tui/src/tools/WebSearchTool/responseMapping.ts +190 -0
package/tui/src/tools/WebSearchTool/resultBlock.ts +47 -0
package/tui/src/tools/WebSearchTool/schemas.ts +47 -0
package/tui/src/tools/WebSearchTool/toolSchema.ts +12 -0
package/tui/src/tools/WorkspaceToolAdapter/WorkspaceToolAdapter.ts +79 -0
package/tui/src/tools/WorkspaceToolAdapter/allowedRootPolicy.ts +85 -0
package/tui/src/tools/WorkspaceToolAdapter/documentFormatGuards.ts +73 -0
package/tui/src/tools/WorkspaceToolAdapter/inputNormalization.ts +105 -0
package/tui/src/tools/WorkspaceToolAdapter/mcpExposurePolicy.ts +64 -0
package/tui/src/tools/WorkspaceToolAdapter/toolDefFactory.ts +215 -0
package/tui/src/tools/WorkspaceToolAdapter/toolNames.ts +6 -0
package/tui/src/tools/WorkspaceToolAdapter/workspacePolicy.ts +15 -0
package/tui/src/tools/_shared/dispatchPrimitive.ts +6 -6
package/tui/src/tools/_shared/documentChangeToPatch.ts +125 -0
package/tui/src/tools/_shared/documentDispatchArguments.ts +87 -0
package/tui/src/tools/_shared/documentPrimitiveTimeout.ts +13 -0
package/tui/src/tools/_shared/documentToolResultRender.ts +98 -0
package/tui/src/tools/_shared/pendingCallRegistry.ts +1 -6
package/tui/src/tools/_shared/rootPrimitiveInput.ts +1 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPatterns.ts +58 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPrompt.ts +271 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentRepair.ts +452 -0
package/tui/src/tools/_shared/toolChoiceRepair/messageAccess.ts +80 -0
package/tui/src/tools/_shared/toolChoiceRepair/publicDataRepair.ts +92 -0
package/tui/src/tools/_shared/toolChoiceRepair/supportRepair.ts +135 -0
package/tui/src/tools/_shared/toolChoiceRepair.ts +55 -860
package/tui/src/tools/shared/mockDisclaimer.ts +1 -1
package/tui/src/tools.ts +39 -190
package/tui/src/types/fileSuggestion.ts +4 -26
package/tui/src/types/generated/events_mono/claude_code/v1/claude_code_internal_event.ts +186 -148
package/tui/src/types/generated/events_mono/common/v1/auth.ts +25 -11
package/tui/src/types/generated/events_mono/growthbook/v1/growthbook_experiment_event.ts +47 -30
package/tui/src/types/generated/google/protobuf/timestamp.ts +21 -7
package/tui/src/types/message.ts +80 -102
package/tui/src/types/messageQueueTypes.ts +6 -28
package/tui/src/types/notebook.ts +16 -38
package/tui/src/types/statusLine.ts +4 -26
package/tui/src/types/tools.ts +24 -46
package/tui/src/types/utils.ts +6 -28
package/tui/src/upstreamproxy/relay.ts +7 -3
package/tui/src/upstreamproxy/upstreamproxy.ts +1 -1
package/tui/src/utils/assistantMessageFactories.ts +9 -3
package/tui/src/utils/auth.ts +129 -139
package/tui/src/utils/bash/ast.ts +23 -23
package/tui/src/utils/bash/bashParser.ts +5 -5
package/tui/src/utils/billing.ts +1 -1
package/tui/src/utils/collapseReadSearch.ts +3 -3
package/tui/src/utils/cronTasks.ts +1 -1
package/tui/src/utils/execFileNoThrow.ts +1 -1
package/tui/src/utils/filePersistence/types.ts +16 -38
package/tui/src/utils/forkedAgent.ts +1 -1
package/tui/src/utils/gracefulShutdown.ts +4 -4
package/tui/src/utils/heapDumpService.ts +12 -8
package/tui/src/utils/hooks/apiQueryHookHelper.ts +1 -1
package/tui/src/utils/hooks/execPromptHook.ts +1 -1
package/tui/src/utils/hooks/skillImprovement.ts +1 -1
package/tui/src/utils/mcp/dateTimeParser.ts +1 -1
package/tui/src/utils/messages.ts +18 -0
package/tui/src/utils/migrateSessions.ts +3 -3
package/tui/src/utils/model/model.ts +6 -6
package/tui/src/utils/permissions/yoloClassifier.ts +1 -1
package/tui/src/utils/plugins/headlessPluginInstall.ts +1 -1
package/tui/src/utils/plugins/mcpPluginIntegration.ts +1 -1
package/tui/src/utils/plugins/mcpbHandler.ts +1 -1
package/tui/src/utils/plugins/pluginLoader.ts +8 -8
package/tui/src/utils/protectedNamespace.ts +5 -3
package/tui/src/utils/rawJsonToolCall.ts +242 -0
package/tui/src/utils/ripgrep.ts +16 -7
package/tui/src/utils/sessionTitle.ts +1 -1
package/tui/src/utils/settings/permissionValidation.ts +14 -2
package/tui/src/utils/shell/prefix.ts +1 -1
package/tui/src/utils/sideQuery.ts +1 -1
package/tui/src/utils/systemThemeWatcher.ts +13 -3
package/tui/src/utils/teleport.tsx +1 -1
package/uv.lock +400 -14
package/tui/src/services/api/claude.ts +0 -3540
package/tui/src/tools/_shared/directPublicDataGuard.ts +0 -362
package/tui/src/tools/_shared/kmaAnalysisGuard.ts +0 -197
package/tui/src/tools/_shared/kmaAviationGuard.ts +0 -70
package/tui/src/tools/_shared/nmcAedGuard.ts +0 -234
package/tui/src/tools/_shared/protectedCheckGuard.ts +0 -207
package/tui/src/tools/_shared/textToolCallGuard.ts +0 -91

package/tui/src/tools/BashTool/bashCommandHelpers.ts CHANGED Viewed

@@ -1,4 +1,3 @@
-import type { z } from 'zod/v4'
 import {
   isUnsafeCompoundCommand_DEPRECATED,
   splitCommand_DEPRECATED,
@@ -12,7 +11,8 @@ import { type Node, PARSE_ABORTED } from '../../utils/bash/parser.js'
 import type { PermissionResult } from '../../utils/permissions/PermissionResult.js'
 import type { PermissionUpdate } from '../../utils/permissions/PermissionUpdateSchema.js'
 import { createPermissionRequestMessage } from '../../utils/permissions/permissions.js'
-import { BashTool } from './BashTool.js'
+import type { BashToolInput } from './schemas.js'
+import { BASH_TOOL_NAME } from './toolName.js'
 import { bashCommandIsSafeAsync_DEPRECATED } from './bashSecurity.js'
 export type CommandIdentityCheckers = {
@@ -21,10 +21,10 @@ export type CommandIdentityCheckers = {
 }
 async function segmentedCommandPermissionResult(
-  input: z.infer<typeof BashTool.inputSchema>,
+  input: BashToolInput,
   segments: string[],
   bashToolHasPermissionFn: (
-    input: z.infer<typeof BashTool.inputSchema>,
+    input: BashToolInput,
   ) => Promise<PermissionResult>,
   checkers: CommandIdentityCheckers,
 ): Promise<PermissionResult> {
@@ -42,7 +42,7 @@ async function segmentedCommandPermissionResult(
     return {
       behavior: 'ask',
       decisionReason,
-      message: createPermissionRequestMessage(BashTool.name, decisionReason),
+      message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
     }
   }
@@ -76,7 +76,7 @@ async function segmentedCommandPermissionResult(
       return {
         behavior: 'ask',
         decisionReason,
-        message: createPermissionRequestMessage(BashTool.name, decisionReason),
+        message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
       }
     }
   }
@@ -149,7 +149,7 @@ async function segmentedCommandPermissionResult(
   return {
     behavior: 'ask',
-    message: createPermissionRequestMessage(BashTool.name, decisionReason),
+    message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
     decisionReason,
     suggestions: suggestions.length > 0 ? suggestions : undefined,
   }
@@ -179,9 +179,9 @@ async function buildSegmentWithoutRedirections(
  * bashToolCheckCommandOperatorPermissions.
  */
 export async function checkCommandOperatorPermissions(
-  input: z.infer<typeof BashTool.inputSchema>,
+  input: BashToolInput,
   bashToolHasPermissionFn: (
-    input: z.infer<typeof BashTool.inputSchema>,
+    input: BashToolInput,
   ) => Promise<PermissionResult>,
   checkers: CommandIdentityCheckers,
   astRoot: Node | null | typeof PARSE_ABORTED,
@@ -206,9 +206,9 @@ export async function checkCommandOperatorPermissions(
  * simple subcommand checking.
  */
 async function bashToolCheckCommandOperatorPermissions(
-  input: z.infer<typeof BashTool.inputSchema>,
+  input: BashToolInput,
   bashToolHasPermissionFn: (
-    input: z.infer<typeof BashTool.inputSchema>,
+    input: BashToolInput,
   ) => Promise<PermissionResult>,
   checkers: CommandIdentityCheckers,
   parsed: IParsedCommand,
@@ -233,7 +233,7 @@ async function bashToolCheckCommandOperatorPermissions(
     }
     return {
       behavior: 'ask',
-      message: createPermissionRequestMessage(BashTool.name, decisionReason),
+      message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
       decisionReason,
       // This is an unsafe compound command, so we don't want to suggest rules since we wont be able to allow it
     }

package/tui/src/tools/BashTool/bashPermissions/astPreflight.ts ADDED Viewed

@@ -0,0 +1,173 @@
+import { feature } from 'bun:bundle'
+import { getFeatureValue_CACHED_MAY_BE_STALE } from '../../../services/analytics/growthbook.js'
+import { logEvent } from '../../../services/analytics/index.js'
+import type { ToolPermissionContext } from '../../../Tool.js'
+import {
+  checkSemantics,
+  nodeTypeId,
+  parseForSecurityFromAst,
+  type ParseForSecurityResult,
+} from '../../../utils/bash/ast.js'
+import { splitCommand_DEPRECATED } from '../../../utils/bash/commands.js'
+import { parseCommandRaw } from '../../../utils/bash/parser.js'
+import { tryParseShellCommand } from '../../../utils/bash/shellQuote.js'
+import { logForDebugging } from '../../../utils/debug.js'
+import { isEnvTruthy } from '../../../utils/envUtils.js'
+import type { PermissionDecisionReason } from '../../../utils/permissions/PermissionResult.js'
+import { createPermissionRequestMessage } from '../../../utils/permissions/permissions.js'
+import type { BashToolInput } from '../schemas.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import { buildPendingClassifierCheck } from './classifierChecks.js'
+import {
+  checkEarlyExitDeny,
+  checkSemanticsDeny,
+} from './subcommandGuards.js'
+import type { AstPreflightResult } from './types.js'
+const splitCommand = splitCommand_DEPRECATED
+export async function prepareAstPermissionState(
+  input: BashToolInput,
+  toolPermissionContext: ToolPermissionContext,
+): Promise<AstPreflightResult> {
+  const injectionCheckDisabled = isEnvTruthy(
+    process.env.CLAUDE_CODE_DISABLE_COMMAND_INJECTION_CHECK,
+  )
+  const shadowEnabled = feature('TREE_SITTER_BASH_SHADOW')
+    ? getFeatureValue_CACHED_MAY_BE_STALE('tengu_birch_trellis', true)
+    : false
+  let astRoot = injectionCheckDisabled
+    ? null
+    : feature('TREE_SITTER_BASH_SHADOW') && !shadowEnabled
+      ? null
+      : await parseCommandRaw(input.command)
+  let astResult: ParseForSecurityResult = astRoot
+    ? parseForSecurityFromAst(input.command, astRoot)
+    : { kind: 'parse-unavailable' }
+  let astSubcommands: string[] | null = null
+  let astRedirects
+  let astCommands
+  let shadowLegacySubs: string[] | undefined
+  if (feature('TREE_SITTER_BASH_SHADOW')) {
+    const available = astResult.kind !== 'parse-unavailable'
+    let tooComplex = false
+    let semanticFail = false
+    let subsDiffer = false
+    if (available) {
+      tooComplex = astResult.kind === 'too-complex'
+      semanticFail =
+        astResult.kind === 'simple' && !checkSemantics(astResult.commands).ok
+      const tsSubs =
+        astResult.kind === 'simple'
+          ? astResult.commands.map(c => c.text)
+          : undefined
+      const legacySubs = splitCommand(input.command)
+      shadowLegacySubs = legacySubs
+      subsDiffer =
+        tsSubs !== undefined &&
+        (tsSubs.length !== legacySubs.length ||
+          tsSubs.some((s, i) => s !== legacySubs[i]))
+    }
+    logEvent('tengu_tree_sitter_shadow', {
+      available,
+      astTooComplex: tooComplex,
+      astSemanticFail: semanticFail,
+      subsDiffer,
+      injectionCheckDisabled,
+      killswitchOff: !shadowEnabled,
+      cmdOverLength: input.command.length > 10000,
+    })
+    astResult = { kind: 'parse-unavailable' }
+    astRoot = null
+  }
+  if (astResult.kind === 'too-complex') {
+    const earlyExit = checkEarlyExitDeny(input, toolPermissionContext)
+    if (earlyExit !== null) return { kind: 'return', result: earlyExit }
+    const decisionReason: PermissionDecisionReason = {
+      type: 'other',
+      reason: astResult.reason,
+    }
+    logEvent('tengu_bash_ast_too_complex', {
+      nodeTypeId: nodeTypeId(astResult.nodeType),
+    })
+    return {
+      kind: 'return',
+      result: {
+        behavior: 'ask',
+        decisionReason,
+        message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
+        suggestions: [],
+        ...(feature('BASH_CLASSIFIER')
+          ? {
+              pendingClassifierCheck: buildPendingClassifierCheck(
+                input.command,
+                toolPermissionContext,
+              ),
+            }
+          : {}),
+      },
+    }
+  }
+  if (astResult.kind === 'simple') {
+    const sem = checkSemantics(astResult.commands)
+    if (!sem.ok) {
+      const earlyExit = checkSemanticsDeny(
+        input,
+        toolPermissionContext,
+        astResult.commands,
+      )
+      if (earlyExit !== null) return { kind: 'return', result: earlyExit }
+      const decisionReason: PermissionDecisionReason = {
+        type: 'other',
+        reason: sem.reason,
+      }
+      return {
+        kind: 'return',
+        result: {
+          behavior: 'ask',
+          decisionReason,
+          message: createPermissionRequestMessage(
+            BASH_TOOL_NAME,
+            decisionReason,
+          ),
+          suggestions: [],
+        },
+      }
+    }
+    astSubcommands = astResult.commands.map(c => c.text)
+    astRedirects = astResult.commands.flatMap(c => c.redirects)
+    astCommands = astResult.commands
+  }
+  if (astResult.kind === 'parse-unavailable') {
+    logForDebugging(
+      'bashToolHasPermission: tree-sitter unavailable, using legacy shell-quote path',
+    )
+    const parseResult = tryParseShellCommand(input.command)
+    if (!parseResult.success) {
+      const decisionReason = {
+        type: 'other' as const,
+        reason: `Command contains malformed syntax that cannot be parsed: ${parseResult.error}`,
+      }
+      return {
+        kind: 'return',
+        result: {
+          behavior: 'ask',
+          decisionReason,
+          message: createPermissionRequestMessage(
+            BASH_TOOL_NAME,
+            decisionReason,
+          ),
+        },
+      }
+    }
+  }
+  return {
+    kind: 'continue',
+    state: { astRoot, astSubcommands, astRedirects, astCommands, shadowLegacySubs },
+  }
+}

package/tui/src/tools/BashTool/bashPermissions/classifierChecks.ts ADDED Viewed

@@ -0,0 +1,199 @@
+import { feature } from 'bun:bundle'
+import { APIUserAbortError } from '@anthropic-ai/sdk'
+import {
+  type AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
+  logEvent,
+} from '../../../services/analytics/index.js'
+import { getCwd } from '../../../utils/cwd.js'
+import { AbortError } from '../../../utils/errors.js'
+import type {
+  ClassifierBehavior,
+  ClassifierResult,
+} from '../../../utils/permissions/bashClassifier.js'
+import {
+  classifyBashCommand,
+  getBashPromptAllowDescriptions,
+  isClassifierPermissionsEnabled,
+} from '../../../utils/permissions/bashClassifier.js'
+import type { PermissionDecisionReason } from '../../../utils/permissions/PermissionResult.js'
+import { jsonStringify } from '../../../utils/slowOperations.js'
+import type { ToolPermissionContext } from '../../../Tool.js'
+import type { PendingClassifierCheck } from '../../../types/permissions.js'
+export function logClassifierResultForAnts(
+  command: string,
+  behavior: ClassifierBehavior,
+  descriptions: string[],
+  result: ClassifierResult,
+): void {
+  if (process.env.USER_TYPE !== 'ant') return
+  logEvent('tengu_internal_bash_classifier_result', {
+    behavior:
+      behavior as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
+    descriptions: jsonStringify(
+      descriptions,
+    ) as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
+    matches: result.matches,
+    matchedDescription: (result.matchedDescription ??
+      '') as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
+    confidence:
+      result.confidence as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
+    reason:
+      result.reason as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
+    command:
+      command as AnalyticsMetadata_I_VERIFIED_THIS_IS_NOT_CODE_OR_FILEPATHS,
+  })
+}
+export function buildPendingClassifierCheck(
+  command: string,
+  toolPermissionContext: ToolPermissionContext,
+): { command: string; cwd: string; descriptions: string[] } | undefined {
+  if (!isClassifierPermissionsEnabled()) return undefined
+  if (feature('TRANSCRIPT_CLASSIFIER') && toolPermissionContext.mode === 'auto')
+    return undefined
+  if (toolPermissionContext.mode === 'bypassPermissions') return undefined
+  const allowDescriptions = getBashPromptAllowDescriptions(
+    toolPermissionContext,
+  )
+  if (allowDescriptions.length === 0) return undefined
+  return { command, cwd: getCwd(), descriptions: allowDescriptions }
+}
+const speculativeChecks = new Map<string, Promise<ClassifierResult>>()
+function ignoreSpeculativeClassifierRejection(error: unknown): void {
+  if (error instanceof Error) return
+}
+export function peekSpeculativeClassifierCheck(
+  command: string,
+): Promise<ClassifierResult> | undefined {
+  return speculativeChecks.get(command)
+}
+export function startSpeculativeClassifierCheck(
+  command: string,
+  toolPermissionContext: ToolPermissionContext,
+  signal: AbortSignal,
+  isNonInteractiveSession: boolean,
+): boolean {
+  if (!isClassifierPermissionsEnabled()) return false
+  if (feature('TRANSCRIPT_CLASSIFIER') && toolPermissionContext.mode === 'auto')
+    return false
+  if (toolPermissionContext.mode === 'bypassPermissions') return false
+  const allowDescriptions = getBashPromptAllowDescriptions(
+    toolPermissionContext,
+  )
+  if (allowDescriptions.length === 0) return false
+  const promise = classifyBashCommand(
+    command,
+    getCwd(),
+    allowDescriptions,
+    'allow',
+    signal,
+    isNonInteractiveSession,
+  )
+  promise.catch(ignoreSpeculativeClassifierRejection)
+  speculativeChecks.set(command, promise)
+  return true
+}
+export function consumeSpeculativeClassifierCheck(
+  command: string,
+): Promise<ClassifierResult> | undefined {
+  const promise = speculativeChecks.get(command)
+  if (promise) speculativeChecks.delete(command)
+  return promise
+}
+export function clearSpeculativeChecks(): void {
+  speculativeChecks.clear()
+}
+export async function awaitClassifierAutoApproval(
+  pendingCheck: PendingClassifierCheck,
+  signal: AbortSignal,
+  isNonInteractiveSession: boolean,
+): Promise<PermissionDecisionReason | undefined> {
+  const { command, cwd, descriptions } = pendingCheck
+  const speculativeResult = consumeSpeculativeClassifierCheck(command)
+  const classifierResult = speculativeResult
+    ? await speculativeResult
+    : await classifyBashCommand(
+        command,
+        cwd,
+        descriptions,
+        'allow',
+        signal,
+        isNonInteractiveSession,
+      )
+  logClassifierResultForAnts(command, 'allow', descriptions, classifierResult)
+  if (
+    feature('BASH_CLASSIFIER') &&
+    classifierResult.matches &&
+    classifierResult.confidence === 'high'
+  ) {
+    return {
+      type: 'classifier',
+      classifier: 'bash_allow',
+      reason: `Allowed by prompt rule: "${classifierResult.matchedDescription}"`,
+    }
+  }
+  return undefined
+}
+type AsyncClassifierCheckCallbacks = {
+  shouldContinue: () => boolean
+  onAllow: (decisionReason: PermissionDecisionReason) => void
+  onComplete?: () => void
+}
+export async function executeAsyncClassifierCheck(
+  pendingCheck: { command: string; cwd: string; descriptions: string[] },
+  signal: AbortSignal,
+  isNonInteractiveSession: boolean,
+  callbacks: AsyncClassifierCheckCallbacks,
+): Promise<void> {
+  const { command, cwd, descriptions } = pendingCheck
+  const speculativeResult = consumeSpeculativeClassifierCheck(command)
+  let classifierResult: ClassifierResult
+  try {
+    classifierResult = speculativeResult
+      ? await speculativeResult
+      : await classifyBashCommand(
+          command,
+          cwd,
+          descriptions,
+          'allow',
+          signal,
+          isNonInteractiveSession,
+        )
+  } catch (error: unknown) {
+    if (error instanceof APIUserAbortError || error instanceof AbortError) {
+      callbacks.onComplete?.()
+      return
+    }
+    callbacks.onComplete?.()
+    throw error
+  }
+  logClassifierResultForAnts(command, 'allow', descriptions, classifierResult)
+  if (!callbacks.shouldContinue()) return
+  if (
+    feature('BASH_CLASSIFIER') &&
+    classifierResult.matches &&
+    classifierResult.confidence === 'high'
+  ) {
+    callbacks.onAllow({
+      type: 'classifier',
+      classifier: 'bash_allow',
+      reason: `Allowed by prompt rule: "${classifierResult.matchedDescription}"`,
+    })
+  } else {
+    callbacks.onComplete?.()
+  }
+}

package/tui/src/tools/BashTool/bashPermissions/compoundGuards.ts ADDED Viewed

@@ -0,0 +1,53 @@
+import { createPermissionRequestMessage } from '../../../utils/permissions/permissions.js'
+import type { PermissionResult } from '../../../utils/permissions/PermissionResult.js'
+import type { BashToolInput } from '../schemas.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import {
+  isNormalizedCdCommand,
+  isNormalizedGitCommand,
+} from './normalizedCommands.js'
+export function checkSubcommandDirectoryGuards(
+  input: BashToolInput,
+  subcommands: readonly string[],
+): { result: PermissionResult | null; compoundCommandHasCd: boolean } {
+  const cdCommands = subcommands.filter(subCommand =>
+    isNormalizedCdCommand(subCommand),
+  )
+  if (cdCommands.length > 1) {
+    const decisionReason = {
+      type: 'other' as const,
+      reason:
+        'Multiple directory changes in one command require approval for clarity',
+    }
+    return {
+      result: {
+        behavior: 'ask',
+        decisionReason,
+        message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
+      },
+      compoundCommandHasCd: false,
+    }
+  }
+  const compoundCommandHasCd = cdCommands.length > 0
+  if (
+    compoundCommandHasCd &&
+    subcommands.some(cmd => isNormalizedGitCommand(cmd.trim()))
+  ) {
+    const decisionReason = {
+      type: 'other' as const,
+      reason:
+        'Compound commands with cd and git require approval to prevent bare repository attacks',
+    }
+    return {
+      result: {
+        behavior: 'ask',
+        decisionReason,
+        message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
+      },
+      compoundCommandHasCd,
+    }
+  }
+  return { result: null, compoundCommandHasCd }
+}

package/tui/src/tools/BashTool/bashPermissions/constants.ts ADDED Viewed

@@ -0,0 +1,99 @@
+export const ENV_VAR_ASSIGN_RE = /^[A-Za-z_]\w*=/
+export const MAX_SUBCOMMANDS_FOR_SECURITY_CHECK = 50
+export const MAX_SUGGESTED_RULES_FOR_COMPOUND = 5
+export const BARE_SHELL_PREFIXES = new Set([
+  'sh',
+  'bash',
+  'zsh',
+  'fish',
+  'csh',
+  'tcsh',
+  'ksh',
+  'dash',
+  'cmd',
+  'powershell',
+  'pwsh',
+  'env',
+  'xargs',
+  'nice',
+  'stdbuf',
+  'nohup',
+  'timeout',
+  'time',
+  'sudo',
+  'doas',
+  'pkexec',
+])
+export const SAFE_ENV_VARS = new Set([
+  'GOEXPERIMENT',
+  'GOOS',
+  'GOARCH',
+  'CGO_ENABLED',
+  'GO111MODULE',
+  'RUST_BACKTRACE',
+  'RUST_LOG',
+  'NODE_ENV',
+  'PYTHONUNBUFFERED',
+  'PYTHONDONTWRITEBYTECODE',
+  'PYTEST_DISABLE_PLUGIN_AUTOLOAD',
+  'PYTEST_DEBUG',
+  'ANTHROPIC_API_KEY',
+  'LANG',
+  'LANGUAGE',
+  'LC_ALL',
+  'LC_CTYPE',
+  'LC_TIME',
+  'CHARSET',
+  'TERM',
+  'COLORTERM',
+  'NO_COLOR',
+  'FORCE_COLOR',
+  'TZ',
+  'LS_COLORS',
+  'LSCOLORS',
+  'GREP_COLOR',
+  'GREP_COLORS',
+  'GCC_COLORS',
+  'TIME_STYLE',
+  'BLOCK_SIZE',
+  'BLOCKSIZE',
+])
+export const ANT_ONLY_SAFE_ENV_VARS = new Set([
+  'KUBECONFIG',
+  'DOCKER_HOST',
+  'AWS_PROFILE',
+  'CLOUDSDK_CORE_PROJECT',
+  'CLUSTER',
+  'COO_CLUSTER',
+  'COO_CLUSTER_NAME',
+  'COO_NAMESPACE',
+  'COO_LAUNCH_YAML_DRY_RUN',
+  'SKIP_NODE_VERSION_CHECK',
+  'EXPECTTEST_ACCEPT',
+  'CI',
+  'GIT_LFS_SKIP_SMUDGE',
+  'CUDA_VISIBLE_DEVICES',
+  'JAX_PLATFORMS',
+  'COLUMNS',
+  'TMUX',
+  'POSTGRESQL_VERSION',
+  'FIRESTORE_EMULATOR_HOST',
+  'HARNESS_QUIET',
+  'TEST_CROSSCHECK_LISTS_MATCH_UPDATE',
+  'DBT_PER_DEVELOPER_ENVIRONMENTS',
+  'STATSIG_FORD_DB_CHECKS',
+  'ANT_ENVIRONMENT',
+  'ANT_SERVICE',
+  'MONOREPO_ROOT_DIR',
+  'PYENV_VERSION',
+  'PGPASSWORD',
+  'GH_TOKEN',
+  'GROWTHBOOK_API_KEY',
+])
+export const BINARY_HIJACK_VARS = /^(LD_|DYLD_|PATH$)/

package/tui/src/tools/BashTool/bashPermissions/index.ts ADDED Viewed

@@ -0,0 +1,38 @@
+export {
+  BINARY_HIJACK_VARS,
+  MAX_SUBCOMMANDS_FOR_SECURITY_CHECK,
+  MAX_SUGGESTED_RULES_FOR_COMPOUND,
+} from './constants.js'
+export {
+  awaitClassifierAutoApproval,
+  clearSpeculativeChecks,
+  consumeSpeculativeClassifierCheck,
+  executeAsyncClassifierCheck,
+  peekSpeculativeClassifierCheck,
+  startSpeculativeClassifierCheck,
+} from './classifierChecks.js'
+export { bashToolHasPermission } from './main.js'
+export {
+  commandHasAnyCd,
+  isNormalizedCdCommand,
+  isNormalizedGitCommand,
+} from './normalizedCommands.js'
+export {
+  bashToolCheckExactMatchPermission,
+  bashToolCheckPermission,
+  checkCommandAndSuggestRules,
+} from './permissionChecks.js'
+export {
+  getFirstWordPrefix,
+  getSimpleCommandPrefix,
+} from './prefixSuggestions.js'
+export {
+  bashPermissionRule,
+  matchWildcardPattern,
+  permissionRuleExtractPrefix,
+} from './ruleDelegates.js'
+export {
+  stripAllLeadingEnvVars,
+  stripSafeWrappers,
+  stripWrappersFromArgv,
+} from './wrapperStripping.js'