npm - ummaya - Versions diffs - 0.2.4 → 0.2.5 - Mend

ummaya 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (477) hide show

package/README.md +15 -2
package/bin/ummaya +10 -1
package/npm-shrinkwrap.json +253 -2
package/package.json +5 -1
package/prompts/manifest.yaml +1 -1
package/prompts/system_v1.md +1 -0
package/pyproject.toml +26 -2
package/specs/2803-document-production-hardening/contracts/document-tools.schema.json +1043 -0
package/src/ummaya/_canonical/__init__.py +2 -0
package/src/ummaya/engine/engine.py +29 -132
package/src/ummaya/evidence/__init__.py +21 -2
package/src/ummaya/evidence/dataset_contract.py +193 -0
package/src/ummaya/evidence/document_authoring_cases.py +33 -0
package/src/ummaya/evidence/document_harness.py +313 -0
package/src/ummaya/evidence/document_viewer_ux.py +391 -0
package/src/ummaya/evidence/gates.py +70 -0
package/src/ummaya/evidence/json_types.py +20 -0
package/src/ummaya/evidence/models.py +88 -1
package/src/ummaya/evidence/output_payload.py +89 -0
package/src/ummaya/evidence/payload_documents.py +233 -0
package/src/ummaya/evidence/route_contracts.py +224 -0
package/src/ummaya/evidence/route_helpers.py +150 -0
package/src/ummaya/evidence/runner.py +81 -212
package/src/ummaya/evidence/source_provenance.py +246 -0
package/src/ummaya/evidence/source_provenance_redaction.py +176 -0
package/src/ummaya/evidence/tool_layer.py +39 -0
package/src/ummaya/evidence/tool_layer_models.py +151 -0
package/src/ummaya/ipc/adapter_manifest_emitter.py +26 -10
package/src/ummaya/ipc/document_intent_normalization.py +185 -0
package/src/ummaya/ipc/frame_schema.py +5 -5
package/src/ummaya/ipc/route_diagnostics.py +73 -0
package/src/ummaya/ipc/stdio.py +1109 -477
package/src/ummaya/llm/client.py +102 -3
package/src/ummaya/llm/config.py +8 -3
package/src/ummaya/primitives/__init__.py +6 -2
package/src/ummaya/primitives/delegation.py +1 -1
package/src/ummaya/primitives/document.py +28 -0
package/src/ummaya/settings.py +0 -3
package/src/ummaya/tools/discovery_bridge.py +17 -1
package/src/ummaya/tools/documents/__init__.py +297 -0
package/src/ummaya/tools/documents/adapter_registry.py +487 -0
package/src/ummaya/tools/documents/archive_container_probe.py +167 -0
package/src/ummaya/tools/documents/artifact_store.py +454 -0
package/src/ummaya/tools/documents/authoring.py +283 -0
package/src/ummaya/tools/documents/baselines.py +114 -0
package/src/ummaya/tools/documents/capability.py +331 -0
package/src/ummaya/tools/documents/contracts.py +112 -0
package/src/ummaya/tools/documents/conversion.py +521 -0
package/src/ummaya/tools/documents/diff.py +275 -0
package/src/ummaya/tools/documents/engines.py +163 -0
package/src/ummaya/tools/documents/evaluation.py +291 -0
package/src/ummaya/tools/documents/explicit_values.py +108 -0
package/src/ummaya/tools/documents/fixtures.py +174 -0
package/src/ummaya/tools/documents/format_completion_audit.py +471 -0
package/src/ummaya/tools/documents/formats/__init__.py +2 -0
package/src/ummaya/tools/documents/formats/archive.py +528 -0
package/src/ummaya/tools/documents/formats/base.py +41 -0
package/src/ummaya/tools/documents/formats/code_file.py +211 -0
package/src/ummaya/tools/documents/formats/data_file.py +272 -0
package/src/ummaya/tools/documents/formats/hwp.py +284 -0
package/src/ummaya/tools/documents/formats/hwpx.py +1837 -0
package/src/ummaya/tools/documents/formats/odf.py +435 -0
package/src/ummaya/tools/documents/formats/ooxml.py +1030 -0
package/src/ummaya/tools/documents/formats/passive.py +766 -0
package/src/ummaya/tools/documents/formats/pdf.py +702 -0
package/src/ummaya/tools/documents/formats/text_web.py +268 -0
package/src/ummaya/tools/documents/hwp_conversion_probe.py +178 -0
package/src/ummaya/tools/documents/hwp_direct_candidate.py +141 -0
package/src/ummaya/tools/documents/inspection.py +289 -0
package/src/ummaya/tools/documents/intake.py +1079 -0
package/src/ummaya/tools/documents/legacy_office_promotion_probe.py +366 -0
package/src/ummaya/tools/documents/models.py +1598 -0
package/src/ummaya/tools/documents/odf_promotion_probe.py +167 -0
package/src/ummaya/tools/documents/orchestrator.py +96 -0
package/src/ummaya/tools/documents/passive_capability_probe.py +251 -0
package/src/ummaya/tools/documents/patch.py +170 -0
package/src/ummaya/tools/documents/pdfa_conformance.py +284 -0
package/src/ummaya/tools/documents/pdfa_promotion_probe.py +198 -0
package/src/ummaya/tools/documents/permissions.py +110 -0
package/src/ummaya/tools/documents/planner.py +616 -0
package/src/ummaya/tools/documents/registry.py +2733 -0
package/src/ummaya/tools/documents/render.py +978 -0
package/src/ummaya/tools/documents/render_comparison.py +113 -0
package/src/ummaya/tools/documents/render_comparison_models.py +74 -0
package/src/ummaya/tools/documents/render_comparison_regions.py +73 -0
package/src/ummaya/tools/documents/render_comparison_style.py +161 -0
package/src/ummaya/tools/documents/reread.py +157 -0
package/src/ummaya/tools/documents/runtime_authoring.py +244 -0
package/src/ummaya/tools/documents/runtime_authoring_bundle.py +76 -0
package/src/ummaya/tools/documents/scorecard.py +184 -0
package/src/ummaya/tools/documents/socratic_planner.py +193 -0
package/src/ummaya/tools/documents/style.py +48 -0
package/src/ummaya/tools/documents/tool_defs.py +523 -0
package/src/ummaya/tools/documents/validate.py +347 -0
package/src/ummaya/tools/executor.py +29 -0
package/src/ummaya/tools/live_proxy.py +0 -3
package/src/ummaya/tools/models.py +5 -1
package/src/ummaya/tools/register_all.py +8 -0
package/src/ummaya/tools/registry.py +10 -1
package/src/ummaya/tools/routing/__init__.py +59 -0
package/src/ummaya/tools/routing/builder.py +105 -0
package/src/ummaya/tools/routing/cards.py +29 -0
package/src/ummaya/tools/routing/decision_service.py +534 -0
package/src/ummaya/tools/routing/decision_types.py +74 -0
package/src/ummaya/tools/routing/feasibility.py +122 -0
package/src/ummaya/tools/routing/intent.py +17 -0
package/src/ummaya/tools/routing/intent_extractor.py +207 -0
package/src/ummaya/tools/routing/intent_patterns.py +160 -0
package/src/ummaya/tools/routing/intent_public_data.py +150 -0
package/src/ummaya/tools/routing/intent_types.py +48 -0
package/src/ummaya/tools/routing/lint.py +78 -0
package/src/ummaya/tools/routing/metadata.py +174 -0
package/src/ummaya/tools/routing/projection.py +340 -0
package/src/ummaya/tools/routing/retrieval_policy.py +629 -0
package/src/ummaya/tools/routing/schema.py +81 -0
package/src/ummaya/tools/routing/types.py +96 -0
package/src/ummaya/tools/routing_index.py +2 -2
package/src/ummaya/tools/search.py +34 -746
package/tests/fixtures/documents/public_forms/baselines.yaml +113 -0
package/tui/package.json +1 -1
package/tui/src/.cc-byte-identical-whitelist.yaml +266 -0
package/tui/src/QueryEngine.ts +12 -8
package/tui/src/bridge/inboundAttachments.ts +3 -3
package/tui/src/cli/handlers/auth.ts +3 -12
package/tui/src/cli/print.ts +7 -7
package/tui/src/commands/insights.ts +1 -1
package/tui/src/commands/install-github-app/types.ts +8 -30
package/tui/src/commands/plugin/types.ts +6 -28
package/tui/src/commands/plugin/unifiedTypes.ts +4 -26
package/tui/src/commands/rename/generateSessionName.ts +1 -1
package/tui/src/components/Feedback.tsx +1 -1
package/tui/src/components/LogoV2/EmergencyTip.tsx +11 -2
package/tui/src/components/LogoV2/WelcomeV2.tsx +1 -3
package/tui/src/components/ScrollKeybindingHandler.tsx +6 -6
package/tui/src/components/Spinner/types.ts +6 -28
package/tui/src/components/agents/generateAgent.ts +1 -1
package/tui/src/components/agents/new-agent-creation/types.ts +4 -26
package/tui/src/components/config/EnvSecretIsolatedEditor.tsx +1 -1
package/tui/src/components/mcp/types.ts +16 -38
package/tui/src/components/messages/AssistantToolUseMessage.tsx +3 -2
package/tui/src/components/messages/UserCrossSessionMessage.ts +16 -4
package/tui/src/components/messages/UserForkBoilerplateMessage.ts +16 -4
package/tui/src/components/messages/UserGitHubWebhookMessage.ts +16 -4
package/tui/src/components/messages/UserToolResultMessage/utils.tsx +3 -2
package/tui/src/components/permissions/MonitorPermissionRequest/MonitorPermissionRequest.ts +9 -4
package/tui/src/components/permissions/ReviewArtifactPermissionRequest/ReviewArtifactPermissionRequest.ts +9 -4
package/tui/src/components/primitive/DocumentSocraticReviewBlock.tsx +129 -0
package/tui/src/components/primitive/DocumentToolResultCard.tsx +224 -0
package/tui/src/components/primitive/documentSocraticReview.ts +215 -0
package/tui/src/components/primitive/index.tsx +43 -1
package/tui/src/components/primitive/types.ts +137 -0
package/tui/src/components/ui/option.ts +4 -26
package/tui/src/constants/common.ts +0 -2
package/tui/src/constants/prompts.ts +4 -3
package/tui/src/constants/querySource.ts +4 -26
package/tui/src/entrypoints/sdk/controlTypes.ts +26 -48
package/tui/src/entrypoints/sdk/coreTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/runtimeTypes.ts +38 -60
package/tui/src/entrypoints/sdk/sdkUtilityTypes.ts +4 -26
package/tui/src/entrypoints/sdk/settingsTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/toolTypes.ts +3 -25
package/tui/src/hooks/toolPermission/handlers/interactiveHandler.ts +10 -0
package/tui/src/hooks/useApiKeyVerification.ts +1 -1
package/tui/src/hooks/useVirtualScroll.ts +1 -1
package/tui/src/ink/ink.tsx +33 -14
package/tui/src/ink/reconciler.ts +2 -3
package/tui/src/ink/render-to-screen.ts +30 -10
package/tui/src/ipc/bridge.ts +62 -15
package/tui/src/ipc/bridgeSingleton.ts +5 -1
package/tui/src/ipc/codec.ts +3 -3
package/tui/src/ipc/frames.generated.ts +12 -12
package/tui/src/ipc/llmClient.ts +151 -27
package/tui/src/ipc/schema/frame.schema.json +1 -1
package/tui/src/keybindings/defaultBindings.ts +4 -0
package/tui/src/main.tsx +29 -11
package/tui/src/native-ts/file-index/index.ts +33 -3
package/tui/src/observability/surface.ts +2 -2
package/tui/src/probes/toolRegistryProbe.tsx +3 -1
package/tui/src/projectOnboardingState.ts +7 -6
package/tui/src/query/chatMessageTypes.ts +18 -0
package/tui/src/query/chatMessagesBuilder.ts +1 -1
package/tui/src/query/deps.ts +1 -1
package/tui/src/query/messageGuards.ts +106 -0
package/tui/src/query/publicDataTerminalRepair.ts +384 -0
package/tui/src/query/run.ts +1075 -0
package/tui/src/query/supportBoundary.ts +168 -0
package/tui/src/query/toolResultErrors.ts +103 -0
package/tui/src/query/toolRunner.ts +687 -0
package/tui/src/query/unavailableToolRepair.ts +118 -0
package/tui/src/query.ts +9 -2186
package/tui/src/screens/REPL.tsx +40 -29
package/tui/src/services/api/adapterManifest.ts +4 -0
package/tui/src/services/api/backendChat/events.ts +117 -0
package/tui/src/services/api/backendChat/finalMessage.ts +40 -0
package/tui/src/services/api/backendChat/frame.ts +9 -0
package/tui/src/services/api/backendChat/streaming.ts +430 -0
package/tui/src/services/api/backendChat/types.ts +62 -0
package/tui/src/services/api/backendChat.ts +1 -0
package/tui/src/services/api/client.ts +65 -2
package/tui/src/services/api/errorUtils.ts +5 -5
package/tui/src/services/api/errors.ts +1 -1
package/tui/src/services/api/logging.ts +1 -1
package/tui/src/services/api/ummaya/evidence.ts +194 -0
package/tui/src/services/api/ummaya/messages.ts +255 -0
package/tui/src/services/api/ummaya/nonStreaming.ts +66 -0
package/tui/src/services/api/ummaya/provider.ts +200 -0
package/tui/src/services/api/ummaya/reasoning.ts +24 -0
package/tui/src/services/api/ummaya/request.ts +200 -0
package/tui/src/services/api/ummaya/selectionContext.ts +240 -0
package/tui/src/services/api/ummaya/streaming.ts +365 -0
package/tui/src/services/api/ummaya/streamingPayload.ts +129 -0
package/tui/src/services/api/ummaya/streamingReader.ts +40 -0
package/tui/src/services/api/ummaya/toolSelection.ts +217 -0
package/tui/src/services/api/ummaya/types.ts +110 -0
package/tui/src/services/api/ummaya/usage.ts +30 -0
package/tui/src/services/api/ummaya.ts +26 -418
package/tui/src/services/api/withRetry.ts +1 -1
package/tui/src/services/awaySummary.ts +2 -2
package/tui/src/services/claudeAiLimits.ts +1 -1
package/tui/src/services/compact/autoCompact.ts +1 -1
package/tui/src/services/compact/compact.ts +1 -1
package/tui/src/services/lsp/types.ts +8 -30
package/tui/src/services/tips/types.ts +6 -28
package/tui/src/services/tokenEstimation.ts +1 -1
package/tui/src/services/toolRegistry/bootGuard.ts +5 -5
package/tui/src/services/toolUseSummary/toolUseSummaryGenerator.ts +1 -1
package/tui/src/services/tools/toolExecution.ts +94 -1
package/tui/src/store/pendingPermissionSlot.ts +1 -1
package/tui/src/store/session-store.ts +10 -36
package/tui/src/stubs/any-stub.ts +15 -10
package/tui/src/stubs/color-diff-napi.ts +37 -23
package/tui/src/stubs/globals.d.ts +3 -3
package/tui/src/stubs/macro-preload.ts +23 -12
package/tui/src/tools/AdapterTool/AdapterTool.ts +1207 -714
package/tui/src/tools/AdapterTool/routeDiagnostics.ts +75 -0
package/tui/src/tools/AgentTool/AgentTool.tsx +84 -1371
package/tui/src/tools/AgentTool/agentToolHandoff.ts +114 -0
package/tui/src/tools/AgentTool/agentToolPartialResult.ts +16 -0
package/tui/src/tools/AgentTool/agentToolProgress.ts +32 -0
package/tui/src/tools/AgentTool/agentToolResolver.ts +161 -0
package/tui/src/tools/AgentTool/agentToolResult.ts +163 -0
package/tui/src/tools/AgentTool/agentToolUtils.ts +14 -686
package/tui/src/tools/AgentTool/asyncAgentLifecycle.ts +208 -0
package/tui/src/tools/AgentTool/asyncLifecycle.ts +153 -0
package/tui/src/tools/AgentTool/backgroundedCompletion.ts +126 -0
package/tui/src/tools/AgentTool/backgroundedLifecycle.ts +174 -0
package/tui/src/tools/AgentTool/foregroundBackground.ts +83 -0
package/tui/src/tools/AgentTool/foregroundDrain.tsx +133 -0
package/tui/src/tools/AgentTool/foregroundFinalize.ts +98 -0
package/tui/src/tools/AgentTool/foregroundLifecycle.tsx +237 -0
package/tui/src/tools/AgentTool/foregroundProgress.tsx +169 -0
package/tui/src/tools/AgentTool/foregroundTask.ts +89 -0
package/tui/src/tools/AgentTool/forkSubagent.ts +1 -12
package/tui/src/tools/AgentTool/forkSubagentGate.ts +34 -0
package/tui/src/tools/AgentTool/launchRouting.ts +203 -0
package/tui/src/tools/AgentTool/lifecycle.ts +244 -0
package/tui/src/tools/AgentTool/mcpRouting.ts +73 -0
package/tui/src/tools/AgentTool/orchestrationSupport.ts +70 -0
package/tui/src/tools/AgentTool/permissions.ts +39 -0
package/tui/src/tools/AgentTool/promptSetup.ts +181 -0
package/tui/src/tools/AgentTool/remoteRouting.ts +62 -0
package/tui/src/tools/AgentTool/resultMapping.ts +116 -0
package/tui/src/tools/AgentTool/resumeAgent.ts +39 -107
package/tui/src/tools/AgentTool/resumeAgentHelpers.ts +140 -0
package/tui/src/tools/AgentTool/runAgent.ts +1 -1
package/tui/src/tools/AgentTool/runtimeConfig.ts +57 -0
package/tui/src/tools/AgentTool/schemas.ts +196 -0
package/tui/src/tools/AgentTool/sourceVerificationPropagation.ts +263 -0
package/tui/src/tools/AgentTool/worktreeLifecycle.ts +105 -0
package/tui/src/tools/AskUserQuestionTool/AskUserQuestionTool.tsx +174 -202
package/tui/src/tools/BashTool/BashTool.tsx +71 -1072
package/tui/src/tools/BashTool/bashCommandHelpers.ts +12 -12
package/tui/src/tools/BashTool/bashPermissions/astPreflight.ts +173 -0
package/tui/src/tools/BashTool/bashPermissions/classifierChecks.ts +199 -0
package/tui/src/tools/BashTool/bashPermissions/compoundGuards.ts +53 -0
package/tui/src/tools/BashTool/bashPermissions/constants.ts +99 -0
package/tui/src/tools/BashTool/bashPermissions/index.ts +38 -0
package/tui/src/tools/BashTool/bashPermissions/legacyMisparsing.ts +62 -0
package/tui/src/tools/BashTool/bashPermissions/main.ts +135 -0
package/tui/src/tools/BashTool/bashPermissions/normalizedCommands.ts +33 -0
package/tui/src/tools/BashTool/bashPermissions/operatorFlow.ts +98 -0
package/tui/src/tools/BashTool/bashPermissions/permissionChecks.ts +200 -0
package/tui/src/tools/BashTool/bashPermissions/prefixSuggestions.ts +88 -0
package/tui/src/tools/BashTool/bashPermissions/promptClassifierRules.ts +125 -0
package/tui/src/tools/BashTool/bashPermissions/ruleDelegates.ts +19 -0
package/tui/src/tools/BashTool/bashPermissions/ruleMatching.ts +145 -0
package/tui/src/tools/BashTool/bashPermissions/sandboxAutoAllow.ts +75 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandFlow.ts +205 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandGuards.ts +73 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandResultHelpers.ts +116 -0
package/tui/src/tools/BashTool/bashPermissions/types.ts +26 -0
package/tui/src/tools/BashTool/bashPermissions/wrapperStripping.ts +139 -0
package/tui/src/tools/BashTool/bashPermissions.ts +26 -2621
package/tui/src/tools/BashTool/call.ts +202 -0
package/tui/src/tools/BashTool/callLoader.ts +35 -0
package/tui/src/tools/BashTool/commandClassification.ts +151 -0
package/tui/src/tools/BashTool/commandClassificationLoader.ts +40 -0
package/tui/src/tools/BashTool/cwdReset.ts +33 -0
package/tui/src/tools/BashTool/lineTruncation.ts +11 -0
package/tui/src/tools/BashTool/modeValidation.ts +13 -1
package/tui/src/tools/BashTool/outputPersistence.ts +42 -0
package/tui/src/tools/BashTool/permissionClassification.ts +66 -0
package/tui/src/tools/BashTool/permissionLoader.ts +44 -0
package/tui/src/tools/BashTool/resultLoader.ts +29 -0
package/tui/src/tools/BashTool/resultMapping.ts +83 -0
package/tui/src/tools/BashTool/sandboxPolicy.ts +79 -0
package/tui/src/tools/BashTool/schemas.ts +65 -0
package/tui/src/tools/BashTool/sedEditExecution.ts +59 -0
package/tui/src/tools/BashTool/shellExecution.tsx +245 -0
package/tui/src/tools/BashTool/shellOutputUtils.ts +85 -0
package/tui/src/tools/BashTool/shellPermissionGauntlet.ts +97 -0
package/tui/src/tools/BashTool/uiLoader.ts +37 -0
package/tui/src/tools/BriefTool/upload.ts +1 -1
package/tui/src/tools/CalculatorTool/parser.ts +2 -2
package/tui/src/tools/DocumentPrimitive/DocumentPrimitive.ts +262 -0
package/tui/src/tools/DocumentPrimitive/dispatchNormalization.ts +270 -0
package/tui/src/tools/DocumentPrimitive/documentDestinationPath.ts +18 -0
package/tui/src/tools/DocumentPrimitive/documentMutationGuard.ts +22 -0
package/tui/src/tools/DocumentPrimitive/documentPatchNormalization.ts +248 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerification.ts +245 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerificationFields.ts +103 -0
package/tui/src/tools/DocumentPrimitive/modelVisibleOutput.ts +40 -0
package/tui/src/tools/DocumentPrimitive/prompt.ts +35 -0
package/tui/src/tools/FileEditTool/FileEditTool.ts +9 -507
package/tui/src/tools/FileEditTool/call.ts +228 -0
package/tui/src/tools/FileEditTool/validateInput.ts +196 -0
package/tui/src/tools/FileReadTool/imageProcessor.ts +13 -0
package/tui/src/tools/FileWriteTool/FileWriteTool.ts +7 -300
package/tui/src/tools/FileWriteTool/call.ts +223 -0
package/tui/src/tools/FileWriteTool/validateInput.ts +80 -0
package/tui/src/tools/ListMcpResourcesTool/ListMcpResourcesTool.ts +19 -3
package/tui/src/tools/LookupPrimitive/LookupPrimitive.ts +25 -32
package/tui/src/tools/LookupPrimitive/prompt.ts +0 -2
package/tui/src/tools/MCPTool/trustPolicy.ts +118 -0
package/tui/src/tools/McpAuthTool/McpAuthTool.ts +21 -3
package/tui/src/tools/NotebookEditTool/NotebookEditTool.ts +7 -326
package/tui/src/tools/NotebookEditTool/call.ts +254 -0
package/tui/src/tools/NotebookEditTool/notebookModel.ts +51 -0
package/tui/src/tools/NotebookEditTool/validateInput.ts +142 -0
package/tui/src/tools/PowerShellTool/PowerShellTool.tsx +46 -937
package/tui/src/tools/PowerShellTool/acceptEditsCommandValidation.ts +162 -0
package/tui/src/tools/PowerShellTool/call.ts +179 -0
package/tui/src/tools/PowerShellTool/callLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/commandClassification.ts +86 -0
package/tui/src/tools/PowerShellTool/modeValidation.ts +25 -332
package/tui/src/tools/PowerShellTool/outputPersistence.ts +42 -0
package/tui/src/tools/PowerShellTool/permissionClassification.ts +28 -0
package/tui/src/tools/PowerShellTool/resultLoader.ts +31 -0
package/tui/src/tools/PowerShellTool/resultMapping.ts +75 -0
package/tui/src/tools/PowerShellTool/schemas.ts +40 -0
package/tui/src/tools/PowerShellTool/shellExecution.tsx +258 -0
package/tui/src/tools/PowerShellTool/symlinkModeValidation.ts +44 -0
package/tui/src/tools/PowerShellTool/uiLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/validation.ts +39 -0
package/tui/src/tools/ReadMcpResourceTool/ReadMcpResourceTool.ts +19 -3
package/tui/src/tools/ResolveLocationPrimitive/ResolveLocationPrimitive.ts +1 -11
package/tui/src/tools/ResolveLocationPrimitive/prompt.ts +2 -6
package/tui/src/tools/SkillTool/SkillTool.ts +2 -2
package/tui/src/tools/SubmitPrimitive/SubmitPrimitive.ts +27 -10
package/tui/src/tools/TaskCreateTool/TaskCreateTool.ts +16 -2
package/tui/src/tools/TaskGetTool/TaskGetTool.ts +23 -3
package/tui/src/tools/TaskListTool/TaskListTool.ts +22 -4
package/tui/src/tools/TaskOutputTool/TaskOutputTool.tsx +46 -547
package/tui/src/tools/TaskOutputTool/lookup.ts +216 -0
package/tui/src/tools/TaskOutputTool/render.tsx +257 -0
package/tui/src/tools/TaskOutputTool/schemas.ts +55 -0
package/tui/src/tools/TaskOutputTool/serialization.ts +36 -0
package/tui/src/tools/TaskStopTool/TaskStopTool.ts +10 -0
package/tui/src/tools/TaskUpdateTool/TaskUpdateTool.ts +14 -364
package/tui/src/tools/TaskUpdateTool/completion.ts +62 -0
package/tui/src/tools/TaskUpdateTool/schemas.ts +62 -0
package/tui/src/tools/TaskUpdateTool/serialization.ts +46 -0
package/tui/src/tools/TaskUpdateTool/statusUpdate.ts +247 -0
package/tui/src/tools/TodoWriteTool/TodoWriteTool.ts +21 -2
package/tui/src/tools/ToolSearchTool/ToolSearchTool.ts +21 -302
package/tui/src/tools/ToolSearchTool/ccSupportTools.ts +223 -0
package/tui/src/tools/ToolSearchTool/descriptionCache.ts +50 -0
package/tui/src/tools/ToolSearchTool/keywordSearch.ts +216 -0
package/tui/src/tools/ToolSearchTool/prompt.ts +10 -4
package/tui/src/tools/ToolSearchTool/resultMapping.ts +30 -0
package/tui/src/tools/ToolSearchTool/schemas.ts +30 -0
package/tui/src/tools/ToolSearchTool/searchPool.ts +47 -0
package/tui/src/tools/ToolSearchTool/supportIntentHints.ts +140 -0
package/tui/src/tools/TranslateTool/TranslateTool.ts +1 -1
package/tui/src/tools/VerifyPrimitive/VerifyPrimitive.ts +2 -1
package/tui/src/tools/WebFetchTool/WebFetchTool.ts +43 -138
package/tui/src/tools/WebFetchTool/call.ts +227 -0
package/tui/src/tools/WebFetchTool/resolvedAddressSafety.ts +78 -0
package/tui/src/tools/WebFetchTool/sourceVerification.ts +204 -0
package/tui/src/tools/WebFetchTool/types.ts +23 -0
package/tui/src/tools/WebFetchTool/urlSafety.ts +181 -0
package/tui/src/tools/WebFetchTool/utils.ts +1 -1
package/tui/src/tools/WebSearchTool/UI.tsx +0 -1
package/tui/src/tools/WebSearchTool/WebSearchTool.ts +9 -313
package/tui/src/tools/WebSearchTool/call.ts +33 -0
package/tui/src/tools/WebSearchTool/responseMapping.ts +190 -0
package/tui/src/tools/WebSearchTool/resultBlock.ts +47 -0
package/tui/src/tools/WebSearchTool/schemas.ts +47 -0
package/tui/src/tools/WebSearchTool/toolSchema.ts +12 -0
package/tui/src/tools/WorkspaceToolAdapter/WorkspaceToolAdapter.ts +79 -0
package/tui/src/tools/WorkspaceToolAdapter/allowedRootPolicy.ts +85 -0
package/tui/src/tools/WorkspaceToolAdapter/documentFormatGuards.ts +73 -0
package/tui/src/tools/WorkspaceToolAdapter/inputNormalization.ts +105 -0
package/tui/src/tools/WorkspaceToolAdapter/mcpExposurePolicy.ts +64 -0
package/tui/src/tools/WorkspaceToolAdapter/toolDefFactory.ts +215 -0
package/tui/src/tools/WorkspaceToolAdapter/toolNames.ts +6 -0
package/tui/src/tools/WorkspaceToolAdapter/workspacePolicy.ts +15 -0
package/tui/src/tools/_shared/dispatchPrimitive.ts +6 -6
package/tui/src/tools/_shared/documentChangeToPatch.ts +125 -0
package/tui/src/tools/_shared/documentDispatchArguments.ts +87 -0
package/tui/src/tools/_shared/documentPrimitiveTimeout.ts +13 -0
package/tui/src/tools/_shared/documentToolResultRender.ts +98 -0
package/tui/src/tools/_shared/pendingCallRegistry.ts +1 -6
package/tui/src/tools/_shared/rootPrimitiveInput.ts +1 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPatterns.ts +58 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPrompt.ts +271 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentRepair.ts +452 -0
package/tui/src/tools/_shared/toolChoiceRepair/messageAccess.ts +80 -0
package/tui/src/tools/_shared/toolChoiceRepair/publicDataRepair.ts +92 -0
package/tui/src/tools/_shared/toolChoiceRepair/supportRepair.ts +135 -0
package/tui/src/tools/_shared/toolChoiceRepair.ts +55 -860
package/tui/src/tools/shared/mockDisclaimer.ts +1 -1
package/tui/src/tools.ts +39 -190
package/tui/src/types/fileSuggestion.ts +4 -26
package/tui/src/types/generated/events_mono/claude_code/v1/claude_code_internal_event.ts +186 -148
package/tui/src/types/generated/events_mono/common/v1/auth.ts +25 -11
package/tui/src/types/generated/events_mono/growthbook/v1/growthbook_experiment_event.ts +47 -30
package/tui/src/types/generated/google/protobuf/timestamp.ts +21 -7
package/tui/src/types/message.ts +80 -102
package/tui/src/types/messageQueueTypes.ts +6 -28
package/tui/src/types/notebook.ts +16 -38
package/tui/src/types/statusLine.ts +4 -26
package/tui/src/types/tools.ts +24 -46
package/tui/src/types/utils.ts +6 -28
package/tui/src/upstreamproxy/relay.ts +7 -3
package/tui/src/upstreamproxy/upstreamproxy.ts +1 -1
package/tui/src/utils/assistantMessageFactories.ts +9 -3
package/tui/src/utils/auth.ts +129 -139
package/tui/src/utils/bash/ast.ts +23 -23
package/tui/src/utils/bash/bashParser.ts +5 -5
package/tui/src/utils/billing.ts +1 -1
package/tui/src/utils/collapseReadSearch.ts +3 -3
package/tui/src/utils/cronTasks.ts +1 -1
package/tui/src/utils/execFileNoThrow.ts +1 -1
package/tui/src/utils/filePersistence/types.ts +16 -38
package/tui/src/utils/forkedAgent.ts +1 -1
package/tui/src/utils/gracefulShutdown.ts +4 -4
package/tui/src/utils/heapDumpService.ts +12 -8
package/tui/src/utils/hooks/apiQueryHookHelper.ts +1 -1
package/tui/src/utils/hooks/execPromptHook.ts +1 -1
package/tui/src/utils/hooks/skillImprovement.ts +1 -1
package/tui/src/utils/mcp/dateTimeParser.ts +1 -1
package/tui/src/utils/messages.ts +18 -0
package/tui/src/utils/migrateSessions.ts +3 -3
package/tui/src/utils/model/model.ts +6 -6
package/tui/src/utils/permissions/yoloClassifier.ts +1 -1
package/tui/src/utils/plugins/headlessPluginInstall.ts +1 -1
package/tui/src/utils/plugins/mcpPluginIntegration.ts +1 -1
package/tui/src/utils/plugins/mcpbHandler.ts +1 -1
package/tui/src/utils/plugins/pluginLoader.ts +8 -8
package/tui/src/utils/protectedNamespace.ts +5 -3
package/tui/src/utils/rawJsonToolCall.ts +242 -0
package/tui/src/utils/ripgrep.ts +16 -7
package/tui/src/utils/sessionTitle.ts +1 -1
package/tui/src/utils/settings/permissionValidation.ts +14 -2
package/tui/src/utils/shell/prefix.ts +1 -1
package/tui/src/utils/sideQuery.ts +1 -1
package/tui/src/utils/systemThemeWatcher.ts +13 -3
package/tui/src/utils/teleport.tsx +1 -1
package/uv.lock +400 -14
package/tui/src/services/api/claude.ts +0 -3540
package/tui/src/tools/_shared/directPublicDataGuard.ts +0 -362
package/tui/src/tools/_shared/kmaAnalysisGuard.ts +0 -197
package/tui/src/tools/_shared/kmaAviationGuard.ts +0 -70
package/tui/src/tools/_shared/nmcAedGuard.ts +0 -234
package/tui/src/tools/_shared/protectedCheckGuard.ts +0 -207
package/tui/src/tools/_shared/textToolCallGuard.ts +0 -91

package/tui/src/tools/BashTool/bashPermissions/legacyMisparsing.ts ADDED Viewed

@@ -0,0 +1,62 @@
+import { feature } from 'bun:bundle'
+import type { ToolUseContext } from '../../../Tool.js'
+import { createPermissionRequestMessage } from '../../../utils/permissions/permissions.js'
+import { bashCommandIsSafeAsync_DEPRECATED, stripSafeHeredocSubstitutions } from '../bashSecurity.js'
+import type { BashToolInput } from '../schemas.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import { buildPendingClassifierCheck } from './classifierChecks.js'
+import { bashToolCheckExactMatchPermission } from './permissionChecks.js'
+const bashCommandIsSafeAsync = bashCommandIsSafeAsync_DEPRECATED
+export async function checkLegacyMisparsing(
+  input: BashToolInput,
+  context: ToolUseContext,
+) {
+  const originalCommandSafetyResult = await bashCommandIsSafeAsync(input.command)
+  if (
+    originalCommandSafetyResult.behavior !== 'ask' ||
+    !originalCommandSafetyResult.isBashSecurityCheckForMisparsing
+  ) {
+    return null
+  }
+  const remainder = stripSafeHeredocSubstitutions(input.command)
+  const remainderResult =
+    remainder !== null ? await bashCommandIsSafeAsync(remainder) : null
+  if (
+    remainder !== null &&
+    !(
+      remainderResult?.behavior === 'ask' &&
+      remainderResult.isBashSecurityCheckForMisparsing
+    )
+  ) {
+    return null
+  }
+  const appState = context.getAppState()
+  const exactMatchResult = bashToolCheckExactMatchPermission(
+    input,
+    appState.toolPermissionContext,
+  )
+  if (exactMatchResult.behavior === 'allow') return exactMatchResult
+  const decisionReason = {
+    type: 'other' as const,
+    reason: originalCommandSafetyResult.message,
+  }
+  return {
+    behavior: 'ask' as const,
+    message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
+    decisionReason,
+    suggestions: [],
+    ...(feature('BASH_CLASSIFIER')
+      ? {
+          pendingClassifierCheck: buildPendingClassifierCheck(
+            input.command,
+            appState.toolPermissionContext,
+          ),
+        }
+      : {}),
+  }
+}

package/tui/src/tools/BashTool/bashPermissions/main.ts ADDED Viewed

@@ -0,0 +1,135 @@
+import type { ToolUseContext } from '../../../Tool.js'
+import {
+  getCommandSubcommandPrefix,
+  splitCommand_DEPRECATED,
+} from '../../../utils/bash/commands.js'
+import { getCwd } from '../../../utils/cwd.js'
+import { logForDebugging } from '../../../utils/debug.js'
+import { isEnvTruthy } from '../../../utils/envUtils.js'
+import { createPermissionRequestMessage } from '../../../utils/permissions/permissions.js'
+import { getPlatform } from '../../../utils/platform.js'
+import { SandboxManager } from '../../../utils/sandbox/sandbox-adapter.js'
+import { windowsPathToPosixPath } from '../../../utils/windowsPaths.js'
+import type { BashToolInput } from '../schemas.js'
+import { shouldUseSandbox } from '../shouldUseSandbox.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import { prepareAstPermissionState } from './astPreflight.js'
+import { checkSubcommandDirectoryGuards } from './compoundGuards.js'
+import { MAX_SUBCOMMANDS_FOR_SECURITY_CHECK } from './constants.js'
+import { checkLegacyMisparsing } from './legacyMisparsing.js'
+import { resolveCommandOperatorPermission } from './operatorFlow.js'
+import { bashToolCheckExactMatchPermission } from './permissionChecks.js'
+import { checkPromptClassifierRules } from './promptClassifierRules.js'
+import { checkSandboxAutoAllow } from './sandboxAutoAllow.js'
+import { resolveSubcommandPermissionFlow } from './subcommandFlow.js'
+import { filterCdCwdSubcommands } from './subcommandGuards.js'
+const splitCommand = splitCommand_DEPRECATED
+export async function bashToolHasPermission(
+  input: BashToolInput,
+  context: ToolUseContext,
+  getCommandSubcommandPrefixFn = getCommandSubcommandPrefix,
+) {
+  let appState = context.getAppState()
+  const astPreflight = await prepareAstPermissionState(
+    input,
+    appState.toolPermissionContext,
+  )
+  if (astPreflight.kind === 'return') return astPreflight.result
+  const astState = astPreflight.state
+  if (
+    SandboxManager.isSandboxingEnabled() &&
+    SandboxManager.isAutoAllowBashIfSandboxedEnabled() &&
+    shouldUseSandbox(input)
+  ) {
+    const sandboxAutoAllowResult = checkSandboxAutoAllow(
+      input,
+      appState.toolPermissionContext,
+    )
+    if (sandboxAutoAllowResult.behavior !== 'passthrough') {
+      return sandboxAutoAllowResult
+    }
+  }
+  const exactMatchResult = bashToolCheckExactMatchPermission(
+    input,
+    appState.toolPermissionContext,
+  )
+  if (exactMatchResult.behavior === 'deny') return exactMatchResult
+  const promptClassifierResult = await checkPromptClassifierRules(
+    input,
+    context,
+    getCommandSubcommandPrefixFn,
+  )
+  if (promptClassifierResult !== null) return promptClassifierResult
+  const operatorResult = await resolveCommandOperatorPermission(
+    input,
+    context,
+    astState,
+    getCommandSubcommandPrefixFn,
+    bashToolHasPermission,
+  )
+  if (operatorResult !== null) return operatorResult
+  if (
+    astState.astSubcommands === null &&
+    !isEnvTruthy(process.env.CLAUDE_CODE_DISABLE_COMMAND_INJECTION_CHECK)
+  ) {
+    const legacyMisparsingResult = await checkLegacyMisparsing(input, context)
+    if (legacyMisparsingResult !== null) return legacyMisparsingResult
+  }
+  const cwd = getCwd()
+  const cwdMingw =
+    getPlatform() === 'windows' ? windowsPathToPosixPath(cwd) : cwd
+  const rawSubcommands =
+    astState.astSubcommands ??
+    astState.shadowLegacySubs ??
+    splitCommand(input.command)
+  const { subcommands, astCommandsByIdx } = filterCdCwdSubcommands(
+    rawSubcommands,
+    astState.astCommands,
+    cwd,
+    cwdMingw,
+  )
+  if (
+    astState.astSubcommands === null &&
+    subcommands.length > MAX_SUBCOMMANDS_FOR_SECURITY_CHECK
+  ) {
+    logForDebugging(
+      `bashPermissions: ${subcommands.length} subcommands exceeds cap (${MAX_SUBCOMMANDS_FOR_SECURITY_CHECK}) — returning ask`,
+      { level: 'debug' },
+    )
+    const decisionReason = {
+      type: 'other' as const,
+      reason: `Command splits into ${subcommands.length} subcommands, too many to safety-check individually`,
+    }
+    return {
+      behavior: 'ask' as const,
+      message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
+      decisionReason,
+    }
+  }
+  const directoryGuard = checkSubcommandDirectoryGuards(input, subcommands)
+  if (directoryGuard.result !== null) return directoryGuard.result
+  appState = context.getAppState()
+  return resolveSubcommandPermissionFlow({
+    input,
+    context,
+    exactMatchResult,
+    subcommands,
+    astCommandsByIdx,
+    astRedirects: astState.astRedirects,
+    astCommands: astState.astCommands,
+    astSubcommands: astState.astSubcommands,
+    compoundCommandHasCd: directoryGuard.compoundCommandHasCd,
+    getCommandSubcommandPrefixFn,
+  })
+}

package/tui/src/tools/BashTool/bashPermissions/normalizedCommands.ts ADDED Viewed

@@ -0,0 +1,33 @@
+import { splitCommand_DEPRECATED } from '../../../utils/bash/commands.js'
+import { tryParseShellCommand } from '../../../utils/bash/shellQuote.js'
+import { stripSafeWrappers } from './wrapperStripping.js'
+const splitCommand = splitCommand_DEPRECATED
+export function isNormalizedGitCommand(command: string): boolean {
+  if (command.startsWith('git ') || command === 'git') return true
+  const stripped = stripSafeWrappers(command)
+  const parsed = tryParseShellCommand(stripped)
+  if (parsed.success && parsed.tokens.length > 0) {
+    if (parsed.tokens[0] === 'git') return true
+    if (parsed.tokens[0] === 'xargs' && parsed.tokens.includes('git')) {
+      return true
+    }
+    return false
+  }
+  return /^git(?:\s|$)/.test(stripped)
+}
+export function isNormalizedCdCommand(command: string): boolean {
+  const stripped = stripSafeWrappers(command)
+  const parsed = tryParseShellCommand(stripped)
+  if (parsed.success && parsed.tokens.length > 0) {
+    const cmd = parsed.tokens[0]
+    return cmd === 'cd' || cmd === 'pushd' || cmd === 'popd'
+  }
+  return /^(?:cd|pushd|popd)(?:\s|$)/.test(stripped)
+}
+export function commandHasAnyCd(command: string): boolean {
+  return splitCommand(command).some(subcmd => isNormalizedCdCommand(subcmd.trim()))
+}

package/tui/src/tools/BashTool/bashPermissions/operatorFlow.ts ADDED Viewed

@@ -0,0 +1,98 @@
+import { feature } from 'bun:bundle'
+import type { ToolUseContext } from '../../../Tool.js'
+import { getCwd } from '../../../utils/cwd.js'
+import { createPermissionRequestMessage } from '../../../utils/permissions/permissions.js'
+import { checkCommandOperatorPermissions } from '../bashCommandHelpers.js'
+import { bashCommandIsSafeAsync_DEPRECATED } from '../bashSecurity.js'
+import { checkPathConstraints } from '../pathValidation.js'
+import type { BashToolInput } from '../schemas.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import { buildPendingClassifierCheck } from './classifierChecks.js'
+import {
+  commandHasAnyCd,
+  isNormalizedCdCommand,
+  isNormalizedGitCommand,
+} from './normalizedCommands.js'
+import type {
+  BashAstPermissionState,
+  CommandPrefixResolver,
+  PermissionRunner,
+} from './types.js'
+const bashCommandIsSafeAsync = bashCommandIsSafeAsync_DEPRECATED
+export async function resolveCommandOperatorPermission(
+  input: BashToolInput,
+  context: ToolUseContext,
+  astState: BashAstPermissionState,
+  getCommandSubcommandPrefixFn: CommandPrefixResolver,
+  runPermissionCheck: PermissionRunner,
+) {
+  const commandOperatorResult = await checkCommandOperatorPermissions(
+    input,
+    (i: BashToolInput) =>
+      runPermissionCheck(i, context, getCommandSubcommandPrefixFn),
+    { isNormalizedCdCommand, isNormalizedGitCommand },
+    astState.astRoot,
+  )
+  if (commandOperatorResult.behavior === 'passthrough') return null
+  if (commandOperatorResult.behavior === 'allow') {
+    const safetyResult =
+      astState.astSubcommands === null
+        ? await bashCommandIsSafeAsync(input.command)
+        : null
+    if (
+      safetyResult !== null &&
+      safetyResult.behavior !== 'passthrough' &&
+      safetyResult.behavior !== 'allow'
+    ) {
+      const appState = context.getAppState()
+      const reason =
+        safetyResult.message ?? 'Command contains patterns that require approval'
+      return {
+        behavior: 'ask' as const,
+        message: createPermissionRequestMessage(BASH_TOOL_NAME, {
+          type: 'other',
+          reason,
+        }),
+        decisionReason: { type: 'other' as const, reason },
+        ...(feature('BASH_CLASSIFIER')
+          ? {
+              pendingClassifierCheck: buildPendingClassifierCheck(
+                input.command,
+                appState.toolPermissionContext,
+              ),
+            }
+          : {}),
+      }
+    }
+    const appState = context.getAppState()
+    const pathResult = checkPathConstraints(
+      input,
+      getCwd(),
+      appState.toolPermissionContext,
+      commandHasAnyCd(input.command),
+      astState.astRedirects,
+      astState.astCommands,
+    )
+    if (pathResult.behavior !== 'passthrough') return pathResult
+  }
+  if (commandOperatorResult.behavior === 'ask') {
+    const appState = context.getAppState()
+    return {
+      ...commandOperatorResult,
+      ...(feature('BASH_CLASSIFIER')
+        ? {
+            pendingClassifierCheck: buildPendingClassifierCheck(
+              input.command,
+              appState.toolPermissionContext,
+            ),
+          }
+        : {}),
+    }
+  }
+  return commandOperatorResult
+}

package/tui/src/tools/BashTool/bashPermissions/permissionChecks.ts ADDED Viewed

@@ -0,0 +1,200 @@
+import type { ToolPermissionContext } from '../../../Tool.js'
+import type { CommandPrefixResult } from '../../../utils/bash/commands.js'
+import type { SimpleCommand } from '../../../utils/bash/ast.js'
+import { getCwd } from '../../../utils/cwd.js'
+import { isEnvTruthy } from '../../../utils/envUtils.js'
+import type {
+  PermissionDecisionReason,
+  PermissionResult,
+} from '../../../utils/permissions/PermissionResult.js'
+import { createPermissionRequestMessage } from '../../../utils/permissions/permissions.js'
+import type { BashToolInput } from '../schemas.js'
+import { bashCommandIsSafeAsync_DEPRECATED } from '../bashSecurity.js'
+import { checkPermissionMode } from '../modeValidation.js'
+import { checkPathConstraints } from '../pathValidation.js'
+import { checkReadOnlyConstraints } from '../readOnlyValidation.js'
+import { checkSedConstraints } from '../sedValidation.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import { commandHasAnyCd } from './normalizedCommands.js'
+import {
+  suggestionForExactCommand,
+  suggestionForPrefix,
+} from './prefixSuggestions.js'
+import { matchingRulesForInput } from './ruleMatching.js'
+const bashCommandIsSafeAsync = bashCommandIsSafeAsync_DEPRECATED
+export const bashToolCheckExactMatchPermission = (
+  input: BashToolInput,
+  toolPermissionContext: ToolPermissionContext,
+): PermissionResult => {
+  const command = input.command.trim()
+  const { matchingDenyRules, matchingAskRules, matchingAllowRules } =
+    matchingRulesForInput(input, toolPermissionContext, 'exact')
+  if (matchingDenyRules[0] !== undefined) {
+    return {
+      behavior: 'deny',
+      message: `Permission to use ${BASH_TOOL_NAME} with command ${command} has been denied.`,
+      decisionReason: { type: 'rule', rule: matchingDenyRules[0] },
+    }
+  }
+  if (matchingAskRules[0] !== undefined) {
+    return {
+      behavior: 'ask',
+      message: createPermissionRequestMessage(BASH_TOOL_NAME),
+      decisionReason: { type: 'rule', rule: matchingAskRules[0] },
+    }
+  }
+  if (matchingAllowRules[0] !== undefined) {
+    return {
+      behavior: 'allow',
+      updatedInput: input,
+      decisionReason: { type: 'rule', rule: matchingAllowRules[0] },
+    }
+  }
+  const decisionReason = {
+    type: 'other' as const,
+    reason: 'This command requires approval',
+  }
+  return {
+    behavior: 'passthrough',
+    message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
+    decisionReason,
+    suggestions: suggestionForExactCommand(command),
+  }
+}
+export const bashToolCheckPermission = (
+  input: BashToolInput,
+  toolPermissionContext: ToolPermissionContext,
+  compoundCommandHasCd?: boolean,
+  astCommand?: SimpleCommand,
+): PermissionResult => {
+  const command = input.command.trim()
+  const exactMatchResult = bashToolCheckExactMatchPermission(
+    input,
+    toolPermissionContext,
+  )
+  if (
+    exactMatchResult.behavior === 'deny' ||
+    exactMatchResult.behavior === 'ask'
+  ) {
+    return exactMatchResult
+  }
+  const { matchingDenyRules, matchingAskRules, matchingAllowRules } =
+    matchingRulesForInput(input, toolPermissionContext, 'prefix', {
+      skipCompoundCheck: astCommand !== undefined,
+    })
+  if (matchingDenyRules[0] !== undefined) {
+    return {
+      behavior: 'deny',
+      message: `Permission to use ${BASH_TOOL_NAME} with command ${command} has been denied.`,
+      decisionReason: { type: 'rule', rule: matchingDenyRules[0] },
+    }
+  }
+  if (matchingAskRules[0] !== undefined) {
+    return {
+      behavior: 'ask',
+      message: createPermissionRequestMessage(BASH_TOOL_NAME),
+      decisionReason: { type: 'rule', rule: matchingAskRules[0] },
+    }
+  }
+  const pathResult = checkPathConstraints(
+    input,
+    getCwd(),
+    toolPermissionContext,
+    compoundCommandHasCd,
+    astCommand?.redirects,
+    astCommand ? [astCommand] : undefined,
+  )
+  if (pathResult.behavior !== 'passthrough') return pathResult
+  if (exactMatchResult.behavior === 'allow') return exactMatchResult
+  if (matchingAllowRules[0] !== undefined) {
+    return {
+      behavior: 'allow',
+      updatedInput: input,
+      decisionReason: { type: 'rule', rule: matchingAllowRules[0] },
+    }
+  }
+  const sedConstraintResult = checkSedConstraints(input, toolPermissionContext)
+  if (sedConstraintResult.behavior !== 'passthrough') return sedConstraintResult
+  const modeResult = checkPermissionMode(input, toolPermissionContext)
+  if (modeResult.behavior !== 'passthrough') return modeResult
+  if (checkReadOnlyConstraints(input, commandHasAnyCd(input.command)).behavior === 'allow') {
+    return {
+      behavior: 'allow',
+      updatedInput: input,
+      decisionReason: { type: 'other', reason: 'Read-only command is allowed' },
+    }
+  }
+  const decisionReason = {
+    type: 'other' as const,
+    reason: 'This command requires approval',
+  }
+  return {
+    behavior: 'passthrough',
+    message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
+    decisionReason,
+    suggestions: suggestionForExactCommand(command),
+  }
+}
+export async function checkCommandAndSuggestRules(
+  input: BashToolInput,
+  toolPermissionContext: ToolPermissionContext,
+  commandPrefixResult: CommandPrefixResult | null | undefined,
+  compoundCommandHasCd?: boolean,
+  astParseSucceeded?: boolean,
+): Promise<PermissionResult> {
+  const exactMatchResult = bashToolCheckExactMatchPermission(
+    input,
+    toolPermissionContext,
+  )
+  if (exactMatchResult.behavior !== 'passthrough') return exactMatchResult
+  const permissionResult = bashToolCheckPermission(
+    input,
+    toolPermissionContext,
+    compoundCommandHasCd,
+  )
+  if (
+    permissionResult.behavior === 'deny' ||
+    permissionResult.behavior === 'ask'
+  ) {
+    return permissionResult
+  }
+  if (
+    !astParseSucceeded &&
+    !isEnvTruthy(process.env.CLAUDE_CODE_DISABLE_COMMAND_INJECTION_CHECK)
+  ) {
+    const safetyResult = await bashCommandIsSafeAsync(input.command)
+    if (safetyResult.behavior !== 'passthrough') {
+      const decisionReason: PermissionDecisionReason = {
+        type: 'other',
+        reason:
+          safetyResult.behavior === 'ask' && safetyResult.message
+            ? safetyResult.message
+            : 'This command contains patterns that could pose security risks and requires approval',
+      }
+      return {
+        behavior: 'ask',
+        message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
+        decisionReason,
+        suggestions: [],
+      }
+    }
+  }
+  if (permissionResult.behavior === 'allow') return permissionResult
+  const suggestedUpdates = commandPrefixResult?.commandPrefix
+    ? suggestionForPrefix(commandPrefixResult.commandPrefix)
+    : suggestionForExactCommand(input.command)
+  return { ...permissionResult, suggestions: suggestedUpdates }
+}

package/tui/src/tools/BashTool/bashPermissions/prefixSuggestions.ts ADDED Viewed

@@ -0,0 +1,88 @@
+import type { PermissionUpdate } from '../../../utils/permissions/PermissionUpdateSchema.js'
+import {
+  suggestionForExactCommand as sharedSuggestionForExactCommand,
+  suggestionForPrefix as sharedSuggestionForPrefix,
+} from '../../../utils/permissions/shellRuleMatching.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import {
+  ANT_ONLY_SAFE_ENV_VARS,
+  BARE_SHELL_PREFIXES,
+  ENV_VAR_ASSIGN_RE,
+  SAFE_ENV_VARS,
+} from './constants.js'
+function safeEnvPrefixEnd(tokens: readonly string[]): number | null {
+  let i = 0
+  while (i < tokens.length) {
+    const token = tokens[i]
+    if (token === undefined || !ENV_VAR_ASSIGN_RE.test(token)) break
+    const varName = token.split('=')[0]
+    if (varName === undefined) return null
+    const isAntOnlySafe =
+      process.env.USER_TYPE === 'ant' && ANT_ONLY_SAFE_ENV_VARS.has(varName)
+    if (!SAFE_ENV_VARS.has(varName) && !isAntOnlySafe) return null
+    i++
+  }
+  return i
+}
+export function getSimpleCommandPrefix(command: string): string | null {
+  const tokens = command.trim().split(/\s+/).filter(Boolean)
+  if (tokens.length === 0) return null
+  const prefixEnd = safeEnvPrefixEnd(tokens)
+  if (prefixEnd === null) return null
+  const remaining = tokens.slice(prefixEnd)
+  if (remaining.length < 2) return null
+  const subcmd = remaining[1]
+  if (subcmd === undefined) return null
+  if (!/^[a-z][a-z0-9]*(-[a-z0-9]+)*$/.test(subcmd)) return null
+  return remaining.slice(0, 2).join(' ')
+}
+export function getFirstWordPrefix(command: string): string | null {
+  const tokens = command.trim().split(/\s+/).filter(Boolean)
+  const prefixEnd = safeEnvPrefixEnd(tokens)
+  if (prefixEnd === null) return null
+  const cmd = tokens[prefixEnd]
+  if (!cmd) return null
+  if (!/^[a-z][a-z0-9]*(-[a-z0-9]+)*$/.test(cmd)) return null
+  if (BARE_SHELL_PREFIXES.has(cmd)) return null
+  return cmd
+}
+export function suggestionForExactCommand(command: string): PermissionUpdate[] {
+  const heredocPrefix = extractPrefixBeforeHeredoc(command)
+  if (heredocPrefix) {
+    return sharedSuggestionForPrefix(BASH_TOOL_NAME, heredocPrefix)
+  }
+  if (command.includes('\n')) {
+    const firstLine = command.split('\n')[0]?.trim() ?? ''
+    if (firstLine) return sharedSuggestionForPrefix(BASH_TOOL_NAME, firstLine)
+  }
+  const prefix = getSimpleCommandPrefix(command)
+  if (prefix) return sharedSuggestionForPrefix(BASH_TOOL_NAME, prefix)
+  return sharedSuggestionForExactCommand(BASH_TOOL_NAME, command)
+}
+function extractPrefixBeforeHeredoc(command: string): string | null {
+  if (!command.includes('<<')) return null
+  const idx = command.indexOf('<<')
+  if (idx <= 0) return null
+  const before = command.substring(0, idx).trim()
+  if (!before) return null
+  const prefix = getSimpleCommandPrefix(before)
+  if (prefix) return prefix
+  const tokens = before.split(/\s+/).filter(Boolean)
+  const prefixEnd = safeEnvPrefixEnd(tokens)
+  if (prefixEnd === null || prefixEnd >= tokens.length) return null
+  return tokens.slice(prefixEnd, prefixEnd + 2).join(' ') || null
+}
+export function suggestionForPrefix(prefix: string): PermissionUpdate[] {
+  return sharedSuggestionForPrefix(BASH_TOOL_NAME, prefix)
+}