npm - ummaya - Versions diffs - 0.2.4 → 0.2.5 - Mend

ummaya 0.2.4 → 0.2.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (477) hide show

package/README.md +15 -2
package/bin/ummaya +10 -1
package/npm-shrinkwrap.json +253 -2
package/package.json +5 -1
package/prompts/manifest.yaml +1 -1
package/prompts/system_v1.md +1 -0
package/pyproject.toml +26 -2
package/specs/2803-document-production-hardening/contracts/document-tools.schema.json +1043 -0
package/src/ummaya/_canonical/__init__.py +2 -0
package/src/ummaya/engine/engine.py +29 -132
package/src/ummaya/evidence/__init__.py +21 -2
package/src/ummaya/evidence/dataset_contract.py +193 -0
package/src/ummaya/evidence/document_authoring_cases.py +33 -0
package/src/ummaya/evidence/document_harness.py +313 -0
package/src/ummaya/evidence/document_viewer_ux.py +391 -0
package/src/ummaya/evidence/gates.py +70 -0
package/src/ummaya/evidence/json_types.py +20 -0
package/src/ummaya/evidence/models.py +88 -1
package/src/ummaya/evidence/output_payload.py +89 -0
package/src/ummaya/evidence/payload_documents.py +233 -0
package/src/ummaya/evidence/route_contracts.py +224 -0
package/src/ummaya/evidence/route_helpers.py +150 -0
package/src/ummaya/evidence/runner.py +81 -212
package/src/ummaya/evidence/source_provenance.py +246 -0
package/src/ummaya/evidence/source_provenance_redaction.py +176 -0
package/src/ummaya/evidence/tool_layer.py +39 -0
package/src/ummaya/evidence/tool_layer_models.py +151 -0
package/src/ummaya/ipc/adapter_manifest_emitter.py +26 -10
package/src/ummaya/ipc/document_intent_normalization.py +185 -0
package/src/ummaya/ipc/frame_schema.py +5 -5
package/src/ummaya/ipc/route_diagnostics.py +73 -0
package/src/ummaya/ipc/stdio.py +1109 -477
package/src/ummaya/llm/client.py +102 -3
package/src/ummaya/llm/config.py +8 -3
package/src/ummaya/primitives/__init__.py +6 -2
package/src/ummaya/primitives/delegation.py +1 -1
package/src/ummaya/primitives/document.py +28 -0
package/src/ummaya/settings.py +0 -3
package/src/ummaya/tools/discovery_bridge.py +17 -1
package/src/ummaya/tools/documents/__init__.py +297 -0
package/src/ummaya/tools/documents/adapter_registry.py +487 -0
package/src/ummaya/tools/documents/archive_container_probe.py +167 -0
package/src/ummaya/tools/documents/artifact_store.py +454 -0
package/src/ummaya/tools/documents/authoring.py +283 -0
package/src/ummaya/tools/documents/baselines.py +114 -0
package/src/ummaya/tools/documents/capability.py +331 -0
package/src/ummaya/tools/documents/contracts.py +112 -0
package/src/ummaya/tools/documents/conversion.py +521 -0
package/src/ummaya/tools/documents/diff.py +275 -0
package/src/ummaya/tools/documents/engines.py +163 -0
package/src/ummaya/tools/documents/evaluation.py +291 -0
package/src/ummaya/tools/documents/explicit_values.py +108 -0
package/src/ummaya/tools/documents/fixtures.py +174 -0
package/src/ummaya/tools/documents/format_completion_audit.py +471 -0
package/src/ummaya/tools/documents/formats/__init__.py +2 -0
package/src/ummaya/tools/documents/formats/archive.py +528 -0
package/src/ummaya/tools/documents/formats/base.py +41 -0
package/src/ummaya/tools/documents/formats/code_file.py +211 -0
package/src/ummaya/tools/documents/formats/data_file.py +272 -0
package/src/ummaya/tools/documents/formats/hwp.py +284 -0
package/src/ummaya/tools/documents/formats/hwpx.py +1837 -0
package/src/ummaya/tools/documents/formats/odf.py +435 -0
package/src/ummaya/tools/documents/formats/ooxml.py +1030 -0
package/src/ummaya/tools/documents/formats/passive.py +766 -0
package/src/ummaya/tools/documents/formats/pdf.py +702 -0
package/src/ummaya/tools/documents/formats/text_web.py +268 -0
package/src/ummaya/tools/documents/hwp_conversion_probe.py +178 -0
package/src/ummaya/tools/documents/hwp_direct_candidate.py +141 -0
package/src/ummaya/tools/documents/inspection.py +289 -0
package/src/ummaya/tools/documents/intake.py +1079 -0
package/src/ummaya/tools/documents/legacy_office_promotion_probe.py +366 -0
package/src/ummaya/tools/documents/models.py +1598 -0
package/src/ummaya/tools/documents/odf_promotion_probe.py +167 -0
package/src/ummaya/tools/documents/orchestrator.py +96 -0
package/src/ummaya/tools/documents/passive_capability_probe.py +251 -0
package/src/ummaya/tools/documents/patch.py +170 -0
package/src/ummaya/tools/documents/pdfa_conformance.py +284 -0
package/src/ummaya/tools/documents/pdfa_promotion_probe.py +198 -0
package/src/ummaya/tools/documents/permissions.py +110 -0
package/src/ummaya/tools/documents/planner.py +616 -0
package/src/ummaya/tools/documents/registry.py +2733 -0
package/src/ummaya/tools/documents/render.py +978 -0
package/src/ummaya/tools/documents/render_comparison.py +113 -0
package/src/ummaya/tools/documents/render_comparison_models.py +74 -0
package/src/ummaya/tools/documents/render_comparison_regions.py +73 -0
package/src/ummaya/tools/documents/render_comparison_style.py +161 -0
package/src/ummaya/tools/documents/reread.py +157 -0
package/src/ummaya/tools/documents/runtime_authoring.py +244 -0
package/src/ummaya/tools/documents/runtime_authoring_bundle.py +76 -0
package/src/ummaya/tools/documents/scorecard.py +184 -0
package/src/ummaya/tools/documents/socratic_planner.py +193 -0
package/src/ummaya/tools/documents/style.py +48 -0
package/src/ummaya/tools/documents/tool_defs.py +523 -0
package/src/ummaya/tools/documents/validate.py +347 -0
package/src/ummaya/tools/executor.py +29 -0
package/src/ummaya/tools/live_proxy.py +0 -3
package/src/ummaya/tools/models.py +5 -1
package/src/ummaya/tools/register_all.py +8 -0
package/src/ummaya/tools/registry.py +10 -1
package/src/ummaya/tools/routing/__init__.py +59 -0
package/src/ummaya/tools/routing/builder.py +105 -0
package/src/ummaya/tools/routing/cards.py +29 -0
package/src/ummaya/tools/routing/decision_service.py +534 -0
package/src/ummaya/tools/routing/decision_types.py +74 -0
package/src/ummaya/tools/routing/feasibility.py +122 -0
package/src/ummaya/tools/routing/intent.py +17 -0
package/src/ummaya/tools/routing/intent_extractor.py +207 -0
package/src/ummaya/tools/routing/intent_patterns.py +160 -0
package/src/ummaya/tools/routing/intent_public_data.py +150 -0
package/src/ummaya/tools/routing/intent_types.py +48 -0
package/src/ummaya/tools/routing/lint.py +78 -0
package/src/ummaya/tools/routing/metadata.py +174 -0
package/src/ummaya/tools/routing/projection.py +340 -0
package/src/ummaya/tools/routing/retrieval_policy.py +629 -0
package/src/ummaya/tools/routing/schema.py +81 -0
package/src/ummaya/tools/routing/types.py +96 -0
package/src/ummaya/tools/routing_index.py +2 -2
package/src/ummaya/tools/search.py +34 -746
package/tests/fixtures/documents/public_forms/baselines.yaml +113 -0
package/tui/package.json +1 -1
package/tui/src/.cc-byte-identical-whitelist.yaml +266 -0
package/tui/src/QueryEngine.ts +12 -8
package/tui/src/bridge/inboundAttachments.ts +3 -3
package/tui/src/cli/handlers/auth.ts +3 -12
package/tui/src/cli/print.ts +7 -7
package/tui/src/commands/insights.ts +1 -1
package/tui/src/commands/install-github-app/types.ts +8 -30
package/tui/src/commands/plugin/types.ts +6 -28
package/tui/src/commands/plugin/unifiedTypes.ts +4 -26
package/tui/src/commands/rename/generateSessionName.ts +1 -1
package/tui/src/components/Feedback.tsx +1 -1
package/tui/src/components/LogoV2/EmergencyTip.tsx +11 -2
package/tui/src/components/LogoV2/WelcomeV2.tsx +1 -3
package/tui/src/components/ScrollKeybindingHandler.tsx +6 -6
package/tui/src/components/Spinner/types.ts +6 -28
package/tui/src/components/agents/generateAgent.ts +1 -1
package/tui/src/components/agents/new-agent-creation/types.ts +4 -26
package/tui/src/components/config/EnvSecretIsolatedEditor.tsx +1 -1
package/tui/src/components/mcp/types.ts +16 -38
package/tui/src/components/messages/AssistantToolUseMessage.tsx +3 -2
package/tui/src/components/messages/UserCrossSessionMessage.ts +16 -4
package/tui/src/components/messages/UserForkBoilerplateMessage.ts +16 -4
package/tui/src/components/messages/UserGitHubWebhookMessage.ts +16 -4
package/tui/src/components/messages/UserToolResultMessage/utils.tsx +3 -2
package/tui/src/components/permissions/MonitorPermissionRequest/MonitorPermissionRequest.ts +9 -4
package/tui/src/components/permissions/ReviewArtifactPermissionRequest/ReviewArtifactPermissionRequest.ts +9 -4
package/tui/src/components/primitive/DocumentSocraticReviewBlock.tsx +129 -0
package/tui/src/components/primitive/DocumentToolResultCard.tsx +224 -0
package/tui/src/components/primitive/documentSocraticReview.ts +215 -0
package/tui/src/components/primitive/index.tsx +43 -1
package/tui/src/components/primitive/types.ts +137 -0
package/tui/src/components/ui/option.ts +4 -26
package/tui/src/constants/common.ts +0 -2
package/tui/src/constants/prompts.ts +4 -3
package/tui/src/constants/querySource.ts +4 -26
package/tui/src/entrypoints/sdk/controlTypes.ts +26 -48
package/tui/src/entrypoints/sdk/coreTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/runtimeTypes.ts +38 -60
package/tui/src/entrypoints/sdk/sdkUtilityTypes.ts +4 -26
package/tui/src/entrypoints/sdk/settingsTypes.generated.ts +3 -25
package/tui/src/entrypoints/sdk/toolTypes.ts +3 -25
package/tui/src/hooks/toolPermission/handlers/interactiveHandler.ts +10 -0
package/tui/src/hooks/useApiKeyVerification.ts +1 -1
package/tui/src/hooks/useVirtualScroll.ts +1 -1
package/tui/src/ink/ink.tsx +33 -14
package/tui/src/ink/reconciler.ts +2 -3
package/tui/src/ink/render-to-screen.ts +30 -10
package/tui/src/ipc/bridge.ts +62 -15
package/tui/src/ipc/bridgeSingleton.ts +5 -1
package/tui/src/ipc/codec.ts +3 -3
package/tui/src/ipc/frames.generated.ts +12 -12
package/tui/src/ipc/llmClient.ts +151 -27
package/tui/src/ipc/schema/frame.schema.json +1 -1
package/tui/src/keybindings/defaultBindings.ts +4 -0
package/tui/src/main.tsx +29 -11
package/tui/src/native-ts/file-index/index.ts +33 -3
package/tui/src/observability/surface.ts +2 -2
package/tui/src/probes/toolRegistryProbe.tsx +3 -1
package/tui/src/projectOnboardingState.ts +7 -6
package/tui/src/query/chatMessageTypes.ts +18 -0
package/tui/src/query/chatMessagesBuilder.ts +1 -1
package/tui/src/query/deps.ts +1 -1
package/tui/src/query/messageGuards.ts +106 -0
package/tui/src/query/publicDataTerminalRepair.ts +384 -0
package/tui/src/query/run.ts +1075 -0
package/tui/src/query/supportBoundary.ts +168 -0
package/tui/src/query/toolResultErrors.ts +103 -0
package/tui/src/query/toolRunner.ts +687 -0
package/tui/src/query/unavailableToolRepair.ts +118 -0
package/tui/src/query.ts +9 -2186
package/tui/src/screens/REPL.tsx +40 -29
package/tui/src/services/api/adapterManifest.ts +4 -0
package/tui/src/services/api/backendChat/events.ts +117 -0
package/tui/src/services/api/backendChat/finalMessage.ts +40 -0
package/tui/src/services/api/backendChat/frame.ts +9 -0
package/tui/src/services/api/backendChat/streaming.ts +430 -0
package/tui/src/services/api/backendChat/types.ts +62 -0
package/tui/src/services/api/backendChat.ts +1 -0
package/tui/src/services/api/client.ts +65 -2
package/tui/src/services/api/errorUtils.ts +5 -5
package/tui/src/services/api/errors.ts +1 -1
package/tui/src/services/api/logging.ts +1 -1
package/tui/src/services/api/ummaya/evidence.ts +194 -0
package/tui/src/services/api/ummaya/messages.ts +255 -0
package/tui/src/services/api/ummaya/nonStreaming.ts +66 -0
package/tui/src/services/api/ummaya/provider.ts +200 -0
package/tui/src/services/api/ummaya/reasoning.ts +24 -0
package/tui/src/services/api/ummaya/request.ts +200 -0
package/tui/src/services/api/ummaya/selectionContext.ts +240 -0
package/tui/src/services/api/ummaya/streaming.ts +365 -0
package/tui/src/services/api/ummaya/streamingPayload.ts +129 -0
package/tui/src/services/api/ummaya/streamingReader.ts +40 -0
package/tui/src/services/api/ummaya/toolSelection.ts +217 -0
package/tui/src/services/api/ummaya/types.ts +110 -0
package/tui/src/services/api/ummaya/usage.ts +30 -0
package/tui/src/services/api/ummaya.ts +26 -418
package/tui/src/services/api/withRetry.ts +1 -1
package/tui/src/services/awaySummary.ts +2 -2
package/tui/src/services/claudeAiLimits.ts +1 -1
package/tui/src/services/compact/autoCompact.ts +1 -1
package/tui/src/services/compact/compact.ts +1 -1
package/tui/src/services/lsp/types.ts +8 -30
package/tui/src/services/tips/types.ts +6 -28
package/tui/src/services/tokenEstimation.ts +1 -1
package/tui/src/services/toolRegistry/bootGuard.ts +5 -5
package/tui/src/services/toolUseSummary/toolUseSummaryGenerator.ts +1 -1
package/tui/src/services/tools/toolExecution.ts +94 -1
package/tui/src/store/pendingPermissionSlot.ts +1 -1
package/tui/src/store/session-store.ts +10 -36
package/tui/src/stubs/any-stub.ts +15 -10
package/tui/src/stubs/color-diff-napi.ts +37 -23
package/tui/src/stubs/globals.d.ts +3 -3
package/tui/src/stubs/macro-preload.ts +23 -12
package/tui/src/tools/AdapterTool/AdapterTool.ts +1207 -714
package/tui/src/tools/AdapterTool/routeDiagnostics.ts +75 -0
package/tui/src/tools/AgentTool/AgentTool.tsx +84 -1371
package/tui/src/tools/AgentTool/agentToolHandoff.ts +114 -0
package/tui/src/tools/AgentTool/agentToolPartialResult.ts +16 -0
package/tui/src/tools/AgentTool/agentToolProgress.ts +32 -0
package/tui/src/tools/AgentTool/agentToolResolver.ts +161 -0
package/tui/src/tools/AgentTool/agentToolResult.ts +163 -0
package/tui/src/tools/AgentTool/agentToolUtils.ts +14 -686
package/tui/src/tools/AgentTool/asyncAgentLifecycle.ts +208 -0
package/tui/src/tools/AgentTool/asyncLifecycle.ts +153 -0
package/tui/src/tools/AgentTool/backgroundedCompletion.ts +126 -0
package/tui/src/tools/AgentTool/backgroundedLifecycle.ts +174 -0
package/tui/src/tools/AgentTool/foregroundBackground.ts +83 -0
package/tui/src/tools/AgentTool/foregroundDrain.tsx +133 -0
package/tui/src/tools/AgentTool/foregroundFinalize.ts +98 -0
package/tui/src/tools/AgentTool/foregroundLifecycle.tsx +237 -0
package/tui/src/tools/AgentTool/foregroundProgress.tsx +169 -0
package/tui/src/tools/AgentTool/foregroundTask.ts +89 -0
package/tui/src/tools/AgentTool/forkSubagent.ts +1 -12
package/tui/src/tools/AgentTool/forkSubagentGate.ts +34 -0
package/tui/src/tools/AgentTool/launchRouting.ts +203 -0
package/tui/src/tools/AgentTool/lifecycle.ts +244 -0
package/tui/src/tools/AgentTool/mcpRouting.ts +73 -0
package/tui/src/tools/AgentTool/orchestrationSupport.ts +70 -0
package/tui/src/tools/AgentTool/permissions.ts +39 -0
package/tui/src/tools/AgentTool/promptSetup.ts +181 -0
package/tui/src/tools/AgentTool/remoteRouting.ts +62 -0
package/tui/src/tools/AgentTool/resultMapping.ts +116 -0
package/tui/src/tools/AgentTool/resumeAgent.ts +39 -107
package/tui/src/tools/AgentTool/resumeAgentHelpers.ts +140 -0
package/tui/src/tools/AgentTool/runAgent.ts +1 -1
package/tui/src/tools/AgentTool/runtimeConfig.ts +57 -0
package/tui/src/tools/AgentTool/schemas.ts +196 -0
package/tui/src/tools/AgentTool/sourceVerificationPropagation.ts +263 -0
package/tui/src/tools/AgentTool/worktreeLifecycle.ts +105 -0
package/tui/src/tools/AskUserQuestionTool/AskUserQuestionTool.tsx +174 -202
package/tui/src/tools/BashTool/BashTool.tsx +71 -1072
package/tui/src/tools/BashTool/bashCommandHelpers.ts +12 -12
package/tui/src/tools/BashTool/bashPermissions/astPreflight.ts +173 -0
package/tui/src/tools/BashTool/bashPermissions/classifierChecks.ts +199 -0
package/tui/src/tools/BashTool/bashPermissions/compoundGuards.ts +53 -0
package/tui/src/tools/BashTool/bashPermissions/constants.ts +99 -0
package/tui/src/tools/BashTool/bashPermissions/index.ts +38 -0
package/tui/src/tools/BashTool/bashPermissions/legacyMisparsing.ts +62 -0
package/tui/src/tools/BashTool/bashPermissions/main.ts +135 -0
package/tui/src/tools/BashTool/bashPermissions/normalizedCommands.ts +33 -0
package/tui/src/tools/BashTool/bashPermissions/operatorFlow.ts +98 -0
package/tui/src/tools/BashTool/bashPermissions/permissionChecks.ts +200 -0
package/tui/src/tools/BashTool/bashPermissions/prefixSuggestions.ts +88 -0
package/tui/src/tools/BashTool/bashPermissions/promptClassifierRules.ts +125 -0
package/tui/src/tools/BashTool/bashPermissions/ruleDelegates.ts +19 -0
package/tui/src/tools/BashTool/bashPermissions/ruleMatching.ts +145 -0
package/tui/src/tools/BashTool/bashPermissions/sandboxAutoAllow.ts +75 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandFlow.ts +205 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandGuards.ts +73 -0
package/tui/src/tools/BashTool/bashPermissions/subcommandResultHelpers.ts +116 -0
package/tui/src/tools/BashTool/bashPermissions/types.ts +26 -0
package/tui/src/tools/BashTool/bashPermissions/wrapperStripping.ts +139 -0
package/tui/src/tools/BashTool/bashPermissions.ts +26 -2621
package/tui/src/tools/BashTool/call.ts +202 -0
package/tui/src/tools/BashTool/callLoader.ts +35 -0
package/tui/src/tools/BashTool/commandClassification.ts +151 -0
package/tui/src/tools/BashTool/commandClassificationLoader.ts +40 -0
package/tui/src/tools/BashTool/cwdReset.ts +33 -0
package/tui/src/tools/BashTool/lineTruncation.ts +11 -0
package/tui/src/tools/BashTool/modeValidation.ts +13 -1
package/tui/src/tools/BashTool/outputPersistence.ts +42 -0
package/tui/src/tools/BashTool/permissionClassification.ts +66 -0
package/tui/src/tools/BashTool/permissionLoader.ts +44 -0
package/tui/src/tools/BashTool/resultLoader.ts +29 -0
package/tui/src/tools/BashTool/resultMapping.ts +83 -0
package/tui/src/tools/BashTool/sandboxPolicy.ts +79 -0
package/tui/src/tools/BashTool/schemas.ts +65 -0
package/tui/src/tools/BashTool/sedEditExecution.ts +59 -0
package/tui/src/tools/BashTool/shellExecution.tsx +245 -0
package/tui/src/tools/BashTool/shellOutputUtils.ts +85 -0
package/tui/src/tools/BashTool/shellPermissionGauntlet.ts +97 -0
package/tui/src/tools/BashTool/uiLoader.ts +37 -0
package/tui/src/tools/BriefTool/upload.ts +1 -1
package/tui/src/tools/CalculatorTool/parser.ts +2 -2
package/tui/src/tools/DocumentPrimitive/DocumentPrimitive.ts +262 -0
package/tui/src/tools/DocumentPrimitive/dispatchNormalization.ts +270 -0
package/tui/src/tools/DocumentPrimitive/documentDestinationPath.ts +18 -0
package/tui/src/tools/DocumentPrimitive/documentMutationGuard.ts +22 -0
package/tui/src/tools/DocumentPrimitive/documentPatchNormalization.ts +248 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerification.ts +245 -0
package/tui/src/tools/DocumentPrimitive/documentSourceVerificationFields.ts +103 -0
package/tui/src/tools/DocumentPrimitive/modelVisibleOutput.ts +40 -0
package/tui/src/tools/DocumentPrimitive/prompt.ts +35 -0
package/tui/src/tools/FileEditTool/FileEditTool.ts +9 -507
package/tui/src/tools/FileEditTool/call.ts +228 -0
package/tui/src/tools/FileEditTool/validateInput.ts +196 -0
package/tui/src/tools/FileReadTool/imageProcessor.ts +13 -0
package/tui/src/tools/FileWriteTool/FileWriteTool.ts +7 -300
package/tui/src/tools/FileWriteTool/call.ts +223 -0
package/tui/src/tools/FileWriteTool/validateInput.ts +80 -0
package/tui/src/tools/ListMcpResourcesTool/ListMcpResourcesTool.ts +19 -3
package/tui/src/tools/LookupPrimitive/LookupPrimitive.ts +25 -32
package/tui/src/tools/LookupPrimitive/prompt.ts +0 -2
package/tui/src/tools/MCPTool/trustPolicy.ts +118 -0
package/tui/src/tools/McpAuthTool/McpAuthTool.ts +21 -3
package/tui/src/tools/NotebookEditTool/NotebookEditTool.ts +7 -326
package/tui/src/tools/NotebookEditTool/call.ts +254 -0
package/tui/src/tools/NotebookEditTool/notebookModel.ts +51 -0
package/tui/src/tools/NotebookEditTool/validateInput.ts +142 -0
package/tui/src/tools/PowerShellTool/PowerShellTool.tsx +46 -937
package/tui/src/tools/PowerShellTool/acceptEditsCommandValidation.ts +162 -0
package/tui/src/tools/PowerShellTool/call.ts +179 -0
package/tui/src/tools/PowerShellTool/callLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/commandClassification.ts +86 -0
package/tui/src/tools/PowerShellTool/modeValidation.ts +25 -332
package/tui/src/tools/PowerShellTool/outputPersistence.ts +42 -0
package/tui/src/tools/PowerShellTool/permissionClassification.ts +28 -0
package/tui/src/tools/PowerShellTool/resultLoader.ts +31 -0
package/tui/src/tools/PowerShellTool/resultMapping.ts +75 -0
package/tui/src/tools/PowerShellTool/schemas.ts +40 -0
package/tui/src/tools/PowerShellTool/shellExecution.tsx +258 -0
package/tui/src/tools/PowerShellTool/symlinkModeValidation.ts +44 -0
package/tui/src/tools/PowerShellTool/uiLoader.ts +37 -0
package/tui/src/tools/PowerShellTool/validation.ts +39 -0
package/tui/src/tools/ReadMcpResourceTool/ReadMcpResourceTool.ts +19 -3
package/tui/src/tools/ResolveLocationPrimitive/ResolveLocationPrimitive.ts +1 -11
package/tui/src/tools/ResolveLocationPrimitive/prompt.ts +2 -6
package/tui/src/tools/SkillTool/SkillTool.ts +2 -2
package/tui/src/tools/SubmitPrimitive/SubmitPrimitive.ts +27 -10
package/tui/src/tools/TaskCreateTool/TaskCreateTool.ts +16 -2
package/tui/src/tools/TaskGetTool/TaskGetTool.ts +23 -3
package/tui/src/tools/TaskListTool/TaskListTool.ts +22 -4
package/tui/src/tools/TaskOutputTool/TaskOutputTool.tsx +46 -547
package/tui/src/tools/TaskOutputTool/lookup.ts +216 -0
package/tui/src/tools/TaskOutputTool/render.tsx +257 -0
package/tui/src/tools/TaskOutputTool/schemas.ts +55 -0
package/tui/src/tools/TaskOutputTool/serialization.ts +36 -0
package/tui/src/tools/TaskStopTool/TaskStopTool.ts +10 -0
package/tui/src/tools/TaskUpdateTool/TaskUpdateTool.ts +14 -364
package/tui/src/tools/TaskUpdateTool/completion.ts +62 -0
package/tui/src/tools/TaskUpdateTool/schemas.ts +62 -0
package/tui/src/tools/TaskUpdateTool/serialization.ts +46 -0
package/tui/src/tools/TaskUpdateTool/statusUpdate.ts +247 -0
package/tui/src/tools/TodoWriteTool/TodoWriteTool.ts +21 -2
package/tui/src/tools/ToolSearchTool/ToolSearchTool.ts +21 -302
package/tui/src/tools/ToolSearchTool/ccSupportTools.ts +223 -0
package/tui/src/tools/ToolSearchTool/descriptionCache.ts +50 -0
package/tui/src/tools/ToolSearchTool/keywordSearch.ts +216 -0
package/tui/src/tools/ToolSearchTool/prompt.ts +10 -4
package/tui/src/tools/ToolSearchTool/resultMapping.ts +30 -0
package/tui/src/tools/ToolSearchTool/schemas.ts +30 -0
package/tui/src/tools/ToolSearchTool/searchPool.ts +47 -0
package/tui/src/tools/ToolSearchTool/supportIntentHints.ts +140 -0
package/tui/src/tools/TranslateTool/TranslateTool.ts +1 -1
package/tui/src/tools/VerifyPrimitive/VerifyPrimitive.ts +2 -1
package/tui/src/tools/WebFetchTool/WebFetchTool.ts +43 -138
package/tui/src/tools/WebFetchTool/call.ts +227 -0
package/tui/src/tools/WebFetchTool/resolvedAddressSafety.ts +78 -0
package/tui/src/tools/WebFetchTool/sourceVerification.ts +204 -0
package/tui/src/tools/WebFetchTool/types.ts +23 -0
package/tui/src/tools/WebFetchTool/urlSafety.ts +181 -0
package/tui/src/tools/WebFetchTool/utils.ts +1 -1
package/tui/src/tools/WebSearchTool/UI.tsx +0 -1
package/tui/src/tools/WebSearchTool/WebSearchTool.ts +9 -313
package/tui/src/tools/WebSearchTool/call.ts +33 -0
package/tui/src/tools/WebSearchTool/responseMapping.ts +190 -0
package/tui/src/tools/WebSearchTool/resultBlock.ts +47 -0
package/tui/src/tools/WebSearchTool/schemas.ts +47 -0
package/tui/src/tools/WebSearchTool/toolSchema.ts +12 -0
package/tui/src/tools/WorkspaceToolAdapter/WorkspaceToolAdapter.ts +79 -0
package/tui/src/tools/WorkspaceToolAdapter/allowedRootPolicy.ts +85 -0
package/tui/src/tools/WorkspaceToolAdapter/documentFormatGuards.ts +73 -0
package/tui/src/tools/WorkspaceToolAdapter/inputNormalization.ts +105 -0
package/tui/src/tools/WorkspaceToolAdapter/mcpExposurePolicy.ts +64 -0
package/tui/src/tools/WorkspaceToolAdapter/toolDefFactory.ts +215 -0
package/tui/src/tools/WorkspaceToolAdapter/toolNames.ts +6 -0
package/tui/src/tools/WorkspaceToolAdapter/workspacePolicy.ts +15 -0
package/tui/src/tools/_shared/dispatchPrimitive.ts +6 -6
package/tui/src/tools/_shared/documentChangeToPatch.ts +125 -0
package/tui/src/tools/_shared/documentDispatchArguments.ts +87 -0
package/tui/src/tools/_shared/documentPrimitiveTimeout.ts +13 -0
package/tui/src/tools/_shared/documentToolResultRender.ts +98 -0
package/tui/src/tools/_shared/pendingCallRegistry.ts +1 -6
package/tui/src/tools/_shared/rootPrimitiveInput.ts +1 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPatterns.ts +58 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentCompletionPrompt.ts +271 -0
package/tui/src/tools/_shared/toolChoiceRepair/documentRepair.ts +452 -0
package/tui/src/tools/_shared/toolChoiceRepair/messageAccess.ts +80 -0
package/tui/src/tools/_shared/toolChoiceRepair/publicDataRepair.ts +92 -0
package/tui/src/tools/_shared/toolChoiceRepair/supportRepair.ts +135 -0
package/tui/src/tools/_shared/toolChoiceRepair.ts +55 -860
package/tui/src/tools/shared/mockDisclaimer.ts +1 -1
package/tui/src/tools.ts +39 -190
package/tui/src/types/fileSuggestion.ts +4 -26
package/tui/src/types/generated/events_mono/claude_code/v1/claude_code_internal_event.ts +186 -148
package/tui/src/types/generated/events_mono/common/v1/auth.ts +25 -11
package/tui/src/types/generated/events_mono/growthbook/v1/growthbook_experiment_event.ts +47 -30
package/tui/src/types/generated/google/protobuf/timestamp.ts +21 -7
package/tui/src/types/message.ts +80 -102
package/tui/src/types/messageQueueTypes.ts +6 -28
package/tui/src/types/notebook.ts +16 -38
package/tui/src/types/statusLine.ts +4 -26
package/tui/src/types/tools.ts +24 -46
package/tui/src/types/utils.ts +6 -28
package/tui/src/upstreamproxy/relay.ts +7 -3
package/tui/src/upstreamproxy/upstreamproxy.ts +1 -1
package/tui/src/utils/assistantMessageFactories.ts +9 -3
package/tui/src/utils/auth.ts +129 -139
package/tui/src/utils/bash/ast.ts +23 -23
package/tui/src/utils/bash/bashParser.ts +5 -5
package/tui/src/utils/billing.ts +1 -1
package/tui/src/utils/collapseReadSearch.ts +3 -3
package/tui/src/utils/cronTasks.ts +1 -1
package/tui/src/utils/execFileNoThrow.ts +1 -1
package/tui/src/utils/filePersistence/types.ts +16 -38
package/tui/src/utils/forkedAgent.ts +1 -1
package/tui/src/utils/gracefulShutdown.ts +4 -4
package/tui/src/utils/heapDumpService.ts +12 -8
package/tui/src/utils/hooks/apiQueryHookHelper.ts +1 -1
package/tui/src/utils/hooks/execPromptHook.ts +1 -1
package/tui/src/utils/hooks/skillImprovement.ts +1 -1
package/tui/src/utils/mcp/dateTimeParser.ts +1 -1
package/tui/src/utils/messages.ts +18 -0
package/tui/src/utils/migrateSessions.ts +3 -3
package/tui/src/utils/model/model.ts +6 -6
package/tui/src/utils/permissions/yoloClassifier.ts +1 -1
package/tui/src/utils/plugins/headlessPluginInstall.ts +1 -1
package/tui/src/utils/plugins/mcpPluginIntegration.ts +1 -1
package/tui/src/utils/plugins/mcpbHandler.ts +1 -1
package/tui/src/utils/plugins/pluginLoader.ts +8 -8
package/tui/src/utils/protectedNamespace.ts +5 -3
package/tui/src/utils/rawJsonToolCall.ts +242 -0
package/tui/src/utils/ripgrep.ts +16 -7
package/tui/src/utils/sessionTitle.ts +1 -1
package/tui/src/utils/settings/permissionValidation.ts +14 -2
package/tui/src/utils/shell/prefix.ts +1 -1
package/tui/src/utils/sideQuery.ts +1 -1
package/tui/src/utils/systemThemeWatcher.ts +13 -3
package/tui/src/utils/teleport.tsx +1 -1
package/uv.lock +400 -14
package/tui/src/services/api/claude.ts +0 -3540
package/tui/src/tools/_shared/directPublicDataGuard.ts +0 -362
package/tui/src/tools/_shared/kmaAnalysisGuard.ts +0 -197
package/tui/src/tools/_shared/kmaAviationGuard.ts +0 -70
package/tui/src/tools/_shared/nmcAedGuard.ts +0 -234
package/tui/src/tools/_shared/protectedCheckGuard.ts +0 -207
package/tui/src/tools/_shared/textToolCallGuard.ts +0 -91

package/tui/src/tools/BashTool/bashPermissions/promptClassifierRules.ts ADDED Viewed

@@ -0,0 +1,125 @@
+import { feature } from 'bun:bundle'
+import type { ToolUseContext } from '../../../Tool.js'
+import { getCommandSubcommandPrefix } from '../../../utils/bash/commands.js'
+import { getCwd } from '../../../utils/cwd.js'
+import { AbortError } from '../../../utils/errors.js'
+import {
+  classifyBashCommand,
+  getBashPromptAskDescriptions,
+  getBashPromptDenyDescriptions,
+  isClassifierPermissionsEnabled,
+} from '../../../utils/permissions/bashClassifier.js'
+import type { PermissionResult } from '../../../utils/permissions/PermissionResult.js'
+import { createPermissionRequestMessage } from '../../../utils/permissions/permissions.js'
+import type { PermissionUpdate } from '../../../utils/permissions/PermissionUpdateSchema.js'
+import type { BashToolInput } from '../schemas.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import {
+  buildPendingClassifierCheck,
+  logClassifierResultForAnts,
+} from './classifierChecks.js'
+import {
+  suggestionForExactCommand,
+  suggestionForPrefix,
+} from './prefixSuggestions.js'
+import type { CommandPrefixResolver } from './types.js'
+export async function checkPromptClassifierRules(
+  input: BashToolInput,
+  context: ToolUseContext,
+  getCommandSubcommandPrefixFn: CommandPrefixResolver,
+): Promise<PermissionResult | null> {
+  const appState = context.getAppState()
+  if (
+    !isClassifierPermissionsEnabled() ||
+    (feature('TRANSCRIPT_CLASSIFIER') &&
+      appState.toolPermissionContext.mode === 'auto')
+  ) {
+    return null
+  }
+  const denyDescriptions = getBashPromptDenyDescriptions(
+    appState.toolPermissionContext,
+  )
+  const askDescriptions = getBashPromptAskDescriptions(
+    appState.toolPermissionContext,
+  )
+  const hasDeny = denyDescriptions.length > 0
+  const hasAsk = askDescriptions.length > 0
+  if (!hasDeny && !hasAsk) return null
+  const [denyResult, askResult] = await Promise.all([
+    hasDeny
+      ? classifyBashCommand(
+          input.command,
+          getCwd(),
+          denyDescriptions,
+          'deny',
+          context.abortController.signal,
+          context.options.isNonInteractiveSession,
+        )
+      : null,
+    hasAsk
+      ? classifyBashCommand(
+          input.command,
+          getCwd(),
+          askDescriptions,
+          'ask',
+          context.abortController.signal,
+          context.options.isNonInteractiveSession,
+        )
+      : null,
+  ])
+  if (context.abortController.signal.aborted) throw new AbortError()
+  if (denyResult) {
+    logClassifierResultForAnts(input.command, 'deny', denyDescriptions, denyResult)
+  }
+  if (askResult) {
+    logClassifierResultForAnts(input.command, 'ask', askDescriptions, askResult)
+  }
+  if (denyResult?.matches && denyResult.confidence === 'high') {
+    return {
+      behavior: 'deny',
+      message: `Denied by Bash prompt rule: "${denyResult.matchedDescription}"`,
+      decisionReason: {
+        type: 'other',
+        reason: `Denied by Bash prompt rule: "${denyResult.matchedDescription}"`,
+      },
+    }
+  }
+  if (askResult?.matches && askResult.confidence === 'high') {
+    let suggestions: PermissionUpdate[]
+    if (getCommandSubcommandPrefixFn === getCommandSubcommandPrefix) {
+      suggestions = suggestionForExactCommand(input.command)
+    } else {
+      const commandPrefixResult = await getCommandSubcommandPrefixFn(
+        input.command,
+        context.abortController.signal,
+        context.options.isNonInteractiveSession,
+      )
+      if (context.abortController.signal.aborted) throw new AbortError()
+      suggestions = commandPrefixResult?.commandPrefix
+        ? suggestionForPrefix(commandPrefixResult.commandPrefix)
+        : suggestionForExactCommand(input.command)
+    }
+    return {
+      behavior: 'ask',
+      message: createPermissionRequestMessage(BASH_TOOL_NAME),
+      decisionReason: {
+        type: 'other',
+        reason: `Required by Bash prompt rule: "${askResult.matchedDescription}"`,
+      },
+      suggestions,
+      ...(feature('BASH_CLASSIFIER')
+        ? {
+            pendingClassifierCheck: buildPendingClassifierCheck(
+              input.command,
+              appState.toolPermissionContext,
+            ),
+          }
+        : {}),
+    }
+  }
+  return null
+}

package/tui/src/tools/BashTool/bashPermissions/ruleDelegates.ts ADDED Viewed

@@ -0,0 +1,19 @@
+import {
+  parsePermissionRule,
+  type ShellPermissionRule,
+  matchWildcardPattern as sharedMatchWildcardPattern,
+  permissionRuleExtractPrefix as sharedPermissionRuleExtractPrefix,
+} from '../../../utils/permissions/shellRuleMatching.js'
+export const permissionRuleExtractPrefix = sharedPermissionRuleExtractPrefix
+export function matchWildcardPattern(
+  pattern: string,
+  command: string,
+): boolean {
+  return sharedMatchWildcardPattern(pattern, command)
+}
+export const bashPermissionRule: (
+  permissionRule: string,
+) => ShellPermissionRule = parsePermissionRule

package/tui/src/tools/BashTool/bashPermissions/ruleMatching.ts ADDED Viewed

@@ -0,0 +1,145 @@
+import type { ToolPermissionContext } from '../../../Tool.js'
+import {
+  extractOutputRedirections,
+  splitCommand_DEPRECATED,
+} from '../../../utils/bash/commands.js'
+import type { PermissionRule } from '../../../utils/permissions/PermissionRule.js'
+import { getRuleByContentsForToolName } from '../../../utils/permissions/permissions.js'
+import type { BashToolInput } from '../schemas.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import { bashPermissionRule, matchWildcardPattern } from './ruleDelegates.js'
+import {
+  stripAllLeadingEnvVars,
+  stripSafeWrappers,
+} from './wrapperStripping.js'
+const splitCommand = splitCommand_DEPRECATED
+function filterRulesByContentsMatchingInput(
+  input: BashToolInput,
+  rules: Map<string, PermissionRule>,
+  matchMode: 'exact' | 'prefix',
+  {
+    stripAllEnvVars = false,
+    skipCompoundCheck = false,
+  }: { stripAllEnvVars?: boolean; skipCompoundCheck?: boolean } = {},
+): PermissionRule[] {
+  const command = input.command.trim()
+  const commandWithoutRedirections =
+    extractOutputRedirections(command).commandWithoutRedirections
+  const commandsForMatching =
+    matchMode === 'exact'
+      ? [command, commandWithoutRedirections]
+      : [commandWithoutRedirections]
+  const commandsToTry = commandsForMatching.flatMap(cmd => {
+    const strippedCommand = stripSafeWrappers(cmd)
+    return strippedCommand !== cmd ? [cmd, strippedCommand] : [cmd]
+  })
+  if (stripAllEnvVars) {
+    const seen = new Set(commandsToTry)
+    let startIdx = 0
+    while (startIdx < commandsToTry.length) {
+      const endIdx = commandsToTry.length
+      for (let i = startIdx; i < endIdx; i++) {
+        const cmd = commandsToTry[i]
+        if (!cmd) continue
+        const envStripped = stripAllLeadingEnvVars(cmd)
+        if (!seen.has(envStripped)) {
+          commandsToTry.push(envStripped)
+          seen.add(envStripped)
+        }
+        const wrapperStripped = stripSafeWrappers(cmd)
+        if (!seen.has(wrapperStripped)) {
+          commandsToTry.push(wrapperStripped)
+          seen.add(wrapperStripped)
+        }
+      }
+      startIdx = endIdx
+    }
+  }
+  const isCompoundCommand = new Map<string, boolean>()
+  if (matchMode === 'prefix' && !skipCompoundCheck) {
+    for (const cmd of commandsToTry) {
+      if (!isCompoundCommand.has(cmd)) {
+        isCompoundCommand.set(cmd, splitCommand(cmd).length > 1)
+      }
+    }
+  }
+  return Array.from(rules.entries())
+    .filter(([ruleContent]) => {
+      const bashRule = bashPermissionRule(ruleContent)
+      return commandsToTry.some(cmdToMatch => {
+        switch (bashRule.type) {
+          case 'exact':
+            return bashRule.command === cmdToMatch
+          case 'prefix':
+            switch (matchMode) {
+              case 'exact':
+                return bashRule.prefix === cmdToMatch
+              case 'prefix': {
+                if (isCompoundCommand.get(cmdToMatch)) return false
+                if (cmdToMatch === bashRule.prefix) return true
+                if (cmdToMatch.startsWith(bashRule.prefix + ' ')) return true
+                const xargsPrefix = 'xargs ' + bashRule.prefix
+                if (cmdToMatch === xargsPrefix) return true
+                return cmdToMatch.startsWith(xargsPrefix + ' ')
+              }
+            }
+            break
+          case 'wildcard':
+            if (matchMode === 'exact') return false
+            if (isCompoundCommand.get(cmdToMatch)) return false
+            return matchWildcardPattern(bashRule.pattern, cmdToMatch)
+        }
+      })
+    })
+    .map(([, rule]) => rule)
+}
+export function matchingRulesForInput(
+  input: BashToolInput,
+  toolPermissionContext: ToolPermissionContext,
+  matchMode: 'exact' | 'prefix',
+  { skipCompoundCheck = false }: { skipCompoundCheck?: boolean } = {},
+) {
+  const denyRuleByContents = getRuleByContentsForToolName(
+    toolPermissionContext,
+    BASH_TOOL_NAME,
+    'deny',
+  )
+  const matchingDenyRules = filterRulesByContentsMatchingInput(
+    input,
+    denyRuleByContents,
+    matchMode,
+    { stripAllEnvVars: true, skipCompoundCheck: true },
+  )
+  const askRuleByContents = getRuleByContentsForToolName(
+    toolPermissionContext,
+    BASH_TOOL_NAME,
+    'ask',
+  )
+  const matchingAskRules = filterRulesByContentsMatchingInput(
+    input,
+    askRuleByContents,
+    matchMode,
+    { stripAllEnvVars: true, skipCompoundCheck: true },
+  )
+  const allowRuleByContents = getRuleByContentsForToolName(
+    toolPermissionContext,
+    BASH_TOOL_NAME,
+    'allow',
+  )
+  const matchingAllowRules = filterRulesByContentsMatchingInput(
+    input,
+    allowRuleByContents,
+    matchMode,
+    { skipCompoundCheck },
+  )
+  return { matchingDenyRules, matchingAskRules, matchingAllowRules }
+}

package/tui/src/tools/BashTool/bashPermissions/sandboxAutoAllow.ts ADDED Viewed

@@ -0,0 +1,75 @@
+import type { ToolPermissionContext } from '../../../Tool.js'
+import { splitCommand_DEPRECATED } from '../../../utils/bash/commands.js'
+import type { PermissionRule } from '../../../utils/permissions/PermissionRule.js'
+import type { PermissionResult } from '../../../utils/permissions/PermissionResult.js'
+import { createPermissionRequestMessage } from '../../../utils/permissions/permissions.js'
+import type { BashToolInput } from '../schemas.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import { matchingRulesForInput } from './ruleMatching.js'
+const splitCommand = splitCommand_DEPRECATED
+function denyResult(
+  input: BashToolInput,
+  rule: PermissionRule,
+): PermissionResult {
+  return {
+    behavior: 'deny',
+    message: `Permission to use ${BASH_TOOL_NAME} with command ${input.command.trim()} has been denied.`,
+    decisionReason: { type: 'rule', rule },
+  }
+}
+export function checkSandboxAutoAllow(
+  input: BashToolInput,
+  toolPermissionContext: ToolPermissionContext,
+): PermissionResult {
+  const command = input.command.trim()
+  const { matchingDenyRules, matchingAskRules } = matchingRulesForInput(
+    input,
+    toolPermissionContext,
+    'prefix',
+  )
+  if (matchingDenyRules[0] !== undefined) {
+    return denyResult(input, matchingDenyRules[0])
+  }
+  const subcommands = splitCommand(command)
+  if (subcommands.length > 1) {
+    let firstAskRule: PermissionRule | undefined
+    for (const sub of subcommands) {
+      const subResult = matchingRulesForInput(
+        { command: sub },
+        toolPermissionContext,
+        'prefix',
+      )
+      if (subResult.matchingDenyRules[0] !== undefined) {
+        return denyResult(input, subResult.matchingDenyRules[0])
+      }
+      firstAskRule ??= subResult.matchingAskRules[0]
+    }
+    if (firstAskRule) {
+      return {
+        behavior: 'ask',
+        message: createPermissionRequestMessage(BASH_TOOL_NAME),
+        decisionReason: { type: 'rule', rule: firstAskRule },
+      }
+    }
+  }
+  if (matchingAskRules[0] !== undefined) {
+    return {
+      behavior: 'ask',
+      message: createPermissionRequestMessage(BASH_TOOL_NAME),
+      decisionReason: { type: 'rule', rule: matchingAskRules[0] },
+    }
+  }
+  return {
+    behavior: 'allow',
+    updatedInput: input,
+    decisionReason: {
+      type: 'other',
+      reason: 'Auto-allowed with sandbox (autoAllowBashIfSandboxed enabled)',
+    },
+  }
+}

package/tui/src/tools/BashTool/bashPermissions/subcommandFlow.ts ADDED Viewed

@@ -0,0 +1,205 @@
+import { feature } from 'bun:bundle'
+import type { ToolUseContext } from '../../../Tool.js'
+import type { Redirect, SimpleCommand } from '../../../utils/bash/ast.js'
+import { getCommandSubcommandPrefix } from '../../../utils/bash/commands.js'
+import { getCwd } from '../../../utils/cwd.js'
+import { isEnvTruthy } from '../../../utils/envUtils.js'
+import { AbortError } from '../../../utils/errors.js'
+import type { PermissionResult } from '../../../utils/permissions/PermissionResult.js'
+import { createPermissionRequestMessage } from '../../../utils/permissions/permissions.js'
+import { count } from '../../../utils/array.js'
+import { checkPathConstraints } from '../pathValidation.js'
+import type { BashToolInput } from '../schemas.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import { buildPendingClassifierCheck } from './classifierChecks.js'
+import {
+  bashToolCheckPermission,
+  checkCommandAndSuggestRules,
+} from './permissionChecks.js'
+import {
+  allowedSubcommandsResult,
+  collectSuggestedRuleUpdates,
+  deniedSubcommandResult,
+  hasLegacyCommandInjection,
+} from './subcommandResultHelpers.js'
+import type { CommandPrefixResolver } from './types.js'
+type ResolveSubcommandPermissionFlowParams = {
+  readonly input: BashToolInput
+  readonly context: ToolUseContext
+  readonly exactMatchResult: PermissionResult
+  readonly subcommands: readonly string[]
+  readonly astCommandsByIdx: readonly (SimpleCommand | undefined)[]
+  readonly astRedirects?: Redirect[]
+  readonly astCommands?: SimpleCommand[]
+  readonly astSubcommands: readonly string[] | null
+  readonly compoundCommandHasCd: boolean
+  readonly getCommandSubcommandPrefixFn: CommandPrefixResolver
+}
+export async function resolveSubcommandPermissionFlow({
+  input,
+  context,
+  exactMatchResult,
+  subcommands,
+  astCommandsByIdx,
+  astRedirects,
+  astCommands,
+  astSubcommands,
+  compoundCommandHasCd,
+  getCommandSubcommandPrefixFn,
+}: ResolveSubcommandPermissionFlowParams): Promise<PermissionResult> {
+  let appState = context.getAppState()
+  const subcommandPermissionDecisions = subcommands.map((command, i) =>
+    bashToolCheckPermission(
+      { command },
+      appState.toolPermissionContext,
+      compoundCommandHasCd,
+      astCommandsByIdx[i],
+    ),
+  )
+  if (subcommandPermissionDecisions.some(_ => _.behavior === 'deny')) {
+    return deniedSubcommandResult(input, subcommands, subcommandPermissionDecisions)
+  }
+  const pathResult = checkPathConstraints(
+    input,
+    getCwd(),
+    appState.toolPermissionContext,
+    compoundCommandHasCd,
+    astRedirects,
+    astCommands,
+  )
+  if (pathResult.behavior === 'deny') return pathResult
+  const askSubresult = subcommandPermissionDecisions.find(
+    _ => _.behavior === 'ask',
+  )
+  const nonAllowCount = count(
+    subcommandPermissionDecisions,
+    _ => _.behavior !== 'allow',
+  )
+  if (pathResult.behavior === 'ask' && askSubresult === undefined) {
+    return pathResult
+  }
+  if (askSubresult !== undefined && nonAllowCount === 1) {
+    return {
+      ...askSubresult,
+      ...(feature('BASH_CLASSIFIER')
+        ? {
+            pendingClassifierCheck: buildPendingClassifierCheck(
+              input.command,
+              appState.toolPermissionContext,
+            ),
+          }
+        : {}),
+    }
+  }
+  if (exactMatchResult.behavior === 'allow') return exactMatchResult
+  const hasPossibleCommandInjection =
+    astSubcommands === null &&
+    !isEnvTruthy(process.env.CLAUDE_CODE_DISABLE_COMMAND_INJECTION_CHECK)
+      ? await hasLegacyCommandInjection(subcommands)
+      : false
+  if (
+    subcommandPermissionDecisions.every(_ => _.behavior === 'allow') &&
+    !hasPossibleCommandInjection
+  ) {
+    return allowedSubcommandsResult(
+      input,
+      subcommands,
+      subcommandPermissionDecisions,
+    )
+  }
+  let commandSubcommandPrefix: Awaited<
+    ReturnType<typeof getCommandSubcommandPrefixFn>
+  > = null
+  if (getCommandSubcommandPrefixFn !== getCommandSubcommandPrefix) {
+    commandSubcommandPrefix = await getCommandSubcommandPrefixFn(
+      input.command,
+      context.abortController.signal,
+      context.options.isNonInteractiveSession,
+    )
+    if (context.abortController.signal.aborted) throw new AbortError()
+  }
+  appState = context.getAppState()
+  if (subcommands.length === 1) {
+    const onlySubcommand = subcommands[0]
+    if (onlySubcommand === undefined) {
+      return {
+        behavior: 'deny',
+        message: `Permission to use ${BASH_TOOL_NAME} with command ${input.command} has been denied.`,
+      }
+    }
+    const result = await checkCommandAndSuggestRules(
+      { command: onlySubcommand },
+      appState.toolPermissionContext,
+      commandSubcommandPrefix,
+      compoundCommandHasCd,
+      astSubcommands !== null,
+    )
+    if (result.behavior === 'ask' || result.behavior === 'passthrough') {
+      return {
+        ...result,
+        ...(feature('BASH_CLASSIFIER')
+          ? {
+              pendingClassifierCheck: buildPendingClassifierCheck(
+                input.command,
+                appState.toolPermissionContext,
+              ),
+            }
+          : {}),
+      }
+    }
+    return result
+  }
+  const subcommandResults: Map<string, PermissionResult> = new Map()
+  for (const subcommand of subcommands) {
+    subcommandResults.set(
+      subcommand,
+      await checkCommandAndSuggestRules(
+        { ...input, command: subcommand },
+        appState.toolPermissionContext,
+        commandSubcommandPrefix?.subcommandPrefixes.get(subcommand),
+        compoundCommandHasCd,
+        astSubcommands !== null,
+      ),
+    )
+  }
+  if (
+    subcommands.every(
+      subcommand => subcommandResults.get(subcommand)?.behavior === 'allow',
+    )
+  ) {
+    return {
+      behavior: 'allow',
+      updatedInput: input,
+      decisionReason: {
+        type: 'subcommandResults',
+        reasons: subcommandResults,
+      },
+    }
+  }
+  const decisionReason = {
+    type: 'subcommandResults' as const,
+    reasons: subcommandResults,
+  }
+  return {
+    behavior: askSubresult !== undefined ? 'ask' : 'passthrough',
+    message: createPermissionRequestMessage(BASH_TOOL_NAME, decisionReason),
+    decisionReason,
+    suggestions: collectSuggestedRuleUpdates(subcommandResults),
+    ...(feature('BASH_CLASSIFIER')
+      ? {
+          pendingClassifierCheck: buildPendingClassifierCheck(
+            input.command,
+            appState.toolPermissionContext,
+          ),
+        }
+      : {}),
+  }
+}

package/tui/src/tools/BashTool/bashPermissions/subcommandGuards.ts ADDED Viewed

@@ -0,0 +1,73 @@
+import type { ToolPermissionContext } from '../../../Tool.js'
+import type { SimpleCommand } from '../../../utils/bash/ast.js'
+import type { PermissionResult } from '../../../utils/permissions/PermissionResult.js'
+import type { BashToolInput } from '../schemas.js'
+import { BASH_TOOL_NAME } from '../toolName.js'
+import { bashToolCheckExactMatchPermission } from './permissionChecks.js'
+import { matchingRulesForInput } from './ruleMatching.js'
+export function filterCdCwdSubcommands(
+  rawSubcommands: string[],
+  astCommands: SimpleCommand[] | undefined,
+  cwd: string,
+  cwdMingw: string,
+): { subcommands: string[]; astCommandsByIdx: (SimpleCommand | undefined)[] } {
+  const subcommands: string[] = []
+  const astCommandsByIdx: (SimpleCommand | undefined)[] = []
+  for (let i = 0; i < rawSubcommands.length; i++) {
+    const cmd = rawSubcommands[i]
+    if (cmd === undefined) continue
+    if (cmd === `cd ${cwd}` || cmd === `cd ${cwdMingw}`) continue
+    subcommands.push(cmd)
+    astCommandsByIdx.push(astCommands?.[i])
+  }
+  return { subcommands, astCommandsByIdx }
+}
+export function checkEarlyExitDeny(
+  input: BashToolInput,
+  toolPermissionContext: ToolPermissionContext,
+): PermissionResult | null {
+  const exactMatchResult = bashToolCheckExactMatchPermission(
+    input,
+    toolPermissionContext,
+  )
+  if (exactMatchResult.behavior !== 'passthrough') return exactMatchResult
+  const denyMatch = matchingRulesForInput(
+    input,
+    toolPermissionContext,
+    'prefix',
+  ).matchingDenyRules[0]
+  if (denyMatch !== undefined) {
+    return {
+      behavior: 'deny',
+      message: `Permission to use ${BASH_TOOL_NAME} with command ${input.command} has been denied.`,
+      decisionReason: { type: 'rule', rule: denyMatch },
+    }
+  }
+  return null
+}
+export function checkSemanticsDeny(
+  input: BashToolInput,
+  toolPermissionContext: ToolPermissionContext,
+  commands: readonly { text: string }[],
+): PermissionResult | null {
+  const fullCmd = checkEarlyExitDeny(input, toolPermissionContext)
+  if (fullCmd !== null) return fullCmd
+  for (const cmd of commands) {
+    const subDeny = matchingRulesForInput(
+      { ...input, command: cmd.text },
+      toolPermissionContext,
+      'prefix',
+    ).matchingDenyRules[0]
+    if (subDeny !== undefined) {
+      return {
+        behavior: 'deny',
+        message: `Permission to use ${BASH_TOOL_NAME} with command ${input.command} has been denied.`,
+        decisionReason: { type: 'rule', rule: subDeny },
+      }
+    }
+  }
+  return null
+}