wormclaude 1.0.13 → 1.0.14

package/dist/cmdsec.js

@@ -0,0 +1,306 @@
+// Komut güvenliği — Bash aracı çalışmadan ÖNCE kontrol eder.
+// Gemini/Blackbox CLI shell-utils.js + shellReadOnlyChecker.js'ten uyarlandı, WormClaude'a özel.
+//   - Hard-deny blocklist (rm -rf /, fork bomb, dd of=/dev, mkfs, curl|bash...)
+//   - Command-substitution engeli ($(), <(), backtick) -> hard deny
+//   - Read-only allowlist (ls, cat, git status... -> izinsiz geçer)
+//   - Kalıcı kullanıcı allowlist'i (kök komut bazlı: "git", "npm")
+//   - escapeShellArg (PowerShell/cmd/bash) -> !{} injection güvenliği
+import * as os from 'node:os';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+// ── Kalıcı kullanıcı allowlist'i (kök komut: git, npm...) ───────────────────
+const ALLOW_FILE = path.join(os.homedir(), '.wormclaude', 'approved-commands.json');
+let _approved = null;
+function loadApproved() {
+    if (_approved)
+        return _approved;
+    try {
+        const arr = JSON.parse(fs.readFileSync(ALLOW_FILE, 'utf8'));
+        _approved = new Set(Array.isArray(arr) ? arr.map(String) : []);
+    }
+    catch {
+        _approved = new Set();
+    }
+    return _approved;
+}
+export function getApprovedCommands() { return [...loadApproved()].sort(); }
+function saveApproved(set) {
+    _approved = set;
+    try {
+        fs.mkdirSync(path.dirname(ALLOW_FILE), { recursive: true });
+        fs.writeFileSync(ALLOW_FILE, JSON.stringify([...set], null, 2));
+    }
+    catch { }
+}
+export function approveCommands(roots) {
+    const set = loadApproved();
+    const before = set.size;
+    for (const r of roots)
+        if (r)
+            set.add(r);
+    saveApproved(set);
+    return set.size - before;
+}
+export function unapproveCommands(roots) {
+    const set = loadApproved();
+    const before = set.size;
+    for (const r of roots)
+        set.delete(r);
+    saveApproved(set);
+    return before - set.size;
+}
+export function clearApproved() { saveApproved(new Set()); }
+// ── Komut ayrıştırma (shell-utils.js'ten) ──────────────────────────────────
+export function splitCommands(command) {
+    const commands = [];
+    let cur = '';
+    let inS = false, inD = false;
+    let i = 0;
+    while (i < command.length) {
+        const c = command[i], n = command[i + 1];
+        if (c === '\\' && i < command.length - 1) {
+            cur += c + n;
+            i += 2;
+            continue;
+        }
+        if (c === "'" && !inD)
+            inS = !inS;
+        else if (c === '"' && !inS)
+            inD = !inD;
+        if (!inS && !inD) {
+            if ((c === '&' && n === '&') || (c === '|' && n === '|')) {
+                commands.push(cur.trim());
+                cur = '';
+                i++;
+            }
+            else if (c === ';' || c === '&' || c === '|') {
+                commands.push(cur.trim());
+                cur = '';
+            }
+            else
+                cur += c;
+        }
+        else
+            cur += c;
+        i++;
+    }
+    if (cur.trim())
+        commands.push(cur.trim());
+    return commands.filter(Boolean);
+}
+export function getCommandRoot(command) {
+    const t = command.trim();
+    if (!t)
+        return undefined;
+    const m = t.match(/^"([^"]+)"|^'([^']+)'|^(\S+)/);
+    if (m) {
+        const root = m[1] || m[2] || m[3];
+        if (root)
+            return root.split(/[\\/]/).pop();
+    }
+    return undefined;
+}
+export function getCommandRoots(command) {
+    if (!command)
+        return [];
+    return splitCommands(command).map(getCommandRoot).filter((c) => !!c);
+}
+export function stripShellWrapper(command) {
+    const m = command.match(/^\s*(?:sh|bash|zsh|cmd\.exe|powershell|pwsh)\s+(?:\/c|-c|-Command)\s+/i);
+    if (m) {
+        let c = command.substring(m[0].length).trim();
+        if ((c.startsWith('"') && c.endsWith('"')) || (c.startsWith("'") && c.endsWith("'")))
+            c = c.slice(1, -1);
+        return c;
+    }
+    return command.trim();
+}
+// $(), <(), backtick komut-ikamesi tespiti (bash kurallarına göre)
+export function detectCommandSubstitution(command) {
+    let inS = false, inD = false, inB = false;
+    let i = 0;
+    while (i < command.length) {
+        const c = command[i], n = command[i + 1];
+        if (c === '\\' && !inS) {
+            i += 2;
+            continue;
+        }
+        if (c === "'" && !inD && !inB)
+            inS = !inS;
+        else if (c === '"' && !inS && !inB)
+            inD = !inD;
+        else if (c === '`' && !inS)
+            inB = !inB;
+        if (!inS) {
+            if (c === '$' && n === '(')
+                return true;
+            if (c === '<' && n === '(' && !inD && !inB)
+                return true;
+            if (c === '`' && !inB)
+                return true;
+        }
+        i++;
+    }
+    return false;
+}
+export function escapeShellArg(arg, shell = process.platform === 'win32' ? 'cmd' : 'bash') {
+    if (!arg)
+        return shell === 'bash' ? "''" : '""';
+    switch (shell) {
+        case 'powershell': return `'${arg.replace(/'/g, "''")}'`;
+        case 'cmd': return `"${arg.replace(/"/g, '""')}"`;
+        case 'bash':
+        default: return `'${arg.replace(/'/g, "'\\''")}'`;
+    }
+}
+// ── Tehlikeli komut blocklist (HARD DENY) ──────────────────────────────────
+const DANGER = [
+    { re: /\brm\s+(?:-[a-zA-Z]+\s+)*-[a-zA-Z]*[rf][a-zA-Z]*\s+(?:-[a-zA-Z]+\s+)*(?:\/|~|\$HOME|\*|\.)(?:\s|$)/, reason: 'Tehlikeli geniş silme (rm -rf /, ~, *, .)' },
+    { re: /:\s*\(\s*\)\s*\{\s*:\s*\|\s*:\s*&\s*\}\s*;\s*:/, reason: 'Fork bomb' },
+    { re: /\bmkfs(\.\w+)?\b/, reason: 'Dosya sistemi formatlama (mkfs)' },
+    { re: /\bdd\b[^\n]*\bof=\/dev\/(sd|nvme|hd|mmcblk|disk)/, reason: 'Diske ham yazma (dd of=/dev/...)' },
+    { re: />\s*\/dev\/(sd|nvme|hd|mmcblk|disk)/, reason: 'Blok aygıtına yazma (> /dev/sd...)' },
+    { re: /\bchmod\s+-R\s+0*777\s+\//, reason: 'Kök dizinde chmod -R 777 /' },
+    { re: /\bchown\s+-R\s+[^\s]+\s+\/(?:\s|$)/, reason: 'Kök dizinde chown -R' },
+    { re: /\b(?:curl|wget)\b[^\n|]*\|\s*(?:sudo\s+)?(?:bash|sh|zsh)\b/, reason: 'İnternetten indirip shell\'e pipe (curl|bash)' },
+    { re: /\b(?:shutdown|reboot|halt|poweroff|init\s+0)\b/, reason: 'Sistemi kapatma/yeniden başlatma' },
+    { re: /\bmv\s+[^\n]*\s+\/dev\/null\b/, reason: 'Veriyi /dev/null\'a taşıma' },
+    { re: />\s*\/dev\/null\s+2>&1\s*;\s*rm/, reason: 'Gizli silme' },
+];
+// ── Read-only komut tespiti (shellReadOnlyChecker.js'ten — sağlam) ──────────
+const READONLY_ROOTS = new Set([
+    'awk', 'basename', 'cat', 'cd', 'column', 'cut', 'df', 'dirname', 'du', 'echo', 'env', 'find',
+    'git', 'grep', 'egrep', 'fgrep', 'head', 'less', 'more', 'printenv', 'printf', 'ps', 'pwd', 'rg',
+    'ripgrep', 'sed', 'sort', 'stat', 'tail', 'tree', 'uniq', 'wc', 'which', 'where', 'whoami',
+    'id', 'hostname', 'uname', 'date', 'cal', 'uptime', 'file', 'realpath', 'nl', 'tac', 'cmp',
+    'md5sum', 'sha256sum', 'seq', 'test', 'true', 'false',
+    'node', 'python', 'python3', 'java', 'go', 'rustc', 'php', 'ruby', // yalnız --version
+    'npm', 'pnpm', 'yarn', 'pip', 'pip3', 'docker', 'kubectl', 'cargo', // yalnız read-only alt-komut
+]);
+// Alt-komutu read-only olanlar (yazan alt-komutlar — config/run/install — DAHİL DEĞİL)
+const READONLY_SUB = {
+    git: new Set(['blame', 'branch', 'cat-file', 'diff', 'grep', 'log', 'ls-files', 'remote', 'rev-parse', 'show', 'status', 'describe']),
+    npm: new Set(['ls', 'list', 'view', 'info', 'outdated', 'show', 'search', 'ping', 'whoami', 'doctor', 'why', 'audit']),
+    pnpm: new Set(['ls', 'list', 'view', 'outdated', 'why', 'audit']),
+    yarn: new Set(['list', 'info', 'why', 'outdated', 'audit']),
+    pip: new Set(['show', 'list', 'freeze', 'check']),
+    pip3: new Set(['show', 'list', 'freeze', 'check']),
+    docker: new Set(['ps', 'images', 'logs', 'inspect', 'version', 'info', 'stats', 'top', 'port', 'diff', 'history']),
+    kubectl: new Set(['get', 'describe', 'logs', 'top', 'explain', 'version', 'api-resources']),
+    cargo: new Set(['tree', 'search', 'metadata']),
+};
+const VERSION_ONLY = new Set(['node', 'python', 'python3', 'java', 'go', 'rustc', 'php', 'ruby']);
+const BLOCKED_FIND = new Set(['-delete', '-exec', '-execdir', '-ok', '-okdir']);
+const BLOCKED_FIND_PREFIX = ['-fprint'];
+const BLOCKED_GIT_REMOTE = new Set(['add', 'remove', 'rename', 'set-url', 'prune', 'update']);
+const BLOCKED_GIT_BRANCH = new Set(['-d', '-D', '--delete', '--move', '-m']);
+const ENV_ASSIGN = /^[A-Za-z_][A-Za-z0-9_]*=/;
+// Tırnak dışında '>' (yazma yönlendirmesi) -> read-only DEĞİL.
+function hasWriteRedirection(cmd) {
+    let inS = false, inD = false, esc = false;
+    for (const ch of cmd) {
+        if (esc) {
+            esc = false;
+            continue;
+        }
+        if (ch === '\\' && !inS) {
+            esc = true;
+            continue;
+        }
+        if (ch === "'" && !inD) {
+            inS = !inS;
+            continue;
+        }
+        if (ch === '"' && !inS) {
+            inD = !inD;
+            continue;
+        }
+        if (!inS && !inD && ch === '>')
+            return true;
+    }
+    return false;
+}
+function cmdIsReadOnly(single) {
+    const s = stripShellWrapper(single);
+    if (!s.trim())
+        return true;
+    if (detectCommandSubstitution(s))
+        return false;
+    if (hasWriteRedirection(s))
+        return false;
+    let tk = s.trim().split(/\s+/).filter(Boolean);
+    let i = 0;
+    while (i < tk.length && ENV_ASSIGN.test(tk[i]))
+        i++; // FOO=bar cmd -> atla
+    tk = tk.slice(i);
+    if (tk.length === 0)
+        return true;
+    const root = (tk[0].split(/[\\/]/).pop() || '').toLowerCase();
+    if (!READONLY_ROOTS.has(root))
+        return false;
+    const args = tk.slice(1);
+    if (VERSION_ONLY.has(root)) {
+        return args.some((a) => /^(--version|-v|-V|version)$/.test(a)) &&
+            !args.some((a) => a.startsWith('-') && !/^(-v|-V|--version)$/.test(a));
+    }
+    if (root === 'find') {
+        return !args.some((a) => BLOCKED_FIND.has(a.toLowerCase()) || BLOCKED_FIND_PREFIX.some((p) => a.toLowerCase().startsWith(p)));
+    }
+    if (root === 'sed') {
+        return !args.some((a) => a.startsWith('-i') || a === '--in-place');
+    }
+    if (READONLY_SUB[root]) {
+        let j = 0;
+        while (j < args.length && args[j].startsWith('-')) {
+            const f = args[j].toLowerCase();
+            if (f === '--version' || f === '--help')
+                return true;
+            j++;
+        }
+        if (j >= args.length)
+            return true;
+        const sub = args[j].toLowerCase();
+        if (!READONLY_SUB[root].has(sub))
+            return false;
+        const subArgs = args.slice(j + 1);
+        if (root === 'git' && sub === 'remote')
+            return !subArgs.some((a) => BLOCKED_GIT_REMOTE.has(a.toLowerCase()));
+        if (root === 'git' && sub === 'branch')
+            return !subArgs.some((a) => BLOCKED_GIT_BRANCH.has(a));
+        return true;
+    }
+    return true;
+}
+export function isShellCommandReadOnly(command) {
+    if (typeof command !== 'string' || !command.trim())
+        return false;
+    const segs = splitCommands(command);
+    return segs.length > 0 && segs.every(cmdIsReadOnly);
+}
+// ── Asıl güvenlik motoru ───────────────────────────────────────────────────
+export function checkCommand(rawCommand) {
+    const command = stripShellWrapper(String(rawCommand || ''));
+    const roots = getCommandRoots(command);
+    // 1) Command substitution -> HARD DENY
+    if (detectCommandSubstitution(command)) {
+        return { decision: 'deny', reason: 'Komut ikamesi ($(), <(), backtick) güvenlik nedeniyle engellendi', roots };
+    }
+    // 2) Tehlikeli blocklist -> HARD DENY
+    for (const d of DANGER) {
+        try {
+            if (d.re instanceof RegExp && d.re.test(command))
+                return { decision: 'deny', reason: d.reason, roots };
+        }
+        catch { }
+    }
+    // 3) Read-only -> izinsiz geç
+    if (isShellCommandReadOnly(command))
+        return { decision: 'allow', reason: 'read-only', roots };
+    // 4) Kullanıcı allowlist'i (tüm kökler onaylıysa) -> izinsiz geç
+    const approved = loadApproved();
+    if (roots.length > 0 && roots.every((r) => approved.has(r))) {
+        return { decision: 'allow', reason: 'kullanıcı onaylı', roots };
+    }
+    // 5) Kalan -> onay iste
+    return { decision: 'confirm', roots };
+}

package/dist/commands.js

@@ -10,6 +10,7 @@ import * as usage from './usage.js';
 import { runCompact, contextPercent, autoCompactThreshold } from './compact.js';
 import { cmdDesc, setLang, saveLang, getLang } from './i18n.js';
 import { loadSkills, getSkills, getSkillsDir, installSkill, updateSkill, removeSkill, getRegistry } from './skills.js';
+import { getApprovedCommands, approveCommands, unapproveCommands, clearApproved } from './cmdsec.js';
 import { isLearnEnabled, setLearnEnabled, getLearnFile, getLearnCount } from './learn.js';
 export const COMMANDS = [
     { name: '/help', desc: 'komutları ve ipuçlarını göster' },
@@ -36,6 +37,7 @@ export const COMMANDS = [
     { name: '/dream', desc: 'arka planda hafızayı konsolide et (.wormclaude/memory.md)' },
     { name: '/learn', desc: 'web-öğrenme datasını göster / aç-kapa (eğitim için)' },
     { name: '/copy', desc: 'son yaniti panoya kopyala (/copy all = tum sohbet)' },
+    { name: '/izinler', desc: 'onayli shell komutlarini yonet (list/add/remove/clear)' },
     { name: '/export', desc: 'sohbeti dosyaya kaydet' },
     { name: '/resume', desc: 'en son kaydedilen oturumu yükle' },
     { name: '/quit', desc: 'çıkış' },
@@ -537,6 +539,30 @@ export async function runSlashCommand(input, ctx) {
                 : 'Pano aracı yok (win: clip · mac: pbcopy · linux: xclip/wl-copy). /export ile dosyaya kaydedebilirsin.');
             return true;
         }
+        case '/izinler': {
+            const sub = (arg.split(/\s+/)[0] || '').toLowerCase();
+            const vals = arg.split(/\s+/).slice(1).filter(Boolean);
+            if (sub === 'add' && vals.length) {
+                const n = approveCommands(vals);
+                ctx.note(n > 0 ? `✓ ${n} komut onaylandı: ${vals.join(', ')}` : 'Belirtilenler zaten onaylıydı.');
+            }
+            else if (sub === 'remove' && vals.length) {
+                const n = unapproveCommands(vals);
+                ctx.note(n > 0 ? `✓ ${n} komut onaydan çıkarıldı.` : 'Belirtilenler onaylı listede yoktu.');
+            }
+            else if (sub === 'clear') {
+                clearApproved();
+                ctx.note('✓ Tüm onaylı komutlar temizlendi.');
+            }
+            else {
+                const list = getApprovedCommands();
+                const body = list.length ? list.map((c) => `  • ${c}`).join('\n') : '  (henüz yok — "Evet, hep" seçince eklenir)';
+                ctx.note(`Onaylı shell komutları (${list.length}) — bunlar onaysız çalışır:\n${body}\n\n` +
+                    `Kullanım:\n  /izinler              → listele\n  /izinler add git npm  → onayla\n  /izinler remove git   → çıkar\n  /izinler clear        → hepsini temizle\n` +
+                    `(Tehlikeli komutlar — rm -rf /, fork bomb vb. — onaylasan da engellenir.)`);
+            }
+            return true;
+        }
         case '/export': {
             fs.mkdirSync(SESSION_DIR, { recursive: true });
             const file = path.join(SESSION_DIR, `session-${tsStamp()}.json`);

package/dist/extensions.js

@@ -11,6 +11,7 @@ import * as fs from 'node:fs';
 import * as os from 'node:os';
 import * as path from 'node:path';
 import { fileURLToPath } from 'node:url';
+import { resolveInjections } from './injections.js';
 let EXTENSIONS = [];
 // Pakete gömülü extensions (npm ile gelir) + kullanıcı + proje dizinleri.
 const BUNDLED_DIR = path.join(path.dirname(fileURLToPath(import.meta.url)), '..', 'extensions');
@@ -121,15 +122,20 @@ export function getExtCommand(name) {
 export function getExcludedTools() {
     return [...new Set(EXTENSIONS.flatMap((x) => x.excludeTools))];
 }
-// Komut prompt'unu kök dizin referansı + kullanıcı argümanı ile birleştirir.
-// {{args}} placeholder'ı varsa onunla değişir; yoksa argüman sona eklenir.
+// Komut prompt'unu çözer: !{komut} (shell çıktısı, cmdsec'li) · @{dosya} (içerik) · {{args}}.
+// {{args}} placeholder'ı yoksa kullanıcı argümanı sona eklenir.
 export function buildExtCommandPrompt(cmd, args) {
-    let p = cmd.prompt;
-    if (p.includes('{{args}}')) {
-        p = p.replace(/\{\{args\}\}/g, args || '');
+    const a = args || '';
+    const hasArgsPlaceholder = cmd.prompt.includes('{{args}}');
+    let p;
+    try {
+        p = resolveInjections(cmd.prompt, { args: a, cwd: process.cwd(), contextName: cmd.name });
+    }
+    catch (e) {
+        p = cmd.prompt + `\n\n[injection hatası: ${e?.message || e}]`;
     }
-    else if (args && args.trim()) {
-        p += `\n\n## User input\n\n${args.trim()}`;
+    if (!hasArgsPlaceholder && a.trim()) {
+        p += `\n\n## User input\n\n${a.trim()}`;
     }
     return (`Extension base directory: ${cmd.dir}\n` +
         `(You may Read files here — templates/, context, assets — as needed to complete this command.)\n\n` +

package/dist/injections.js

@@ -0,0 +1,108 @@
+// Komut şablonu injection'ları — extension komutlarında dinamik içerik.
+// Gemini/Blackbox CLI injectionParser + shellProcessor + atFileProcessor'dan uyarlandı.
+//   {{args}}   -> kullanıcı argümanı (ham; !{} içinde shell-escape'li)
+//   !{komut}   -> shell çıktısı gömer (cmdsec güvenlik kontrolüyle)
+//   @{dosya}   -> dosya içeriği gömer (cwd'ye göre)
+import { execSync } from 'node:child_process';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { checkCommand, escapeShellArg } from './cmdsec.js';
+const ARGS = '{{args}}';
+const SHELL_TRIG = '!{';
+const FILE_TRIG = '@{';
+// Brace-sayan parser (injectionParser.js — temiz, birebir).
+export function extractInjections(prompt, trigger, contextName) {
+    const injections = [];
+    let index = 0;
+    while (index < prompt.length) {
+        const startIndex = prompt.indexOf(trigger, index);
+        if (startIndex === -1)
+            break;
+        let i = startIndex + trigger.length;
+        let depth = 1;
+        let closed = false;
+        while (i < prompt.length) {
+            const ch = prompt[i];
+            if (ch === '{')
+                depth++;
+            else if (ch === '}') {
+                depth--;
+                if (depth === 0) {
+                    injections.push({ content: prompt.substring(startIndex + trigger.length, i).trim(), startIndex, endIndex: i + 1 });
+                    index = i + 1;
+                    closed = true;
+                    break;
+                }
+            }
+            i++;
+        }
+        if (!closed) {
+            const ctx = contextName ? ` ('${contextName}')` : '';
+            throw new Error(`Geçersiz injection${ctx}: ${trigger} kapanmamış (index ${startIndex}). Süslü parantezler dengeli olmalı.`);
+        }
+    }
+    return injections;
+}
+function runShell(cmd, cwd) {
+    const chk = checkCommand(cmd);
+    if (chk.decision === 'deny')
+        return `[engellendi: ${chk.reason || 'tehlikeli komut'}]`;
+    try {
+        const out = execSync(cmd, {
+            cwd, encoding: 'utf8', timeout: 30000, maxBuffer: 1024 * 1024,
+            windowsHide: true, stdio: ['ignore', 'pipe', 'pipe'],
+        });
+        return String(out).trim();
+    }
+    catch (e) {
+        const o = (e?.stdout ? String(e.stdout) : '') + (e?.stderr ? String(e.stderr) : '');
+        return (o.trim() || `[komut hatası: ${e?.message || e}]`);
+    }
+}
+function readFileInjection(p, cwd) {
+    try {
+        const abs = path.isAbsolute(p) ? p : path.resolve(cwd, p);
+        const data = fs.readFileSync(abs, 'utf8');
+        return `--- ${p} ---\n${data}\n--- /${p} ---`;
+    }
+    catch {
+        return `[dosya okunamadı: ${p}]`;
+    }
+}
+// Bir injection türünü çözer; resolver(content) çıktıyı döndürür.
+function replaceTrigger(text, trigger, resolver, ctx) {
+    const injs = extractInjections(text, trigger, ctx);
+    if (injs.length === 0)
+        return text;
+    let out = '';
+    let last = 0;
+    for (const inj of injs) {
+        out += text.substring(last, inj.startIndex);
+        out += resolver(inj.content);
+        last = inj.endIndex;
+    }
+    out += text.substring(last);
+    return out;
+}
+// Şablonu çöz: !{komut} -> shell çıktısı, @{dosya} -> dosya, {{args}} -> argüman.
+export function resolveInjections(text, opts = {}) {
+    const args = opts.args ?? '';
+    const cwd = opts.cwd ?? process.cwd();
+    const ctx = opts.contextName;
+    let out = text;
+    // 1) !{komut}: içindeki {{args}} shell-escape'li, sonra cmdsec ile çalıştır.
+    if (out.includes(SHELL_TRIG)) {
+        const shell = process.platform === 'win32' ? 'cmd' : 'bash';
+        out = replaceTrigger(out, SHELL_TRIG, (cmd) => {
+            const resolved = cmd.split(ARGS).join(escapeShellArg(args, shell));
+            return runShell(resolved, cwd);
+        }, ctx);
+    }
+    // 2) @{dosya}: içindeki {{args}} ham, sonra oku.
+    if (out.includes(FILE_TRIG)) {
+        out = replaceTrigger(out, FILE_TRIG, (p) => readFileInjection(p.split(ARGS).join(args), cwd), ctx);
+    }
+    // 3) Kalan {{args}} -> ham argüman.
+    out = out.split(ARGS).join(args);
+    return out;
+}

package/dist/theme.js

@@ -8,4 +8,4 @@ export const theme = {
     green: '#4ade80',
     errorRed: '#ff6b6b',
 };
-export const VERSION = '1.0.13';
+export const VERSION = '1.0.14';

package/dist/tools.js

@@ -12,6 +12,8 @@ import { tasks } from './tasks.js';
 import { getMcpToolSchemas, callMcpTool } from './mcp.js';
 import { getSkills, getSkill, buildSkillPrompt } from './skills.js';
 import { getExcludedTools } from './extensions.js';
+import { checkCommand } from './cmdsec.js';
+import * as Diff from 'diff';
 import * as computer from './computer.js';
 // Agent/alt-agent araçlarının backend'e ulaşması için config. cli.tsx başlangıçta
 // setToolConfig ile aynı (mutable) config nesnesini verir → /config değişiklikleri görülür.
@@ -602,6 +604,17 @@ async function execOne(call, hooks) {
     if (planMode && !isReadOnly(call.name)) {
         return { ok: false, output: 'Plan modunda — yazma/komut engellendi. Önce ExitPlanMode ile planı onaylat.', args };
     }
+    // 3.5) Komut güvenliği (Bash/PowerShell) — cmdsec: deny→blokla, allow→izinsiz, confirm→izin akışı
+    if ((call.name === 'Bash' || call.name === 'PowerShell') && args && args.command) {
+        const chk = checkCommand(String(args.command));
+        if (chk.decision === 'deny') {
+            return { ok: false, output: `⛔ Güvenlik: komut engellendi — ${chk.reason || 'tehlikeli komut'}`, args };
+        }
+        if (chk.decision === 'allow') {
+            const res = await executeTool(call.name, args);
+            return { ...res, args };
+        }
+    }
     // 4) İzin (gerekiyorsa)
     if (needsPermission(call.name) && hooks?.confirm) {
         const decision = await hooks.confirm(call, args);
@@ -764,6 +777,23 @@ const TYPE_EXT = {
     sh: ['sh', 'bash', 'zsh'],
 };
 // ── Executor ──────────────────────────────────────────────────────────────────
+// Edit/Write icin +/- satir ozeti (Diff paketiyle).
+function diffStat(oldStr, newStr) {
+    try {
+        let added = 0, removed = 0;
+        for (const part of Diff.diffLines(oldStr || '', newStr || '')) {
+            const n = part.count || (part.value ? part.value.split('\n').filter(Boolean).length : 0);
+            if (part.added)
+                added += n;
+            else if (part.removed)
+                removed += n;
+        }
+        return (added || removed) ? `  (+${added} -${removed})` : '';
+    }
+    catch {
+        return '';
+    }
+}
 export async function executeTool(name, args) {
     try {
         if (name === 'See') {
@@ -877,9 +907,16 @@ export async function executeTool(name, args) {
             if (fs.existsSync(fp) && !readFiles.has(norm(fp)))
                 return { ok: false, output: 'Error: existing file must be read first. Use the Read tool before overwriting.' };
             fs.mkdirSync(path.dirname(path.resolve(fp)), { recursive: true });
-            fs.writeFileSync(fp, args.content ?? '');
+            const _wnew = args.content ?? '';
+            const _wold = (() => { try {
+                return fs.readFileSync(fp, 'utf8');
+            }
+            catch {
+                return '';
+            } })();
+            fs.writeFileSync(fp, _wnew);
             readFiles.add(norm(fp));
-            return { ok: true, output: `Wrote ${fp} (${(args.content || '').length} chars)` };
+            return { ok: true, output: `Wrote ${fp} (${_wnew.length} chars)${diffStat(_wold, _wnew)}` };
         }
         if (name === 'Edit') {
             const fp = args.file_path;
@@ -900,9 +937,10 @@ export async function executeTool(name, args) {
                     ok: false,
                     output: `Error: old_string is not unique (${count} matches). Provide more surrounding context or set replace_all: true.`,
                 };
+            const _ebefore = c;
             c = args.replace_all ? c.split(oldStr).join(newStr) : c.replace(oldStr, newStr);
             fs.writeFileSync(fp, c);
-            return { ok: true, output: `Edited ${fp}${args.replace_all ? ` (${count} occurrences)` : ''}` };
+            return { ok: true, output: `Edited ${fp}${args.replace_all ? ` (${count} occurrences)` : ''}${diffStat(_ebefore, c)}` };
         }
         if (name === 'Glob') {
             const base = args.path || process.cwd();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wormclaude",
-  "version": "1.0.13",
+  "version": "1.0.14",
   "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
   "type": "module",
   "bin": {
@@ -14,6 +14,8 @@
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.29.0",
+    "@types/diff": "^7.0.2",
+    "diff": "^9.0.0",
     "ink": "^5.0.1",
     "ink-spinner": "^5.0.0",
     "ink-text-input": "^6.0.0",