({
command
})
| 443 | return input.command; |
| 444 | }, |
| 445 | async preparePermissionMatcher({ |
| 446 | command |
| 447 | }) { |
| 448 | // Hook `if` filtering is "no match → skip hook" (deny-like semantics), so |
| 449 | // compound commands must fire the hook if ANY subcommand matches. Without |
| 450 | // splitting, `ls && git push` would bypass a `Bash(git *)` security hook. |
| 451 | const parsed = await parseForSecurity(command); |
| 452 | if (parsed.kind !== 'simple') { |
| 453 | // parse-unavailable / too-complex: fail safe by running the hook. |
| 454 | return () => true; |
| 455 | } |
| 456 | // Match on argv (strips leading VAR=val) so `FOO=bar git push` still |
| 457 | // matches `Bash(git *)`. |
| 458 | const subcommands = parsed.commands.map(c => c.argv.join(' ')); |
| 459 | return pattern => { |
| 460 | const prefix = permissionRuleExtractPrefix(pattern); |
| 461 | return subcommands.some(cmd => { |
| 462 | if (prefix !== null) { |
| 463 | return cmd === prefix || cmd.startsWith(`${prefix} `); |
| 464 | } |
| 465 | return matchWildcardPattern(pattern, cmd); |
| 466 | }); |
| 467 | }; |
| 468 | }, |
| 469 | isSearchOrReadCommand(input) { |
| 470 | const parsed = inputSchema().safeParse(input); |
| 471 | if (!parsed.success) return { |
nothing calls this directly
no test coverage detected