(input: PowerShellToolInput)
| 298 | return isSearchOrReadPowerShellCommand(input.command); |
| 299 | }, |
| 300 | isReadOnly(input: PowerShellToolInput): boolean { |
| 301 | // Check sync security heuristics before declaring read-only. |
| 302 | // The full AST parse is async and unavailable here, so we use |
| 303 | // regex-based detection of subexpressions, splatting, member |
| 304 | // invocations, and assignments — matching BashTool's pattern of |
| 305 | // checking security concerns before cmdlet allowlist evaluation. |
| 306 | if (hasSyncSecurityConcerns(input.command)) { |
| 307 | return false; |
| 308 | } |
| 309 | // NOTE: This calls isReadOnlyCommand without the parsed AST. Without the |
| 310 | // AST, isReadOnlyCommand cannot split pipelines/statements and will return |
| 311 | // false for anything but the simplest single-token commands. This is a |
| 312 | // known limitation of the sync Tool.isReadOnly() interface — the real |
| 313 | // read-only auto-allow happens async in powershellToolHasPermission (step |
| 314 | // 4.5) where the parsed AST is available. |
| 315 | return isReadOnlyCommand(input.command); |
| 316 | }, |
| 317 | toAutoClassifierInput(input) { |
| 318 | return input.command; |
| 319 | }, |
nothing calls this directly
no test coverage detected