MCPcopy Index your code
hub / github.com/codeaashu/claude-code / checkTypeLiterals

Function checkTypeLiterals

src/tools/PowerShellTool/powershellSecurity.ts:801–813  ·  view source on GitHub ↗

* AST-only check: type literals outside Microsoft's ConstrainedLanguage * allowlist. CLM blocks all .NET type access except ~90 primitives/attributes * Microsoft considers safe for untrusted code. We trust that list as the * "safe" boundary — anything outside it (Reflection.Assembly, IO.Pipes, *

(
  parsed: ParsedPowerShellCommand,
)

Source from the content-addressed store, hash-verified

799 * like [int]$x have no member invocation and only hit this check.
800 */
801function checkTypeLiterals(
802 parsed: ParsedPowerShellCommand,
803): PowerShellSecurityResult {
804 for (const t of parsed.typeLiterals ?? []) {
805 if (!isClmAllowedType(t)) {
806 return {
807 behavior: 'ask',
808 message: `Command uses .NET type [${t}] outside the ConstrainedLanguage allowlist`,
809 }
810 }
811 }
812 return { behavior: 'passthrough' }
813}
814
815/**
816 * Invoke-Item (alias ii) opens a file with its default handler (ShellExecute

Callers

nothing calls this directly

Calls 1

isClmAllowedTypeFunction · 0.85

Tested by

no test coverage detected