pub fn classify_bash_risk(cmd: &str) -> RiskLevelExpand description
Three-tier risk classifier for shell commands.
Safe → auto-approved (read-only, build, test, local git reads) High → always requires user approval (destructive, network, privilege) Moderate → ask by default; can be configured to auto-approve