pub fn classify_bash_command(command: &str) -> ToolEffectExpand description
Classify a bash command by its side-effect severity.
Returns the most dangerous effect found across all pipeline/chain segments:
- Raw structural patterns on quote-stripped string → Destructive
- Write side-effects (
>,>>,| tee) → LocalMutation - Per-segment shlex tokenisation vs
DANGER_CHECKS→ Destructive - Per-segment allowlist vs
READ_ONLY_PREFIXES→ ReadOnly / LocalMutation
Segments that fail shlex tokenisation fail-open to LocalMutation.
§Examples
use koda_core::bash_safety::classify_bash_command;
use koda_core::tools::ToolEffect;
assert_eq!(classify_bash_command("ls -la"), ToolEffect::ReadOnly);
assert_eq!(classify_bash_command("git status"), ToolEffect::ReadOnly);
assert_eq!(classify_bash_command("cargo build"), ToolEffect::LocalMutation);
assert_eq!(classify_bash_command("rm -rf /"), ToolEffect::Destructive);