Module command 

Typed command IR and governance tiers (PSP-8 System 8).

sh -c is not an implicit compatibility path. A command proposal is parsed into a typed CommandInvocation; verifier commands prefer the Program form, and the Shell form requires a capability that explicitly names shell execution. Coreutils, awk, and sed are modeled in three tiers so that a read-only inspection cannot silently become a workspace mutation.

Enums

CommandInvocation

A canonicalized command invocation.

CommandTier

Governance tier for coreutils / awk / sed style commands (PSP-8 System 8).

Functions

canonicalize

Canonicalize a raw command string. A command free of shell composition is parsed into the Program form; otherwise it is a Shell invocation that requires a shell capability. Parsing is intentionally simple and whitespace-based; quoting beyond simple tokens forces the Shell form.

classify_tier

Classify a program invocation into a governance tier. This is a conservative default: anything not recognized as read-only is treated as a mutation so a novel tool cannot slip through as inspection.

has_shell_composition

Whether a raw command string contains shell composition.