Module command_safety 

Command safety analysis for shell execution

This module provides pre-execution analysis of shell commands to detect potentially dangerous patterns and prevent accidental damage.

Command prefix classification

classify_command maps a token slice to its canonical command prefix. The prefix is the portion of the command that identifies what action is being taken, stripped of flags and extra positional arguments.

The arity dictionary COMMAND_ARITY encodes, for each known prefix, how many positional (non-flag) words after the base command word form the prefix. Flags (tokens that start with -) never count toward arity.

Examples

Input tokens	Arity	Canonical prefix
["git", "status", "-s"]	1	"git status"
["git", "checkout", "main"]	2	"git checkout"
["npm", "run", "dev"]	2	"npm run"
["docker", "compose", "up"]	2	"docker compose"
["cargo", "check", "--workspace"]	1	"cargo check"

Ported from opencode packages/opencode/src/permission/arity.ts.

Structs

SafetyAnalysis

Result of analyzing a command

Enums

CommandCategory

Categorize commands into groups

SafetyLevel

Safety classification of a command

Statics

COMMAND_ARITY

Arity dictionary: maps a command prefix (space-separated, lowercase) to the number of positional (non-flag) words, including the base command word, that form the canonical prefix.

Functions

analyze_command

Analyze a shell command for safety

categorize_command

Get the category of a command

classify_command

Return the canonical command prefix for a slice of command tokens.

execpolicy_allow_target_paths_escape

When execpolicy prefix-allows a command, reject path flags that escape workspace.

extract_primary_command

Parse a command and extract the primary command name

path_escapes_workspace

Check if a path escapes the workspace

prefix_allow_matches

Return true when an allow-rule pattern (a command-prefix string such as "git status") matches the concrete command string using the arity-aware prefix classification from classify_command.