manuelschipper/nah v0.4.0

v0.4.0 — xargs unwrapping, security fixes

on GitHub

Added

• xargs unwrapping — xargs grep, xargs wc -l, xargs sed etc. now classify based on the inner command instead of unknown → ask. Handles flag stripping (including glued forms like -n1), exec sink detection (xargs bash → lang_exec), and fail-closed on unrecognized flags. Placeholder flags (-I/-J/--replace) bail out safely (FD-089)

Changed

• LLM eligibility now includes composition/pipeline commands by default — if any stage in a pipeline qualifies (unknown, lang_exec, or context), the whole command goes to the LLM instead of straight to the user prompt

Fixed

• Remove nice, nohup, timeout, stdbuf from filesystem_read classify table — these transparent wrappers caused silent classification bypass where e.g. nice rm -rf / was allowed without prompting (FD-105)
• Check is_trusted_path() before no-git-root bail-out in check_project_boundary() and resolve_filesystem_context() — trusted paths like /tmp now work correctly when cwd has no git root (FD-107)