All notable changes to Terminal. Full commit history in chronological order.
Format inspired by Keep a Changelog.
None
0.2.0 - 2026-05-22
- Native process hardening options via
child_process.spawn():uid/gidconfig and per-execution options for privilege dropping viasetuid/setgidkillSignalconfig and per-execution option (default:SIGTERM)windowsHideconfig option to hide subprocess console window on WindowswindowsVerbatimArgumentsconfig option to disable argument quoting on WindowsvalidateSpawnOptions()for validating uid, gid, and killSignal
- Stream listener deduplication in
Terminal.stream()to prevent duplicate callbacks - Auto-cleanup via
closeanderrorevent handlers inManager.registerProcess() Manager.removeProcess()for explicit process registry cleanup- Centralized interfaces for previously inline types:
SpawnSecurityOptions- Extracted fromValidator.validateSpawnOptions()parameterStreamListeners- Extracted fromProcessInfo.streamListenersinline objectProcessRegistrationInput- Extracted fromManager.registerProcess()Omit<ProcessInfo, 'id'> & { id? }parameter
llm-prompt.mddocumentation - Safety guard for AI agents executing commands
- Error messages rewritten across entire codebase to remove colons and describe what is wrong:
'Command not allowed: rm'→'The command "rm" is not in the allowed list''Too many arguments: 5 > max 3'→'Expected at most 3 arguments but received 5''Invalid timeout: ...'→'Timeout must be a non-negative finite number''Workspace not allowed: ...'→'Workspace "..." is not allowed. Allowed workspaces are ...'- All config validation errors now prefixed with
'Config ...'instead of'Invalid config: ...'
- Method ordering in
Terminal,Validator, andManagerclasses reorganized by visibility: properties first, then non-private methods A-Z, then private methods A-Z validSignalswhitelist removed fromValidator- Node.js now handles invalid signal validation naturally at the OS levelresolvePath()inValidatornow usesrealpathSync()with fallback toresolve()for symlink resolution- Platform detection switched from
Deno.build.ostoprocess.platformin workspace validation - Workspace validation now checks for null bytes and empty/whitespace-only paths
- Argument validation now checks
maxArgsfor finite non-negative value before comparing - Environment variable filtering now skips entries with null bytes in key or value
- Path traversal check now runs before shell metacharacter check in argument validation
Manager.killProcess()refactored to track abort state and schedule SIGKILL fallback more reliablyManager.setProcessTimeout()now guards against non-finite and non-positive timeoutsTerminal.execute()now validatesenvis a plain object (not array or primitive)Terminal.execute()now validates timeout is a non-negative finite numberTerminal.execute()now validates spawn options before command parsingTerminal.execute()now checks for null bytes in the command string
security.mdsignificantly expanded with native process hardening, threat model, and 8-layer defense-in-depth stackconfiguration.mdupdated with new spawn options (uid, gid, killSignal, windowsHide, windowsVerbatimArguments)interpreter-usage.mdstreamlined with clearer solutions for running interpreters safelyexamples.mdAI Agent Integration example hardened with specific command allowlist, interpreter blocking, and privilege droppingllm-prompt.mdadded to docs with safety guard for AI command executionREADME.mdupdated with LLM Prompt link in table of contents
- Tests updated to match new error message formats across
terminal.test.ts,security.test.ts, andvalidator.test.ts - Workspace validation test updated for new error message format
0.1.0 - 2026-04-26
- Initial release of @neabyte/terminal
- Terminal class with static methods:
execute()- Execute command with security validationkill()- Terminate running processgetOutput()- Retrieve captured stdout/stderrgetList()- List all tracked processesgetExitCode()- Get process exit codestream()- Attach real-time output callbacksinitialize()- Configure security policiesgetConfig()- Get current configurationsetConfig()- Update configuration dynamically
- Manager class for process lifecycle:
- Process registry with unique IDs (
term_<uuid>) - Background execution support (non-blocking)
killAllProcesses()- Bulk terminationisProcessRunning()- Status checkingsetProcessTimeout()- Per-process timeout scheduling- Auto-cleanup 5s after process exit
- Process registry with unique IDs (
- Validator class for security:
- ACL pattern matching with wildcards (
*) - Deny-first priority (deny overrides allow)
- Command whitelist/denylist
- Workspace path validation with traversal detection
- Environment variable filtering (allow/deny patterns)
- Argument count limiting (
maxArgs) - Shell metacharacter detection (
;,|,&, etc.) - Path traversal prevention (
../,..\) - Null byte injection protection
- ACL pattern matching with wildcards (
- Command execution features:
- Quoted argument parsing (single and double quotes)
- Per-command timeout override
- Real-time streaming callbacks (
onStdout,onStderr,onExit) - SIGTERM to SIGKILL escalation (2s grace period)
- AbortController cancellation support
shell: falsedirect execution (no shell interpolation)detached: falsefor parent group tracking
- TypeScript interfaces:
TerminalConfig- Complete configuration typesExecuteOptions- Per-command optionsExecuteResult- Execution return typeProcessInfo- Process metadataValidationResult- Validation return types
- Test suites:
- Security tests (injection, traversal, bypass attempts)
- Functional tests (process management, execution)
- Validator unit tests (patterns, environment, workspace)
- Enforce
shell: falseto prevent shell metacharacter injection - Validate all arguments against dangerous characters (
;,|,&,`,$(), etc.) - Block path traversal attempts (
../) in arguments and paths - Restrict execution to configured workspaces only
- Filter environment variables with allow/deny lists
- Limit maximum argument count to prevent abuse
- Use detached: false to keep processes in parent group for tracking