feat(core): enhance shell command safety check

- Add checkDangerousCommand function to identify potentially harmful shell commands
- Update safety check logic to catch more dangerous operations
- Modify TerminalSketchProvider to use the new checkDangerousCommand function
- Improve language detection for code fences in Markdown

Author: phodal

core/src/main/kotlin/cc/unitmesh/devti/sketch/SketchToolWindow.kt

@@ -313,6 +313,8 @@ open class SketchToolWindow(
                             }
 
                             var language = codeFence.language
+                            /// in stream API, the <devin> maybe split, like `<dev`, `<devin` or `<devin>`,
+                            /// so we need to check the language again
                             if (language.displayName == "Markdown" && codeFence.text.startsWith("<devin>")) {
                                 logger<SketchToolWindow>().warn("Try to fix language error")
                                 language = findLanguage("DevIn")

core/src/main/kotlin/cc/unitmesh/devti/sketch/run/ShellSyntaxSafetyCheck.kt

@@ -21,6 +21,32 @@ object ShellSyntaxSafetyCheck {
         checkerRegistry.register(PatternCommandChecker())
     }
 
+    fun checkDangerousCommand(command: String): Pair<Boolean, String> {
+        val dangerousPatterns = mapOf(
+            "\\brm\\s+(-[a-zA-Z]*f|-[a-zA-Z]*r|-[a-zA-Z]*(rf|fr))\\b.*".toRegex() to "Dangerous rm command with recursive or force flags",
+            "\\brm\\s+-[a-zA-Z]*\\s+/\\b.*".toRegex() to "Removing files from root directory",
+            "\\brmdir\\s+/\\b.*".toRegex() to "Removing directories from root",
+            "\\bmkfs\\b.*".toRegex() to "Filesystem formatting command",
+            "\\bdd\\b.*".toRegex() to "Low-level disk operation",
+            "\\b:[(][)][{]\\s*:|:&\\s*[}];:.*".toRegex() to "Potential fork bomb",
+            "\\bchmod\\s+-[a-zA-Z]*R\\b.*777\\b.*".toRegex() to "Recursive chmod with insecure permissions",
+            "\\bsudo\\s+rm\\b.*".toRegex() to "Removing files with elevated privileges",
+        )
+
+        // Also catch simpler rm commands (without flags but still potentially dangerous)
+        if (command.trim().startsWith("rm ") && !command.contains("-i") && !command.contains("--interactive")) {
+            return Pair(true, "Remove command detected, use with caution")
+        }
+
+        for ((pattern, message) in dangerousPatterns) {
+            if (pattern.containsMatchIn(command)) {
+                return Pair(true, message)
+            }
+        }
+
+        return Pair(false, "")
+    }
+
     /**
      * Check if shell command contains dangerous operations
      * @return Pair<Boolean, String> - first: is dangerous, second: reason message

exts/ext-terminal/src/main/kotlin/cc/unitmesh/terminal/sketch/TerminalSketchProvider.kt

@@ -261,7 +261,7 @@ class TerminalLangSketch(val project: Project, var content: String) : ExtensionL
         titleLabel.text = "Terminal - ($content)"
 
         val (isDangerous, reason) = try {
-            ShellSyntaxSafetyCheck.checkDangerousCommand(project, content)
+            ShellSyntaxSafetyCheck.checkDangerousCommand(content)
         } catch (e: Exception) {
             Pair(true, "Error checking command safety: ${e.message}")
         }