webclaw/crates/webclaw-cli/Cargo.toml

[package]
name = "webclaw-cli"
description = "CLI for extracting web content into LLM-optimized formats"
version.workspace = true
edition.workspace = true
license.workspace = true

[[bin]]
name = "webclaw"
path = "src/main.rs"

[dependencies]
webclaw-core = { workspace = true }
webclaw-fetch = { workspace = true }
webclaw-llm = { workspace = true }
webclaw-pdf = { workspace = true }
dotenvy = { workspace = true }
rand = "0.8"
serde_json = { workspace = true }
tokio = { workspace = true }
clap = { workspace = true }
tracing = { workspace = true }
tracing-subscriber = { workspace = true }
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
regex = "1"
url = "2"
shlex = "1"
Initial release: webclaw v0.1.0 — web content extraction for LLMs CLI + MCP server for extracting clean, structured content from any URL. 6 Rust crates, 10 MCP tools, TLS fingerprinting, 5 output formats. MIT Licensed \| https://webclaw.io 2026-03-23 18:31:11 +01:00			`[package]`
			`name = "webclaw-cli"`
			`description = "CLI for extracting web content into LLM-optimized formats"`
			`version.workspace = true`
			`edition.workspace = true`
			`license.workspace = true`

			`[[bin]]`
			`name = "webclaw"`
			`path = "src/main.rs"`

			`[dependencies]`
			`webclaw-core = { workspace = true }`
			`webclaw-fetch = { workspace = true }`
			`webclaw-llm = { workspace = true }`
			`webclaw-pdf = { workspace = true }`
			`dotenvy = { workspace = true }`
			`rand = "0.8"`
			`serde_json = { workspace = true }`
			`tokio = { workspace = true }`
			`clap = { workspace = true }`
			`tracing = { workspace = true }`
			`tracing-subscriber = { workspace = true }`
			`reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }`
			`regex = "1"`
			`url = "2"`
fix(cli): close --on-change command injection via sh -c (P0) (#20) * fix(cli): close --on-change command injection via sh -c (P0) The --on-change flag on `webclaw watch` (single-URL, line 1588) and `webclaw watch` multi-URL mode (line 1738) previously handed the entire user-supplied string to `tokio::process::Command::new("sh").arg("-c").arg(cmd)`. Any path that can influence that string — a malicious config file, an MCP client driven by an LLM with prompt-injection exposure, an untrusted environment variable substitution — gets arbitrary shell execution. The command is now tokenized with `shlex::split` (POSIX-ish quoting rules) and executed directly via `Command::new(prog).args(args)`. Metacharacters like `;`, `&&`, `\|`, `$()`, `<(...)`, env expansion, and globbing no longer fire. An explicit opt-in escape hatch is available for users who genuinely need a shell pipeline: `WEBCLAW_ALLOW_SHELL=1` preserves the old `sh -c` path and logs a warning on every invocation so it can't slip in silently. Both call sites now route through a shared `spawn_on_change()` helper. Adds `shlex = "1"` to webclaw-cli dependencies. Version: 0.3.13 -> 0.3.14 CHANGELOG updated. Surfaced by the 2026-04-16 workspace audit. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore(brand): fix clippy 1.95 unnecessary_sort_by errors Pre-existing sort_by calls in brand.rs became hard errors under clippy 1.95. Switch to sort_by_key with std::cmp::Reverse. Pure refactor — same ordering, no behavior change. Bundled here so CI goes green on the P0 command-injection fix. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com> 2026-04-16 18:37:02 +02:00			`shlex = "1"`