Replaces simplistic prefix-matching for shell command policies with robust Abstract Syntax Tree (AST) parsing using `bash-parser`.
Previously, policies for shell tools only checked if the command string started with an allowed prefix (e.g., `echo`), allowing trivial bypasses via shell operators like `&&` or `;` (e.g., `echo "ok" && rm -rf /`).
This update secures the execution pipeline by parsing the shell string and validating *every* extracted sub-command against the allowed policies.
Key changes:
- Integrated `bash-parser` to synchronously extract executable commands from pipelines, lists, and subshells.
- Updated `doesToolInvocationMatch` to enforce policy on all extracted sub-commands instead of just the string prefix.
- Enforced `coreTools` validation at execution time within `ShellTool` to prevent bypasses when tools are configured via `settings.json`.
- Updated the CLI `useShellCommandProcessor` to run human-input commands through the AST `PolicyEngine` check before spawning the process.
- Fixed asynchronous test flakiness in the CLI package caused by the new policy enforcement.