feat: backend servis iskeletini ve yönetim uçlarını ekle

backend/app/security.py

@@ -0,0 +1,77 @@
+from dataclasses import dataclass
+
+
+SAFE_COMMAND_PREFIXES = (
+    "pwd",
+    "ls",
+    "cat",
+    "head",
+    "tail",
+    "find",
+    "rg",
+    "wc",
+    "stat",
+    "git status",
+    "git diff",
+    "git log",
+    "git show",
+    "date",
+    "whoami",
+    "uname",
+    "ps",
+)
+
+APPROVAL_REQUIRED_PREFIXES = (
+    "curl",
+    "wget",
+    "pip",
+    "npm",
+    "python",
+    "python3",
+    "node",
+    "git commit",
+    "git push",
+    "pkill",
+    "kill",
+    "touch",
+    "echo ",
+)
+
+BLOCKED_PATTERNS = (
+    "sudo ",
+    "rm -rf",
+    "chmod ",
+    "chown ",
+    ";",
+    "&&",
+    "||",
+    "$(",
+)
+
+
+@dataclass
+class TerminalDecision:
+    decision: str
+    reason: str
+
+
+def evaluate_terminal_command(command: str, mode: int) -> TerminalDecision:
+    normalized = command.strip()
+
+    if any(pattern in normalized for pattern in BLOCKED_PATTERNS):
+        return TerminalDecision(decision="blocked", reason="Blocked by hard policy.")
+
+    if mode == 1:
+        return TerminalDecision(decision="allow", reason="Terminal mode 1 auto-runs commands.")
+
+    if mode == 2:
+        return TerminalDecision(decision="approval", reason="Terminal mode 2 requires approval.")
+
+    if normalized.startswith(SAFE_COMMAND_PREFIXES):
+        return TerminalDecision(decision="allow", reason="Safe read-only command.")
+
+    if normalized.startswith(APPROVAL_REQUIRED_PREFIXES):
+        return TerminalDecision(decision="approval", reason="Command needs approval.")
+
+    return TerminalDecision(decision="approval", reason="Unknown command defaults to approval.")
+