concerns property

List<TrustConcernItem> get concerns

The list of security concern descriptions to show.

Implementation

List<TrustConcernItem> get concerns {
  final items = <TrustConcernItem>[];

  if (hasAnyBashExecution) {
    final sources = <String>[];
    for (final s in bashPermissionSources) {
      sources.add(s.filePath);
    }
    if (hasSlashCommandBash.value) sources.add('slash commands');
    if (hasSkillsBash.value) sources.add('skills');

    items.add(
      TrustConcernItem(
        icon: Icons.terminal,
        title: 'Bash command execution',
        description: 'Project settings allow running shell commands',
        sources: sources,
        severity: TrustConcernSeverity.high,
      ),
    );
  }

  if (hasMcpServers) {
    items.add(
      TrustConcernItem(
        icon: Icons.dns,
        title: 'MCP servers',
        description:
            'Project configures ${mcpServerNames.length} MCP ${mcpServerNames.length == 1 ? 'server' : 'servers'}: '
            '${formatListWithAnd(mcpServerNames, limit: 3)}',
        sources: const ['.neomage/settings.json'],
        severity: TrustConcernSeverity.medium,
      ),
    );
  }

  if (hasHooks) {
    final sources = hooksSources.map((s) => s.filePath).toList();
    items.add(
      TrustConcernItem(
        icon: Icons.webhook,
        title: 'Hooks',
        description: 'Project settings configure hooks that run commands',
        sources: sources,
        severity: TrustConcernSeverity.high,
      ),
    );
  }

  if (hasApiKeyHelper) {
    final sources = apiKeyHelperSources.map((s) => s.filePath).toList();
    items.add(
      TrustConcernItem(
        icon: Icons.key,
        title: 'API key helper',
        description: 'Project settings configure an API key helper command',
        sources: sources,
        severity: TrustConcernSeverity.high,
      ),
    );
  }

  if (hasAwsCommands) {
    final sources = awsCommandsSources.map((s) => s.filePath).toList();
    items.add(
      TrustConcernItem(
        icon: Icons.cloud,
        title: 'AWS commands',
        description: 'Project settings configure AWS credential commands',
        sources: sources,
        severity: TrustConcernSeverity.medium,
      ),
    );
  }

  if (hasGcpCommands) {
    final sources = gcpCommandsSources.map((s) => s.filePath).toList();
    items.add(
      TrustConcernItem(
        icon: Icons.cloud,
        title: 'GCP commands',
        description: 'Project settings configure GCP auth commands',
        sources: sources,
        severity: TrustConcernSeverity.medium,
      ),
    );
  }

  if (hasOtelHeaders) {
    final sources = otelHeadersSources.map((s) => s.filePath).toList();
    items.add(
      TrustConcernItem(
        icon: Icons.analytics,
        title: 'OpenTelemetry headers helper',
        description: 'Project settings configure an OTEL headers helper',
        sources: sources,
        severity: TrustConcernSeverity.low,
      ),
    );
  }

  if (hasDangerousEnvVars) {
    final sources = dangerousEnvVarsSources.map((s) => s.filePath).toList();
    items.add(
      TrustConcernItem(
        icon: Icons.warning_amber,
        title: 'Environment variables',
        description:
            'Project settings set environment variables that may be sensitive',
        sources: sources,
        severity: TrustConcernSeverity.medium,
      ),
    );
  }

  return items;
}