From 5fcc3b97395affdb53cc85d492675616894cdab9 Mon Sep 17 00:00:00 2001
From: Guilherme Beltramini <gcbeltramini@gmail.com>
Date: Sun, 7 Jun 2026 20:17:17 -0300
Subject: [PATCH 1/4] Add command "mycli source code"

---
 commands/self/source-code.sh | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100755 commands/self/source-code.sh

diff --git a/commands/self/source-code.sh b/commands/self/source-code.sh
new file mode 100755
index 0000000..d73cee2
--- /dev/null
+++ b/commands/self/source-code.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+##? Display the source code of a command.
+##?
+##? Usage:
+##?   self source-code <command> <subcommand>
+##?
+##? Options:
+##?   <command>     Command name
+##?   <subcommand>  Subcommand name
+
+source "${CLI_DIR}/core/helpers.sh"
+parse_help "$@"
+declare command subcommand
+
+script_path="${CLI_DIR}/commands/${command}/${subcommand}.sh"
+
+if [[ ! -f "$script_path" ]]; then
+  exit_with_error "Command '$command $subcommand' not found in '${script_path}'."
+fi
+
+echo_gray "Source code for 'mycli $command $subcommand' (file '$script_path'):"
+
+if command_exists "bat"; then
+  bat --style=plain --color=always --language=bash "$script_path"
+else
+  cat "$script_path"
+fi

From 34d17edb686d84006b85b97893bd4e3b448e0972 Mon Sep 17 00:00:00 2001
From: Guilherme Beltramini <gcbeltramini@gmail.com>
Date: Mon, 8 Jun 2026 09:53:04 -0300
Subject: [PATCH 2/4] Skip line

---
 commands/self/source-code.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/commands/self/source-code.sh b/commands/self/source-code.sh
index d73cee2..c4975d1 100755
--- a/commands/self/source-code.sh
+++ b/commands/self/source-code.sh
@@ -20,7 +20,7 @@ if [[ ! -f "$script_path" ]]; then
   exit_with_error "Command '$command $subcommand' not found in '${script_path}'."
 fi
 
-echo_gray "Source code for 'mycli $command $subcommand' (file '$script_path'):"
+echo_gray "Source code for 'mycli $command $subcommand' (file '$script_path'):\n"
 
 if command_exists "bat"; then
   bat --style=plain --color=always --language=bash "$script_path"

From ce20518c65e3ec4b7930d554107832e62e2b335d Mon Sep 17 00:00:00 2001
From: Guilherme Beltramini <gcbeltramini@gmail.com>
Date: Mon, 8 Jun 2026 09:56:46 -0300
Subject: [PATCH 3/4] Adjust path discovery for safety

---
 commands/self/source-code.sh | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/commands/self/source-code.sh b/commands/self/source-code.sh
index c4975d1..4227c00 100755
--- a/commands/self/source-code.sh
+++ b/commands/self/source-code.sh
@@ -14,10 +14,22 @@ source "${CLI_DIR}/core/helpers.sh"
 parse_help "$@"
 declare command subcommand
 
-script_path="${CLI_DIR}/commands/${command}/${subcommand}.sh"
+# Validate that command/subcommand contain only safe characters (no path traversal or globs)
+if [[ ! $command =~ ^[a-z0-9][a-z0-9_-]*$ ]]; then
+  exit_with_error "Invalid command name: '$command'. Use lowercase letters, numbers, hyphens, and underscores only."
+fi
+if [[ ! $subcommand =~ ^[a-z0-9][a-z0-9_-]*$ ]]; then
+  exit_with_error "Invalid subcommand name: '$subcommand'. Use lowercase letters, numbers, hyphens, and underscores only."
+fi
+
+# Resolve file using find to enforce "commands/" boundary (prevents ../.. and glob escapes)
+script_path=$(find "${CLI_DIR}/commands" \
+  -maxdepth 2 \
+  -type f \
+  -path "${CLI_DIR}/commands/${command}/${subcommand}.sh")
 
-if [[ ! -f "$script_path" ]]; then
-  exit_with_error "Command '$command $subcommand' not found in '${script_path}'."
+if [[ -z $script_path ]]; then
+  exit_with_error "Command 'mycli $command $subcommand' not found."
 fi
 
 echo_gray "Source code for 'mycli $command $subcommand' (file '$script_path'):\n"

From 94a97eca30e160e8d84cbf5f259d03d3d5bcce4c Mon Sep 17 00:00:00 2001
From: Guilherme Beltramini <gcbeltramini@gmail.com>
Date: Mon, 8 Jun 2026 09:56:55 -0300
Subject: [PATCH 4/4] Change color option

---
 commands/self/source-code.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/commands/self/source-code.sh b/commands/self/source-code.sh
index 4227c00..04ec89f 100755
--- a/commands/self/source-code.sh
+++ b/commands/self/source-code.sh
@@ -35,7 +35,7 @@ fi
 echo_gray "Source code for 'mycli $command $subcommand' (file '$script_path'):\n"
 
 if command_exists "bat"; then
-  bat --style=plain --color=always --language=bash "$script_path"
+  bat --style=plain --color=auto --language=bash "$script_path"
 else
   cat "$script_path"
 fi