command-analyzer.ts

// Command Analyzer - TypeScript Standalone Application
// Analisi di sicurezza per comandi da terminale

interface AnalysisResult {
    command: string;
    riskLevel: 'low' | 'medium' | 'high';
    threats: string[];
    detectedPatterns: string[];
    urls: string[];
    downloadedContent?: {
        url: string;
        content: string;
        isBinary: boolean;
        mimeType?: string;
        size: number;
    }[];
    highlightedCode: string;
    suggestions: string[];
}

interface BinaryResult {
    type: string;
    mime: string;
}

interface SecurityPattern {
    pattern: RegExp;
    threat: string;
    severity: 'low' | 'medium' | 'high';
}

interface PackageManager {
    pattern: RegExp;
    name: string;
}

class CommandAnalyzer {
    private command: string = '';
    private result: AnalysisResult | null = null;
    private isLoading: boolean = false;
    private showSlowMessage: boolean = false;
    private commandHistory: string[] = [];
    private showAllHistory: boolean = false;

    // Security patterns detection
    private readonly dangerousPatterns: SecurityPattern[] = [
        { pattern: /rm\s+-rf\s+\//, threat: 'Rimozione ricorsiva forzata della root directory', severity: 'high' },
        { pattern: /sudo\s+(rm|chmod|chown)/, threat: 'Comandi di sistema privilegiati', severity: 'high' },
        { pattern: /\|\s*(bash|sh|zsh|fish)\s*$/, threat: 'Esecuzione diretta di codice scaricato', severity: 'high' },
        { pattern: /curl.*\|\s*(bash|sh)/, threat: 'Download ed esecuzione immediata', severity: 'high' },
        { pattern: /wget.*-O-.*\|\s*(bash|sh)/, threat: 'Download ed esecuzione via wget', severity: 'high' },
        { pattern: /(iwr|irm|Invoke-WebRequest|Invoke-RestMethod).*\|\s*iex/, threat: 'PowerShell download ed esecuzione', severity: 'high' },
        // Obfuscated code execution patterns
        { pattern: /\[System\.Text\.Encoding\]::\w+\.GetString\(\[Convert\]::FromBase64String/, threat: 'Esecuzione di codice PowerShell offuscato tramite Base64', severity: 'high' },
        { pattern: /&\(\[ScriptBlock\]::Create\(.*\.DownloadString\(/, threat: 'Esecuzione remota di codice PowerShell offuscato', severity: 'high' },
        { pattern: /\[ScriptBlock\]::Create\(\(New-Object Net\.WebClient\)\.DownloadString/, threat: 'Esecuzione remota di codice PowerShell via ScriptBlock', severity: 'high' },
        { pattern: /&\(\[ScriptBlock\]::Create\(\$[a-zA-Z_][a-zA-Z0-9_]*\)\)/, threat: 'Esecuzione di codice PowerShell via variabile offuscata', severity: 'high' },
        { pattern: /chmod\s+\+x/, threat: 'Rendere file eseguibile', severity: 'medium' },
        { pattern: /sudo\s+/, threat: 'Elevazione privilegi richiesta', severity: 'medium' },
        { pattern: /python\s+-c\s+["'].*["']/, threat: 'Esecuzione codice Python inline', severity: 'medium' },
        { pattern: /(curl|wget|iwr)\s+.*https?:\/\//, threat: 'Download da URL remoto', severity: 'low' },
    ];

    private readonly packageManagers: PackageManager[] = [
        { pattern: /pip\s+install/, name: 'pip (Python)' },
        { pattern: /npm\s+install/, name: 'npm (Node.js)' },
        { pattern: /yarn\s+add/, name: 'yarn (Node.js)' },
        { pattern: /choco\s+install/, name: 'Chocolatey (Windows)' },
        { pattern: /winget\s+install/, name: 'winget (Windows)' },
        { pattern: /scoop\s+install/, name: 'Scoop (Windows)' },
        { pattern: /conda\s+install/, name: 'Conda (Python)' },
        { pattern: /mamba\s+install/, name: 'Mamba (Python)' },
        { pattern: /cargo\s+install/, name: 'Cargo (Rust)' },
        { pattern: /gem\s+install/, name: 'RubyGems' },
        { pattern: /Install-Package\s+/, name: 'Install-Package (PowerShell)' },
        { pattern: /Add-AppxPackage\s+/, name: 'Add-AppxPackage (Windows Apps)' },
        { pattern: /Start-BitsTransfer\s+/, name: 'Start-BitsTransfer (Windows BITS)' },
        { pattern: /msiexec\s+/, name: 'msiexec (Windows Installer)' },
    ];

    // CORS proxy chain
    private readonly corsProxies: string[] = [
        'https://corsproxy.io/?',
        'https://api.allorigins.win/get?url=',
        'https://cors-anywhere.herokuapp.com/',
    ];

    constructor() {
        this.initializeApp();
    }

    private initializeApp(): void {
        document.addEventListener('DOMContentLoaded', () => {
            this.createHTML();
            this.attachEventListeners();
        });

        if (document.readyState === 'loading') {
            // DOMContentLoaded has not fired yet
            return;
        } else {
            // DOM is already loaded
            this.createHTML();
            this.attachEventListeners();
        }
    }

    private createHTML(): void {
        document.body.innerHTML = `
            <div class="header">
                <div class="container">
                    <div class="header-content">
                        <div class="header-icon">
                            <svg fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 9l3 3-3 3m5 0h3M5 20h14a2 2 0 002-2V6a2 2 0 00-2-2H5a2 2 0 002 2z"></path>
                            </svg>
                        </div>
                        <div>
                            <h1 class="header-title">Command Analyzer</h1>
                            <p class="header-subtitle">Analisi di sicurezza per comandi da terminale</p>
                        </div>
                    </div>
                </div>
            </div>

            <div class="container">
                <div class="main-grid">
                    <!-- Input Section -->
                    <div>
                        <div class="card">
                            <h2 class="card-title">
                                <svg width="20" height="20" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 9l3 3-3 3m5 0h3M5 20h14a2 2 0 002-2V6a2 2 0 00-2-2H5a2 2 0 002 2z"></path>
                                </svg>
                                Inserisci Comando
                            </h2>
                            <textarea id="commandInput" class="textarea-compact"></textarea>
                            <button id="resetBtn" class="button" style="background-color: #6b7280; margin-top: 0.5rem;">
                                <svg width="16" height="16" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15"></path>
                                </svg>
                                Reset
                            </button>
                            <button id="analyzeBtn" class="button">
                                <svg width="16" height="16" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z"></path>
                                </svg>
                                Analizza Comando
                            </button>
                            <div id="slowMessage" class="alert hidden">
                                <svg width="16" height="16" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z"></path>
                                </svg>
                                L'analisi sta richiedendo più tempo del solito. Stiamo scaricando e analizzando i contenuti...
                            </div>
                        </div>

                        <!-- Cronologia -->
                        <div class="card">
                            <h3 class="card-title">
                                <svg width="20" height="20" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 8v4l3 3m6-3a9 9 0 11-18 0 9 9 0 0118 0z"></path>
                                </svg>
                                Cronologia
                            </h3>
                            <div id="historyContainer"></div>
                        </div>
                    </div>

                    <!-- Results Section -->
                    <div>
                        <div id="results" class="hidden"></div>
                        <div id="emptyState">
                            <div class="card">
                                <div class="empty-state">
                                    <svg fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z"></path>
                                    </svg>
                                    <h3>Nessuna Analisi Disponibile</h3>
                                    <p>Inserisci un comando nel campo di input per iniziare l'analisi di sicurezza.</p>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        `;
    }

    private attachEventListeners(): void {
        const analyzeBtn = document.getElementById('analyzeBtn') as HTMLButtonElement;
        const resetBtn = document.getElementById('resetBtn') as HTMLButtonElement;
        const commandInput = document.getElementById('commandInput') as HTMLTextAreaElement;

        analyzeBtn?.addEventListener('click', () => this.handleAnalyze());
        resetBtn?.addEventListener('click', () => this.handleReset());
        
        commandInput?.addEventListener('keydown', (e: KeyboardEvent) => {
            if (e.key === 'Enter') {
                e.preventDefault();
                this.handleAnalyze();
            }
        });

        commandInput?.addEventListener('input', this.autoResizeTextarea.bind(this));
        
        this.loadHistory();
        this.renderHistory();
    }

    private autoResizeTextarea(): void {
        const textarea = document.getElementById('commandInput') as HTMLTextAreaElement;
        if (textarea) {
            // Reset to minimum height first
            textarea.style.height = '36px';
            // Only expand if there's content and it needs more space
            if (textarea.value.trim() && textarea.scrollHeight > 36) {
                textarea.style.height = Math.min(textarea.scrollHeight, 200) + 'px';
            }
        }
    }

    private loadHistory(): void {
        const saved = localStorage.getItem('commandHistory');
        if (saved) {
            this.commandHistory = JSON.parse(saved);
        }
    }

    private saveHistory(): void {
        localStorage.setItem('commandHistory', JSON.stringify(this.commandHistory));
    }

    private addToHistory(command: string): void {
        const index = this.commandHistory.indexOf(command);
        if (index > -1) {
            this.commandHistory.splice(index, 1);
        }
        this.commandHistory.unshift(command);
        if (this.commandHistory.length > 50) {
            this.commandHistory = this.commandHistory.slice(0, 50);
        }
        this.saveHistory();
        this.renderHistory();
    }

    private removeFromHistory(command: string): void {
        // Find the specific command that needs to be removed
        this.commandHistory = this.commandHistory.filter(cmd => cmd !== command);
        this.saveHistory();
        this.renderHistory();
    }

    private copyToClipboard(text: string): void {
        navigator.clipboard.writeText(text).then(() => {
            console.log('Comando copiato negli appunti');
        }).catch(err => {
            console.error('Errore nella copia:', err);
        });
    }

    private selectHistoryCommand(command: string): void {
        const textarea = document.getElementById('commandInput') as HTMLTextAreaElement;
        if (textarea) {
            textarea.value = command;
            this.autoResizeTextarea();
            this.handleAnalyze();
        }
    }

    private renderHistory(): void {
        const container = document.getElementById('historyContainer') as HTMLDivElement;
        if (!container) return;

        if (this.commandHistory.length === 0) {
            container.innerHTML = '<p style="color: #6b7280; font-size: 0.875rem; text-align: center; padding: 1rem;">Nessun comando nella cronologia</p>';
            return;
        }

        const truncateCommand = (cmd: string, maxLength: number = 50): string => {
            return cmd.length > maxLength ? cmd.substring(0, maxLength) + '...' : cmd;
        };

        const displayHistory = this.showAllHistory ? this.commandHistory : this.commandHistory.slice(0, 3);
        
        let html = '';
        for (let i = 0; i < displayHistory.length; i++) {
            const cmd = displayHistory[i];
            const displayCmd = truncateCommand(cmd);
            const itemId = `history-item-${i}`;
            html += `
                <div class="history-item" data-command-index="${i}" id="${itemId}">
                    <button class="delete-btn" data-action="delete" data-index="${i}" title="Elimina dalla cronologia">
                        <svg width="14" height="14" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M19 7l-.867 12.142A2 2 0 0116.138 21H7.862a2 2 0 01-1.995-1.858L5 7m5 4v6m4-6v6m1-10V4a1 1 0 00-1-1h-4a1 1 0 00-1 1v3M4 7h16"></path>
                        </svg>
                    </button>
                    <div class="command-text" data-action="select" data-index="${i}" title="Clicca per riutilizzare questo comando: ${cmd.replace(/"/g, '&quot;')}">${displayCmd}</div>
                    <button class="copy-btn" data-action="copy" data-index="${i}" title="Copia comando">
                        <svg width="14" height="14" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z"></path>
                        </svg>
                    </button>
                </div>
            `;
        }

        if (this.commandHistory.length > 3) {
            html += `
                <div style="text-align: center; margin-top: 1rem;">
                    <button class="expand-btn" data-action="toggle-expand">
                        ${this.showAllHistory ? 'Mostra meno' : '⋯'}
                    </button>
                </div>
            `;
        }

        container.innerHTML = html;
        this.attachHistoryEventListeners();
    }

    private attachHistoryEventListeners(): void {
        const container = document.getElementById('historyContainer') as HTMLDivElement;
        if (!container) return;

        container.addEventListener('click', (e: Event) => {
            const target = e.target as HTMLElement;
            const button = target.closest('[data-action]') as HTMLElement;
            if (!button) return;

            e.preventDefault();
            e.stopPropagation();

            const action = button.getAttribute('data-action');
            const index = parseInt(button.getAttribute('data-index') || '0');
            const displayHistory = this.showAllHistory ? this.commandHistory : this.commandHistory.slice(0, 3);

            switch (action) {
                case 'delete':
                    if (displayHistory[index]) {
                        this.removeFromHistory(displayHistory[index]);
                    }
                    break;
                case 'copy':
                    if (displayHistory[index]) {
                        this.copyToClipboard(displayHistory[index]);
                    }
                    break;
                case 'select':
                    if (displayHistory[index]) {
                        this.selectHistoryCommand(displayHistory[index]);
                    }
                    break;
                case 'toggle-expand':
                    this.toggleHistoryExpansion();
                    break;
            }
        });
    }

    private toggleHistoryExpansion(): void {
        this.showAllHistory = !this.showAllHistory;
        this.renderHistory();
    }

    // Extract URLs from command
    private extractUrls(text: string): string[] {
        const urlRegex = /https?:\/\/[^\s<>"{}|\\^`[\]]+/g;
        return text.match(urlRegex) || [];
    }

    // Detect binary content - improved to avoid false positives
    private detectBinary(content: string): BinaryResult | null {
        if (content.startsWith('MZ')) return { type: 'EXE', mime: 'application/vnd.microsoft.portable-executable' };
        if (content.startsWith('PK')) return { type: 'ZIP', mime: 'application/zip' };
        if (content.startsWith('%PDF')) return { type: 'PDF', mime: 'application/pdf' };
        if (content.startsWith('\x7fELF')) return { type: 'ELF', mime: 'application/x-executable' };
        if (content.startsWith('\x89PNG')) return { type: 'PNG', mime: 'image/png' };
        if (content.startsWith('\xff\xd8\xff')) return { type: 'JPEG', mime: 'image/jpeg' };
        
        // Check if it's actually a text file (like PowerShell scripts, batch files, etc.)
        const textIndicators = [
            /^#!\/bin\//, // Shebang
            /^@echo\s+off/i, // Batch file
            /^param\s*\(/i, // PowerShell param
            /^function\s+/i, // Function definition
            /^if\s*\(/i, // Conditional statements
            /^for\s*\(/i, // Loop statements
            /^\s*<\?xml/i, // XML
            /^\s*<!DOCTYPE/i, // HTML/XML
            /^\s*{/i, // JSON
        ];
        
        const isLikelyText = textIndicators.some(regex => regex.test(content.substring(0, 200)));
        if (isLikelyText) return null;
        
        // Heuristic: check for non-printable characters - more restrictive
        const nonPrintable = content.split('').filter(char => {
            const code = char.charCodeAt(0);
            return code < 32 && code !== 9 && code !== 10 && code !== 13;
        }).length;
        
        const ratio = nonPrintable / content.length;
        // Increased threshold to reduce false positives and require more content
        if (ratio > 0.5 && content.length > 500) {
            return { type: 'BINARY', mime: 'application/octet-stream' };
        }
        
        return null;
    }

    // Follow redirects and download content
    private async downloadContent(url: string): Promise<any> {
        let finalUrl = url;
        let content = '';
        
        // Try to follow redirects (simplified)
        for (const proxy of this.corsProxies) {
            try {
                const proxyUrl = proxy + encodeURIComponent(finalUrl);
                const response = await fetch(proxyUrl);
                
                if (proxy.includes('allorigins')) {
                    const data = await response.json();
                    content = data.contents;
                } else {
                    content = await response.text();
                }
                
                break;
            } catch (error) {
                console.log(`Failed with proxy ${proxy}:`, error);
                continue;
            }
        }
        
        if (!content) {
            throw new Error('Impossibile scaricare il contenuto dopo tutti i proxy');
        }
        
        const binaryResult = this.detectBinary(content);
        
        return {
            url: finalUrl,
            content: content.substring(0, 10000), // Limit content size
            isBinary: !!binaryResult,
            mimeType: binaryResult?.mime,
            size: content.length,
        };
    }

    // Syntax highlighting
    private highlightSyntax(code: string): string {
        let highlighted = code;
        
        // Escape HTML first
        highlighted = highlighted.replace(/[&<>"']/g, (char) => {
            const entities: Record<string, string> = {
                '&': '&amp;',
                '<': '&lt;',
                '>': '&gt;',
                '"': '&quot;',
                "'": '&#39;'
            };
            return entities[char];
        });
        
        // Highlight dangerous commands
        highlighted = highlighted.replace(/(rm\s+-rf|sudo|curl|wget|chmod\s+\+x)/g, '<span class="highlight-danger">$1</span>');
        
        // Highlight URLs
        highlighted = highlighted.replace(/(https?:\/\/[^\s<>"{}|\\^`[\]]+)/g, '<span class="highlight-url">$1</span>');
        
        // Highlight pipe operations
        highlighted = highlighted.replace(/(\|\s*(bash|sh|zsh|iex))/g, '<span class="highlight-pipe">$1</span>');
        
        // Highlight package managers
        highlighted = highlighted.replace(/(pip|npm|yarn|choco|winget|scoop|conda|mamba|cargo|gem)\s+(install|add)/g, '<span class="highlight-package">$1 $2</span>');
        highlighted = highlighted.replace(/(Install-Package|Add-AppxPackage|Start-BitsTransfer)/g, '<span class="highlight-package">$1</span>');
        
        // Highlight obfuscated code patterns
        highlighted = highlighted.replace(/(\[System\.Text\.Encoding\]::\w+\.GetString\(\[Convert\]::FromBase64String)/g, '<span class="highlight-danger">$1</span>');
        highlighted = highlighted.replace(/(\[ScriptBlock\]::Create)/g, '<span class="highlight-danger">$1</span>');
        
        return highlighted;
    }

    // Get documentation URL for command type
    private getDocumentationUrl(type: string): string {
        const docUrls: Record<string, string> = {
            'iwr': 'https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest',
            'iex': 'https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-expression',
            'irm': 'https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-restmethod',
            'install-package': 'https://docs.microsoft.com/en-us/powershell/module/packagemanagement/install-package',
            'add-appxpackage': 'https://docs.microsoft.com/en-us/powershell/module/appx/add-appxpackage',
            'start-bitstransfer': 'https://docs.microsoft.com/en-us/powershell/module/bitstransfer/start-bitstransfer',
            'msiexec': 'https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/msiexec',
            'base64 decode (offuscato)': 'https://attack.mitre.org/techniques/T1027/010/',
            'remote execution (offuscato)': 'https://attack.mitre.org/techniques/T1059/001/',
            'chocolatey': 'https://chocolatey.org/docs',
            'Install-Package': 'https://docs.microsoft.com/en-us/powershell/module/packagemanagement/install-package',
            'Add-AppxPackage': 'https://docs.microsoft.com/en-us/powershell/module/appx/add-appxpackage',
            'Start-BitsTransfer': 'https://docs.microsoft.com/en-us/powershell/module/bitstransfer/start-bitstransfer',
            'curl': 'https://curl.se/docs/manpage.html',
            'wget': 'https://www.gnu.org/software/wget/manual/wget.html',
            'pip': 'https://pip.pypa.io/en/stable/',
            'npm': 'https://docs.npmjs.com/',
            'choco': 'https://chocolatey.org/docs',
            'winget': 'https://docs.microsoft.com/en-us/windows/package-manager/winget/',
            'powershell': 'https://docs.microsoft.com/en-us/powershell/',
            'bash': 'https://www.gnu.org/software/bash/manual/bash.html'
        };
        return docUrls[type.toLowerCase()] || 'https://google.com/search?q=' + encodeURIComponent(type + ' command documentation');
    }

    // Extract package names from install commands and get documentation URLs
    private extractPackagesWithDocs(command: string): { name: string; url: string | null }[] {
        const packages: { name: string; url: string | null }[] = [];
        
        // NPM packages
        const npmMatch = command.match(/npm\s+install\s+([^&\s;|]+)/i);
        if (npmMatch) {
            const packageName = npmMatch[1].replace(/^[@-]/, '').split('@')[0];
            packages.push({
                name: packageName,
                url: `https://www.npmjs.com/package/${packageName}`
            });
        }
        
        // Yarn packages
        const yarnMatch = command.match(/yarn\s+add\s+([^&\s;|]+)/i);
        if (yarnMatch) {
            const packageName = yarnMatch[1].replace(/^[@-]/, '').split('@')[0];
            packages.push({
                name: packageName,
                url: `https://www.npmjs.com/package/${packageName}`
            });
        }
        
        // Pip packages
        const pipMatch = command.match(/pip\s+install\s+([^&\s;|]+)/i);
        if (pipMatch) {
            const packageName = pipMatch[1].split('==')[0].split('>=')[0].split('<=')[0];
            packages.push({
                name: packageName,
                url: `https://pypi.org/project/${packageName}/`
            });
        }
        
        // Chocolatey packages
        const chocoMatch = command.match(/choco\s+install\s+([^&\s;|]+)/i);
        if (chocoMatch) {
            const packageName = chocoMatch[1];
            packages.push({
                name: packageName,
                url: `https://chocolatey.org/packages/${packageName}`
            });
        }
        
        // Install-Package (PowerShell PackageManagement)
        const installPkgMatch = command.match(/Install-Package\s+.*-Name\s+([^&\s;|-]+)/i);
        if (installPkgMatch) {
            const packageName = installPkgMatch[1];
            const providerMatch = command.match(/-ProviderName\s+([^&\s;|-]+)/i);
            const provider = providerMatch ? providerMatch[1].toLowerCase() : 'unknown';
            
            let baseUrl = '';
            switch (provider) {
                case 'chocolatey':
                    baseUrl = `https://chocolatey.org/packages/${packageName}`;
                    break;
                case 'powershellgallery':
                    baseUrl = `https://www.powershellgallery.com/packages/${packageName}`;
                    break;
                default:
                    baseUrl = `https://google.com/search?q=${encodeURIComponent(packageName + ' ' + provider)}`;
            }
            
            packages.push({
                name: packageName,
                url: baseUrl
            });
        }
        
        // Add-AppxPackage
        const appxMatch = command.match(/Add-AppxPackage\s+.*-Path\s+"?([^"&\s;|]+)"?/i);
        if (appxMatch) {
            const packagePath = appxMatch[1];
            packages.push({
                name: packagePath,
                url: null
            });
        }
        
        // Start-BitsTransfer - extract the source URL but don't link to direct download
        const bitsMatch = command.match(/Start-BitsTransfer\s+.*-Source\s+"?([^"&\s;|]+)"?/i);
        if (bitsMatch) {
            const sourceUrl = bitsMatch[1];
            const fileName = sourceUrl.split('/').pop() || 'downloaded file';
            const domain = new URL(sourceUrl).hostname;
            packages.push({
                name: `${fileName} (da ${domain})`,
                url: `https://google.com/search?q=${encodeURIComponent(fileName + ' ' + domain)}`
            });
        }
        
        // msiexec - extract installer path (local installation, potentially dangerous)
        const msiMatch = command.match(/msiexec\s+.*\/i\s+"?([^"&\s;|]+)"?/i);
        if (msiMatch) {
            const installerPath = msiMatch[1];
            packages.push({
                name: `Installazione locale: ${installerPath}`,
                url: null // No docs for local files
            });
        }
        
        // Winget packages
        const wingetMatch = command.match(/winget\s+install\s+([^&\s;|]+)/i);
        if (wingetMatch) {
            // Remove --id= prefix if present
            let packageName = wingetMatch[1].replace(/^--id=/, '');
            packages.push({
                name: packageName,
                url: `https://winget.run/pkg/${packageName}`
            });
        }
        
        // Cargo packages
        const cargoMatch = command.match(/cargo\s+install\s+([^&\s;|]+)/i);
        if (cargoMatch) {
            const packageName = cargoMatch[1];
            packages.push({
                name: packageName,
                url: `https://crates.io/crates/${packageName}`
            });
        }
        
        // RubyGems
        const gemMatch = command.match(/gem\s+install\s+([^&\s;|]+)/i);
        if (gemMatch) {
            const packageName = gemMatch[1];
            packages.push({
                name: packageName,
                url: `https://rubygems.org/gems/${packageName}`
            });
        }
        
        return packages;
    }
    // Detect and decode obfuscated PowerShell code
    private async deobfuscateCode(command: string): Promise<string> {
        let deobfuscatedCode = '';
        
        // Base64 decoding pattern - improved detection
        const base64Patterns = [
            /\[System\.Text\.Encoding\]::\w+\.GetString\(\[Convert\]::FromBase64String\("([^"]+)"\)\)/gi,
            /\$\w+\s*=\s*'([A-Za-z0-9+/=]+)'\s*;\s*\$\w+\s*=\s*\[System\.Text\.Encoding\]::UTF8\.GetString\(\[Convert\]::FromBase64String\(\$\w+\)\)/gi
        ];
        
        for (const pattern of base64Patterns) {
            const matches = [...command.matchAll(pattern)];
            for (const match of matches) {
                try {
                    const decoded = atob(match[1]);
                    deobfuscatedCode += `\n--- Codice Base64 decodificato ---\n${decoded}\n`;
                } catch (error) {
                    deobfuscatedCode += `\n--- Errore decodifica Base64 ---\n${match[1]}\n`;
                }
            }
        }
        
        // ScriptBlock with DownloadString pattern - improved detection
        const downloadPatterns = [
            /\[ScriptBlock\]::Create\(\(.*\.DownloadString\("([^"]+)"\)\)\)/gi,
            /\&\(\[ScriptBlock\]::Create\(\(New-Object Net\.WebClient\)\.DownloadString\("([^"]+)"\)\)\)/gi,
            /\&\(\[ScriptBlock\]::Create\(\(.*\.DownloadString\(\$\w+\)\)\)\)/gi
        ];
        
        for (const pattern of downloadPatterns) {
            const matches = [...command.matchAll(pattern)];
            for (const match of matches) {
                try {
                    let url = match[1];
                    // Handle variable URL references
                    if (url.startsWith('$')) {
                        const varPattern = new RegExp(`\\${url}\\s*=\\s*"([^"]+)"`, 'i');
                        const varMatch = command.match(varPattern);
                        if (varMatch) url = varMatch[1];
                    }
                    
                    const content = await this.downloadContent(url);
                    if (!content.isBinary) {
                        deobfuscatedCode += `\n--- Codice scaricato da ${url} ---\n${content.content}\n`;
                    }
                } catch (error) {
                    deobfuscatedCode += `\n--- Errore download da ${match[1]} ---\nURL non raggiungibile\n`;
                }
            }
        }
        
        // URL concatenation pattern - improved detection
        const concatPatterns = [
            /\$\w+\s*=\s*"([^"]*https?:\/\/[^"]*)"[^;]*\+[^;]*"([^"]*)"[^;]*;/gi,
            /\$\w+\s*=\s*"(https?:\/\/[^"]*?)"\s*\+\s*"([^"]*?)"/gi
        ];
        
        for (const pattern of concatPatterns) {
            const matches = [...command.matchAll(pattern)];
            for (const match of matches) {
                const reconstructedUrl = match[1] + match[2];
                try {
                    const content = await this.downloadContent(reconstructedUrl);
                    if (!content.isBinary) {
                        deobfuscatedCode += `\n--- Codice da URL concatenato ${reconstructedUrl} ---\n${content.content}\n`;
                    }
                } catch (error) {
                    deobfuscatedCode += `\n--- Errore download da URL concatenato ${reconstructedUrl} ---\nURL non raggiungibile\n`;
                }
            }
        }
        
        // Complex variable obfuscation pattern
        const complexPattern = /\$\w+\s*=\s*'([^']+)'\s*\+\s*'([^']+)'\s*\+\s*'([^']+)'/gi;
        const complexMatches = [...command.matchAll(complexPattern)];
        for (const match of complexMatches) {
            const assembled = match[1] + match[2] + match[3];
            if (assembled.includes('New') && assembled.includes('Object') && assembled.includes('WebClient')) {
                deobfuscatedCode += `\n--- Comando assemblato rilevato ---\n${assembled}\n`;
            }
        }
        
        return deobfuscatedCode;
    }

    private formatFileSize(bytes: number): string {
        if (bytes === 0) return '0 bytes';
        
        const k = 1024;
        const sizes = ['bytes', 'KB', 'MB', 'GB'];
        const i = Math.floor(Math.log(bytes) / Math.log(k));
        
        const size = parseFloat((bytes / Math.pow(k, i)).toFixed(2));
        return size + ' ' + sizes[i];
    }

    private getTypeDescription(type: string): string {
        const descriptions: {[key: string]: string} = {
            'Install-Package': 'PowerShell PackageManagement per installare software da repository. Supporta provider come Chocolatey, PowerShellGet, etc.',
            'chocolatey': 'Chocolatey è un gestore di pacchetti per Windows che installa software da repository di terze parti.',
            'Add-AppxPackage': 'PowerShell per installare app da file locali (MSIX/APPX). Installa applicazioni da file già scaricati nel sistema.',
            'Start-BitsTransfer': 'PowerShell per trasferimenti file in background tramite BITS. Può scaricare file da server remoti.',
            'msiexec': 'Windows Installer per installare pacchetti MSI da file locali. Origine e sicurezza del file sconosciute.',
            'iwr': 'PowerShell command per scaricare contenuto web. Può essere usato per scaricare ed eseguire script remoti.',
            'iex': 'PowerShell command per eseguire codice come stringhe. Spesso usato per eseguire script scaricati.',
            'irm': 'PowerShell command per chiamate REST API. Può scaricare ed eseguire contenuto web.',
            'winget': 'Windows Package Manager per installare software. Gestore di pacchetti ufficiale Microsoft per Windows.',
            'Base64 Decode (OFFUSCATO)': '⚠️ CODICE OFFUSCATO: Decodifica ed esecuzione di codice PowerShell nascosto tramite Base64. Tecnica comune per nascondere payload malevoli.',
            'Remote Execution (OFFUSCATO)': '⚠️ CODICE OFFUSCATO: Esecuzione remota di codice PowerShell. Scarica ed esegue script da URL remoti in modo offuscato.',
            'curl': 'Utility per trasferire dati da/verso server. Comunemente usato per scaricare script di installazione.',
            'wget': 'Utility per scaricare file dalla rete. Spesso usato per automatizzare download di software.',
            'sudo': 'Comando per eseguire operazioni con privilegi amministrativi. Richiede attenzione per rischi di sicurezza.',
            'rm/del': 'Comando per eliminare file e directory. Può causare perdita di dati se usato impropriamente.',
            'Package Manager': 'Gestore di pacchetti per installare librerie e software. Verifica sempre la fonte dei pacchetti.',
            'chmod/chown': 'Comandi per modificare permessi e proprietà dei file. Possono compromettere la sicurezza del sistema.'
        };
        
        return descriptions[type] || 'Comando non riconosciuto o comando personalizzato.';
    }

    private getCommandInfo(command: string): { type: string[]; description: string } {
        const commandTypes = [
            { pattern: /^(iwr|Invoke-WebRequest)/i, type: 'iwr', description: 'PowerShell command per scaricare contenuto web. Può essere usato per scaricare ed eseguire script remoti.' },
            { pattern: /^(iex|Invoke-Expression)/i, type: 'iex', description: 'PowerShell command per eseguire codice come stringhe. Spesso usato per eseguire script scaricati.' },
            { pattern: /^(irm|Invoke-RestMethod)/i, type: 'irm', description: 'PowerShell command per chiamate REST API. Può scaricare ed eseguire contenuto web.' },
            { pattern: /^(winget)/i, type: 'winget', description: 'Windows Package Manager per installare software. Gestore di pacchetti ufficiale Microsoft per Windows.' },
            { pattern: /^(msiexec)/i, type: 'msiexec', description: 'Windows Installer per installare pacchetti MSI da file locali. Origine e sicurezza del file sconosciute.' },
            { pattern: /^(Install-Package)/i, type: 'Install-Package', description: 'PowerShell PackageManagement per installare software da repository. Supporta provider come Chocolatey, PowerShellGet, etc.' },
            { pattern: /^(Add-AppxPackage)/i, type: 'Add-AppxPackage', description: 'PowerShell per installare app da file locali (MSIX/APPX). Installa applicazioni da file già scaricati nel sistema.' },
            { pattern: /^(Start-BitsTransfer)/i, type: 'Start-BitsTransfer', description: 'PowerShell per trasferimenti file in background tramite BITS. Può scaricare file da server remoti.' },
            { pattern: /\[System\.Text\.Encoding\].*FromBase64String/i, type: 'Base64 Decode (OFFUSCATO)', description: '⚠️ CODICE OFFUSCATO: Decodifica ed esecuzione di codice PowerShell nascosto tramite Base64. Tecnica comune per nascondere payload malevoli.' },
            { pattern: /\[ScriptBlock\]::Create.*DownloadString/i, type: 'Remote Execution (OFFUSCATO)', description: '⚠️ CODICE OFFUSCATO: Esecuzione remota di codice PowerShell. Scarica ed esegue script da URL remoti in modo offuscato.' },
            { pattern: /^curl/i, type: 'curl', description: 'Utility per trasferire dati da/verso server. Comunemente usato per scaricare script di installazione.' },
            { pattern: /^wget/i, type: 'wget', description: 'Utility per scaricare file dalla rete. Spesso usato per automatizzare download di software.' },
            { pattern: /^sudo/i, type: 'sudo', description: 'Comando per eseguire operazioni con privilegi amministrativi. Richiede attenzione per rischi di sicurezza.' },
            { pattern: /^(rm|del)/i, type: 'rm/del', description: 'Comando per eliminare file e directory. Può causare perdita di dati se usato impropriamente.' },
            { pattern: /^(pip|npm|yarn|gem|cargo)/i, type: 'Package Manager', description: 'Gestore di pacchetti per installare librerie e software. Verifica sempre la fonte dei pacchetti.' },
            { pattern: /^(chmod|chown)/i, type: 'chmod/chown', description: 'Comandi per modificare permessi e proprietà dei file. Possono compromettere la sicurezza del sistema.' }
        ];

        const detectedTypes: string[] = [];
        let description = '';
        
        for (const cmd of commandTypes) {
            if (cmd.pattern.test(command)) {
                detectedTypes.push(cmd.type);
                description = cmd.description;
                break;
            }
        }
        
        // Special handling for Install-Package with provider detection
        if (detectedTypes.includes('Install-Package')) {
            const providerMatch = command.match(/-ProviderName\s+([^&\s;|-]+)/i);
            if (providerMatch) {
                const provider = providerMatch[1].toLowerCase();
                detectedTypes.push(provider);
            }
        }
        
        if (detectedTypes.length === 0) {
            detectedTypes.push('Unknown');
            description = 'Comando non riconosciuto o comando personalizzato.';
        }
        
        return { type: detectedTypes, description };
    }

    // Handle reset functionality
    private handleReset(): void {
        const input = document.getElementById('commandInput') as HTMLTextAreaElement;
        const resultsDiv = document.getElementById('results') as HTMLDivElement;
        const emptyState = document.getElementById('emptyState') as HTMLDivElement;
        
        // Clear input
        input.value = '';
        this.autoResizeTextarea();
        
        // Hide results and show empty state
        resultsDiv.classList.add('hidden');
        emptyState.classList.remove('hidden');
        
        // Clear stored command and result
        this.command = '';
        this.result = null;
        
        // Focus on input
        input.focus();
    }

    // Extract code content from URLs
    private async extractCodeFromUrls(urls: string[]): Promise<string[]> {
        const codeContents = [];
        
        for (const url of urls) {
            try {
                const content = await this.downloadContent(url);
                if (!content.isBinary) {
                    codeContents.push(content.content);
                }
            } catch (error) {
                console.error(`Failed to download ${url}:`, error);
            }
        }
        
        return codeContents;
    }

    // Extract all unique URLs from code content
    private extractAllUrls(command: string, codeContents: string[]): string[] {
        const allUrls = new Set<string>();
        
        // URLs from command
        const commandUrls = this.extractUrls(command);
        commandUrls.forEach(url => allUrls.add(url));
        
        // URLs from downloaded content
        for (const content of codeContents) {
            const contentUrls = this.extractUrls(content);
            contentUrls.forEach(url => allUrls.add(url));
        }
        
        return Array.from(allUrls);
    }

    // Main analysis function
    private async analyzeCommand(inputCommand: string): Promise<AnalysisResult> {
        const threats: string[] = [];
        const detectedPatterns: string[] = [];
        const suggestions: string[] = [];
        const codeContents: string[] = [];
        let riskLevel: 'low' | 'medium' | 'high' = 'low';
        
        // Check dangerous patterns
        for (const { pattern, threat, severity } of this.dangerousPatterns) {
            if (pattern.test(inputCommand)) {
                threats.push(threat);
                detectedPatterns.push(pattern.source);
                if (severity === 'high') riskLevel = 'high';
                else if (severity === 'medium' && riskLevel !== 'high') riskLevel = 'medium';
            }
        }
        
        // Check package managers
        for (const { pattern, name } of this.packageManagers) {
            if (pattern.test(inputCommand)) {
                detectedPatterns.push(`Package manager: ${name}`);
                suggestions.push(`Verifica la fonte del package prima di installare da ${name}`);
            }
        }
        
        // Get command info and check if unknown command
        const commandInfo = this.getCommandInfo(inputCommand);
        
        // Handle multiple command types
        const typeDescriptions = commandInfo.type.map(type => `${type}`).join(', ');
        detectedPatterns.push(`Tipo comando: ${typeDescriptions} - ${commandInfo.description}`);
        
        // If command is unknown, set risk to medium
        if (commandInfo.type.includes('Unknown') && riskLevel === 'low') {
            riskLevel = 'medium';
            threats.push('Comando non riconosciuto - richiede attenzione manuale');
        }
        
        // Check for obfuscated commands and attempt deobfuscation
        const isObfuscated = /(\[System\.Text\.Encoding\].*FromBase64String|\[ScriptBlock\]::Create.*DownloadString)/i.test(inputCommand);
        if (isObfuscated) {
            try {
                const deobfuscatedCode = await this.deobfuscateCode(inputCommand);
                if (deobfuscatedCode) {
                    codeContents.push(deobfuscatedCode);
                    threats.push('⚠️ CODICE OFFUSCATO RILEVATO - Possibile tentativo di nascondere payload malevolo');
                    if (riskLevel !== 'high') riskLevel = 'high';
                }
            } catch (error) {
                threats.push('Codice offuscato rilevato ma non decodificabile');
                if (riskLevel !== 'high') riskLevel = 'high';
            }
        }

        // Extract and analyze URLs
        const urls = this.extractUrls(inputCommand);
        const downloadedContent = [];
        const codeContents = [];
        
        for (const url of urls) {
            try {
                const content = await this.downloadContent(url);
                downloadedContent.push(content);
                
                if (content.isBinary) {
                    threats.push(`URL scarica contenuto binario: ${content.mimeType || 'unknown'}`);
                    riskLevel = 'high';
                } else {
                    codeContents.push(content.content);
                }
            } catch (error) {
                console.error(`Failed to download ${url}:`, error);
                threats.push(`Impossibile analizzare URL: ${url}`);
            }
        }

        // Special risk check for msiexec with local files
        if (/^msiexec\s+.*\/i\s+/i.test(inputCommand) && riskLevel === 'low') {
            riskLevel = 'medium';
            threats.push('Installazione di pacchetto MSI locale - origine e sicurezza sconosciute');
        }

        // Extract all URLs from command and downloaded content
        const allUrls = this.extractAllUrls(inputCommand, codeContents);
        
        // Increase risk level based on number of URLs found
        if (allUrls.length > 0) {
            if (allUrls.length >= 5) {
                // Many URLs increase risk significantly
                if (riskLevel === 'low') riskLevel = 'medium';
                else if (riskLevel === 'medium') riskLevel = 'high';
                threats.push(`Numero elevato di URL rilevati: ${allUrls.length} collegamenti`);
            } else if (allUrls.length >= 2) {
                // Multiple URLs increase risk moderately
                if (riskLevel === 'low') riskLevel = 'medium';
                threats.push(`Multiple URL rilevate: ${allUrls.length} collegamenti`);
            } else {
                // Single URL - minimal risk increase
                threats.push(`URL rilevato: ${allUrls.length} collegamento`);
            }
        }
        
        // Add general suggestions
        if (threats.length === 0) {
            suggestions.push('Il comando sembra sicuro da eseguire');
        } else {
            suggestions.push('Esamina attentamente i rischi identificati prima di eseguire');
            suggestions.push('Considera di eseguire il comando in un ambiente isolato');
            if (allUrls.length > 0) {
                suggestions.push('Verifica manualmente tutti gli URL prima dell\'esecuzione');
            }
        }
        
        return {
            command: inputCommand,
            riskLevel,
            threats,
            detectedPatterns,
            urls: allUrls,
            downloadedContent,
            highlightedCode: this.highlightSyntax(inputCommand),
            suggestions,
        };
    }

    // Render results
    private renderResults(analysisResult: AnalysisResult): void {
        const resultsDiv = document.getElementById('results') as HTMLDivElement;
        const riskClass = `risk-${analysisResult.riskLevel}`;
        
        // Create threats content for inclusion in risk banner
        let threatsContent = '';
        if (analysisResult.threats.length > 0) {
            for (const threat of analysisResult.threats) {
                threatsContent += `
                    <div class="threat-item">
                        <svg width="16" height="16" fill="none" stroke="currentColor" viewBox="0 0 24 24" style="flex-shrink: 0; margin-top: 0.125rem;">
                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-2.5L13.732 4c-.77-.833-1.964-.833-2.732 0L4.082 16.5c-.77.833.192 2.5 1.732 2.5z"></path>
                        </svg>
                        <span style="font-size: 0.875rem;">${threat}</span>
                    </div>
                `;
            }
        }

        let html = `
            <!-- Risk Banner with Threats and Command -->
            <div class="risk-banner ${riskClass}">
                <div class="risk-content">
                    <svg width="24" height="24" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                        ${analysisResult.riskLevel === 'high' ? 
                            '<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z"></path>' :
                            analysisResult.riskLevel === 'medium' ?
                            '<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-2.5L13.732 4c-.77-.833-1.964-.833-2.732 0L4.082 16.5c-.77.833.192 2.5 1.732 2.5z"></path>' :
                            '<path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m6 2a9 9 0 11-18 0 9 9 0 0118 0z"></path>'
                        }
                    </svg>
                    <div>
                        <h3 class="risk-title">Livello di Rischio: ${analysisResult.riskLevel.toUpperCase()}</h3>
                        <p style="font-size: 0.875rem; opacity: 0.8;">${analysisResult.threats.length} minacce rilevate</p>
                    </div>
                </div>
                
                <!-- Command in Risk Banner -->
                <div style="margin-top: 1rem; padding-top: 1rem; border-top: 1px solid rgba(255,255,255,0.1);">
                    <h4 style="font-size: 0.875rem; font-weight: 600; margin-bottom: 0.5rem; opacity: 0.9;">Comando Analizzato:</h4>
                    <div class="code-block" style="background-color: rgba(0,0,0,0.2); border: 1px solid rgba(255,255,255,0.1);">${analysisResult.highlightedCode}</div>
                </div>
                
                ${threatsContent}
            </div>
        `;

        // Command Type and Info
        const cmdInfo = this.getCommandInfo(analysisResult.command);
        html += `
            <div class="card">
                <h3 class="card-title">
                    <svg width="20" height="20" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13 16h-1v-4h-1m1-4h.01M21 12a9 9 0 11-18 0 9 9 0 0118 0z"></path>
                    </svg>
                    Tipologia Comando
                </h3>
        `;
        
        // Handle command types and descriptions separately
        for (let i = 0; i < cmdInfo.type.length; i++) {
            const type = cmdInfo.type[i];
            const docUrl = this.getDocumentationUrl(type);
            const isObfuscated = type.includes('OFFUSCATO');
            const badgeClass = isObfuscated ? 'badge-binary' : 'badge-text';
            
            html += `
                <div class="content-item">
                    <div class="content-header">
                        <span class="badge ${badgeClass}">${type}${isObfuscated ? ' ⚠️' : ''}</span>
                        <button onclick="window.open('${docUrl}', '_blank')" style="background: rgba(96, 165, 250, 0.2); border: 1px solid rgba(96, 165, 250, 0.3); color: #60a5fa; border-radius: 50%; width: 18px; height: 18px; display: flex; align-items: center; justify-content: center; cursor: pointer; font-size: 10px; font-weight: bold;" title="Documentazione ufficiale">i</button>
                    </div>
                    <p style="color: #d1d5db; margin-top: 0.5rem; font-size: 0.875rem;">${this.getTypeDescription(type)}</p>
                    ${isObfuscated ? '<p style="color: #f87171; margin-top: 0.5rem; font-weight: bold;">⚠️ ATTENZIONE: Questo comando usa tecniche di offuscamento che possono nascondere codice malevolo!</p>' : ''}
                </div>
            `;
        }
        
        html += `
            <div style="margin-top: 1rem; padding: 0.75rem; background-color: rgba(31, 41, 55, 0.5); border-radius: 0.375rem;">
                <p style="color: #d1d5db; font-size: 0.875rem;">${cmdInfo.description}</p>
            </div>
        </div>
        `;

        // Packages Documentation Section
        const packages = this.extractPackagesWithDocs(analysisResult.command);
        if (packages.length > 0) {
            html += `
                <div class="card">
                    <h3 class="card-title">
                        <svg width="20" height="20" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M20 7l-8-4-8 4m16 0l-8 4m8-4v10l-8 4m0-10L4 7m8 4v10M4 7v10l8 4"></path>
                        </svg>
                        Pacchetti Rilevati
                    </h3>
            `;
            
            for (const pkg of packages) {
                const isLocalInstall = pkg.name.startsWith('Installazione locale:');
                const warningText = isLocalInstall ? 
                    'File locale - origine e sicurezza sconosciute. Verificare il file prima dell\'installazione.' :
                    'Verifica questo pacchetto prima dell\'installazione';
                
                html += `
                    <div class="content-item">
                        <div class="content-header">
                            <span class="badge ${isLocalInstall ? 'badge-binary' : 'badge-text'}">${pkg.name}</span>
                            ${pkg.url ? `
                                <button onclick="window.open('${pkg.url}', '_blank')" style="background: rgba(34, 197, 94, 0.2); border: 1px solid rgba(34, 197, 94, 0.3); color: #4ade80; border-radius: 0.25rem; padding: 0.25rem 0.5rem; cursor: pointer; font-size: 0.75rem; display: flex; align-items: center; gap: 0.25rem;" title="Documentazione pacchetto">
                                    <svg width="12" height="12" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 6.253v13m0-13C10.832 5.477 9.246 5 7.5 5S4.168 5.477 3 6.253v13C4.168 18.477 5.754 18 7.5 18s3.332.477 4.5 1.253m0-13C13.168 5.477 14.754 5 16.5 5c1.747 0 3.332.477 4.5 1.253v13C19.832 18.477 18.246 18 16.5 18c-1.746 0-3.332.477-4.5 1.253"></path>
                                    </svg>
                                    Docs
                                </button>
                            ` : ''}
                        </div>
                        <p style="color: ${isLocalInstall ? '#f87171' : '#d1d5db'}; margin-top: 0.5rem; font-size: 0.875rem; ${isLocalInstall ? 'font-weight: bold;' : ''}">${warningText}</p>
                    </div>
                `;
            }
            
            html += '</div>';
        }


        // Downloaded Content with URLs
        if ((analysisResult.downloadedContent && analysisResult.downloadedContent.length > 0) || (analysisResult.urls && analysisResult.urls.length > 0)) {
            html += `
                <div class="card">
                    <h3 class="card-title">
                        <svg width="20" height="20" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                            <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 16v1a3 3 0 003 3h10a3 3 0 003-3v-1m-4-4l-4 4m0 0l-4-4m4 4V4"></path>
                        </svg>
                        Codice Eseguito dal Comando
                    </h3>
            `;
            
            // Show downloaded content first
            if (analysisResult.downloadedContent && analysisResult.downloadedContent.length > 0) {
                for (const content of analysisResult.downloadedContent) {
                    html += `
                        <div class="content-item">
                            <div class="content-header">
                                <span class="badge ${content.isBinary ? 'badge-binary' : 'badge-text'}">
                                    ${content.isBinary ? 'BINARY' : 'TEXT'}
                                </span>
                                <span style="font-size: 0.875rem; color: #9ca3af;">${this.formatFileSize(content.size)}</span>
                                ${content.mimeType ? `<span style="font-size: 0.75rem; color: #6b7280;">${content.mimeType}</span>` : ''}
                            </div>
                            ${content.isBinary ? `
                                <div class="alert" style="margin-top: 0.5rem;">
                                    <svg width="16" height="16" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                        <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-2.5L13.732 4c-.77-.833-1.964-.833-2.732 0L4.082 16.5c-.77.833.192 2.5 1.732 2.5z"></path>
                                    </svg>
                                    File binario rilevato. Non visualizzabile come testo.
                                </div>
                            ` : `
                                <div class="code-block" style="margin-top: 0.5rem;">${this.highlightSyntax(content.content)}</div>
                            `}
                        </div>
                    `;
                }
            }
            
            // Show all URLs if any
            if (analysisResult.urls && analysisResult.urls.length > 0) {
                html += `
                    <div style="margin-top: 1.5rem; padding-top: 1rem; border-top: 1px solid #4b5563;">
                        <h4 style="font-size: 1rem; font-weight: 600; margin-bottom: 1rem; color: #f9fafb; display: flex; align-items: center; gap: 0.5rem;">
                            <svg width="16" height="16" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M13.828 10.172a4 4 0 00-5.656 0l-4 4a4 4 0 105.656 5.656l1.102-1.101m-.758-4.899a4 4 0 005.656 0l4-4a4 4 0 00-5.656-5.656l-1.1 1.1"></path>
                            </svg>
                            URL Trovati nel Codice
                        </h4>
                `;
                
                for (const url of analysisResult.urls) {
                    html += `
                        <div class="content-item" style="display: flex; align-items: center; justify-content: space-between; gap: 1rem;">
                            <div class="url-text" style="flex: 1;">${url}</div>
                            <button onclick="analyzer.copyToClipboard('${url.replace(/'/g, '\\\'')}')" style="background: rgba(96, 165, 250, 0.2); border: 1px solid rgba(96, 165, 250, 0.3); color: #60a5fa; border-radius: 0.25rem; padding: 0.25rem 0.5rem; cursor: pointer; font-size: 0.75rem; flex-shrink: 0;" title="Copia URL">
                                <svg width="12" height="12" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z"></path>
                                </svg>
                                Copia
                            </button>
                        </div>
                    `;
                }
                
                html += '</div>';
            }
            
            html += '</div>';
        }


        resultsDiv.innerHTML = html;
        resultsDiv.classList.remove('hidden');
        const emptyState = document.getElementById('emptyState') as HTMLDivElement;
        emptyState.classList.add('hidden');
    }

    // Handle analysis
    private async handleAnalyze(): Promise<void> {
        const input = document.getElementById('commandInput') as HTMLTextAreaElement;
        const btn = document.getElementById('analyzeBtn') as HTMLButtonElement;
        const slowMsg = document.getElementById('slowMessage') as HTMLDivElement;
        
        this.command = input.value.trim();
        
        if (!this.command) {
            alert('Inserisci un comando da analizzare');
            return;
        }
        
        this.isLoading = true;
        btn.disabled = true;
        btn.innerHTML = `
            <div class="spinner"></div>
            Analizzando...
        `;
        
        // Show slow message after 5 seconds
        const slowTimeout = setTimeout(() => {
            slowMsg.classList.remove('hidden');
        }, 5000);
        
        try {
            this.result = await this.analyzeCommand(this.command);
            this.addToHistory(this.command);
            this.renderResults(this.result);
            
            // Log completion message
            const message = `Analisi completata - Rischio: ${this.result.riskLevel.toUpperCase()}`;
            console.log(message);
            
        } catch (error) {
            console.error('Analysis failed:', error);
            alert('Si è verificato un errore durante l\'analisi del comando');
        } finally {
            clearTimeout(slowTimeout);
            this.isLoading = false;
            slowMsg.classList.add('hidden');
            btn.disabled = false;
            btn.innerHTML = `
                <svg width="16" height="16" fill="none" stroke="currentColor" viewBox="0 0 24 24">
                    <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z"></path>
                </svg>
                Analizza Comando
            `;
        }
    }
}

// Initialize the application
const analyzer = new CommandAnalyzer();

// Expose analyzer to global scope for onclick handlers
(window as any).analyzer = analyzer;

// Expose methods to global scope for HTML event handlers
(window as any).analyzer = analyzer;