Apple Events MCP Server

# Task 006: CLI Executor Documentation ## Feature Argument Injection Documentation - Document current safety approach in JSDoc. ## BDD Scenario ```gherkin Feature: Argument Injection Safety Scenario: Shell metacharacters are not interpreted Given a user provides title="test; rm -rf /" When the CLI is executed Then the semicolon is treated as literal text And NOT as a command separator Scenario: execFile prevents shell injection Given the executeCli function is called When arguments are passed to the Swift binary Then execFile is used (not exec) And arguments are passed as a separate array And no shell interpretation occurs ``` ## Files to Modify | File | Action | |------|--------| | `src/utils/cliExecutor.ts` | Add security documentation to JSDoc | ## Implementation Notes 1. Add a detailed JSDoc comment to `executeCli()` that explains: - The use of `execFile()` instead of `exec()` - How arguments are passed as a separate array - Why shell metacharacters are not interpreted - Example of safe vs unsafe argument handling 2. Add a `@security` section to the JSDoc explaining: - No shell interpretation - Argument separation prevents injection - Swift CLI uses ArgumentParser for additional safety 3. No code changes required - documentation only ## Verification ```bash # Verify TypeScript compiles without errors pnpm check # Expected: No errors ``` ## Dependencies - None (documentation-only task) ## Commit ``` docs(cliExecutor): add argument injection safety documentation ```