fix(exec): recognize PowerShell encoded commands

src/infra/shell-inline-command.ts

@@ -1,5 +1,12 @@
 export const POSIX_INLINE_COMMAND_FLAGS = new Set(["-lc", "-c", "--command"]);
-export const POWERSHELL_INLINE_COMMAND_FLAGS = new Set(["-c", "-command", "--command"]);
+export const POWERSHELL_INLINE_COMMAND_FLAGS = new Set([
+  "-c",
+  "-command",
+  "--command",
+  "-encodedcommand",
+  "-enc",
+  "-e",
+]);
 
 export function resolveInlineCommandMatch(
   argv: string[],

src/infra/system-run-command.test.ts

@@ -59,6 +59,12 @@ describe("system run command helpers", () => {
   test("extractShellCommandFromArgv supports fish and pwsh wrappers", () => {
     expect(extractShellCommandFromArgv(["fish", "-c", "echo hi"])).toBe("echo hi");
     expect(extractShellCommandFromArgv(["pwsh", "-Command", "Get-Date"])).toBe("Get-Date");
+    expect(extractShellCommandFromArgv(["pwsh", "-EncodedCommand", "ZQBjAGgAbwA="])).toBe(
+      "ZQBjAGgAbwA=",
+    );
+    expect(extractShellCommandFromArgv(["powershell", "-enc", "ZQBjAGgAbwA="])).toBe(
+      "ZQBjAGgAbwA=",
+    );
   });
 
   test("extractShellCommandFromArgv unwraps busybox/toybox shell applets", () => {

src/node-host/invoke-system-run.test.ts

@@ -847,6 +847,17 @@ describe("handleSystemRunInvoke mac app exec host routing", () => {
     }
   });
 
+  it("denies PowerShell encoded-command payloads in allowlist mode without explicit approval", async () => {
+    const { runCommand, sendInvokeResult, sendNodeEvent } = await runSystemInvoke({
+      preferMacAppExecHost: false,
+      security: "allowlist",
+      ask: "on-miss",
+      command: ["pwsh", "-EncodedCommand", "ZQBjAGgAbwAgAHAAdwBuAGUAZAA="],
+    });
+    expect(runCommand).not.toHaveBeenCalled();
+    expectApprovalRequiredDenied({ sendNodeEvent, sendInvokeResult });
+  });
+
   it("denies nested env shell payloads when wrapper depth is exceeded", async () => {
     if (process.platform === "win32") {
       return;