The cli-hook approval check refused any command containing > or >>, which made things like az containerapp logs show ... > $TMPDIR/ca-logs3.json unapprovable — even though redirecting log output into a temp file is a perfectly safe pattern. Loosened the parser to strip a redirect when its target sits under the OS temp directory and otherwise return a specific redirect target '...' is outside the OS temp directory error instead of the generic “unable to parse”. The temp-path matcher handles both POSIX and Windows path styles (case-insensitive, forward or back slashes, drive-letter required) so the check is consistent across machines.

While in there I changed splitCompound to return a result object ({ ok, parts | error }) instead of string[] | undefined, which lets the hook surface the actual reason a command was rejected rather than just saying it couldn’t parse. Pulled groupByOperator, consumeRedirect, and isRedirectTargetAllowed out into their own files so the parser stays under control as more cases get added.