diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/runInTerminalHelpers.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/runInTerminalHelpers.ts
index 6e2c39552619f..da58e2d5ba4df 100644
--- a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/runInTerminalHelpers.ts
+++ b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/runInTerminalHelpers.ts
@@ -11,7 +11,8 @@ import { escapeRegExpCharacters, removeAnsiEscapeCodes } from '../../../../../ba
 import { localize } from '../../../../../nls.js';
 import type { TerminalNewAutoApproveButtonData } from '../../../chat/browser/widget/chatContentParts/toolInvocationParts/chatTerminalToolConfirmationSubPart.js';
 import type { ToolConfirmationAction } from '../../../chat/common/tools/languageModelToolsService.js';
-import type { ICommandApprovalResultWithReason } from './commandLineAutoApprover.js';
+import type { ICommandApprovalResultWithReason } from './tools/commandLineAnalyzer/autoApprove/commandLineAutoApprover.js';
+import { isAutoApproveRule } from './tools/commandLineAnalyzer/commandLineAnalyzer.js';
 
 export function isPowerShell(envShell: string, os: OperatingSystem): boolean {
 	if (os === OperatingSystem.Windows) {
@@ -262,6 +263,10 @@ export function generateAutoApproveActions(commandLine: string, subCommands: str
 
 export function dedupeRules(rules: ICommandApprovalResultWithReason[]): ICommandApprovalResultWithReason[] {
 	return rules.filter((result, index, array) => {
-		return result.rule && array.findIndex(r => r.rule && r.rule.sourceText === result.rule!.sourceText) === index;
+		if (!isAutoApproveRule(result.rule)) {
+			return false;
+		}
+		const sourceText = result.rule.sourceText;
+		return array.findIndex(r => isAutoApproveRule(r.rule) && r.rule.sourceText === sourceText) === index;
 	});
 }
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/commandLineAutoApprover.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/autoApprove/commandLineAutoApprover.ts
similarity index 88%
rename from src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/commandLineAutoApprover.ts
rename to src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/autoApprove/commandLineAutoApprover.ts
index 7873379b95520..effcd105dbc50 100644
--- a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/commandLineAutoApprover.ts
+++ b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/autoApprove/commandLineAutoApprover.ts
@@ -3,28 +3,24 @@
  *  Licensed under the MIT License. See License.txt in the project root for license information.
  *--------------------------------------------------------------------------------------------*/
 
-import { Disposable } from '../../../../../base/common/lifecycle.js';
-import type { OperatingSystem } from '../../../../../base/common/platform.js';
-import { escapeRegExpCharacters, regExpLeadsToEndlessLoop } from '../../../../../base/common/strings.js';
-import { isObject } from '../../../../../base/common/types.js';
-import { structuralEquals } from '../../../../../base/common/equals.js';
-import { ConfigurationTarget, IConfigurationService, type IConfigurationValue } from '../../../../../platform/configuration/common/configuration.js';
-import { TerminalChatAgentToolsSettingId } from '../common/terminalChatAgentToolsConfiguration.js';
-import { isPowerShell } from './runInTerminalHelpers.js';
-import { ITerminalChatService } from '../../../terminal/browser/terminal.js';
-
-export interface IAutoApproveRule {
-	regex: RegExp;
-	regexCaseInsensitive: RegExp;
-	sourceText: string;
-	sourceTarget: ConfigurationTarget | 'session';
-	isDefaultRule: boolean;
-}
+import { structuralEquals } from '../../../../../../../../base/common/equals.js';
+import { Disposable } from '../../../../../../../../base/common/lifecycle.js';
+import type { OperatingSystem } from '../../../../../../../../base/common/platform.js';
+import { escapeRegExpCharacters, regExpLeadsToEndlessLoop } from '../../../../../../../../base/common/strings.js';
+import { isObject } from '../../../../../../../../base/common/types.js';
+import type { URI } from '../../../../../../../../base/common/uri.js';
+import { ConfigurationTarget, IConfigurationService, type IConfigurationValue } from '../../../../../../../../platform/configuration/common/configuration.js';
+import { IInstantiationService } from '../../../../../../../../platform/instantiation/common/instantiation.js';
+import { ITerminalChatService } from '../../../../../../terminal/browser/terminal.js';
+import { TerminalChatAgentToolsSettingId } from '../../../../common/terminalChatAgentToolsConfiguration.js';
+import { isPowerShell } from '../../../runInTerminalHelpers.js';
+import type { IAutoApproveRule, INpmScriptAutoApproveRule } from '../commandLineAnalyzer.js';
+import { NpmScriptAutoApprover } from './npmScriptAutoApprover.js';
 
 export interface ICommandApprovalResultWithReason {
 	result: ICommandApprovalResult;
 	reason: string;
-	rule?: IAutoApproveRule;
+	rule?: IAutoApproveRule | INpmScriptAutoApproveRule;
 }
 
 export type ICommandApprovalResult = 'approved' | 'denied' | 'noMatch';
@@ -37,12 +33,15 @@ export class CommandLineAutoApprover extends Disposable {
 	private _allowListRules: IAutoApproveRule[] = [];
 	private _allowListCommandLineRules: IAutoApproveRule[] = [];
 	private _denyListCommandLineRules: IAutoApproveRule[] = [];
+	private readonly _npmScriptAutoApprover: NpmScriptAutoApprover;
 
 	constructor(
 		@IConfigurationService private readonly _configurationService: IConfigurationService,
+		@IInstantiationService instantiationService: IInstantiationService,
 		@ITerminalChatService private readonly _terminalChatService: ITerminalChatService,
 	) {
 		super();
+		this._npmScriptAutoApprover = this._register(instantiationService.createInstance(NpmScriptAutoApprover));
 		this.updateConfiguration();
 		this._register(this._configurationService.onDidChangeConfiguration(e => {
 			if (
@@ -78,7 +77,7 @@ export class CommandLineAutoApprover extends Disposable {
 		this._denyListCommandLineRules = denyListCommandLineRules;
 	}
 
-	isCommandAutoApproved(command: string, shell: string, os: OperatingSystem, chatSessionId?: string): ICommandApprovalResultWithReason {
+	async isCommandAutoApproved(command: string, shell: string, os: OperatingSystem, cwd: URI | undefined, chatSessionId?: string): Promise<ICommandApprovalResultWithReason> {
 		// Check if the command has a transient environment variable assignment prefix which we
 		// always deny for now as it can easily lead to execute other commands
 		if (transientEnvVarRegex.test(command)) {
@@ -121,6 +120,16 @@ export class CommandLineAutoApprover extends Disposable {
 			}
 		}
 
+		// Check if this is an npm/yarn/pnpm script defined in package.json
+		const npmScriptResult = await this._npmScriptAutoApprover.isCommandAutoApproved(command, cwd);
+		if (npmScriptResult.isAutoApproved) {
+			return {
+				result: 'approved',
+				rule: { type: 'npmScript', npmScriptResult },
+				reason: `Command '${command}' is approved as npm script '${npmScriptResult.scriptName}' is defined in package.json`
+			};
+		}
+
 		// TODO: LLM-based auto-approval https://github.com/microsoft/vscode/issues/253267
 
 		// Fallback is always to require approval
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/autoApprove/npmScriptAutoApprover.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/autoApprove/npmScriptAutoApprover.ts
new file mode 100644
index 0000000000000..57da0c5439c13
--- /dev/null
+++ b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/autoApprove/npmScriptAutoApprover.ts
@@ -0,0 +1,232 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import { MarkdownString, type IMarkdownString } from '../../../../../../../../base/common/htmlContent.js';
+import { visit, type JSONVisitor } from '../../../../../../../../base/common/json.js';
+import { Disposable } from '../../../../../../../../base/common/lifecycle.js';
+import { URI } from '../../../../../../../../base/common/uri.js';
+import { IUriIdentityService } from '../../../../../../../../platform/uriIdentity/common/uriIdentity.js';
+import { localize } from '../../../../../../../../nls.js';
+import { IConfigurationService } from '../../../../../../../../platform/configuration/common/configuration.js';
+import { IFileService } from '../../../../../../../../platform/files/common/files.js';
+import { IWorkspaceContextService, type IWorkspaceFolder } from '../../../../../../../../platform/workspace/common/workspace.js';
+import { TerminalChatAgentToolsSettingId } from '../../../../common/terminalChatAgentToolsConfiguration.js';
+
+/**
+ * Regex patterns to match npm/yarn/pnpm run commands and extract the script name.
+ * Uses named capture groups: 'command' for the package manager, 'scriptName' for the script.
+ */
+const npmRunPatterns = [
+	// npm run <script>
+	// npm run-script <script>
+	/^(?<command>npm)\s+(?:run(?:-script)?)\s+(?<scriptName>[^\s&|;]+)/i,
+	// npm test, npm start, npm stop, npm restart (shorthand commands)
+	// See https://docs.npmjs.com/cli/v10/commands/npm-run-script
+	/^(?<command>npm)\s+(?<scriptName>test|start|stop|restart)\b/i,
+	// yarn <script>
+	// yarn run <script>
+	/^(?<command>yarn)\s+(?:run\s+)?(?<scriptName>[^\s&|;]+)/i,
+	// pnpm <script>
+	// pnpm run <script>
+	/^(?<command>pnpm)\s+(?:run\s+)?(?<scriptName>[^\s&|;]+)/i,
+];
+
+/**
+ * Yarn built-in commands that should not be treated as script names.
+ * Note: 'test' is omitted since it's commonly a user script, and 'yarn test'
+ * is often used to run the 'test' script from package.json.
+ */
+const yarnBuiltinCommands = new Set([
+	'add', 'audit', 'autoclean', 'bin', 'cache', 'check', 'config',
+	'create', 'dedupe', 'dlx', 'exec', 'explain', 'generate-lock-entry',
+	'global', 'help', 'import', 'info', 'init', 'install', 'licenses',
+	'link', 'list', 'login', 'logout', 'node', 'outdated', 'owner',
+	'pack', 'patch', 'patch-commit', 'plugin', 'policies', 'publish',
+	'rebuild', 'remove', 'run', 'search', 'set', 'stage', 'tag', 'team',
+	'unlink', 'unplug', 'up', 'upgrade', 'upgrade-interactive',
+	'version', 'versions', 'why', 'workspace', 'workspaces',
+]);
+
+/**
+ * pnpm built-in commands that should not be treated as script names.
+ * Note: 'test' is omitted since it's commonly a user script, and 'pnpm test'
+ * is often used to run the 'test' script from package.json.
+ */
+const pnpmBuiltinCommands = new Set([
+	'add', 'audit', 'bin', 'config', 'dedupe', 'deploy', 'dlx', 'doctor',
+	'env', 'exec', 'fetch', 'import', 'init', 'install', 'install-test',
+	'licenses', 'link', 'list', 'ln', 'ls', 'outdated', 'pack', 'patch',
+	'patch-commit', 'patch-remove', 'prune', 'publish', 'rb', 'rebuild',
+	'remove', 'rm', 'root', 'run', 'server', 'setup', 'store',
+	'un', 'uninstall', 'unlink', 'up', 'update', 'why',
+]);
+
+interface IPackageJsonScripts {
+	uri: URI;
+	scripts: Set<string>;
+}
+
+export interface INpmScriptAutoApproveResult {
+	isAutoApproved: boolean;
+	scriptName?: string;
+	autoApproveInfo?: IMarkdownString;
+}
+
+export class NpmScriptAutoApprover extends Disposable {
+
+	constructor(
+		@IConfigurationService private readonly _configurationService: IConfigurationService,
+		@IFileService private readonly _fileService: IFileService,
+		@IUriIdentityService private readonly _uriIdentityService: IUriIdentityService,
+		@IWorkspaceContextService private readonly _workspaceContextService: IWorkspaceContextService,
+	) {
+		super();
+	}
+
+	/**
+	 * Checks if a single command is an npm/yarn/pnpm script that exists in package.json.
+	 * Returns auto-approve result if the command is a valid script.
+	 */
+	async isCommandAutoApproved(command: string, cwd: URI | undefined): Promise<INpmScriptAutoApproveResult> {
+		// Check if the feature is enabled
+		const isNpmScriptAutoApproveEnabled = this._configurationService.getValue(TerminalChatAgentToolsSettingId.AutoApproveWorkspaceNpmScripts) === true;
+		if (!isNpmScriptAutoApproveEnabled) {
+			return { isAutoApproved: false };
+		}
+
+		// Extract script name from the command
+		const scriptName = this._extractScriptName(command);
+		if (!scriptName) {
+			return { isAutoApproved: false };
+		}
+
+		// Find and parse package.json
+		const packageJsonScripts = await this._getPackageJsonScripts(cwd);
+		if (!packageJsonScripts) {
+			return { isAutoApproved: false };
+		}
+
+		// Check if script exists in package.json
+		if (!packageJsonScripts.scripts.has(scriptName)) {
+			return { isAutoApproved: false };
+		}
+
+		// Script exists - auto approve
+		return {
+			isAutoApproved: true,
+			scriptName,
+			autoApproveInfo: new MarkdownString(
+				localize('autoApprove.npmScript', 'Auto approved as {0} is defined in package.json', `\`${scriptName}\``)
+			),
+		};
+	}
+
+	/**
+	 * Extracts script name from an npm/yarn/pnpm run command.
+	 */
+	private _extractScriptName(command: string): string | undefined {
+		const trimmedCommand = command.trim();
+
+		for (const pattern of npmRunPatterns) {
+			const match = trimmedCommand.match(pattern);
+			if (match?.groups?.scriptName) {
+				const { command: pkgManager, scriptName } = match.groups;
+
+				// Check if this is a yarn/pnpm shorthand that matches a built-in command
+				if (pkgManager.toLowerCase() === 'yarn' && yarnBuiltinCommands.has(scriptName.toLowerCase())) {
+					continue;
+				}
+				if (pkgManager.toLowerCase() === 'pnpm' && pnpmBuiltinCommands.has(scriptName.toLowerCase())) {
+					continue;
+				}
+
+				return scriptName;
+			}
+		}
+
+		return undefined;
+	}
+
+	/**
+	 * Checks if a URI is within any workspace folder.
+	 */
+	private _isWithinWorkspace(uri: URI): boolean {
+		const workspaceFolders = this._workspaceContextService.getWorkspace().folders;
+		return workspaceFolders.some((folder: IWorkspaceFolder) => this._uriIdentityService.extUri.isEqualOrParent(uri, folder.uri));
+	}
+
+	/**
+	 * Finds and parses package.json to get the scripts section.
+	 * Only looks within the workspace for security.
+	 */
+	private async _getPackageJsonScripts(cwd: URI | undefined): Promise<IPackageJsonScripts | undefined> {
+		// Only look in cwd if it's within the workspace
+		if (!cwd || !this._isWithinWorkspace(cwd)) {
+			return undefined;
+		}
+
+		const packageJsonUri = URI.joinPath(cwd, 'package.json');
+		const scripts = await this._readPackageJsonScripts(packageJsonUri);
+		if (scripts) {
+			return { uri: packageJsonUri, scripts };
+		}
+
+		return undefined;
+	}
+
+	/**
+	 * Reads and parses the scripts section from a package.json file.
+	 */
+	private async _readPackageJsonScripts(packageJsonUri: URI): Promise<Set<string> | undefined> {
+		try {
+			const exists = await this._fileService.exists(packageJsonUri);
+			if (!exists) {
+				return undefined;
+			}
+
+			const content = await this._fileService.readFile(packageJsonUri);
+			const text = content.value.toString();
+
+			return this._parsePackageJsonScripts(text);
+		} catch {
+			return undefined;
+		}
+	}
+
+	/**
+	 * Parses the scripts section from package.json content using jsonc-parser.
+	 */
+	private _parsePackageJsonScripts(content: string): Set<string> | undefined {
+		const scripts = new Set<string>();
+		let inScripts = false;
+		let level = 0;
+
+		const visitor: JSONVisitor = {
+			onError() {
+				// Ignore parse errors
+			},
+			onObjectBegin() {
+				level++;
+			},
+			onObjectEnd() {
+				if (inScripts && level === 2) {
+					inScripts = false;
+				}
+				level--;
+			},
+			onObjectProperty(property: string) {
+				if (level === 1 && property === 'scripts') {
+					inScripts = true;
+				} else if (inScripts && level === 2) {
+					scripts.add(property);
+				}
+			},
+		};
+
+		visit(content, visitor);
+
+		return scripts.size > 0 ? scripts : undefined;
+	}
+}
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/commandLineAnalyzer.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/commandLineAnalyzer.ts
index b31cb17d04609..59a2a9dc3c851 100644
--- a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/commandLineAnalyzer.ts
+++ b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/commandLineAnalyzer.ts
@@ -7,9 +7,32 @@ import type { IMarkdownString } from '../../../../../../../base/common/htmlConte
 import type { IDisposable } from '../../../../../../../base/common/lifecycle.js';
 import type { OperatingSystem } from '../../../../../../../base/common/platform.js';
 import type { URI } from '../../../../../../../base/common/uri.js';
+import type { ConfigurationTarget } from '../../../../../../../platform/configuration/common/configuration.js';
 import type { ToolConfirmationAction } from '../../../../../chat/common/tools/languageModelToolsService.js';
+import type { INpmScriptAutoApproveResult } from './autoApprove/npmScriptAutoApprover.js';
 import type { TreeSitterCommandParserLanguage } from '../../treeSitterCommandParser.js';
 
+export interface IAutoApproveRule {
+	regex: RegExp;
+	regexCaseInsensitive: RegExp;
+	sourceText: string;
+	sourceTarget: ConfigurationTarget | 'session';
+	isDefaultRule: boolean;
+}
+
+export interface INpmScriptAutoApproveRule {
+	type: 'npmScript';
+	npmScriptResult: INpmScriptAutoApproveResult;
+}
+
+export function isAutoApproveRule(rule: IAutoApproveRule | INpmScriptAutoApproveRule | undefined): rule is IAutoApproveRule {
+	return !!rule && 'sourceText' in rule;
+}
+
+export function isNpmScriptAutoApproveRule(rule: IAutoApproveRule | INpmScriptAutoApproveRule | undefined): rule is INpmScriptAutoApproveRule {
+	return !!rule && 'type' in rule && rule.type === 'npmScript';
+}
+
 export interface ICommandLineAnalyzer extends IDisposable {
 	analyze(options: ICommandLineAnalyzerOptions): Promise<ICommandLineAnalyzerResult>;
 }
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/commandLineAutoApproveAnalyzer.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/commandLineAutoApproveAnalyzer.ts
index 9cc2737bc92bf..29df6031125dc 100644
--- a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/commandLineAutoApproveAnalyzer.ts
+++ b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/browser/tools/commandLineAnalyzer/commandLineAutoApproveAnalyzer.ts
@@ -16,12 +16,12 @@ import { TerminalToolConfirmationStorageKeys } from '../../../../../chat/browser
 import { ChatConfiguration } from '../../../../../chat/common/constants.js';
 import type { ToolConfirmationAction } from '../../../../../chat/common/tools/languageModelToolsService.js';
 import { TerminalChatAgentToolsSettingId } from '../../../common/terminalChatAgentToolsConfiguration.js';
-import { CommandLineAutoApprover, type IAutoApproveRule, type ICommandApprovalResult, type ICommandApprovalResultWithReason } from '../../commandLineAutoApprover.js';
 import { dedupeRules, generateAutoApproveActions, isPowerShell } from '../../runInTerminalHelpers.js';
 import type { RunInTerminalToolTelemetry } from '../../runInTerminalToolTelemetry.js';
 import { type TreeSitterCommandParser } from '../../treeSitterCommandParser.js';
-import type { ICommandLineAnalyzer, ICommandLineAnalyzerOptions, ICommandLineAnalyzerResult } from './commandLineAnalyzer.js';
+import { type ICommandLineAnalyzer, type ICommandLineAnalyzerOptions, type ICommandLineAnalyzerResult, type IAutoApproveRule, isAutoApproveRule, isNpmScriptAutoApproveRule } from './commandLineAnalyzer.js';
 import { TerminalChatCommandId } from '../../../../chat/browser/terminalChat.js';
+import { CommandLineAutoApprover, type ICommandApprovalResultWithReason } from './autoApprove/commandLineAutoApprover.js';
 
 const promptInjectionWarningCommandsLower = [
 	'curl',
@@ -87,7 +87,7 @@ export class CommandLineAutoApproveAnalyzer extends Disposable implements IComma
 			};
 		}
 
-		const subCommandResults = subCommands.map(e => this._commandLineAutoApprover.isCommandAutoApproved(e, options.shell, options.os, options.chatSessionId));
+		const subCommandResults = await Promise.all(subCommands.map(e => this._commandLineAutoApprover.isCommandAutoApproved(e, options.shell, options.os, options.cwd, options.chatSessionId)));
 		const commandLineResult = this._commandLineAutoApprover.isCommandLineAutoApproved(options.commandLine, options.chatSessionId);
 		const autoApproveReasons: string[] = [
 			...subCommandResults.map(e => e.reason),
@@ -102,26 +102,26 @@ export class CommandLineAutoApproveAnalyzer extends Disposable implements IComma
 		if (deniedSubCommandResult) {
 			this._log('Sub-command DENIED auto approval');
 			isDenied = true;
-			autoApproveDefault = deniedSubCommandResult.rule?.isDefaultRule;
+			autoApproveDefault = isAutoApproveRule(deniedSubCommandResult.rule) ? deniedSubCommandResult.rule.isDefaultRule : undefined;
 			autoApproveReason = 'subCommand';
 		} else if (commandLineResult.result === 'denied') {
 			this._log('Command line DENIED auto approval');
 			isDenied = true;
-			autoApproveDefault = commandLineResult.rule?.isDefaultRule;
+			autoApproveDefault = isAutoApproveRule(commandLineResult.rule) ? commandLineResult.rule.isDefaultRule : undefined;
 			autoApproveReason = 'commandLine';
 		} else {
 			if (subCommandResults.every(e => e.result === 'approved')) {
 				this._log('All sub-commands auto-approved');
-				autoApproveReason = 'subCommand';
 				isAutoApproved = true;
-				autoApproveDefault = subCommandResults.every(e => e.rule?.isDefaultRule);
+				autoApproveReason = 'subCommand';
+				autoApproveDefault = subCommandResults.every(e => isAutoApproveRule(e.rule) && e.rule.isDefaultRule);
 			} else {
 				this._log('All sub-commands NOT auto-approved');
 				if (commandLineResult.result === 'approved') {
 					this._log('Command line auto-approved');
 					autoApproveReason = 'commandLine';
 					isAutoApproved = true;
-					autoApproveDefault = commandLineResult.rule?.isDefaultRule;
+					autoApproveDefault = isAutoApproveRule(commandLineResult.rule) ? commandLineResult.rule.isDefaultRule : undefined;
 				} else {
 					this._log('Command line NOT auto-approved');
 				}
@@ -189,33 +189,36 @@ export class CommandLineAutoApproveAnalyzer extends Disposable implements IComma
 		subCommandResults: ICommandApprovalResultWithReason[],
 		commandLineResult: ICommandApprovalResultWithReason,
 	): IMarkdownString | undefined {
-		const formatRuleLinks = (result: SingleOrMany<{ result: ICommandApprovalResult; rule?: IAutoApproveRule; reason: string }>): string => {
-			return asArray(result).map(e => {
-				// Session rules cannot be actioned currently so no link
-				if (e.rule!.sourceTarget === 'session') {
-					return localize('autoApproveRule.sessionIndicator', '{0} (session)', `\`${e.rule!.sourceText}\``);
-				}
-				const settingsUri = createCommandUri(TerminalChatCommandId.OpenTerminalSettingsLink, e.rule!.sourceTarget);
-				const tooltip = localize('ruleTooltip', 'View rule in settings');
-				let label = e.rule!.sourceText;
-				switch (e.rule?.sourceTarget) {
-					case ConfigurationTarget.DEFAULT:
-						label = `${label} (default)`;
-						break;
-					case ConfigurationTarget.USER:
-					case ConfigurationTarget.USER_LOCAL:
-						label = `${label} (user)`;
-						break;
-					case ConfigurationTarget.USER_REMOTE:
-						label = `${label} (remote)`;
-						break;
-					case ConfigurationTarget.WORKSPACE:
-					case ConfigurationTarget.WORKSPACE_FOLDER:
-						label = `${label} (workspace)`;
-						break;
-				}
-				return `[\`${label}\`](${settingsUri.toString()} "${tooltip}")`;
-			}).join(', ');
+		const formatRuleLinks = (result: SingleOrMany<ICommandApprovalResultWithReason>): string => {
+			return asArray(result)
+				.filter((e): e is ICommandApprovalResultWithReason & { rule: IAutoApproveRule } =>
+					isAutoApproveRule(e.rule))
+				.map(e => {
+					// Session rules cannot be actioned currently so no link
+					if (e.rule.sourceTarget === 'session') {
+						return localize('autoApproveRule.sessionIndicator', '{0} (session)', `\`${e.rule.sourceText}\``);
+					}
+					const settingsUri = createCommandUri(TerminalChatCommandId.OpenTerminalSettingsLink, e.rule.sourceTarget);
+					const tooltip = localize('ruleTooltip', 'View rule in settings');
+					let label = e.rule.sourceText;
+					switch (e.rule?.sourceTarget) {
+						case ConfigurationTarget.DEFAULT:
+							label = `${label} (default)`;
+							break;
+						case ConfigurationTarget.USER:
+						case ConfigurationTarget.USER_LOCAL:
+							label = `${label} (user)`;
+							break;
+						case ConfigurationTarget.USER_REMOTE:
+							label = `${label} (remote)`;
+							break;
+						case ConfigurationTarget.WORKSPACE:
+						case ConfigurationTarget.WORKSPACE_FOLDER:
+							label = `${label} (workspace)`;
+							break;
+					}
+					return `[\`${label}\`](${settingsUri.toString()} "${tooltip}")`;
+				}).join(', ');
 		};
 
 		const mdTrustSettings = {
@@ -234,12 +237,17 @@ export class CommandLineAutoApproveAnalyzer extends Disposable implements IComma
 		if (isAutoApproved) {
 			switch (autoApproveReason) {
 				case 'commandLine': {
-					if (commandLineResult.rule) {
+					if (isAutoApproveRule(commandLineResult.rule)) {
 						return new MarkdownString(localize('autoApprove.rule', 'Auto approved by rule {0}', formatRuleLinks(commandLineResult)), mdTrustSettings);
 					}
 					break;
 				}
 				case 'subCommand': {
+					// Check if approval came from npm script
+					const npmScriptApproval = subCommandResults.find(e => isNpmScriptAutoApproveRule(e.rule));
+					if (npmScriptApproval && isNpmScriptAutoApproveRule(npmScriptApproval.rule) && npmScriptApproval.rule.npmScriptResult.autoApproveInfo) {
+						return npmScriptApproval.rule.npmScriptResult.autoApproveInfo;
+					}
 					const uniqueRules = dedupeRules(subCommandResults);
 					if (uniqueRules.length === 1) {
 						return new MarkdownString(localize('autoApprove.rule', 'Auto approved by rule {0}', formatRuleLinks(uniqueRules)), mdTrustSettings);
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts
index 68f4bc6390d79..fbff39fd80a42 100644
--- a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts
+++ b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/common/terminalChatAgentToolsConfiguration.ts
@@ -15,6 +15,7 @@ import { PolicyCategory } from '../../../../../base/common/policy.js';
 export const enum TerminalChatAgentToolsSettingId {
 	EnableAutoApprove = 'chat.tools.terminal.enableAutoApprove',
 	AutoApprove = 'chat.tools.terminal.autoApprove',
+	AutoApproveWorkspaceNpmScripts = 'chat.tools.terminal.autoApproveWorkspaceNpmScripts',
 	IgnoreDefaultAutoApproveRules = 'chat.tools.terminal.ignoreDefaultAutoApproveRules',
 	BlockDetectedFileWrites = 'chat.tools.terminal.blockDetectedFileWrites',
 	ShellIntegrationTimeout = 'chat.tools.terminal.shellIntegrationTimeout',
@@ -355,6 +356,15 @@ export const terminalChatAgentToolsConfiguration: IStringDictionary<IConfigurati
 		tags: ['experimental'],
 		markdownDescription: localize('ignoreDefaultAutoApproveRules.description', "Whether to ignore the built-in default auto-approve rules used by the run in terminal tool as defined in {0}. When this setting is enabled, the run in terminal tool will ignore any rule that comes from the default set but still follow rules defined in the user, remote and workspace settings. Use this setting at your own risk; the default auto-approve rules are designed to protect you against running dangerous commands.", `\`#${TerminalChatAgentToolsSettingId.AutoApprove}#\``),
 	},
+	[TerminalChatAgentToolsSettingId.AutoApproveWorkspaceNpmScripts]: {
+		restricted: true,
+		type: 'boolean',
+		// In order to use agent mode the workspace must be trusted, this plus the fact that
+		// modifying package.json is protected means this is safe to enable by default.
+		default: true,
+		tags: ['experimental'],
+		markdownDescription: localize('autoApproveWorkspaceNpmScripts.description', "Whether to automatically approve npm, yarn, and pnpm run commands when the script is defined in a workspace package.json file. Since the workspace is trusted, scripts defined in package.json are considered safe to run without explicit approval."),
+	},
 	[TerminalChatAgentToolsSettingId.BlockDetectedFileWrites]: {
 		type: 'string',
 		enum: ['never', 'outsideWorkspace', 'all'],
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/commandLineAutoApprover.test.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/commandLineAutoApprover.test.ts
index 3ef59e0787757..f9d03d797f6f3 100644
--- a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/commandLineAutoApprover.test.ts
+++ b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/commandLineAutoApprover.test.ts
@@ -9,9 +9,10 @@ import { TestConfigurationService } from '../../../../../../platform/configurati
 import type { IInstantiationService } from '../../../../../../platform/instantiation/common/instantiation.js';
 import { workbenchInstantiationService } from '../../../../../test/browser/workbenchTestServices.js';
 import { TerminalChatAgentToolsSettingId } from '../../common/terminalChatAgentToolsConfiguration.js';
-import { CommandLineAutoApprover } from '../../browser/commandLineAutoApprover.js';
 import { ConfigurationTarget } from '../../../../../../platform/configuration/common/configuration.js';
 import { ok, strictEqual } from 'assert';
+import { CommandLineAutoApprover } from '../../browser/tools/commandLineAnalyzer/autoApprove/commandLineAutoApprover.js';
+import { isAutoApproveRule } from '../../browser/tools/commandLineAnalyzer/commandLineAnalyzer.js';
 
 suite('CommandLineAutoApprover', () => {
 	const store = ensureNoDisposablesAreLeakedInTestSuite();
@@ -52,8 +53,8 @@ suite('CommandLineAutoApprover', () => {
 		});
 	}
 
-	function isAutoApproved(commandLine: string): boolean {
-		return commandLineAutoApprover.isCommandAutoApproved(commandLine, shell, os).result === 'approved';
+	async function isAutoApproved(commandLine: string): Promise<boolean> {
+		return (await commandLineAutoApprover.isCommandAutoApproved(commandLine, shell, os, undefined)).result === 'approved';
 	}
 
 	function isCommandLineAutoApproved(commandLine: string): boolean {
@@ -61,77 +62,77 @@ suite('CommandLineAutoApprover', () => {
 	}
 
 	suite('autoApprove with allow patterns only', () => {
-		test('should auto-approve exact command match', () => {
+		test('should auto-approve exact command match', async () => {
 			setAutoApprove({
 				'echo': true
 			});
-			ok(isAutoApproved('echo'));
+			ok(await isAutoApproved('echo'));
 		});
 
-		test('should auto-approve command with arguments', () => {
+		test('should auto-approve command with arguments', async () => {
 			setAutoApprove({
 				'echo': true
 			});
-			ok(isAutoApproved('echo hello world'));
+			ok(await isAutoApproved('echo hello world'));
 		});
 
-		test('should not auto-approve when there is no match', () => {
+		test('should not auto-approve when there is no match', async () => {
 			setAutoApprove({
 				'echo': true
 			});
-			ok(!isAutoApproved('ls'));
+			ok(!await isAutoApproved('ls'));
 		});
 
-		test('should not auto-approve partial command matches', () => {
+		test('should not auto-approve partial command matches', async () => {
 			setAutoApprove({
 				'echo': true
 			});
-			ok(!isAutoApproved('echotest'));
+			ok(!await isAutoApproved('echotest'));
 		});
 
-		test('should handle multiple commands in autoApprove', () => {
+		test('should handle multiple commands in autoApprove', async () => {
 			setAutoApprove({
 				'echo': true,
 				'ls': true,
 				'pwd': true
 			});
-			ok(isAutoApproved('echo'));
-			ok(isAutoApproved('ls -la'));
-			ok(isAutoApproved('pwd'));
-			ok(!isAutoApproved('rm'));
+			ok(await isAutoApproved('echo'));
+			ok(await isAutoApproved('ls -la'));
+			ok(await isAutoApproved('pwd'));
+			ok(!await isAutoApproved('rm'));
 		});
 	});
 
 	suite('autoApprove with deny patterns only', () => {
-		test('should deny commands in autoApprove', () => {
+		test('should deny commands in autoApprove', async () => {
 			setAutoApprove({
 				'rm': false,
 				'del': false
 			});
-			ok(!isAutoApproved('rm file.txt'));
-			ok(!isAutoApproved('del file.txt'));
+			ok(!await isAutoApproved('rm file.txt'));
+			ok(!await isAutoApproved('del file.txt'));
 		});
 
-		test('should not auto-approve safe commands when no allow patterns are present', () => {
+		test('should not auto-approve safe commands when no allow patterns are present', async () => {
 			setAutoApprove({
 				'rm': false
 			});
-			ok(!isAutoApproved('echo hello'));
-			ok(!isAutoApproved('ls'));
+			ok(!await isAutoApproved('echo hello'));
+			ok(!await isAutoApproved('ls'));
 		});
 	});
 
 	suite('autoApprove with mixed allow and deny patterns', () => {
-		test('should deny commands set to false even if other commands are set to true', () => {
+		test('should deny commands set to false even if other commands are set to true', async () => {
 			setAutoApprove({
 				'echo': true,
 				'rm': false
 			});
-			ok(isAutoApproved('echo hello'));
-			ok(!isAutoApproved('rm file.txt'));
+			ok(await isAutoApproved('echo hello'));
+			ok(!await isAutoApproved('rm file.txt'));
 		});
 
-		test('should auto-approve allow patterns not set to false', () => {
+		test('should auto-approve allow patterns not set to false', async () => {
 			setAutoApprove({
 				'echo': true,
 				'ls': true,
@@ -139,37 +140,37 @@ suite('CommandLineAutoApprover', () => {
 				'rm': false,
 				'del': false
 			});
-			ok(isAutoApproved('echo'));
-			ok(isAutoApproved('ls'));
-			ok(isAutoApproved('pwd'));
-			ok(!isAutoApproved('rm'));
-			ok(!isAutoApproved('del'));
+			ok(await isAutoApproved('echo'));
+			ok(await isAutoApproved('ls'));
+			ok(await isAutoApproved('pwd'));
+			ok(!await isAutoApproved('rm'));
+			ok(!await isAutoApproved('del'));
 		});
 	});
 
 	suite('regex patterns', () => {
-		test('should handle /.*/', () => {
+		test('should handle /.*/', async () => {
 			setAutoApprove({
 				'/.*/': true,
 			});
 
-			ok(isAutoApproved('echo hello'));
+			ok(await isAutoApproved('echo hello'));
 		});
 
-		test('should handle regex patterns in autoApprove', () => {
+		test('should handle regex patterns in autoApprove', async () => {
 			setAutoApprove({
 				'/^echo/': true,
 				'/^ls/': true,
 				'pwd': true
 			});
 
-			ok(isAutoApproved('echo hello'));
-			ok(isAutoApproved('ls -la'));
-			ok(isAutoApproved('pwd'));
-			ok(!isAutoApproved('rm file'));
+			ok(await isAutoApproved('echo hello'));
+			ok(await isAutoApproved('ls -la'));
+			ok(await isAutoApproved('pwd'));
+			ok(!await isAutoApproved('rm file'));
 		});
 
-		test('should handle regex patterns for deny', () => {
+		test('should handle regex patterns for deny', async () => {
 			setAutoApprove({
 				'echo': true,
 				'rm': true,
@@ -177,146 +178,146 @@ suite('CommandLineAutoApprover', () => {
 				'/^del\\s+/': false
 			});
 
-			ok(isAutoApproved('echo hello'));
-			ok(isAutoApproved('rm'));
-			ok(!isAutoApproved('rm file.txt'));
-			ok(!isAutoApproved('del file.txt'));
+			ok(await isAutoApproved('echo hello'));
+			ok(await isAutoApproved('rm'));
+			ok(!await isAutoApproved('rm file.txt'));
+			ok(!await isAutoApproved('del file.txt'));
 		});
 
-		test('should handle complex regex patterns', () => {
+		test('should handle complex regex patterns', async () => {
 			setAutoApprove({
 				'/^(echo|ls|pwd)\\b/': true,
 				'/^git (status|show\\b.*)$/': true,
 				'/rm|del|kill/': false
 			});
 
-			ok(isAutoApproved('echo test'));
-			ok(isAutoApproved('ls -la'));
-			ok(isAutoApproved('pwd'));
-			ok(isAutoApproved('git status'));
-			ok(isAutoApproved('git show'));
-			ok(isAutoApproved('git show HEAD'));
-			ok(!isAutoApproved('rm file'));
-			ok(!isAutoApproved('del file'));
-			ok(!isAutoApproved('kill process'));
+			ok(await isAutoApproved('echo test'));
+			ok(await isAutoApproved('ls -la'));
+			ok(await isAutoApproved('pwd'));
+			ok(await isAutoApproved('git status'));
+			ok(await isAutoApproved('git show'));
+			ok(await isAutoApproved('git show HEAD'));
+			ok(!await isAutoApproved('rm file'));
+			ok(!await isAutoApproved('del file'));
+			ok(!await isAutoApproved('kill process'));
 		});
 
 		suite('flags', () => {
-			test('should handle case-insensitive regex patterns with i flag', () => {
+			test('should handle case-insensitive regex patterns with i flag', async () => {
 				setAutoApprove({
 					'/^echo/i': true,
 					'/^ls/i': true,
 					'/rm|del/i': false
 				});
 
-				ok(isAutoApproved('echo hello'));
-				ok(isAutoApproved('ECHO hello'));
-				ok(isAutoApproved('Echo hello'));
-				ok(isAutoApproved('ls -la'));
-				ok(isAutoApproved('LS -la'));
-				ok(isAutoApproved('Ls -la'));
-				ok(!isAutoApproved('rm file'));
-				ok(!isAutoApproved('RM file'));
-				ok(!isAutoApproved('del file'));
-				ok(!isAutoApproved('DEL file'));
+				ok(await isAutoApproved('echo hello'));
+				ok(await isAutoApproved('ECHO hello'));
+				ok(await isAutoApproved('Echo hello'));
+				ok(await isAutoApproved('ls -la'));
+				ok(await isAutoApproved('LS -la'));
+				ok(await isAutoApproved('Ls -la'));
+				ok(!await isAutoApproved('rm file'));
+				ok(!await isAutoApproved('RM file'));
+				ok(!await isAutoApproved('del file'));
+				ok(!await isAutoApproved('DEL file'));
 			});
 
-			test('should handle multiple regex flags', () => {
+			test('should handle multiple regex flags', async () => {
 				setAutoApprove({
 					'/^git\\s+/gim': true,
 					'/dangerous/gim': false
 				});
 
-				ok(isAutoApproved('git status'));
-				ok(isAutoApproved('GIT status'));
-				ok(isAutoApproved('Git status'));
-				ok(!isAutoApproved('dangerous command'));
-				ok(!isAutoApproved('DANGEROUS command'));
+				ok(await isAutoApproved('git status'));
+				ok(await isAutoApproved('GIT status'));
+				ok(await isAutoApproved('Git status'));
+				ok(!await isAutoApproved('dangerous command'));
+				ok(!await isAutoApproved('DANGEROUS command'));
 			});
 
-			test('should handle various regex flags', () => {
+			test('should handle various regex flags', async () => {
 				setAutoApprove({
 					'/^echo.*/s': true,  // dotall flag
 					'/^git\\s+/i': true, // case-insensitive flag
 					'/rm|del/g': false   // global flag
 				});
 
-				ok(isAutoApproved('echo hello\nworld'));
-				ok(isAutoApproved('git status'));
-				ok(isAutoApproved('GIT status'));
-				ok(!isAutoApproved('rm file'));
-				ok(!isAutoApproved('del file'));
+				ok(await isAutoApproved('echo hello\nworld'));
+				ok(await isAutoApproved('git status'));
+				ok(await isAutoApproved('GIT status'));
+				ok(!await isAutoApproved('rm file'));
+				ok(!await isAutoApproved('del file'));
 			});
 
-			test('should handle regex patterns without flags', () => {
+			test('should handle regex patterns without flags', async () => {
 				setAutoApprove({
 					'/^echo/': true,
 					'/rm|del/': false
 				});
 
-				ok(isAutoApproved('echo hello'));
-				ok(!isAutoApproved('ECHO hello'), 'Should be case-sensitive without i flag');
-				ok(!isAutoApproved('rm file'));
-				ok(!isAutoApproved('RM file'), 'Should be case-sensitive without i flag');
+				ok(await isAutoApproved('echo hello'));
+				ok(!await isAutoApproved('ECHO hello'), 'Should be case-sensitive without i flag');
+				ok(!await isAutoApproved('rm file'));
+				ok(!await isAutoApproved('RM file'), 'Should be case-sensitive without i flag');
 			});
 		});
 	});
 
 	suite('edge cases', () => {
-		test('should handle empty autoApprove', () => {
+		test('should handle empty autoApprove', async () => {
 			setAutoApprove({});
 
-			ok(!isAutoApproved('echo hello'));
-			ok(!isAutoApproved('ls'));
-			ok(!isAutoApproved('rm file'));
+			ok(!await isAutoApproved('echo hello'));
+			ok(!await isAutoApproved('ls'));
+			ok(!await isAutoApproved('rm file'));
 		});
 
-		test('should handle empty command strings', () => {
+		test('should handle empty command strings', async () => {
 			setAutoApprove({
 				'echo': true
 			});
 
-			ok(!isAutoApproved(''));
-			ok(!isAutoApproved('   '));
+			ok(!await isAutoApproved(''));
+			ok(!await isAutoApproved('   '));
 		});
 
-		test('should handle whitespace in commands', () => {
+		test('should handle whitespace in commands', async () => {
 			setAutoApprove({
 				'echo': true
 			});
 
-			ok(isAutoApproved('echo   hello   world'));
+			ok(await isAutoApproved('echo   hello   world'));
 		});
 
-		test('should be case-sensitive by default', () => {
+		test('should be case-sensitive by default', async () => {
 			setAutoApprove({
 				'echo': true
 			});
 
-			ok(isAutoApproved('echo hello'));
-			ok(!isAutoApproved('ECHO hello'));
-			ok(!isAutoApproved('Echo hello'));
+			ok(await isAutoApproved('echo hello'));
+			ok(!await isAutoApproved('ECHO hello'));
+			ok(!await isAutoApproved('Echo hello'));
 		});
 
 		// https://github.com/microsoft/vscode/issues/252411
-		test('should handle string-based values with special regex characters', () => {
+		test('should handle string-based values with special regex characters', async () => {
 			setAutoApprove({
 				'pwsh.exe -File D:\\foo.bar\\a-script.ps1': true
 			});
 
-			ok(isAutoApproved('pwsh.exe -File D:\\foo.bar\\a-script.ps1'));
-			ok(isAutoApproved('pwsh.exe -File D:\\foo.bar\\a-script.ps1 -AnotherArg'));
+			ok(await isAutoApproved('pwsh.exe -File D:\\foo.bar\\a-script.ps1'));
+			ok(await isAutoApproved('pwsh.exe -File D:\\foo.bar\\a-script.ps1 -AnotherArg'));
 		});
 
-		test('should ignore the empty string key', () => {
+		test('should ignore the empty string key', async () => {
 			setAutoApprove({
 				'': true
 			});
 
-			ok(!isAutoApproved('echo hello'));
+			ok(!await isAutoApproved('echo hello'));
 		});
 
-		test('should handle empty regex patterns that could cause endless loops', () => {
+		test('should handle empty regex patterns that could cause endless loops', async () => {
 			setAutoApprove({
 				'//': true,
 				'/(?:)/': true,
@@ -326,12 +327,12 @@ suite('CommandLineAutoApprover', () => {
 
 			// These patterns should not cause endless loops and should not match any commands
 			// Invalid patterns should be handled gracefully and not match anything
-			ok(!isAutoApproved('echo hello'));
-			ok(!isAutoApproved('ls'));
-			ok(!isAutoApproved(''));
+			ok(!await isAutoApproved('echo hello'));
+			ok(!await isAutoApproved('ls'));
+			ok(!await isAutoApproved(''));
 		});
 
-		test('should handle regex patterns that would cause endless loops', () => {
+		test('should handle regex patterns that would cause endless loops', async () => {
 			setAutoApprove({
 				'/a*/': true,
 				'/b?/': true,
@@ -340,13 +341,13 @@ suite('CommandLineAutoApprover', () => {
 			});
 
 			// Commands should still work normally, endless loop patterns should be safely handled
-			ok(!isAutoApproved('echo hello'));
-			ok(!isAutoApproved('ls'));
-			ok(!isAutoApproved('a'));
-			ok(!isAutoApproved('b'));
+			ok(!await isAutoApproved('echo hello'));
+			ok(!await isAutoApproved('ls'));
+			ok(!await isAutoApproved('a'));
+			ok(!await isAutoApproved('b'));
 		});
 
-		test('should handle mixed valid and problematic regex patterns', () => {
+		test('should handle mixed valid and problematic regex patterns', async () => {
 			setAutoApprove({
 				'/^echo/': true,        // Valid pattern
 				'//': true,             // Empty pattern
@@ -355,13 +356,13 @@ suite('CommandLineAutoApprover', () => {
 				'pwd': true             // Valid string pattern
 			});
 
-			ok(isAutoApproved('echo hello'));
-			ok(isAutoApproved('ls -la'));
-			ok(isAutoApproved('pwd'));
-			ok(!isAutoApproved('rm file'));
+			ok(await isAutoApproved('echo hello'));
+			ok(await isAutoApproved('ls -la'));
+			ok(await isAutoApproved('pwd'));
+			ok(!await isAutoApproved('rm file'));
 		});
 
-		test('should handle invalid regex patterns gracefully', () => {
+		test('should handle invalid regex patterns gracefully', async () => {
 			setAutoApprove({
 				'/*/': true,                    // Invalid regex - nothing to repeat
 				'/(?:+/': true,                 // Invalid regex - incomplete quantifier
@@ -371,72 +372,72 @@ suite('CommandLineAutoApprover', () => {
 			});
 
 			// Valid patterns should still work
-			ok(isAutoApproved('echo hello'));
-			ok(isAutoApproved('ls -la'));
+			ok(await isAutoApproved('echo hello'));
+			ok(await isAutoApproved('ls -la'));
 			// Invalid patterns should not match anything and not cause crashes
-			ok(!isAutoApproved('random command'));
+			ok(!await isAutoApproved('random command'));
 		});
 	});
 
 	suite('path-aware auto approval', () => {
-		test('should handle path variations with forward slashes', () => {
+		test('should handle path variations with forward slashes', async () => {
 			setAutoApprove({
 				'bin/foo': true
 			});
 
 			// Should approve the exact match
-			ok(isAutoApproved('bin/foo'));
-			ok(isAutoApproved('bin/foo --arg'));
+			ok(await isAutoApproved('bin/foo'));
+			ok(await isAutoApproved('bin/foo --arg'));
 
 			// Should approve with Windows backslashes
-			ok(isAutoApproved('bin\\foo'));
-			ok(isAutoApproved('bin\\foo --arg'));
+			ok(await isAutoApproved('bin\\foo'));
+			ok(await isAutoApproved('bin\\foo --arg'));
 
 			// Should approve with current directory prefixes
-			ok(isAutoApproved('./bin/foo'));
-			ok(isAutoApproved('.\\bin/foo'));
-			ok(isAutoApproved('./bin\\foo'));
-			ok(isAutoApproved('.\\bin\\foo'));
+			ok(await isAutoApproved('./bin/foo'));
+			ok(await isAutoApproved('.\\bin/foo'));
+			ok(await isAutoApproved('./bin\\foo'));
+			ok(await isAutoApproved('.\\bin\\foo'));
 
 			// Should not approve partial matches
-			ok(!isAutoApproved('bin/foobar'));
-			ok(!isAutoApproved('notbin/foo'));
+			ok(!await isAutoApproved('bin/foobar'));
+			ok(!await isAutoApproved('notbin/foo'));
 		});
 
-		test('should handle path variations with backslashes', () => {
+		test('should handle path variations with backslashes', async () => {
 			setAutoApprove({
 				'bin\\script.bat': true
 			});
 
 			// Should approve the exact match
-			ok(isAutoApproved('bin\\script.bat'));
-			ok(isAutoApproved('bin\\script.bat --help'));
+			ok(await isAutoApproved('bin\\script.bat'));
+			ok(await isAutoApproved('bin\\script.bat --help'));
 
 			// Should approve with forward slashes
-			ok(isAutoApproved('bin/script.bat'));
-			ok(isAutoApproved('bin/script.bat --help'));
+			ok(await isAutoApproved('bin/script.bat'));
+			ok(await isAutoApproved('bin/script.bat --help'));
 
 			// Should approve with current directory prefixes
-			ok(isAutoApproved('./bin\\script.bat'));
-			ok(isAutoApproved('.\\bin\\script.bat'));
-			ok(isAutoApproved('./bin/script.bat'));
-			ok(isAutoApproved('.\\bin/script.bat'));
+			ok(await isAutoApproved('./bin\\script.bat'));
+			ok(await isAutoApproved('.\\bin\\script.bat'));
+			ok(await isAutoApproved('./bin/script.bat'));
+			ok(await isAutoApproved('.\\bin/script.bat'));
 		});
 
-		test('should handle deep paths', () => {
+		test('should handle deep paths', async () => {
 			setAutoApprove({
 				'src/utils/helper.js': true
 			});
 
-			ok(isAutoApproved('src/utils/helper.js'));
-			ok(isAutoApproved('src\\utils\\helper.js'));
-			ok(isAutoApproved('src/utils\\helper.js'));
-			ok(isAutoApproved('src\\utils/helper.js'));
-			ok(isAutoApproved('./src/utils/helper.js'));
-			ok(isAutoApproved('.\\src\\utils\\helper.js'));
+			ok(await isAutoApproved('src/utils/helper.js'));
+			ok(await isAutoApproved('src\\utils\\helper.js'));
+			ok(await isAutoApproved('src/utils\\helper.js'));
+			ok(await isAutoApproved('src\\utils/helper.js'));
+			ok(await isAutoApproved('./src/utils/helper.js'));
+			ok(await isAutoApproved('.\\src\\utils\\helper.js'));
 		});
 
-		test('should not treat non-paths as paths', () => {
+		test('should not treat non-paths as paths', async () => {
 			setAutoApprove({
 				'echo': true,  // Not a path
 				'ls': true,    // Not a path
@@ -444,29 +445,29 @@ suite('CommandLineAutoApprover', () => {
 			});
 
 			// These should work as normal command matching, not path matching
-			ok(isAutoApproved('echo'));
-			ok(isAutoApproved('ls'));
-			ok(isAutoApproved('git'));
+			ok(await isAutoApproved('echo'));
+			ok(await isAutoApproved('ls'));
+			ok(await isAutoApproved('git'));
 
 			// Should not be treated as paths, so these prefixes shouldn't work
-			ok(!isAutoApproved('./echo'));
-			ok(!isAutoApproved('.\\ls'));
+			ok(!await isAutoApproved('./echo'));
+			ok(!await isAutoApproved('.\\ls'));
 		});
 
-		test('should handle paths with mixed separators in config', () => {
+		test('should handle paths with mixed separators in config', async () => {
 			setAutoApprove({
 				'bin/foo\\bar': true  // Mixed separators in config
 			});
 
-			ok(isAutoApproved('bin/foo\\bar'));
-			ok(isAutoApproved('bin\\foo/bar'));
-			ok(isAutoApproved('bin/foo/bar'));
-			ok(isAutoApproved('bin\\foo\\bar'));
-			ok(isAutoApproved('./bin/foo\\bar'));
-			ok(isAutoApproved('.\\bin\\foo\\bar'));
+			ok(await isAutoApproved('bin/foo\\bar'));
+			ok(await isAutoApproved('bin\\foo/bar'));
+			ok(await isAutoApproved('bin/foo/bar'));
+			ok(await isAutoApproved('bin\\foo\\bar'));
+			ok(await isAutoApproved('./bin/foo\\bar'));
+			ok(await isAutoApproved('.\\bin\\foo\\bar'));
 		});
 
-		test('should work with command line auto approval for paths', () => {
+		test('should work with command line auto approval for paths', async () => {
 			setAutoApproveWithCommandLine({
 				'bin/deploy': { approve: true, matchCommandLine: true }
 			});
@@ -477,22 +478,22 @@ suite('CommandLineAutoApprover', () => {
 			ok(isCommandLineAutoApproved('.\\bin\\deploy --prod'));
 		});
 
-		test('should handle special characters in paths', () => {
+		test('should handle special characters in paths', async () => {
 			setAutoApprove({
 				'bin/my-script.sh': true,
 				'scripts/build_all.py': true,
 				'tools/run (debug).exe': true
 			});
 
-			ok(isAutoApproved('bin/my-script.sh'));
-			ok(isAutoApproved('bin\\my-script.sh'));
-			ok(isAutoApproved('./bin/my-script.sh'));
+			ok(await isAutoApproved('bin/my-script.sh'));
+			ok(await isAutoApproved('bin\\my-script.sh'));
+			ok(await isAutoApproved('./bin/my-script.sh'));
 
-			ok(isAutoApproved('scripts/build_all.py'));
-			ok(isAutoApproved('scripts\\build_all.py'));
+			ok(await isAutoApproved('scripts/build_all.py'));
+			ok(await isAutoApproved('scripts\\build_all.py'));
 
-			ok(isAutoApproved('tools/run (debug).exe'));
-			ok(isAutoApproved('tools\\run (debug).exe'));
+			ok(await isAutoApproved('tools/run (debug).exe'));
+			ok(await isAutoApproved('tools\\run (debug).exe'));
 		});
 	});
 
@@ -501,7 +502,7 @@ suite('CommandLineAutoApprover', () => {
 			shell = 'pwsh';
 		});
 
-		test('should handle Windows PowerShell commands', () => {
+		test('should handle Windows PowerShell commands', async () => {
 			setAutoApprove({
 				'Get-ChildItem': true,
 				'Get-Content': true,
@@ -510,48 +511,48 @@ suite('CommandLineAutoApprover', () => {
 				'del': false
 			});
 
-			ok(isAutoApproved('Get-ChildItem'));
-			ok(isAutoApproved('Get-Content file.txt'));
-			ok(isAutoApproved('Get-Location'));
-			ok(!isAutoApproved('Remove-Item file.txt'));
+			ok(await isAutoApproved('Get-ChildItem'));
+			ok(await isAutoApproved('Get-Content file.txt'));
+			ok(await isAutoApproved('Get-Location'));
+			ok(!await isAutoApproved('Remove-Item file.txt'));
 		});
 
-		test('should handle ( prefixes', () => {
+		test('should handle ( prefixes', async () => {
 			setAutoApprove({
 				'Get-Content': true
 			});
 
-			ok(isAutoApproved('Get-Content file.txt'));
-			ok(isAutoApproved('(Get-Content file.txt'));
-			ok(!isAutoApproved('[Get-Content'));
-			ok(!isAutoApproved('foo'));
+			ok(await isAutoApproved('Get-Content file.txt'));
+			ok(await isAutoApproved('(Get-Content file.txt'));
+			ok(!await isAutoApproved('[Get-Content'));
+			ok(!await isAutoApproved('foo'));
 		});
 
-		test('should be case-insensitive for PowerShell commands', () => {
+		test('should be case-insensitive for PowerShell commands', async () => {
 			setAutoApprove({
 				'Get-ChildItem': true,
 				'Get-Content': true,
 				'Remove-Item': false
 			});
 
-			ok(isAutoApproved('Get-ChildItem'));
-			ok(isAutoApproved('get-childitem'));
-			ok(isAutoApproved('GET-CHILDITEM'));
-			ok(isAutoApproved('Get-childitem'));
-			ok(isAutoApproved('get-ChildItem'));
+			ok(await isAutoApproved('Get-ChildItem'));
+			ok(await isAutoApproved('get-childitem'));
+			ok(await isAutoApproved('GET-CHILDITEM'));
+			ok(await isAutoApproved('Get-childitem'));
+			ok(await isAutoApproved('get-ChildItem'));
 
-			ok(isAutoApproved('Get-Content file.txt'));
-			ok(isAutoApproved('get-content file.txt'));
-			ok(isAutoApproved('GET-CONTENT file.txt'));
-			ok(isAutoApproved('Get-content file.txt'));
+			ok(await isAutoApproved('Get-Content file.txt'));
+			ok(await isAutoApproved('get-content file.txt'));
+			ok(await isAutoApproved('GET-CONTENT file.txt'));
+			ok(await isAutoApproved('Get-content file.txt'));
 
-			ok(!isAutoApproved('Remove-Item file.txt'));
-			ok(!isAutoApproved('remove-item file.txt'));
-			ok(!isAutoApproved('REMOVE-ITEM file.txt'));
-			ok(!isAutoApproved('Remove-item file.txt'));
+			ok(!await isAutoApproved('Remove-Item file.txt'));
+			ok(!await isAutoApproved('remove-item file.txt'));
+			ok(!await isAutoApproved('REMOVE-ITEM file.txt'));
+			ok(!await isAutoApproved('Remove-item file.txt'));
 		});
 
-		test('should be case-insensitive for PowerShell aliases', () => {
+		test('should be case-insensitive for PowerShell aliases', async () => {
 			setAutoApprove({
 				'ls': true,
 				'dir': true,
@@ -560,41 +561,41 @@ suite('CommandLineAutoApprover', () => {
 			});
 
 			// Test case-insensitive matching for aliases
-			ok(isAutoApproved('ls'));
-			ok(isAutoApproved('LS'));
-			ok(isAutoApproved('Ls'));
+			ok(await isAutoApproved('ls'));
+			ok(await isAutoApproved('LS'));
+			ok(await isAutoApproved('Ls'));
 
-			ok(isAutoApproved('dir'));
-			ok(isAutoApproved('DIR'));
-			ok(isAutoApproved('Dir'));
+			ok(await isAutoApproved('dir'));
+			ok(await isAutoApproved('DIR'));
+			ok(await isAutoApproved('Dir'));
 
-			ok(!isAutoApproved('rm file.txt'));
-			ok(!isAutoApproved('RM file.txt'));
-			ok(!isAutoApproved('Rm file.txt'));
+			ok(!await isAutoApproved('rm file.txt'));
+			ok(!await isAutoApproved('RM file.txt'));
+			ok(!await isAutoApproved('Rm file.txt'));
 
-			ok(!isAutoApproved('del file.txt'));
-			ok(!isAutoApproved('DEL file.txt'));
-			ok(!isAutoApproved('Del file.txt'));
+			ok(!await isAutoApproved('del file.txt'));
+			ok(!await isAutoApproved('DEL file.txt'));
+			ok(!await isAutoApproved('Del file.txt'));
 		});
 
-		test('should be case-insensitive with regex patterns', () => {
+		test('should be case-insensitive with regex patterns', async () => {
 			setAutoApprove({
 				'/^Get-/': true,
 				'/Remove-Item|rm/': false
 			});
 
-			ok(isAutoApproved('Get-ChildItem'));
-			ok(isAutoApproved('get-childitem'));
-			ok(isAutoApproved('GET-PROCESS'));
-			ok(isAutoApproved('Get-Location'));
+			ok(await isAutoApproved('Get-ChildItem'));
+			ok(await isAutoApproved('get-childitem'));
+			ok(await isAutoApproved('GET-PROCESS'));
+			ok(await isAutoApproved('Get-Location'));
 
-			ok(!isAutoApproved('Remove-Item file.txt'));
-			ok(!isAutoApproved('remove-item file.txt'));
-			ok(!isAutoApproved('rm file.txt'));
-			ok(!isAutoApproved('RM file.txt'));
+			ok(!await isAutoApproved('Remove-Item file.txt'));
+			ok(!await isAutoApproved('remove-item file.txt'));
+			ok(!await isAutoApproved('rm file.txt'));
+			ok(!await isAutoApproved('RM file.txt'));
 		});
 
-		test('should handle case-insensitive PowerShell commands on different OS', () => {
+		test('should handle case-insensitive PowerShell commands on different OS', async () => {
 			setAutoApprove({
 				'Get-Process': true,
 				'Stop-Process': false
@@ -602,17 +603,17 @@ suite('CommandLineAutoApprover', () => {
 
 			for (const currnetOS of [OperatingSystem.Windows, OperatingSystem.Linux, OperatingSystem.Macintosh]) {
 				os = currnetOS;
-				ok(isAutoApproved('Get-Process'), `os=${os}`);
-				ok(isAutoApproved('get-process'), `os=${os}`);
-				ok(isAutoApproved('GET-PROCESS'), `os=${os}`);
-				ok(!isAutoApproved('Stop-Process'), `os=${os}`);
-				ok(!isAutoApproved('stop-process'), `os=${os}`);
+				ok(await isAutoApproved('Get-Process'), `os=${os}`);
+				ok(await isAutoApproved('get-process'), `os=${os}`);
+				ok(await isAutoApproved('GET-PROCESS'), `os=${os}`);
+				ok(!await isAutoApproved('Stop-Process'), `os=${os}`);
+				ok(!await isAutoApproved('stop-process'), `os=${os}`);
 			}
 		});
 	});
 
 	suite('isCommandLineAutoApproved - matchCommandLine functionality', () => {
-		test('should auto-approve command line patterns with matchCommandLine: true', () => {
+		test('should auto-approve command line patterns with matchCommandLine: true', async () => {
 			setAutoApproveWithCommandLine({
 				'echo': { approve: true, matchCommandLine: true }
 			});
@@ -621,7 +622,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(isCommandLineAutoApproved('echo test && ls'));
 		});
 
-		test('should not auto-approve regular patterns with isCommandLineAutoApproved', () => {
+		test('should not auto-approve regular patterns with isCommandLineAutoApproved', async () => {
 			setAutoApprove({
 				'echo': true
 			});
@@ -630,7 +631,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved('echo hello'));
 		});
 
-		test('should handle regex patterns with matchCommandLine: true', () => {
+		test('should handle regex patterns with matchCommandLine: true', async () => {
 			setAutoApproveWithCommandLine({
 				'/echo.*world/': { approve: true, matchCommandLine: true }
 			});
@@ -639,7 +640,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved('echo hello'));
 		});
 
-		test('should handle case-insensitive regex with matchCommandLine: true', () => {
+		test('should handle case-insensitive regex with matchCommandLine: true', async () => {
 			setAutoApproveWithCommandLine({
 				'/echo/i': { approve: true, matchCommandLine: true }
 			});
@@ -649,7 +650,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(isCommandLineAutoApproved('Echo hello'));
 		});
 
-		test('should handle complex command line patterns', () => {
+		test('should handle complex command line patterns', async () => {
 			setAutoApproveWithCommandLine({
 				'/^npm run build/': { approve: true, matchCommandLine: true },
 				'/\.ps1/i': { approve: true, matchCommandLine: true }
@@ -661,7 +662,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved('npm install'));
 		});
 
-		test('should return false for empty command line', () => {
+		test('should return false for empty command line', async () => {
 			setAutoApproveWithCommandLine({
 				'echo': { approve: true, matchCommandLine: true }
 			});
@@ -670,7 +671,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved('   '));
 		});
 
-		test('should handle mixed configuration with matchCommandLine entries', () => {
+		test('should handle mixed configuration with matchCommandLine entries', async () => {
 			setAutoApproveWithCommandLine({
 				'echo': true,  // Regular pattern
 				'ls': { approve: true, matchCommandLine: true },  // Command line pattern
@@ -683,7 +684,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved('rm file.txt'));
 		});
 
-		test('should handle deny patterns with matchCommandLine: true', () => {
+		test('should handle deny patterns with matchCommandLine: true', async () => {
 			setAutoApproveWithCommandLine({
 				'echo': { approve: true, matchCommandLine: true },
 				'/dangerous/': { approve: false, matchCommandLine: true }
@@ -694,7 +695,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved('dangerous operation'));
 		});
 
-		test('should prioritize deny list over allow list for command line patterns', () => {
+		test('should prioritize deny list over allow list for command line patterns', async () => {
 			setAutoApproveWithCommandLine({
 				'/echo/': { approve: true, matchCommandLine: true },
 				'/echo.*dangerous/': { approve: false, matchCommandLine: true }
@@ -704,7 +705,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved('echo dangerous command'));
 		});
 
-		test('should handle complex deny patterns with matchCommandLine', () => {
+		test('should handle complex deny patterns with matchCommandLine', async () => {
 			setAutoApproveWithCommandLine({
 				'npm': { approve: true, matchCommandLine: true },
 				'/npm.*--force/': { approve: false, matchCommandLine: true },
@@ -717,7 +718,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved('powershell -File script.ps1 -ExecutionPolicy Bypass'));
 		});
 
-		test('should handle empty regex patterns with matchCommandLine that could cause endless loops', () => {
+		test('should handle empty regex patterns with matchCommandLine that could cause endless loops', async () => {
 			setAutoApproveWithCommandLine({
 				'//': { approve: true, matchCommandLine: true },
 				'/(?:)/': { approve: true, matchCommandLine: true },
@@ -732,7 +733,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved(''));
 		});
 
-		test('should handle regex patterns with matchCommandLine that would cause endless loops', () => {
+		test('should handle regex patterns with matchCommandLine that would cause endless loops', async () => {
 			setAutoApproveWithCommandLine({
 				'/a*/': { approve: true, matchCommandLine: true },
 				'/b?/': { approve: true, matchCommandLine: true },
@@ -747,7 +748,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved('b'));
 		});
 
-		test('should handle mixed valid and problematic regex patterns with matchCommandLine', () => {
+		test('should handle mixed valid and problematic regex patterns with matchCommandLine', async () => {
 			setAutoApproveWithCommandLine({
 				'/^echo/': { approve: true, matchCommandLine: true },        // Valid pattern
 				'//': { approve: true, matchCommandLine: true },             // Empty pattern
@@ -762,7 +763,7 @@ suite('CommandLineAutoApprover', () => {
 			ok(!isCommandLineAutoApproved('rm file'));
 		});
 
-		test('should handle invalid regex patterns with matchCommandLine gracefully', () => {
+		test('should handle invalid regex patterns with matchCommandLine gracefully', async () => {
 			setAutoApproveWithCommandLine({
 				'/*/': { approve: true, matchCommandLine: true },                    // Invalid regex - nothing to repeat
 				'/(?:+/': { approve: true, matchCommandLine: true },                 // Invalid regex - incomplete quantifier
@@ -780,8 +781,8 @@ suite('CommandLineAutoApprover', () => {
 	});
 
 	suite('reasons', () => {
-		function getCommandReason(command: string): string {
-			return commandLineAutoApprover.isCommandAutoApproved(command, shell, os).reason;
+		async function getCommandReason(command: string): Promise<string> {
+			return (await commandLineAutoApprover.isCommandAutoApproved(command, shell, os, undefined)).reason;
 		}
 
 		function getCommandLineReason(commandLine: string): string {
@@ -789,30 +790,30 @@ suite('CommandLineAutoApprover', () => {
 		}
 
 		suite('command', () => {
-			test('approved', () => {
+			test('approved', async () => {
 				setAutoApprove({ echo: true });
-				strictEqual(getCommandReason('echo hello'), `Command 'echo hello' is approved by allow list rule: echo`);
+				strictEqual(await getCommandReason('echo hello'), `Command 'echo hello' is approved by allow list rule: echo`);
 			});
-			test('not approved', () => {
+			test('not approved', async () => {
 				setAutoApprove({ echo: false });
-				strictEqual(getCommandReason('echo hello'), `Command 'echo hello' is denied by deny list rule: echo`);
+				strictEqual(await getCommandReason('echo hello'), `Command 'echo hello' is denied by deny list rule: echo`);
 			});
-			test('no match', () => {
+			test('no match', async () => {
 				setAutoApprove({});
-				strictEqual(getCommandReason('echo hello'), `Command 'echo hello' has no matching auto approve entries`);
+				strictEqual(await getCommandReason('echo hello'), `Command 'echo hello' has no matching auto approve entries`);
 			});
 		});
 
 		suite('command line', () => {
-			test('approved', () => {
+			test('approved', async () => {
 				setAutoApproveWithCommandLine({ echo: { approve: true, matchCommandLine: true } });
 				strictEqual(getCommandLineReason('echo hello'), `Command line 'echo hello' is approved by allow list rule: echo`);
 			});
-			test('not approved', () => {
+			test('not approved', async () => {
 				setAutoApproveWithCommandLine({ echo: { approve: false, matchCommandLine: true } });
 				strictEqual(getCommandLineReason('echo hello'), `Command line 'echo hello' is denied by deny list rule: echo`);
 			});
-			test('no match', () => {
+			test('no match', async () => {
 				setAutoApproveWithCommandLine({});
 				strictEqual(getCommandLineReason('echo hello'), `Command line 'echo hello' has no matching auto approve entries`);
 			});
@@ -820,12 +821,14 @@ suite('CommandLineAutoApprover', () => {
 	});
 
 	suite('isDefaultRule logic', () => {
-		function getIsDefaultRule(command: string): boolean | undefined {
-			return commandLineAutoApprover.isCommandAutoApproved(command, shell, os).rule?.isDefaultRule;
+		async function getIsDefaultRule(command: string): Promise<boolean | undefined> {
+			const rule = (await commandLineAutoApprover.isCommandAutoApproved(command, shell, os, undefined)).rule;
+			return isAutoApproveRule(rule) ? rule.isDefaultRule : undefined;
 		}
 
 		function getCommandLineIsDefaultRule(commandLine: string): boolean | undefined {
-			return commandLineAutoApprover.isCommandLineAutoApproved(commandLine).rule?.isDefaultRule;
+			const rule = commandLineAutoApprover.isCommandLineAutoApproved(commandLine).rule;
+			return isAutoApproveRule(rule) ? rule.isDefaultRule : undefined;
 		}
 
 		function setAutoApproveWithDefaults(userConfig: { [key: string]: boolean }, defaultConfig: { [key: string]: boolean }) {
@@ -911,67 +914,67 @@ suite('CommandLineAutoApprover', () => {
 			});
 		}
 
-		test('should correctly identify default rules vs user-defined rules', () => {
+		test('should correctly identify default rules vs user-defined rules', async () => {
 			setAutoApproveWithDefaults(
 				{ 'echo': true, 'ls': true, 'pwd': false },
 				{ 'echo': true, 'cat': true }
 			);
 
-			strictEqual(getIsDefaultRule('echo hello'), true, 'echo is in both default and user config with same value - should be marked as default');
-			strictEqual(getIsDefaultRule('ls -la'), false, 'ls is only in user config - should be marked as user-defined');
-			strictEqual(getIsDefaultRule('pwd'), false, 'pwd is only in user config - should be marked as user-defined');
-			strictEqual(getIsDefaultRule('cat file.txt'), true, 'cat is in both default and user config with same value - should be marked as default');
+			strictEqual(await getIsDefaultRule('echo hello'), true, 'echo is in both default and user config with same value - should be marked as default');
+			strictEqual(await getIsDefaultRule('ls -la'), false, 'ls is only in user config - should be marked as user-defined');
+			strictEqual(await getIsDefaultRule('pwd'), false, 'pwd is only in user config - should be marked as user-defined');
+			strictEqual(await getIsDefaultRule('cat file.txt'), true, 'cat is in both default and user config with same value - should be marked as default');
 		});
 
-		test('should mark as default when command is only in default config but not in user config', () => {
+		test('should mark as default when command is only in default config but not in user config', async () => {
 			setAutoApproveWithDefaults(
 				{ 'echo': true, 'ls': true },  // User config (cat is NOT here)
 				{ 'echo': true, 'cat': true }  // Default config (cat IS here)
 			);
 
 			// Test that merged config includes all commands
-			strictEqual(commandLineAutoApprover.isCommandAutoApproved('echo', shell, os).result, 'approved', 'echo should be approved');
-			strictEqual(commandLineAutoApprover.isCommandAutoApproved('ls', shell, os).result, 'approved', 'ls should be approved');
+			strictEqual((await commandLineAutoApprover.isCommandAutoApproved('echo', shell, os, undefined)).result, 'approved', 'echo should be approved');
+			strictEqual((await commandLineAutoApprover.isCommandAutoApproved('ls', shell, os, undefined)).result, 'approved', 'ls should be approved');
 
 			// cat should be approved because it's in the merged config
-			const catResult = commandLineAutoApprover.isCommandAutoApproved('cat', shell, os);
+			const catResult = await commandLineAutoApprover.isCommandAutoApproved('cat', shell, os, undefined);
 			strictEqual(catResult.result, 'approved', 'cat should be approved from default config');
 
 			// cat should be marked as default rule since it comes from default config only
-			strictEqual(catResult.rule?.isDefaultRule, true, 'cat is only in default config, not in user config - should be marked as default');
+			strictEqual(isAutoApproveRule(catResult.rule) ? catResult.rule.isDefaultRule : undefined, true, 'cat is only in default config, not in user config - should be marked as default');
 		});
 
-		test('should handle default rules with different values', () => {
+		test('should handle default rules with different values', async () => {
 			setAutoApproveWithDefaults(
 				{ 'echo': true, 'rm': true },
 				{ 'echo': false, 'rm': true }
 			);
 
-			strictEqual(getIsDefaultRule('echo hello'), false, 'echo has different values in default vs user - should be marked as user-defined');
-			strictEqual(getIsDefaultRule('rm file.txt'), true, 'rm has same value in both - should be marked as default');
+			strictEqual(await getIsDefaultRule('echo hello'), false, 'echo has different values in default vs user - should be marked as user-defined');
+			strictEqual(await getIsDefaultRule('rm file.txt'), true, 'rm has same value in both - should be marked as default');
 		});
 
-		test('should handle regex patterns as default rules', () => {
+		test('should handle regex patterns as default rules', async () => {
 			setAutoApproveWithDefaults(
 				{ '/^git/': true, '/^npm/': false },
 				{ '/^git/': true, '/^docker/': true }
 			);
 
-			strictEqual(getIsDefaultRule('git status'), true, 'git pattern matches default - should be marked as default');
-			strictEqual(getIsDefaultRule('npm install'), false, 'npm pattern is user-only - should be marked as user-defined');
+			strictEqual(await getIsDefaultRule('git status'), true, 'git pattern matches default - should be marked as default');
+			strictEqual(await getIsDefaultRule('npm install'), false, 'npm pattern is user-only - should be marked as user-defined');
 		});
 
-		test('should handle mixed string and regex patterns', () => {
+		test('should handle mixed string and regex patterns', async () => {
 			setAutoApproveWithDefaults(
 				{ 'echo': true, '/^ls/': false },
 				{ 'echo': true, 'cat': true }
 			);
 
-			strictEqual(getIsDefaultRule('echo hello'), true, 'String pattern matching default');
-			strictEqual(getIsDefaultRule('ls -la'), false, 'Regex pattern user-defined');
+			strictEqual(await getIsDefaultRule('echo hello'), true, 'String pattern matching default');
+			strictEqual(await getIsDefaultRule('ls -la'), false, 'Regex pattern user-defined');
 		});
 
-		test('should handle command line rules with isDefaultRule', () => {
+		test('should handle command line rules with isDefaultRule', async () => {
 			setAutoApproveWithDefaultsCommandLine(
 				{
 					'echo': { approve: true, matchCommandLine: true },
@@ -987,7 +990,7 @@ suite('CommandLineAutoApprover', () => {
 			strictEqual(getCommandLineIsDefaultRule('ls -la'), false, 'ls is user-defined only - should be marked as user-defined');
 		});
 
-		test('should handle command line rules with different matchCommandLine values', () => {
+		test('should handle command line rules with different matchCommandLine values', async () => {
 			setAutoApproveWithDefaultsCommandLine(
 				{
 					'echo': { approve: true, matchCommandLine: true },
@@ -1003,7 +1006,7 @@ suite('CommandLineAutoApprover', () => {
 			strictEqual(getCommandLineIsDefaultRule('ls -la'), undefined, 'ls matches exactly - should be default (but won\'t match command line check since matchCommandLine is false)');
 		});
 
-		test('should handle boolean vs object format consistency', () => {
+		test('should handle boolean vs object format consistency', async () => {
 			setAutoApproveWithDefaultsCommandLine(
 				{
 					'echo': true,
@@ -1015,41 +1018,41 @@ suite('CommandLineAutoApprover', () => {
 				}
 			);
 
-			strictEqual(getIsDefaultRule('echo hello'), true, 'Boolean format matching - should be default');
+			strictEqual(await getIsDefaultRule('echo hello'), true, 'Boolean format matching - should be default');
 			strictEqual(getCommandLineIsDefaultRule('ls -la'), true, 'Object format matching using structural equality - should be default');
 		});
 
-		test('should return undefined for noMatch cases', () => {
+		test('should return undefined for noMatch cases', async () => {
 			setAutoApproveWithDefaults(
 				{ 'echo': true },
 				{ 'cat': true }
 			);
 
-			strictEqual(getIsDefaultRule('unknown-command'), undefined, 'Command that matches neither user nor default config');
+			strictEqual(await getIsDefaultRule('unknown-command'), undefined, 'Command that matches neither user nor default config');
 			strictEqual(getCommandLineIsDefaultRule('unknown-command'), undefined, 'Command that matches neither user nor default config');
 		});
 
-		test('should handle empty configurations', () => {
+		test('should handle empty configurations', async () => {
 			setAutoApproveWithDefaults(
 				{},
 				{}
 			);
 
-			strictEqual(getIsDefaultRule('echo hello'), undefined);
+			strictEqual(await getIsDefaultRule('echo hello'), undefined);
 			strictEqual(getCommandLineIsDefaultRule('echo hello'), undefined);
 		});
 
-		test('should handle only default config with no user overrides', () => {
+		test('should handle only default config with no user overrides', async () => {
 			setAutoApproveWithDefaults(
 				{},
 				{ 'echo': true, 'ls': false }
 			);
 
-			strictEqual(getIsDefaultRule('echo hello'), true, 'Commands in default config should be marked as default rules even with empty user config');
-			strictEqual(getIsDefaultRule('ls -la'), true, 'Commands in default config should be marked as default rules even with empty user config');
+			strictEqual(await getIsDefaultRule('echo hello'), true, 'Commands in default config should be marked as default rules even with empty user config');
+			strictEqual(await getIsDefaultRule('ls -la'), true, 'Commands in default config should be marked as default rules even with empty user config');
 		});
 
-		test('should handle complex nested object rules', () => {
+		test('should handle complex nested object rules', async () => {
 			setAutoApproveWithDefaultsCommandLine(
 				{
 					'npm': { approve: true, matchCommandLine: true },
@@ -1065,7 +1068,7 @@ suite('CommandLineAutoApprover', () => {
 			strictEqual(getCommandLineIsDefaultRule('git status'), undefined, 'git is user-defined - should be user-defined (but won\'t match command line since matchCommandLine is false)');
 		});
 
-		test('should handle PowerShell case-insensitive matching with defaults', () => {
+		test('should handle PowerShell case-insensitive matching with defaults', async () => {
 			shell = 'pwsh';
 			os = OperatingSystem.Windows;
 
@@ -1074,12 +1077,12 @@ suite('CommandLineAutoApprover', () => {
 				{ 'Get-Process': true }
 			);
 
-			strictEqual(getIsDefaultRule('Get-Process'), true, 'Case-insensitive PowerShell command matching default');
-			strictEqual(getIsDefaultRule('get-process'), true, 'Case-insensitive PowerShell command matching default');
-			strictEqual(getIsDefaultRule('GET-PROCESS'), true, 'Case-insensitive PowerShell command matching default');
+			strictEqual(await getIsDefaultRule('Get-Process'), true, 'Case-insensitive PowerShell command matching default');
+			strictEqual(await getIsDefaultRule('get-process'), true, 'Case-insensitive PowerShell command matching default');
+			strictEqual(await getIsDefaultRule('GET-PROCESS'), true, 'Case-insensitive PowerShell command matching default');
 		});
 
-		test('should use structural equality for object comparison', () => {
+		test('should use structural equality for object comparison', async () => {
 			// Test that objects with same content but different instances are treated as equal
 			const userConfig = { 'test': { approve: true, matchCommandLine: true } };
 			const defaultConfig = { 'test': { approve: true, matchCommandLine: true } };
@@ -1089,7 +1092,7 @@ suite('CommandLineAutoApprover', () => {
 			strictEqual(getCommandLineIsDefaultRule('test command'), true, 'Even though userConfig and defaultConfig are different object instances, they have the same structure and values, so should be considered default');
 		});
 
-		test('should detect structural differences in objects', () => {
+		test('should detect structural differences in objects', async () => {
 			const userConfig = { 'test': { approve: true, matchCommandLine: true } };
 			const defaultConfig = { 'test': { approve: true, matchCommandLine: false } };
 
@@ -1098,7 +1101,7 @@ suite('CommandLineAutoApprover', () => {
 			strictEqual(getCommandLineIsDefaultRule('test command'), false, 'Objects have different matchCommandLine values, so should be user-defined');
 		});
 
-		test('should handle mixed types correctly', () => {
+		test('should handle mixed types correctly', async () => {
 			const userConfig = {
 				'cmd1': true,
 				'cmd2': { approve: false, matchCommandLine: true }
@@ -1110,7 +1113,7 @@ suite('CommandLineAutoApprover', () => {
 
 			setAutoApproveWithDefaultsCommandLine(userConfig, defaultConfig);
 
-			strictEqual(getIsDefaultRule('cmd1 arg'), true, 'Boolean type should match default');
+			strictEqual(await getIsDefaultRule('cmd1 arg'), true, 'Boolean type should match default');
 			strictEqual(getCommandLineIsDefaultRule('cmd2 arg'), true, 'Object type should match default using structural equality (even though it\'s a deny rule)');
 		});
 	});
@@ -1160,28 +1163,28 @@ suite('CommandLineAutoApprover', () => {
 			setConfig(TerminalChatAgentToolsSettingId.IgnoreDefaultAutoApproveRules, value);
 		}
 
-		test('should include default rules when ignoreDefaultAutoApproveRules is false (default behavior)', () => {
+		test('should include default rules when ignoreDefaultAutoApproveRules is false (default behavior)', async () => {
 			setAutoApproveWithDefaults(
 				{ 'ls': true },
 				{ 'echo': true, 'cat': true }
 			);
 			setIgnoreDefaultAutoApproveRules(false);
 
-			ok(isAutoApproved('ls -la'), 'User-defined rule should work');
-			ok(isAutoApproved('echo hello'), 'Default rule should work when not ignored');
-			ok(isAutoApproved('cat file.txt'), 'Default rule should work when not ignored');
+			ok(await isAutoApproved('ls -la'), 'User-defined rule should work');
+			ok(await isAutoApproved('echo hello'), 'Default rule should work when not ignored');
+			ok(await isAutoApproved('cat file.txt'), 'Default rule should work when not ignored');
 		});
 
-		test('should exclude default rules when ignoreDefaultAutoApproveRules is true', () => {
+		test('should exclude default rules when ignoreDefaultAutoApproveRules is true', async () => {
 			setAutoApproveWithDefaults(
 				{ 'ls': true },
 				{ 'echo': true, 'cat': true }
 			);
 			setIgnoreDefaultAutoApproveRules(true);
 
-			ok(isAutoApproved('ls -la'), 'User-defined rule should still work');
-			ok(!isAutoApproved('echo hello'), 'Default rule should be ignored');
-			ok(!isAutoApproved('cat file.txt'), 'Default rule should be ignored');
+			ok(await isAutoApproved('ls -la'), 'User-defined rule should still work');
+			ok(!await isAutoApproved('echo hello'), 'Default rule should be ignored');
+			ok(!await isAutoApproved('cat file.txt'), 'Default rule should be ignored');
 		});
 	});
 });
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/runInTerminalHelpers.test.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/runInTerminalHelpers.test.ts
index fc802aafa1b41..59460d6371ecd 100644
--- a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/runInTerminalHelpers.test.ts
+++ b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/browser/runInTerminalHelpers.test.ts
@@ -8,7 +8,8 @@ import { TRUNCATION_MESSAGE, dedupeRules, isPowerShell, sanitizeTerminalOutput,
 import { OperatingSystem } from '../../../../../../base/common/platform.js';
 import { ensureNoDisposablesAreLeakedInTestSuite } from '../../../../../../base/test/common/utils.js';
 import { ConfigurationTarget } from '../../../../../../platform/configuration/common/configuration.js';
-import type { IAutoApproveRule, ICommandApprovalResultWithReason } from '../../browser/commandLineAutoApprover.js';
+import type { ICommandApprovalResultWithReason } from '../../browser/tools/commandLineAnalyzer/autoApprove/commandLineAutoApprover.js';
+import { isAutoApproveRule, type IAutoApproveRule } from '../../browser/tools/commandLineAnalyzer/commandLineAnalyzer.js';
 
 suite('isPowerShell', () => {
 	ensureNoDisposablesAreLeakedInTestSuite();
@@ -186,6 +187,10 @@ suite('dedupeRules', () => {
 		};
 	}
 
+	function getSourceText(result: ICommandApprovalResultWithReason): string | undefined {
+		return isAutoApproveRule(result.rule) ? result.rule.sourceText : undefined;
+	}
+
 	test('should return empty array for empty input', () => {
 		const result = dedupeRules([]);
 		strictEqual(result.length, 0);
@@ -197,8 +202,8 @@ suite('dedupeRules', () => {
 			createMockResult('approved', 'approved by ls rule', createMockRule('ls'))
 		]);
 		strictEqual(result.length, 2);
-		strictEqual(result[0].rule?.sourceText, 'echo');
-		strictEqual(result[1].rule?.sourceText, 'ls');
+		strictEqual(getSourceText(result[0]), 'echo');
+		strictEqual(getSourceText(result[1]), 'ls');
 	});
 
 	test('should deduplicate rules with same sourceText', () => {
@@ -208,8 +213,8 @@ suite('dedupeRules', () => {
 			createMockResult('approved', 'approved by ls rule', createMockRule('ls'))
 		]);
 		strictEqual(result.length, 2);
-		strictEqual(result[0].rule?.sourceText, 'echo');
-		strictEqual(result[1].rule?.sourceText, 'ls');
+		strictEqual(getSourceText(result[0]), 'echo');
+		strictEqual(getSourceText(result[1]), 'ls');
 	});
 
 	test('should preserve first occurrence when deduplicating', () => {
@@ -228,7 +233,7 @@ suite('dedupeRules', () => {
 			createMockResult('denied', 'denied without rule')
 		]);
 		strictEqual(result.length, 1);
-		strictEqual(result[0].rule?.sourceText, 'echo');
+		strictEqual(getSourceText(result[0]), 'echo');
 	});
 
 	test('should handle mix of rules and no-rule results with duplicates', () => {
@@ -240,8 +245,8 @@ suite('dedupeRules', () => {
 			createMockResult('denied', 'denied without rule')
 		]);
 		strictEqual(result.length, 2);
-		strictEqual(result[0].rule?.sourceText, 'echo');
-		strictEqual(result[1].rule?.sourceText, 'ls');
+		strictEqual(getSourceText(result[0]), 'echo');
+		strictEqual(getSourceText(result[1]), 'ls');
 	});
 
 	test('should handle multiple duplicates of same rule', () => {
@@ -252,9 +257,9 @@ suite('dedupeRules', () => {
 			createMockResult('approved', 'git rule', createMockRule('git'))
 		]);
 		strictEqual(result.length, 2);
-		strictEqual(result[0].rule?.sourceText, 'npm');
+		strictEqual(getSourceText(result[0]), 'npm');
 		strictEqual(result[0].reason, 'npm rule 1');
-		strictEqual(result[1].rule?.sourceText, 'git');
+		strictEqual(getSourceText(result[1]), 'git');
 	});
 });
 
diff --git a/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/electron-browser/commandLineAnalyzer/npmScriptAutoApprover.test.ts b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/electron-browser/commandLineAnalyzer/npmScriptAutoApprover.test.ts
new file mode 100644
index 0000000000000..ef9dca698a8dc
--- /dev/null
+++ b/src/vs/workbench/contrib/terminalContrib/chatAgentTools/test/electron-browser/commandLineAnalyzer/npmScriptAutoApprover.test.ts
@@ -0,0 +1,202 @@
+/*---------------------------------------------------------------------------------------------
+ *  Copyright (c) Microsoft Corporation. All rights reserved.
+ *  Licensed under the MIT License. See License.txt in the project root for license information.
+ *--------------------------------------------------------------------------------------------*/
+
+import { strictEqual } from 'assert';
+import { VSBuffer } from '../../../../../../../base/common/buffer.js';
+import { Schemas } from '../../../../../../../base/common/network.js';
+import { URI } from '../../../../../../../base/common/uri.js';
+import { ensureNoDisposablesAreLeakedInTestSuite } from '../../../../../../../base/test/common/utils.js';
+import { TestConfigurationService } from '../../../../../../../platform/configuration/test/common/testConfigurationService.js';
+import { FileService } from '../../../../../../../platform/files/common/fileService.js';
+import { IFileService } from '../../../../../../../platform/files/common/files.js';
+import { InMemoryFileSystemProvider } from '../../../../../../../platform/files/common/inMemoryFilesystemProvider.js';
+import type { TestInstantiationService } from '../../../../../../../platform/instantiation/test/common/instantiationServiceMock.js';
+import { NullLogService } from '../../../../../../../platform/log/common/log.js';
+import { IWorkspaceContextService, toWorkspaceFolder } from '../../../../../../../platform/workspace/common/workspace.js';
+import { Workspace } from '../../../../../../../platform/workspace/test/common/testWorkspace.js';
+import { workbenchInstantiationService } from '../../../../../../test/browser/workbenchTestServices.js';
+import { TestIPCFileSystemProvider } from '../../../../../../test/electron-browser/workbenchTestServices.js';
+import { TestContextService } from '../../../../../../test/common/workbenchTestServices.js';
+import { TerminalChatAgentToolsSettingId } from '../../../common/terminalChatAgentToolsConfiguration.js';
+import { NpmScriptAutoApprover } from '../../../browser/tools/commandLineAnalyzer/autoApprove/npmScriptAutoApprover.js';
+
+suite('NpmScriptAutoApprover', () => {
+	const store = ensureNoDisposablesAreLeakedInTestSuite();
+
+	let instantiationService: TestInstantiationService;
+	let approver: NpmScriptAutoApprover;
+	let configurationService: TestConfigurationService;
+	let workspaceContextService: TestContextService;
+	let fileService: FileService;
+	let fileSystemProvider: InMemoryFileSystemProvider;
+
+	// Use inMemory scheme to avoid platform-specific path issues
+	const cwd = URI.from({ scheme: Schemas.inMemory, path: '/workspace/project' });
+
+	setup(async () => {
+		fileService = store.add(new FileService(new NullLogService()));
+
+		// Register file: scheme provider for tree-sitter WASM grammar loading
+		store.add(fileService.registerProvider(Schemas.file, new TestIPCFileSystemProvider()));
+
+		// Register inMemory: scheme provider for test package.json files
+		fileSystemProvider = store.add(new InMemoryFileSystemProvider());
+		store.add(fileService.registerProvider(Schemas.inMemory, fileSystemProvider));
+
+		// Create workspace directory structure
+		await fileService.createFolder(cwd);
+
+		configurationService = new TestConfigurationService();
+		workspaceContextService = new TestContextService();
+
+		instantiationService = workbenchInstantiationService({
+			fileService: () => fileService,
+			configurationService: () => configurationService
+		}, store);
+
+		instantiationService.stub(IWorkspaceContextService, workspaceContextService);
+		instantiationService.stub(IFileService, fileService);
+
+		approver = store.add(instantiationService.createInstance(NpmScriptAutoApprover));
+
+		// Enable npm script auto-approve by default for tests
+		configurationService.setUserConfiguration(TerminalChatAgentToolsSettingId.AutoApproveWorkspaceNpmScripts, true);
+
+		// Setup workspace
+		const workspace = new Workspace('test', [toWorkspaceFolder(cwd)]);
+		workspaceContextService.setWorkspace(workspace);
+	});
+
+	async function writePackageJson(uri: URI, scripts: Record<string, string>) {
+		const packageJson = {
+			name: 'test-project',
+			version: '1.0.0',
+			scripts
+		};
+		await fileService.writeFile(uri, VSBuffer.fromString(JSON.stringify(packageJson, null, 2)));
+	}
+
+	async function t(command: string, scripts: Record<string, string>, expectedAutoApproved: boolean) {
+		const packageJsonUri = URI.joinPath(cwd, 'package.json');
+		await writePackageJson(packageJsonUri, scripts);
+
+		const result = await approver.isCommandAutoApproved(command, cwd);
+		strictEqual(result.isAutoApproved, expectedAutoApproved, `Expected isAutoApproved to be ${expectedAutoApproved} for: ${command}`);
+	}
+
+	suite('npm run commands', () => {
+		test('npm run build - script exists', () => t('npm run build', { build: 'tsc' }, true));
+		test('npm run test - script exists', () => t('npm run test', { test: 'jest' }, true));
+		test('npm run dev - script exists', () => t('npm run dev', { dev: 'vite' }, true));
+		test('npm run start - script exists', () => t('npm run start', { start: 'node index.js' }, true));
+		test('npm run lint - script exists', () => t('npm run lint', { lint: 'eslint .' }, true));
+		test('npm run-script build - script exists', () => t('npm run-script build', { build: 'tsc' }, true));
+
+		// npm shorthand commands (npm test, npm start, npm stop, npm restart)
+		test('npm test - shorthand script exists', () => t('npm test', { test: 'jest' }, true));
+		test('npm start - shorthand script exists', () => t('npm start', { start: 'node index.js' }, true));
+		test('npm stop - shorthand script exists', () => t('npm stop', { stop: 'pkill node' }, true));
+		test('npm restart - shorthand script exists', () => t('npm restart', { restart: 'npm stop && npm start' }, true));
+		test('npm test - shorthand script does not exist', () => t('npm test', { build: 'tsc' }, false));
+		test('npm test -- --watch - shorthand with args', () => t('npm test -- --watch', { test: 'jest' }, true));
+		test('npm startevil - word boundary prevents match', () => t('npm startevil', { start: 'node index.js', startevil: 'evil' }, false));
+		test('npm install - built-in command, not a script', () => t('npm install', { install: 'echo should not match' }, false));
+
+		// Scripts with colons (namespaced scripts)
+		test('npm run build:prod - script with colon exists', () => t('npm run build:prod', { 'build:prod': 'tsc --build' }, true));
+		test('npm run test:unit - script with colon exists', () => t('npm run test:unit', { 'test:unit': 'jest --testPathPattern=unit' }, true));
+		test('npm run lint:fix - script with colon exists', () => t('npm run lint:fix', { 'lint:fix': 'eslint . --fix' }, true));
+
+		test('npm run missing - script does not exist', () => t('npm run missing', { build: 'tsc' }, false));
+		test('npm run build - no scripts section', async () => {
+			const packageJsonUri = URI.joinPath(cwd, 'package.json');
+			await fileService.writeFile(packageJsonUri, VSBuffer.fromString(JSON.stringify({ name: 'test' })));
+
+			const result = await approver.isCommandAutoApproved('npm run build', cwd);
+			strictEqual(result.isAutoApproved, false);
+		});
+	});
+
+	suite('yarn commands', () => {
+		test('yarn run build - script exists', () => t('yarn run build', { build: 'tsc' }, true));
+		test('yarn run test - script exists', () => t('yarn run test', { test: 'jest' }, true));
+
+		// Yarn shorthand (yarn <script>)
+		test('yarn build - script exists (shorthand)', () => t('yarn build', { build: 'tsc' }, true));
+		test('yarn test - script exists (shorthand)', () => t('yarn test', { test: 'jest' }, true));
+
+		// Yarn built-in commands should not match
+		test('yarn install - built-in command, not a script', () => t('yarn install', { install: 'echo should not match' }, false));
+		test('yarn add - built-in command, not a script', () => t('yarn add lodash', { add: 'echo should not match' }, false));
+
+		test('yarn run missing - script does not exist', () => t('yarn run missing', { build: 'tsc' }, false));
+	});
+
+	suite('pnpm commands', () => {
+		test('pnpm run build - script exists', () => t('pnpm run build', { build: 'tsc' }, true));
+		test('pnpm run test - script exists', () => t('pnpm run test', { test: 'jest' }, true));
+
+		// pnpm shorthand (pnpm <script>)
+		test('pnpm build - script exists (shorthand)', () => t('pnpm build', { build: 'tsc' }, true));
+		test('pnpm test - script exists (shorthand)', () => t('pnpm test', { test: 'jest' }, true));
+
+		// pnpm built-in commands should not match
+		test('pnpm install - built-in command, not a script', () => t('pnpm install', { install: 'echo should not match' }, false));
+		test('pnpm add - built-in command, not a script', () => t('pnpm add lodash', { add: 'echo should not match' }, false));
+
+		test('pnpm run missing - script does not exist', () => t('pnpm run missing', { build: 'tsc' }, false));
+	});
+
+	suite('no package.json', () => {
+		test('npm run build - no package.json file', async () => {
+			const result = await approver.isCommandAutoApproved('npm run build', URI.from({ scheme: Schemas.inMemory, path: '/nonexistent/path' }));
+			strictEqual(result.isAutoApproved, false);
+		});
+	});
+
+	suite('non-npm commands', () => {
+		test('git status - not an npm command', () => t('git status', { build: 'tsc' }, false));
+		test('ls -la - not an npm command', () => t('ls -la', { build: 'tsc' }, false));
+		test('echo hello - not an npm command', () => t('echo hello', { build: 'tsc' }, false));
+	});
+
+	suite('auto-approve disabled', () => {
+		test('npm run build - npm script auto-approve setting disabled', async () => {
+			configurationService.setUserConfiguration(TerminalChatAgentToolsSettingId.AutoApproveWorkspaceNpmScripts, false);
+
+			const packageJsonUri = URI.joinPath(cwd, 'package.json');
+			await writePackageJson(packageJsonUri, { build: 'tsc' });
+
+			const result = await approver.isCommandAutoApproved('npm run build', cwd);
+			strictEqual(result.isAutoApproved, false);
+		});
+	});
+
+	suite('autoApproveInfo message', () => {
+		test('single script - message contains script name', async () => {
+			const packageJsonUri = URI.joinPath(cwd, 'package.json');
+			await writePackageJson(packageJsonUri, { build: 'tsc' });
+
+			const result = await approver.isCommandAutoApproved('npm run build', cwd);
+			strictEqual(result.isAutoApproved, true);
+			strictEqual(result.scriptName, 'build', 'Should return script name');
+			strictEqual(result.autoApproveInfo?.value.includes('build'), true, 'Should mention script name');
+			strictEqual(result.autoApproveInfo?.value.includes('package.json'), true, 'Should mention package.json');
+		});
+	});
+
+	suite('workspace folder security', () => {
+		test('cwd outside workspace - does not auto-approve', async () => {
+			// Create package.json outside workspace
+			const outsideCwd = URI.from({ scheme: Schemas.inMemory, path: '/outside/project' });
+			await fileService.createFolder(outsideCwd);
+			const outsidePackageJsonUri = URI.joinPath(outsideCwd, 'package.json');
+			await writePackageJson(outsidePackageJsonUri, { build: 'tsc' });
+
+			const result = await approver.isCommandAutoApproved('npm run build', outsideCwd);
+			strictEqual(result.isAutoApproved, false, 'Should not auto-approve when cwd is outside workspace');
+		});
+	});
+});