feat(shell): file redirections, increment 3 (#34)#40
Merged
Conversation
WHAT: The safe-subset engine now supports file redirections: > (truncate), >> (append), and < (stdin). parse.rs refactors into a read_word tokenizer + a Command{argv, redirects} model (Pipeline = Vec<Command>); fd-number forms (2>, 2>&1), >&/<& fd-duplication, and heredocs (<<) are refused as Unsupported rather than risk silently mishandling bash's fd rules. The OsSpawner opens redirect targets and wires them (redirect overrides the pipe for that fd); last-stage stdout that goes to a file means empty captured stdout.
WHY: Because BRIDLE performs the redirect's file open, the target is leash-checked in invoke (> => check_path_write, < => check_path_read) BEFORE any stage spawns — a real fs enforcement point (unlike a spawned program's own opens, which are L3's job). This is part of atomic admission: a single out-of-scope program OR redirect target denies the whole pipeline with no partial side effects.
TEST: 26 unit (mock-spawner: redirects parsed + passed; out-of-scope redirect target denied with the spawner never called; quoted redirect operator stays literal) + 8 real-spawn integration (real > truncate/>> append, < stdin feed, pipeline+redirect on last stage). just check green (fmt + clippy all-features & no-default-features + workspace tests).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01HMGPEApE4XfwgMhgFbRn6c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Increment 3 of #34 (ADR 0005 D3): the safe-subset engine now supports file redirections
>/>>/<.What
parse.rs— refactored into aread_wordtokenizer + aCommand { argv, redirects }model (Pipeline = Vec<Command>).>/>>(stdout truncate/append),<(stdin); quoted operators stay literal. Refused (Unsupported): fd-number forms (2>,2>&1),>&/<&fd-duplication, heredocs (<<) — rather than risk silently mishandling bash's fd rules.shell_tool.rs—OsSpawneropens redirect targets and wires them (a redirect overrides the pipe for that fd); a last stage redirected to a file yields empty captured stdout.The fs enforcement point
Because bridle performs the open, the target is leash-checked in
invokebefore any stage spawns —>⇒check_path_write,<⇒check_path_read— folded into atomic admission (one out-of-scope program or redirect target denies the whole pipeline, no partial side effects). This is real L2 enforcement on opens bridle does itself (a spawned program's own opens remain L3's job, #35).Testing (fully mocked + deep)
DenialKind::Open) with the spawner never called; quoted>stays a literal arg.tests/real_spawn.rs, real fs): real>truncate />>append,<stdin feed (sort), pipeline + redirect on the last stage. Unique temp paths, cleaned up.Test plan
just checkgreen (fmt + clippy all-features & no-default-features + workspace tests). Part of #34.🤖 Generated with Claude Code