feat(shell): filename globbing, increment 5 (#34)#42
Merged
Conversation
WHAT: The safe-subset engine now supports filename globbing (*, ?, [..]). parse.rs gains an Arg enum (Lit | Glob); read_word marks a word Glob when it contains an unquoted glob metachar (quoted/escaped stay literal). The executor expands globs against the filesystem: a pure fnmatch (* ? [..] with ranges + !/^ negation) + expand_glob (last-segment glob, hidden-file skip, sorted; no match => literal pattern, bash nullglob-off). WHY: Because BRIDLE performs the glob's directory listing, that fs_read is leash-checked in invoke (check_path_read on the listed dir) BEFORE any stage spawns — folded into atomic admission. A glob in the program (argv[0]) position is refused (we never exec a pattern). Redirect targets are taken literally (not globbed). TEST: 14 unit + 11 real-spawn integration. Pure: fnmatch cases, expand_glob with a fake dir-lister (sorted, hidden excluded, sub-path prefix, no-match=>literal). Mocked: glob arg reaches the spawner after the leash; glob-as-program denied; glob dir out of fs_read scope denied with nothing spawned. Real: cat *.rs => sorted file contents; unmatched glob => literal (cat fails). just check green. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01HMGPEApE4XfwgMhgFbRn6c
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Increment 5 of #34 (ADR 0005 D3): the safe-subset engine now supports filename globbing
*/?/[…].What
parse.rs— anArgenum (Lit|Glob);read_wordmarks a wordGlobwhen it contains an unquoted glob metacharacter (quoted/escaped stay literal). The parser only marks; expansion is the executor's job.shell_tool.rs— a purefnmatch(*/?/[…]with ranges and!/^negation) +expand_glob(last-segment glob, hidden-file skip, sorted; no match → the literal pattern, bashnullglob-off). Lowering happens inOsSpawner.The fs enforcement point
Because bridle performs the directory listing, that
fs_readis leash-checked ininvoke(check_path_readon the listed dir) before any stage spawns — folded into atomic admission. A glob in the program position (argv[0]) is refused (we neverexeca pattern). Redirect targets are taken literally (not globbed).Testing (fully mocked + deep)
fnmatchcases;expand_globwith a fake dir-lister (sorted, hidden excluded, sub-path prefix preserved, no-match→literal).fs_readscope denied with nothing spawned.cat *.rs→ sorted file contents; unmatched glob → literal (catfails).Test plan
just checkgreen (fmt + clippy all-features & no-default-features + workspace tests). Part of #34. Leaves only$VARexpansion (allowlist-only, increment 6) for Track A.🤖 Generated with Claude Code