fix(security): scan .sh files for dependency confusion in pre-commit …

[Ricky-G]

Closes #2207

Description

Pre-commit mode of scripts/check_dependency_confusion.py previously filtered staged files by extension and excluded .sh/.bash, so real pip install commands inside shell scripts (e.g. agent-governance-python/agent-os/modules/control-plane/build_and_publish.sh, .../scak/build_and_publish.sh) were never scanned for dependency-confusion risks.

This PR closes that gap:

• Includes shell scripts in pre-commit scanning. Adds .sh and .bash to the staged-file extension filter in main().
• Avoids false positives in shell scripts. In check_file(), pip install matches that fall inside a shell comment (#) or an echo/printf invocation are skipped. The check is scoped to the current shell command segment (split on ;, &&, ||, |), so a real install after a separator (e.g. echo done; pip install foo) is still flagged.
• Preserves existing behavior for other file types. The new suppression is gated to .sh/.bash, so .md, .py, .txt, .ipynb scanning is unchanged (e.g. # Install: pip install <unregistered> in markdown is still flagged).
• Adds twine to REGISTERED_PACKAGES since the now-scanned existing build_and_publish.sh scripts use it and it is a legitimate PyPI package.
• Regression tests under tests/ci/test_check_dependency_confusion.py cover: real pip install <unregistered> in .sh is flagged; echo "pip install <unregistered>" is not; printf "... pip install <unregistered>" is not; full-line and inline # comments are not; known package (pydantic) in .sh is not; echo done; pip install <unregistered> (segment edge case) is flagged; markdown # lines still flagged; .txt behavior unchanged; pre-commit extension filter sanity checks for .sh/.bash and existing .py/.md/.txt/.ipynb.

Out of scope (intentional, per issue): Dockerfile support, heredoc bodies, and multi-line pip install \ continuations. These are tracked as follow-ups.

Type of Change

• Bug fix (non-breaking change that fixes an issue)
• New feature
• Breaking change
• Documentation update
• Maintenance
• Security fix

Package(s) Affected

• agent-os-kernel
• agent-mesh
• agent-runtime
• agent-sre
• agent-governance
• docs / root (scripts/ + tests/)

Checklist

• My code follows the project style guidelines (ruff check passes)
• I have added tests that prove my fix works (15 regression tests)
• All new and existing tests pass (pytest tests/ci/test_check_dependency_confusion.py — 15/15)
• I have updated documentation as needed (no doc changes required; behavior of documented usage unchanged)
• I have signed the Microsoft CLA

Attribution & Prior Art

• This contribution does not contain code copied or derived from other projects without attribution
• Any external projects that inspired this design are credited in code comments or documentation
• N/A — this is a bug fix to an existing script

Prior art / related projects: None.

AI Assistance

• I can explain every meaningful change in this PR
• I have run tests and verification appropriate for this change
• No part of this PR was autonomously submitted by an AI agent without my review
• I have not used AI to generate review comments on others' PRs

GitHub Copilot was used to scaffold the regression tests and the segment-based suppression logic; all output was reviewed, tested, and validated against the issue requirements.

IP, Patents, and Licensing

• This contribution does not implement patent-pending or patent-encumbered techniques
• This contribution does not require an NDA or licensing agreement to understand or use
• Any AI tools used have terms compatible with the MIT License

Related Issues

Closes #2207

Follow-ups

• Dockerfile (FROM/RUN pip install) scanning in pre-commit mode
• Shell heredoc body suppression (<<EOF ... EOF)
• Multi-line pip install \ continuation parsing

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[github-actions]

🤖 AI Agent: test-generator — `scripts/check_dependency_confusion.py`

scripts/check_dependency_confusion.py

• test_sh_multiline_pip_install_continuation -- Validate handling of multi-line pip install \ continuations in .sh files.
• test_dockerfile_pip_install -- Ensure pip install commands in Dockerfile RUN instructions are flagged.
• test_sh_heredoc_pip_install -- Test suppression of pip install commands inside shell heredoc bodies (<<EOF ... EOF).

tests/ci/test_check_dependency_confusion.py

• test_sh_multiline_pip_install_continuation -- Add regression test for multi-line pip install \ continuation parsing.
• test_dockerfile_pip_install -- Add test for Dockerfile RUN pip install scanning.
• test_sh_heredoc_pip_install -- Add test for heredoc body suppression in .sh files.

[github-actions]

🤖 AI Agent: security-scanner — View details

No security issues found.

[github-actions]

🤖 AI Agent: docs-sync-checker — Docs Sync

Docs Sync

• scripts/check_dependency_confusion.py -- check_file() and main() have been updated, but no docstrings were added or updated to reflect the new behavior for .sh/.bash files.
• README.md -- if it documents the usage or behavior of scripts/check_dependency_confusion.py, it may need updates to reflect the inclusion of .sh/.bash files in pre-commit scanning and the new suppression logic.
• CHANGELOG.md -- missing entry for the behavioral change in scripts/check_dependency_confusion.py to include .sh/.bash files in pre-commit scanning and suppress false positives.

[github-actions]

🤖 AI Agent: breaking-change-detector — API Compatibility

API Compatibility

No breaking changes detected.

[github-actions]

🤖 AI Agent: code-reviewer — View details

TL;DR: 0 blockers, 0 warnings. Clean and robust security fix.

#	Sev	Issue	Where

No action items.

[github-actions]

🟡 Contributor Check: MEDIUM

Check	Result
Profile	MEDIUM
Credential	NONE
Overall	MEDIUM

Automated check by AGT Contributor Check.

[github-actions]

PR Review Summary

Check	Status	Details
🔍 Code Review	✅ Passed	No issues found
🛡️ Security Scan	✅ Passed	No issues found
🔄 Breaking Changes	✅ Passed	No issues found
📝 Docs Sync	✅ Completed	Analysis complete
🧪 Test Coverage	✅ Completed	Analysis complete

Verdict: ✅ Ready for human review