feat: add max_memory to Rust BashBuilder, propagate to JS + Python

Adds `BashBuilder::max_memory(bytes)` convenience method in the core
crate that sets `max_total_variable_bytes` and clamps
`max_function_body_bytes`. JS bindings now delegate to this instead
of a local helper. Python bindings (`Bash` and `BashTool`) gain
`max_memory` parameter with the same semantics.

Includes Rust-level unit test for the builder method.

Author: chaliy

crates/bashkit-js/src/lib.rs

@@ -15,9 +15,9 @@
 
 use bashkit::tool::VERSION;
 use bashkit::{
-    Bash as RustBash, BashTool as RustBashTool, ExecutionLimits, ExtFunctionResult, MemoryLimits,
-    MontyObject, PythonExternalFnHandler, PythonLimits, ScriptedTool as RustScriptedTool, Tool,
-    ToolArgs, ToolDef, ToolRequest,
+    Bash as RustBash, BashTool as RustBashTool, ExecutionLimits, ExtFunctionResult, MontyObject,
+    PythonExternalFnHandler, PythonLimits, ScriptedTool as RustScriptedTool, Tool, ToolArgs,
+    ToolDef, ToolRequest,
 };
 use napi_derive::napi;
 use std::collections::HashMap;
@@ -1158,20 +1158,6 @@ impl ScriptedTool {
 // Helpers
 // ============================================================================
 
-/// Convert a single `maxMemory` byte budget into granular `MemoryLimits`.
-///
-/// The budget is applied as `max_total_variable_bytes` (the dominant vector)
-/// and `max_function_body_bytes` is set to min(budget, default). Other
-/// sub-limits (variable count, array entries, function count) stay at their
-/// defaults since they are count-based, not byte-based.
-fn build_memory_limits(max_bytes: f64) -> MemoryLimits {
-    let bytes = max_bytes as usize;
-    let defaults = MemoryLimits::default();
-    MemoryLimits::new()
-        .max_total_variable_bytes(bytes)
-        .max_function_body_bytes(bytes.min(defaults.max_function_body_bytes))
-}
-
 #[allow(clippy::too_many_arguments)]
 fn build_bash(
     username: Option<&str>,
@@ -1203,7 +1189,7 @@ fn build_bash(
     builder = builder.limits(limits);
 
     if let Some(max_mem) = max_memory {
-        builder = builder.memory_limits(build_memory_limits(max_mem));
+        builder = builder.max_memory(max_mem as usize);
     }
 
     // Mount files into the virtual filesystem

crates/bashkit-python/src/lib.rs

@@ -662,6 +662,7 @@ pub struct PyBash {
     real_mounts: Vec<RealMountConfig>,
     max_commands: Option<u64>,
     max_loop_iterations: Option<u64>,
+    max_memory: Option<u64>,
 }
 
 #[pymethods]
@@ -672,6 +673,7 @@ impl PyBash {
         hostname=None,
         max_commands=None,
         max_loop_iterations=None,
+        max_memory=None,
         python=false,
         external_functions=None,
         external_handler=None,
@@ -689,6 +691,7 @@ impl PyBash {
         hostname: Option<String>,
         max_commands: Option<u64>,
         max_loop_iterations: Option<u64>,
+        max_memory: Option<u64>,
         python: bool,
         external_functions: Option<Vec<String>>,
         external_handler: Option<Py<PyAny>>,
@@ -717,6 +720,10 @@ impl PyBash {
         }
         builder = builder.limits(limits);
 
+        if let Some(mm) = max_memory {
+            builder = builder.max_memory(usize::try_from(mm).unwrap_or(usize::MAX));
+        }
+
         let (mounted_text_files, real_mounts) = parse_mount_configs(
             mount_text,
             mount_readonly_text,
@@ -786,6 +793,7 @@ impl PyBash {
             real_mounts,
             max_commands,
             max_loop_iterations,
+            max_memory,
         })
     }
 
@@ -935,6 +943,7 @@ impl PyBash {
         let hostname = self.hostname.clone();
         let max_commands = self.max_commands;
         let max_loop_iterations = self.max_loop_iterations;
+        let max_memory = self.max_memory;
         let python = self.python;
         let external_functions = self.external_functions.clone();
         let mounted_text_files = self.mounted_text_files.clone();
@@ -961,6 +970,9 @@ impl PyBash {
                     limits = limits.max_loop_iterations(usize::try_from(mli).unwrap_or(usize::MAX));
                 }
                 builder = builder.limits(limits);
+                if let Some(mm) = max_memory {
+                    builder = builder.max_memory(usize::try_from(mm).unwrap_or(usize::MAX));
+                }
                 builder = apply_python_config(builder, python, external_functions, handler_clone);
                 builder = apply_fs_config(builder, &mounted_text_files, &real_mounts);
                 *bash = builder.build();
@@ -1067,6 +1079,7 @@ pub struct BashTool {
     real_mounts: Vec<RealMountConfig>,
     max_commands: Option<u64>,
     max_loop_iterations: Option<u64>,
+    max_memory: Option<u64>,
 }
 
 impl BashTool {
@@ -1101,6 +1114,7 @@ impl BashTool {
         hostname=None,
         max_commands=None,
         max_loop_iterations=None,
+        max_memory=None,
         mount_text=None,
         mount_readonly_text=None,
         mount_real_readonly=None,
@@ -1113,6 +1127,7 @@ impl BashTool {
         hostname: Option<String>,
         max_commands: Option<u64>,
         max_loop_iterations: Option<u64>,
+        max_memory: Option<u64>,
         mount_text: Option<Vec<(String, String)>>,
         mount_readonly_text: Option<Vec<(String, String)>>,
         mount_real_readonly: Option<Vec<String>>,
@@ -1138,6 +1153,10 @@ impl BashTool {
         }
         builder = builder.limits(limits);
 
+        if let Some(mm) = max_memory {
+            builder = builder.max_memory(usize::try_from(mm).unwrap_or(usize::MAX));
+        }
+
         let (mounted_text_files, real_mounts) = parse_mount_configs(
             mount_text,
             mount_readonly_text,
@@ -1163,6 +1182,7 @@ impl BashTool {
             real_mounts,
             max_commands,
             max_loop_iterations,
+            max_memory,
         })
     }
 
@@ -1295,6 +1315,7 @@ impl BashTool {
         let real_mounts = self.real_mounts.clone();
         let max_commands = self.max_commands;
         let max_loop_iterations = self.max_loop_iterations;
+        let max_memory = self.max_memory;
         let cancelled = self.cancelled.clone();
 
         py.detach(|| {
@@ -1315,6 +1336,9 @@ impl BashTool {
                     limits = limits.max_loop_iterations(usize::try_from(mli).unwrap_or(usize::MAX));
                 }
                 builder = builder.limits(limits);
+                if let Some(mm) = max_memory {
+                    builder = builder.max_memory(usize::try_from(mm).unwrap_or(usize::MAX));
+                }
                 builder = apply_fs_config(builder, &mounted_text_files, &real_mounts);
                 *bash = builder.build();
                 // Swap the cancellation token to the new interpreter's token so

crates/bashkit/src/lib.rs

@@ -1100,6 +1100,30 @@ impl BashBuilder {
         self
     }
 
+    /// Cap total interpreter memory to `bytes`.
+    ///
+    /// Convenience wrapper over [`memory_limits`](Self::memory_limits) that
+    /// sets `max_total_variable_bytes` to `bytes` and clamps
+    /// `max_function_body_bytes` to `min(bytes, default)`. Count-based
+    /// sub-limits (variable count, array entries, function count) stay at
+    /// their defaults.
+    ///
+    /// # Example
+    /// ```
+    /// # use bashkit::Bash;
+    /// let bash = Bash::builder()
+    ///     .max_memory(10 * 1024 * 1024)   // 10 MB
+    ///     .build();
+    /// ```
+    pub fn max_memory(self, bytes: usize) -> Self {
+        let defaults = MemoryLimits::default();
+        self.memory_limits(
+            MemoryLimits::new()
+                .max_total_variable_bytes(bytes)
+                .max_function_body_bytes(bytes.min(defaults.max_function_body_bytes)),
+        )
+    }
+
     /// Set the trace mode for structured execution tracing.
     ///
     /// - `TraceMode::Off` (default): No events, zero overhead
@@ -5367,4 +5391,23 @@ echo missing fi"#,
     async fn test_streaming_equivalence_subshell() {
         assert_streaming_equivalence("x=$(echo hello); echo $x").await;
     }
+
+    #[tokio::test]
+    async fn test_max_memory_caps_string_growth() {
+        let mut bash = Bash::builder()
+            .max_memory(1024)
+            .limits(
+                ExecutionLimits::new()
+                    .max_commands(10_000)
+                    .max_loop_iterations(10_000),
+            )
+            .build();
+        let result = bash
+            .exec(r#"x=AAAAAAAAAA; i=0; while [ $i -lt 25 ]; do x="$x$x"; i=$((i+1)); done; echo ${#x}"#)
+            .await
+            .unwrap();
+        let len: usize = result.stdout.trim().parse().unwrap();
+        // 25 doublings of 10 bytes = 335 544 320 without limits; must be capped ≤ 1024
+        assert!(len <= 1024, "string length {len} must be ≤ 1024");
+    }
 }