Skip to content

Release v0.1.15

Choose a tag to compare

View all tags
@github-actions github-actions released this 06 Apr 04:36
· 155 commits to main since this release
v0.1.15
34cf2c2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Highlights

  • Transparent request signing (bot-auth) — Ed25519 request signing per RFC 9421 for all outbound HTTP requests, configured via BotAuthConfig
  • Opt-in SSH/SCP/SFTP builtins — Pluggable SshHandler trait with russh transport, host allowlists (default-deny), and session pooling
  • Opt-in TypeScript via ZapCode — Embedded TS/JS runtime with ts, node, deno, bun builtins, VFS bridging, and configurable resource limits
  • AI SDK adapters — First-class JS adapters for Vercel AI SDK, OpenAI SDK, and Anthropic SDK with zero-boilerplate tool integration
  • Snapshot/resume — Serialize and restore interpreter state mid-execution for checkpointing and migration
  • wedow/harness compatibility — Running the wedow/harness agent framework via bashkit as another bash compatibility milestone
  • Security hardening — 20+ fixes: regex size limits, memory exhaustion caps, sandbox escape fix, credential leak prevention, header injection mitigation

What's Changed

  • chore(specs): make CI health a hard gate in maintenance checklist (#1092) by @chaliy
  • feat(examples): run wedow/harness via bashkit with OpenAI (#1086) by @chaliy
  • fix(interpreter): populate BASH_SOURCE[0] for PATH-resolved scripts (#1087) by @chaliy
  • feat(js): expose stat() and missing fs operations directly on Bash/BashTool (#1084) by @chaliy
  • feat(js): expose fs() accessor for direct VFS operations (#1081) by @chaliy
  • fix(parser): prevent word-splitting inside quoted strings during array assignment (#1082) by @chaliy
  • feat(builtins): add ls -C multi-column output (#1079) by @chaliy
  • feat(js): expose additional execution limits for Python parity (#1078) by @chaliy
  • fix(grep): grep -r on single file returns empty (#1080) by @chaliy
  • feat(js): expose real filesystem mounts with per-mount readOnly support (#1077) by @chaliy
  • feat: expose maxMemory to prevent OOM from untrusted input (#1075) by @chaliy
  • feat(cli): relax execution limits for CLI mode (#1076) by @chaliy
  • fix(parser): handle all token types in process substitution reconstruction (#1073) by @chaliy
  • feat(ssh): add ssh/scp/sftp builtins with russh transport (#945) by @chaliy
  • fix(deps): resolve all npm security vulnerabilities (#1064) by @chaliy
  • docs: add GitHub links to PyPI metadata and Everruns ecosystem section (#1065) by @chaliy
  • chore: pre-release maintenance pass (#1063) by @chaliy
  • feat(network): add transparent request signing (bot-auth) (#1062) by @chaliy
  • fix(audit): update semver exemption to 1.0.28 (#1059) by @chaliy
  • fix(builtins): limit AWK getline file cache to prevent memory exhaustion (#1061) by @chaliy
  • fix(builtins): cap AWK printf width/precision to prevent memory exhaustion (#1048) by @chaliy
  • fix(interpreter): support exec {var}>&- fd-variable redirect syntax (#1060) by @chaliy
  • fix(builtins): cap AWK output buffer size to prevent memory exhaustion (#1055) by @chaliy
  • fix(builtins): cap parallel cartesian product size to prevent memory blowup (#1054) by @chaliy
  • fix(builtins): sanitize curl multipart field names to prevent header injection (#1053) by @chaliy
  • fix(interpreter): splat "${arr[@]}" elements individually in array assignment (#1052) by @chaliy
  • fix(builtins): reject path traversal in patch diff headers (#1051) by @chaliy
  • fix(js): use single interpreter instance in AI adapters (#1050) by @chaliy
  • fix(builtins): enforce regex size limits in sed, grep, and awk (#1049) by @chaliy
  • fix(js): use shared runtime and concurrency limit for tool callbacks (#1047) by @chaliy
  • fix(python): enforce recursion depth limits in monty_to_py and py_to_monty (#1046) by @chaliy
  • fix(builtins): parse combined short flags in paste builtin (#1045) by @chaliy
  • fix(js): use SeqCst ordering for cancellation flag (#1044) by @chaliy
  • fix(interpreter): support recursive function calls inside $() command substitution (#1043) by @chaliy
  • chore: update semver exemption to 1.0.28 in cargo-vet config (#1058) by @chaliy
  • chore: update cc exemption to 1.2.59 in cargo-vet config (#1057) by @chaliy
  • fix(mcp): apply CLI execution limits to MCP-created interpreters (#1041) by @chaliy
  • fix(interpreter): remove exported vars from env on unset (#1042) by @chaliy
  • fix(fs): prevent sandbox escape via TOCTOU fallback in RealFs::resolve (#1040) by @chaliy
  • fix(interpreter): expand parameter operators inside arithmetic base# expressions (#1039) by @chaliy
  • fix(interpreter): set BASH_SOURCE[0] when running bash /path/script.sh (#1037) by @chaliy
  • fix(interpreter): short-circuit && and || inside [[ ]] for set -u (#1035) by @chaliy
  • test(interpreter): add regression tests for bash -c exported variable visibility (#1038) by @chaliy
  • fix(interpreter): forward piped stdin to bash script/command child (#1036) by @chaliy
  • fix(interpreter): route exec fd redirects through VFS targets (#1034) by @chaliy
  • fix(interpreter): compose indirect expansion with default operator by @chaliy
  • chore: update tagline to "Awesomely fast virtual sandbox with bash and file system" (#1029) by @chaliy
  • fix(interpreter): contain ${var:?msg} error within subshell boundary (#1031) by @chaliy
  • fix(interpreter): exec < file redirects stdin for subsequent commands (#1030) by @chaliy
  • fix(builtins): unescape / in sed replacement strings (#1028) by @chaliy
  • fix(builtins): filter internal markers from Python os.environ (#1021) by @chaliy
  • fix(builtins): harden curl redirect against credential leaks (#1020) by @chaliy
  • fix(parser): cap lookahead in looks_like_brace_expansion (#1019) by @chaliy
  • fix(parser): enforce subst depth limit in unquoted cmdsub (#1018) by @chaliy
  • fix(interpreter): cap global pattern replacement result size (#1017) by @chaliy
  • fix(interpreter): cap glob_match calls in remove_pattern_glob (#1016) by @chaliy
  • fix(interpreter): save/restore memory_budget in subshell/cmdsub (#1015) by @chaliy
  • fix(fs): handle symlinks in overlay rename and copy (#1014) by @chaliy
  • fix(builtins): block unset of internal variables and readonly marker bypass (#1013) by @chaliy
  • fix(builtins): emit stderr warning when sed branch loop limit is reached (#1012) by @chaliy
  • fix(cli): install custom panic hook to suppress backtrace information disclosure (#1011) by @chaliy
  • fix(builtins): clamp printf precision to prevent panic on large values (#1010) by @chaliy
  • fix(trace): handle all header flag formats and missing secret headers in redaction (#1009) by @chaliy
  • fix(builtins): URL-encode query params and form body in HTTP builtin (#1008) by @chaliy
  • fix(builtins): prevent JSON injection in HTTP build_json_body (#1007) by @chaliy
  • fix(builtins): clear variable on read at EOF with no remaining data (#976) by @chaliy
  • fix(builtins): honor jq -j/--join-output flag to suppress trailing newline (#975) by @chaliy
  • fix(builtins): add find -path predicate and fix -not argument consumption (#974) by @chaliy
  • fix(builtins): support long options in tree builtin (#973) by @chaliy
  • fix(parser): treat escaped dollar \$ in double quotes as literal (#972) by @chaliy
  • fix(builtins): produce empty JSON string for jq -Rs with empty stdin (#971) by @chaliy
  • fix(parser): reconstruct braces in process substitution token loop (#970) by @chaliy
  • feat(js): Vercel AI SDK adapter — first-class integration (#958) by @chaliy
  • feat(js): OpenAI SDK adapter — first-class GPT integration (#957) by @chaliy
  • feat(js): Anthropic SDK adapter — first-class Claude integration (#956) by @chaliy
  • docs: fix rustdoc guides rendering on docs.rs (#955) by @chaliy
  • feat: snapshot/resume — serialize interpreter state mid-execution (#954) by @chaliy
  • feat(builtins): add embedded TypeScript/JS runtime via ZapCode (#940) by @chaliy
  • test(security): adversarial tests — sparse arrays, extreme indices, expansion bombs (#936) by @chaliy
  • docs: update README features to reflect current implementation (#935) by @chaliy
  • feat(builtins): support -d @- and -d @file in curl builtin (#929) by @chaliy
  • chore(supply-chain): update exemptions for hybrid-array, hyper (#927) by @chaliy
  • test: implement missing glob_fuzz target (#926) by @chaliy
  • test(builtins): add spec tests for jq --arg/--argjson (#925) by @chaliy
  • feat(builtins): implement ls -F (classify) option (#924) by @chaliy
  • feat(vfs): lazy file content loading for InMemoryFs (#923) by @chaliy
  • feat(builtins): add numfmt builtin (#922) by @chaliy
  • feat(network): custom HTTP handler / fetch interception callback (#921) by @chaliy
  • feat(builtins): full sort -k KEYDEF parsing with multi-key support (#920) by @chaliy
  • fix(security): sanitize internal state in error messages (#919) by @chaliy
  • feat(builtins): implement sort -V version sort (#918) by @chaliy
  • fix(interpreter): isolate command substitution subshell state (#917) by @chaliy
  • fix(interpreter): handle ++/-- in complex arithmetic expressions (#916) by @chaliy
  • fix(interpreter): preserve stdout from if/elif condition commands (#905) by @chaliy
  • fix(interpreter): exit builtin terminates execution in compound commands (#904) by @chaliy
  • fix(interpreter): get_ifs_separator respects local IFS (#902) by @chaliy
  • fix(builtins): read builtin respects local variable scoping (#901) by @chaliy
  • chore(ci): bump the github-actions group with 2 updates (#899) by @chaliy
  • refactor(builtins): migrate base64 from manual arg parsing to ArgParser (#890) by @chaliy
  • fix(interpreter): expand command substitutions in assoc array keys (#883) by @chaliy

Full Changelog: v0.1.14...v0.1.15

Contributors

chaliy
Assets 6
Loading