Release v0.1.9

Highlights

• First external contribution! Welcome @achicu, who contributed external function handler support for the Python bindings (#394) — a milestone for the project as our first community-contributed feature. Thank you!
• Comprehensive security hardening: deep audit with 40+ fixes across VFS, parser, interpreter, network, and Python bindings
• HTTP, git, and Python features now enabled by default in the CLI
• Multi-byte UTF-8 safety across builtins (awk, tr, printf, expr)
• Python runtime improvements: GIL release, tokio runtime reuse, security config preservation

What's Changed

• feat(python): add external function handler support (#394) by Alexandru Chiculita
• feat(cli): enable http, git, python by default (#507)
• chore: run maintenance checklist (012-maintenance) (#508)
• docs: convert doc examples to tested doctests (#504)
• fix(security): batch 3 — issues #498-#499 (#503)
• fix(security): batch 2 — issues #493-#497 (#502)
• fix(security): batch 1 — issues #488-#492 (#501)
• docs: align rustdoc with README, add doc review to maintenance (#500)
• test(security): deep security audit with regression tests (#487)
• fix(builtins): make exported variables visible to Python's os.getenv (#486)
• refactor(interpreter): extract inline builtins from execute_dispatched_command (#485)
• fix(parser): allow glob expansion on unquoted suffix after quoted prefix (#484)
• fix(parser): handle quotes inside ${...} in double-quoted strings (#483)
• fix(parser): expand variables in [[ =~ $var ]] regex patterns (#482)
• fix(builtins): count newlines for wc -l instead of logical lines (#481)
• fix(interpreter): reset OPTIND between bash script invocations (#478)
• fix(builtins): awk array features — SUBSEP, multi-subscript, pre-increment (#477)
• fix(builtins): prevent awk parser panic on multi-byte UTF-8 (#476)
• fix(network): use byte-safe path boundary check in allowlist (#475)
• fix(interpreter): use byte-safe indexing for arithmetic compound assignment (#474)
• fix(builtins): add recursion depth limit to AWK function calls (#473)
• fix(network): use try_from instead of truncating u64-to-usize cast (#472)
• fix(network): redact credentials from allowlist error messages (#471)
• fix(scripted_tool): use Display not Debug format in errors (#470)
• fix(python): add depth limit to py_to_json/json_to_py (#469)
• fix(builtins): handle multi-byte UTF-8 in tr expand_char_set() (#468)
• fix(builtins): use char-based precision truncation in printf (#467)
• fix(builtins): use char count instead of byte length in expr (#466)
• fix(interpreter): detect cyclic nameref to prevent wrong resolution (#465)
• fix(interpreter): sandbox $$ to return 1 instead of host PID (#464)
• fix(python): preserve security config across Bash.reset() (#463)
• fix(git): validate branch names to prevent path injection (#462)
• fix(tool): preserve custom builtins across create_bash calls (#461)
• fix(fs): add validate_path to all InMemoryFs methods (#460)
• fix(fs): recursive delete whiteouts lower-layer children in OverlayFs (#459)
• fix(fs): use combined usage for OverlayFs write limits (#458)
• fix(fs): prevent usage double-counting in OverlayFs (#457)
• fix(fs): enforce write limits on chmod copy-on-write (#456)
• fix(archive): prevent tar path traversal in VFS (#455)
• fix(fs): prevent TOCTOU race in InMemoryFs::append_file() (#454)
• docs: add quick install section to README (#453)
• fix(jq): prevent process env pollution in jq builtin (#452)
• fix(python): reuse tokio runtime instead of creating per call (#451)
• fix(python): release GIL before blocking on tokio runtime (#450)
• fix(python): prevent heredoc delimiter injection in write() (#449)
• fix(python): prevent shell injection in BashkitBackend (#448)
• fix(interpreter): add depth limit to extglob pattern matching (#447)
• fix(interpreter): block internal variable namespace injection (#445)
• chore(ci): bump the github-actions group with 2 updates (#479)
• chore: add tokio-macros 2.6.1 to cargo-vet exemptions (#480)

Full Changelog: v0.1.8...v0.1.9