feat: add bash validation submodules — readOnlyValidation, destructiveCommandWarning, modeValidation, sedValidation, pathValidation, commandSemantics

Ports 6 of 9 upstream BashTool validation submodules: - readOnlyValidation: blocks write/state-modifying commands in read-only mode - destructiveCommandWarning: flags dangerous commands (rm -rf /, fork bombs, etc.) - modeValidation: enforces permission mode constraints on commands - sedValidation: blocks sed -i in read-only mode - pathValidation: detects directory traversal and home dir escapes - commandSemantics: classifies command intent (read-only, write, destructive, network, etc.) Full validation pipeline: validate_command() runs all checks in priority order. 32 new tests covering all validation paths. Remaining bash submodules for separate lane: bashPermissions, bashSecurity, shouldUseSandbox
2026-04-03 13:54:05 +09:00 · 2026-04-03 13:54:05 +09:00 · 36dac6cbbe
commit 36dac6cbbe
parent 85c5b0e01d
2 changed files with 1005 additions and 0 deletions
--- a/rust/crates/runtime/src/bash_validation.rs
+++ b/rust/crates/runtime/src/bash_validation.rs
--- a/rust/crates/runtime/src/lib.rs
+++ b/rust/crates/runtime/src/lib.rs
@ -1,4 +1,5 @@
 mod bash;
+pub mod bash_validation;
 mod bootstrap;
 mod compact;
 mod config;