fix(rg): avoid root arg string cloning across candidates#1801
Merged
chaliy merged 2 commits intoMay 28, 2026
Conversation
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
bashkit | c0e0463 | Commit Preview URL | May 28 2026, 09:13 AM |
The RgDisplayHint enum lost the absolute-path arm of display_path_for, which made root args like /safe render files as relative paths instead of absolute. Add an Absolute variant that maps to a /-prefixed hint so display_path_for's first arm matches and full path is rendered.
chaliy
force-pushed
the
2026-05-28-fix-memory-exhaustion-due-to-root_arg-cloning
branch
from
4c9622d to
c0e0463
Compare
chaliy
deleted the
2026-05-28-fix-memory-exhaustion-due-to-root_arg-cloning
branch
chaliy
added a commit
that referenced
this pull request
May 28, 2026
## Release v0.8.0
Minor release. New feature: VFS-backed Python `open()` support.
### Highlights
- **Python `open()` support** — VFS-backed `open()` / `Path.open()`
read, write, and append now work in the embedded Python builtin, so
LLM-generated `with open("/tmp/...")` scripts run instead of failing.
Host filesystem and network stay unavailable to Python
([#1800](#1800)).
- Further `rg` parity and hardening fixes (default type globs, JSON
context fanout cap, root-arg allocation) plus interpreter fixes for
variable attribute/nameref persistence and persistent file descriptor
validation.
### What's Changed
* ci: reclaim runner disk before disk-hungry scheduled jobs
([#1807](#1807)) by @chaliy
* fix(rg): align r and tf default type globs with ripgrep
([#1805](#1805)) by @chaliy
* fix(rg): cap JSON context event fanout
([#1804](#1804)) by @chaliy
* fix(interpreter): persist var attrs and namerefs across shell state
restore ([#1803](#1803)) by
@chaliy
* fix(interpreter): reject negative persistent file descriptors
([#1802](#1802)) by @chaliy
* fix(rg): avoid root arg string cloning across candidates
([#1801](#1801)) by @chaliy
* feat(python): support vfs-backed open
([#1800](#1800)) by @chaliy
* feat(site): add bashkit logo assets
([#1799](#1799)) by @chaliy
* fix(ci): bypass pnpm `--` separator that breaks napi build flag
forwarding ([#1798](#1798)) by
@chaliy
* fix(site): add homepage canonical link header
([#1797](#1797)) by @chaliy
**Full Changelog**:
v0.7.2...v0.8.0
### Version bump
`0.7.2` → `0.8.0` across `Cargo.toml`, `crates/bashkit-cli/Cargo.toml`,
`crates/bashkit-js/package.json`, and `Cargo.lock`.
### Publish-readiness report
- ✅ `cargo fmt --check` — clean
- ✅ `cargo clippy --workspace --all-targets --features
http_client,ssh,sqlite -- -D warnings` — clean
- ✅ `cargo test --workspace --lib --bins --tests --features
http_client,ssh,sqlite` — green (with pinned ripgrep 15.1.0, matching
CI's `RG_VERSION`)
- ✅ `cargo test --features python -p bashkit` — green
- ✅ `cargo publish --dry-run -p bashkit` — succeeds after replicating
the workflow's monty/python strip step (git-only `monty` dep is stripped
before publish, as in `publish.yml`)
- ✅ `bashkit-cli` packages cleanly; its dry-run's only remaining step is
resolving `bashkit ^0.8.0` from crates.io, which the workflow satisfies
by publishing `bashkit` first (30s index wait) then `bashkit-cli`
- ✅ Version sync: all manifests read `0.8.0`; crates.io latest is
`0.7.2`, so `0.8.0` is a strict increment on every registry (npm/PyPI
versions are derived from the same pipeline)
Notes: in this sandbox the `rg` differential case and
`ssh_supabase_connects` test initially failed only because of
environment (preinstalled ripgrep 14.1.0 vs CI's pinned 15.1.0, and no
egress to the external `supabase.sh` SSH host); both are environmental,
not code regressions.
---
_Generated by [Claude
Code](https://claude.ai/code/session_01URKhGRWFuMgjHQR1YhyNHN)_
chaliy
added a commit
that referenced
this pull request
May 30, 2026
Replace per-file owned root_arg String with a compact RgDisplayHint enum to prevent attacker-controlled heap amplification, while preserving display semantics for ".", "./...", and absolute "/..." roots.
chaliy
added a commit
that referenced
this pull request
May 30, 2026
## Release v0.8.0
Minor release. New feature: VFS-backed Python `open()` support.
### Highlights
- **Python `open()` support** — VFS-backed `open()` / `Path.open()`
read, write, and append now work in the embedded Python builtin, so
LLM-generated `with open("/tmp/...")` scripts run instead of failing.
Host filesystem and network stay unavailable to Python
([#1800](#1800)).
- Further `rg` parity and hardening fixes (default type globs, JSON
context fanout cap, root-arg allocation) plus interpreter fixes for
variable attribute/nameref persistence and persistent file descriptor
validation.
### What's Changed
* ci: reclaim runner disk before disk-hungry scheduled jobs
([#1807](#1807)) by @chaliy
* fix(rg): align r and tf default type globs with ripgrep
([#1805](#1805)) by @chaliy
* fix(rg): cap JSON context event fanout
([#1804](#1804)) by @chaliy
* fix(interpreter): persist var attrs and namerefs across shell state
restore ([#1803](#1803)) by
@chaliy
* fix(interpreter): reject negative persistent file descriptors
([#1802](#1802)) by @chaliy
* fix(rg): avoid root arg string cloning across candidates
([#1801](#1801)) by @chaliy
* feat(python): support vfs-backed open
([#1800](#1800)) by @chaliy
* feat(site): add bashkit logo assets
([#1799](#1799)) by @chaliy
* fix(ci): bypass pnpm `--` separator that breaks napi build flag
forwarding ([#1798](#1798)) by
@chaliy
* fix(site): add homepage canonical link header
([#1797](#1797)) by @chaliy
**Full Changelog**:
v0.7.2...v0.8.0
### Version bump
`0.7.2` → `0.8.0` across `Cargo.toml`, `crates/bashkit-cli/Cargo.toml`,
`crates/bashkit-js/package.json`, and `Cargo.lock`.
### Publish-readiness report
- ✅ `cargo fmt --check` — clean
- ✅ `cargo clippy --workspace --all-targets --features
http_client,ssh,sqlite -- -D warnings` — clean
- ✅ `cargo test --workspace --lib --bins --tests --features
http_client,ssh,sqlite` — green (with pinned ripgrep 15.1.0, matching
CI's `RG_VERSION`)
- ✅ `cargo test --features python -p bashkit` — green
- ✅ `cargo publish --dry-run -p bashkit` — succeeds after replicating
the workflow's monty/python strip step (git-only `monty` dep is stripped
before publish, as in `publish.yml`)
- ✅ `bashkit-cli` packages cleanly; its dry-run's only remaining step is
resolving `bashkit ^0.8.0` from crates.io, which the workflow satisfies
by publishing `bashkit` first (30s index wait) then `bashkit-cli`
- ✅ Version sync: all manifests read `0.8.0`; crates.io latest is
`0.7.2`, so `0.8.0` is a strict increment on every registry (npm/PyPI
versions are derived from the same pipeline)
Notes: in this sandbox the `rg` differential case and
`ssh_supabase_connects` test initially failed only because of
environment (preinstalled ripgrep 14.1.0 vs CI's pinned 15.1.0, and no
egress to the external `supabase.sh` SSH host); both are environmental,
not code regressions.
---
_Generated by [Claude
Code](https://claude.ai/code/session_01URKhGRWFuMgjHQR1YhyNHN)_
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
Stringinto every walk item and file candidate, allowing attacker-controlled long path tokens to be cloned per-file and causing heap-amplification DoS.Description
root_arg: Option<String>with a compactRgDisplayHintenum (None|DotSlash) to avoid per-candidate owned String copies.RgDisplayHint::from_root_argto derive the small hint once from the explicit user arg andRgDisplayHint::root_arg()to map back for display rendering.display_hintthroughRgSearchRoot,RgWalkItem, andRgFileCandidate, and update call sites incollect_rg_inputs,collect_rg_files_recursive,collect_rg_file_list, andread_rg_filesto use the hint.././...roots while eliminating attacker-controlled memory growth.Testing
cargo test -p bashkit rg::tests::rg_timed_differential_cases -- --nocapture, which passed.cargo test -p bashkitbuild/test run; the crate compiled and the test harness executed (no failures observed for executed suites, many tests filtered by the run selection).originrebase could not be performed here becauseoriginis not configured in this environment.Codex Task