fix(rg): cap JSON context event fanout#1804
Merged
chaliy merged 1 commit intoMay 28, 2026
Merged
Conversation
Deploying with
|
| Status | Name | Latest Commit | Preview URL | Updated (UTC) |
|---|---|---|---|---|
| ✅ Deployment successful! View logs |
bashkit | 191b7d6 | Commit Preview URL | May 28 2026, 09:18 AM |
chaliy
force-pushed
the
2026-05-28-fix-rg-json-passthru-memory-exhaustion-vulnerability
branch
from
f2b9528 to
191b7d6
Compare
chaliy
deleted the
2026-05-28-fix-rg-json-passthru-memory-exhaustion-vulnerability
branch
chaliy
added a commit
that referenced
this pull request
May 28, 2026
## Release v0.8.0
Minor release. New feature: VFS-backed Python `open()` support.
### Highlights
- **Python `open()` support** — VFS-backed `open()` / `Path.open()`
read, write, and append now work in the embedded Python builtin, so
LLM-generated `with open("/tmp/...")` scripts run instead of failing.
Host filesystem and network stay unavailable to Python
([#1800](#1800)).
- Further `rg` parity and hardening fixes (default type globs, JSON
context fanout cap, root-arg allocation) plus interpreter fixes for
variable attribute/nameref persistence and persistent file descriptor
validation.
### What's Changed
* ci: reclaim runner disk before disk-hungry scheduled jobs
([#1807](#1807)) by @chaliy
* fix(rg): align r and tf default type globs with ripgrep
([#1805](#1805)) by @chaliy
* fix(rg): cap JSON context event fanout
([#1804](#1804)) by @chaliy
* fix(interpreter): persist var attrs and namerefs across shell state
restore ([#1803](#1803)) by
@chaliy
* fix(interpreter): reject negative persistent file descriptors
([#1802](#1802)) by @chaliy
* fix(rg): avoid root arg string cloning across candidates
([#1801](#1801)) by @chaliy
* feat(python): support vfs-backed open
([#1800](#1800)) by @chaliy
* feat(site): add bashkit logo assets
([#1799](#1799)) by @chaliy
* fix(ci): bypass pnpm `--` separator that breaks napi build flag
forwarding ([#1798](#1798)) by
@chaliy
* fix(site): add homepage canonical link header
([#1797](#1797)) by @chaliy
**Full Changelog**:
v0.7.2...v0.8.0
### Version bump
`0.7.2` → `0.8.0` across `Cargo.toml`, `crates/bashkit-cli/Cargo.toml`,
`crates/bashkit-js/package.json`, and `Cargo.lock`.
### Publish-readiness report
- ✅ `cargo fmt --check` — clean
- ✅ `cargo clippy --workspace --all-targets --features
http_client,ssh,sqlite -- -D warnings` — clean
- ✅ `cargo test --workspace --lib --bins --tests --features
http_client,ssh,sqlite` — green (with pinned ripgrep 15.1.0, matching
CI's `RG_VERSION`)
- ✅ `cargo test --features python -p bashkit` — green
- ✅ `cargo publish --dry-run -p bashkit` — succeeds after replicating
the workflow's monty/python strip step (git-only `monty` dep is stripped
before publish, as in `publish.yml`)
- ✅ `bashkit-cli` packages cleanly; its dry-run's only remaining step is
resolving `bashkit ^0.8.0` from crates.io, which the workflow satisfies
by publishing `bashkit` first (30s index wait) then `bashkit-cli`
- ✅ Version sync: all manifests read `0.8.0`; crates.io latest is
`0.7.2`, so `0.8.0` is a strict increment on every registry (npm/PyPI
versions are derived from the same pipeline)
Notes: in this sandbox the `rg` differential case and
`ssh_supabase_connects` test initially failed only because of
environment (preinstalled ripgrep 14.1.0 vs CI's pinned 15.1.0, and no
egress to the external `supabase.sh` SSH host); both are environmental,
not code regressions.
---
_Generated by [Claude
Code](https://claude.ai/code/session_01URKhGRWFuMgjHQR1YhyNHN)_
chaliy
added a commit
that referenced
this pull request
May 30, 2026
Cap rg --json context/passthru events at 100k per file to prevent untrusted VFS inputs from causing unbounded memory and output amplification. Exit with code 2 and a clear stderr message when the cap is exceeded.
chaliy
added a commit
that referenced
this pull request
May 30, 2026
## Release v0.8.0
Minor release. New feature: VFS-backed Python `open()` support.
### Highlights
- **Python `open()` support** — VFS-backed `open()` / `Path.open()`
read, write, and append now work in the embedded Python builtin, so
LLM-generated `with open("/tmp/...")` scripts run instead of failing.
Host filesystem and network stay unavailable to Python
([#1800](#1800)).
- Further `rg` parity and hardening fixes (default type globs, JSON
context fanout cap, root-arg allocation) plus interpreter fixes for
variable attribute/nameref persistence and persistent file descriptor
validation.
### What's Changed
* ci: reclaim runner disk before disk-hungry scheduled jobs
([#1807](#1807)) by @chaliy
* fix(rg): align r and tf default type globs with ripgrep
([#1805](#1805)) by @chaliy
* fix(rg): cap JSON context event fanout
([#1804](#1804)) by @chaliy
* fix(interpreter): persist var attrs and namerefs across shell state
restore ([#1803](#1803)) by
@chaliy
* fix(interpreter): reject negative persistent file descriptors
([#1802](#1802)) by @chaliy
* fix(rg): avoid root arg string cloning across candidates
([#1801](#1801)) by @chaliy
* feat(python): support vfs-backed open
([#1800](#1800)) by @chaliy
* feat(site): add bashkit logo assets
([#1799](#1799)) by @chaliy
* fix(ci): bypass pnpm `--` separator that breaks napi build flag
forwarding ([#1798](#1798)) by
@chaliy
* fix(site): add homepage canonical link header
([#1797](#1797)) by @chaliy
**Full Changelog**:
v0.7.2...v0.8.0
### Version bump
`0.7.2` → `0.8.0` across `Cargo.toml`, `crates/bashkit-cli/Cargo.toml`,
`crates/bashkit-js/package.json`, and `Cargo.lock`.
### Publish-readiness report
- ✅ `cargo fmt --check` — clean
- ✅ `cargo clippy --workspace --all-targets --features
http_client,ssh,sqlite -- -D warnings` — clean
- ✅ `cargo test --workspace --lib --bins --tests --features
http_client,ssh,sqlite` — green (with pinned ripgrep 15.1.0, matching
CI's `RG_VERSION`)
- ✅ `cargo test --features python -p bashkit` — green
- ✅ `cargo publish --dry-run -p bashkit` — succeeds after replicating
the workflow's monty/python strip step (git-only `monty` dep is stripped
before publish, as in `publish.yml`)
- ✅ `bashkit-cli` packages cleanly; its dry-run's only remaining step is
resolving `bashkit ^0.8.0` from crates.io, which the workflow satisfies
by publishing `bashkit` first (30s index wait) then `bashkit-cli`
- ✅ Version sync: all manifests read `0.8.0`; crates.io latest is
`0.7.2`, so `0.8.0` is a strict increment on every registry (npm/PyPI
versions are derived from the same pipeline)
Notes: in this sandbox the `rg` differential case and
`ssh_supabase_connects` test initially failed only because of
environment (preinstalled ripgrep 14.1.0 vs CI's pinned 15.1.0, and no
egress to the external `supabase.sh` SSH host); both are environmental,
not code regressions.
---
_Generated by [Claude
Code](https://claude.ai/code/session_01URKhGRWFuMgjHQR1YhyNHN)_
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
rg --jsonemits context/passthru events by capping the number of per-file JSON context events.Description
RG_MAX_JSON_CONTEXT_EVENTS: usize = 100_000as a hard cap for JSON context/passthru event fanout.ExecResult::errwith exit code2and an explanatory stderr message.contextevents before the interpreter applies stdout limits.Testing
cargo test -p bashkit test_rg_replace_caps_amplified_output -- --nocaptureand it passed locally.cargo test -p bashkitin this environment and the test run completed with the modified tests passing and no new failures observed.origin/mainin this environment because the remote is not configured, so changes were validated against the current branch HEAD.Codex Task