Skip to content

Add shell command explainer#75004

Merged
clawsweeper[bot] merged 5 commits intomainfrom
feat/command-explainer-parser
May 3, 2026
Merged

Add shell command explainer#75004
clawsweeper[bot] merged 5 commits intomainfrom
feat/command-explainer-parser

Conversation

@jesse-merhi
Copy link
Copy Markdown
Member

@jesse-merhi jesse-merhi commented Apr 30, 2026

Summary

Adds an internal shell command explainer backed by web-tree-sitter and tree-sitter-bash.

The explainer can report:

  • top-level commands
  • nested commands in command/process substitutions
  • command shapes such as pipelines, chains, sequences, and conditionals
  • risk markers such as inline eval, shell wrappers, command carriers, dynamic executables, and eval

This PR intentionally does not hook the explainer into approval UI, allowlist, or allow-always decisions yet.

Testing

  • pnpm test src/infra/command-explainer/extract.test.ts
  • pnpm check:changed

@openclaw-barnacle openclaw-barnacle Bot added size: M maintainer Maintainer-authored PR labels Apr 30, 2026
@clawsweeper
Copy link
Copy Markdown
Contributor

clawsweeper Bot commented Apr 30, 2026
edited
Loading

Codex review: passed.

Summary
The PR adds an internal Tree-sitter-backed shell command explainer under src/infra, parser runtime/tests, dependency/build-policy updates, an index export, and a changelog entry.

Reproducibility: not applicable. this is a feature PR rather than a bug report. For the prior PR blocker, source inspection shows byte-to-string span conversion and focused Unicode span coverage on the exact head.

Next step before merge
No repair job is needed; exact-head automerge and CI gates should handle the remaining merge decision.

Security
Cleared: The diff adds parser dependencies and build-policy entries, but no concrete secret, workflow-permission, publishing, or unintended lifecycle-script regression was found.

Review details

Best possible solution:

Land the internal explainer after the exact-head CI gate completes, leaving approval UI and allowlist integration for a later intentional PR.

Do we have a high-confidence way to reproduce the issue?

Not applicable; this is a feature PR rather than a bug report. For the prior PR blocker, source inspection shows byte-to-string span conversion and focused Unicode span coverage on the exact head.

Is this the best way to solve the issue?

Yes. The submitted approach keeps the parser isolated under src/infra, reuses existing wrapper and inline-eval helpers, and deliberately avoids changing approval decisions in this PR.

What I checked:

  • Exact PR head: GitHub API inspection showed the PR open, non-draft, mergeable, labeled maintainer and clawsweeper:automerge, at head 47577579e9043453c4df298ac7132c74b48c77b4 against current main e27b7c2d7446f869ee25993cf44f56d9ad0fe151. Current main has no command-explainer, explainShellCommand, web-tree-sitter, or tree-sitter-bash matches. (47577579e904)
  • Implementation surface: explainShellCommand parses bash source, walks the tree, returns top-level and nested commands, shapes, parse status, and risk records while deleting Tree-sitter trees after use. (src/infra/command-explainer/extract.ts:1170, 47577579e904)
  • Prior span blocker repaired: The exact head converts Tree-sitter byte offsets to JavaScript string indexes before exposing spans, including wrapper-payload span translation. (src/infra/command-explainer/extract.ts:180, 47577579e904)
  • Regression coverage: The added tests cover Unicode byte-index span conversion, escaped wrapper-payload spans, shell wrappers, command/process substitutions, dynamic executables, command carriers, syntax errors, and repeated parser use. (src/infra/command-explainer/extract.test.ts:210, 47577579e904)
  • Runtime hardening: The parser loader now clears cached rejections, resolves required wasm files with explainer-specific errors, limits source size, and distinguishes parse timeout from a generic null parse tree. (src/infra/command-explainer/tree-sitter-runtime.ts:64, 47577579e904)
  • Dependency contract: web-tree-sitter@0.26.8 types document Node.startIndex and Node.endIndex as byte indexes, matching the repaired conversion logic.

Likely related people:

  • steipete: Recent current-main history around shell-wrapper traversal, exec infra exports, and package/build policy is concentrated in Peter Steinberger commits that this explainer reuses. (role: recent maintainer and adjacent owner; confidence: high; commits: 0f1a938a3eec, 536e4f49bc39, 45dee50c2860; files: src/infra/shell-wrapper-resolution.ts, src/infra/exec-wrapper-resolution.ts, src/infra/dispatch-wrapper-resolution.ts)
  • vincentkoc: Recent current-main commits added dispatch-wrapper unwrapping behavior that the explainer calls for wrapper-through-carrier and inline-eval classification. (role: adjacent exec-wrapper maintainer; confidence: medium; commits: 730ba4076383, 9023a0436c3e; files: src/infra/dispatch-wrapper-resolution.ts, src/infra/shell-wrapper-resolution.ts)

Remaining risk / open question:

  • One exact-head CI check, check-additional-boundaries, was still in progress during this read-only review; final automerge should wait for the required check gate.

Codex review notes: model gpt-5.5, reasoning high; reviewed against e27b7c2d7446.

@jesse-merhi jesse-merhi force-pushed the feat/command-explainer-parser branch from 0b309e4 to f4b4e1b Compare April 30, 2026 10:39
@jesse-merhi jesse-merhi self-assigned this Apr 30, 2026
@jesse-merhi jesse-merhi force-pushed the feat/command-explainer-parser branch from f4b4e1b to d50b21c Compare April 30, 2026 17:26
@openclaw-barnacle openclaw-barnacle Bot added cli CLI command changes size: L and removed size: M labels Apr 30, 2026
@jesse-merhi jesse-merhi force-pushed the feat/command-explainer-parser branch from d50b21c to 5d15fed Compare May 2, 2026 00:51
@openclaw-barnacle openclaw-barnacle Bot removed the cli CLI command changes label May 2, 2026
@jesse-merhi jesse-merhi force-pushed the feat/command-explainer-parser branch 3 times, most recently from 23da7d7 to d4b623d Compare May 3, 2026 01:50
@jesse-merhi jesse-merhi force-pushed the feat/command-explainer-parser branch 2 times, most recently from 96befae to f523be0 Compare May 3, 2026 01:52
This was referenced May 3, 2026
Open
Open
@jesse-merhi jesse-merhi force-pushed the feat/command-explainer-parser branch 4 times, most recently from 14948e3 to 2a05b5b Compare May 3, 2026 03:28
@jesse-merhi jesse-merhi marked this pull request as ready for review May 3, 2026 03:31
Copilot AI review requested due to automatic review settings May 3, 2026 03:31
Copilot AI reviewed May 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an internal shell command explainer module (tree-sitter-backed) to parse Bash-like command strings and extract command steps, structural “shapes”, and risk markers for future approval/command-review surfaces.

Changes:

  • Introduce src/infra/command-explainer with types, parser runtime (web-tree-sitter + tree-sitter-bash), and extraction/walk logic.
  • Add a comprehensive Vitest suite covering pipelines, substitutions, wrappers, carriers, dynamic tokens, redirects, and syntax errors.
  • Add dependencies (web-tree-sitter, tree-sitter-bash), pnpm build ignore config, and a changelog entry.

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
src/infra/command-explainer/types.ts Defines public explanation output types (steps, shapes, risks, spans).
src/infra/command-explainer/tree-sitter-runtime.ts Loads/initializes the tree-sitter parser + wasm language and exposes parse helpers.
src/infra/command-explainer/index.ts Exports the explainer API and types as a module entry point.
src/infra/command-explainer/extract.ts Implements AST walk, argv extraction, span translation, and risk detection.
src/infra/command-explainer/extract.test.ts Adds functional coverage for parsing and risk/shape extraction, plus a perf-style test.
package.json Adds dependencies + pnpm ignoredBuiltDependencies entry for tree-sitter-bash.
pnpm-workspace.yaml Adds tree-sitter-bash to ignoredBuiltDependencies.
pnpm-lock.yaml Locks new dependencies and their transitive additions.
CHANGELOG.md Documents the new internal shell command explainer.
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

Comment thread src/infra/command-explainer/extract.ts
Comment thread src/infra/command-explainer/extract.ts Outdated
Comment thread src/infra/command-explainer/tree-sitter-runtime.ts Outdated
Comment thread src/infra/command-explainer/tree-sitter-runtime.ts Outdated
Comment thread src/infra/command-explainer/extract.test.ts Outdated
@jesse-merhi jesse-merhi closed this May 3, 2026
@jesse-merhi jesse-merhi reopened this May 3, 2026
@jesse-merhi jesse-merhi requested a review from Copilot May 3, 2026 03:40
@vincentkoc
Copy link
Copy Markdown
Member

vincentkoc commented May 3, 2026

/clawsweeper automerge

@clawsweeper clawsweeper Bot added the clawsweeper:automerge Maintainer opted this PR into bounded ClawSweeper-reviewed automerge label May 3, 2026
@clawsweeper
Copy link
Copy Markdown
Contributor

clawsweeper Bot commented May 3, 2026
edited
Loading

🦞🦞
ClawSweeper automerge is enabled.

  • Head: 47577579e904
  • Label: clawsweeper:automerge
  • Action: exact-head review queued.
  • Flow: review this head, repair/rebase only if needed, then re-review the exact repaired head before merge.

Draft PRs stay fix-only until GitHub marks them ready for review. Pause with /clawsweeper stop.

Automerge progress:

  • 2026-05-03 03:40:52 UTC review queued [`a5c9a34d9e73`](https://github.com/openclaw/openclaw/commit/a5c9a34d9e730c0269c15ecbe8166af6ad32aafa) (queued)
  • 2026-05-03 04:03:29 UTC repair queued [`a5c9a34d9e73`](https://github.com/openclaw/openclaw/commit/a5c9a34d9e730c0269c15ecbe8166af6ad32aafa) (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/25269404310
  • 2026-05-03 04:06:03 UTC review requested repair [`a5c9a34d9e73`](https://github.com/openclaw/openclaw/commit/a5c9a34d9e730c0269c15ecbe8166af6ad32aafa) (structured ClawSweeper marker: fix-required (finding=review-feedback sha=a5c9a3...)
  • 2026-05-03 04:07:42 UTC review queued [`a5c9a34d9e73`](https://github.com/openclaw/openclaw/commit/a5c9a34d9e730c0269c15ecbe8166af6ad32aafa) (queued)
  • 2026-05-03 04:15:43 UTC repair completed [`940aa217a162`](https://github.com/openclaw/openclaw/commit/940aa217a162fdb7ddcb73d2c6ae8ca363affc83) (branch updated) in 9m 57s Run: https://github.com/openclaw/clawsweeper/actions/runs/25269404310 initial automerge rebase is delegated to Codex repair
  • 2026-05-03 04:15:42 UTC review queued [`940aa217a162`](https://github.com/openclaw/openclaw/commit/940aa217a162fdb7ddcb73d2c6ae8ca363affc83) (after repair)
  • 2026-05-03 05:42:17 UTC review requested repair [`940aa217a162`](https://github.com/openclaw/openclaw/commit/940aa217a162fdb7ddcb73d2c6ae8ca363affc83) (structured ClawSweeper marker: fix-required (finding=review-feedback sha=940aa2...)
  • 2026-05-03 05:39:01 UTC review queued [`940aa217a162`](https://github.com/openclaw/openclaw/commit/940aa217a162fdb7ddcb73d2c6ae8ca363affc83) (queued)
  • 2026-05-03 05:39:05 UTC review queued [`940aa217a162`](https://github.com/openclaw/openclaw/commit/940aa217a162fdb7ddcb73d2c6ae8ca363affc83) (queued)
  • 2026-05-03 05:42:31 UTC repair queued [`940aa217a162`](https://github.com/openclaw/openclaw/commit/940aa217a162fdb7ddcb73d2c6ae8ca363affc83) (autonomous) Run: https://github.com/openclaw/clawsweeper/actions/runs/25271141923
  • 2026-05-03 06:01:07 UTC repair completed [`47577579e904`](https://github.com/openclaw/openclaw/commit/47577579e9043453c4df298ac7132c74b48c77b4) (branch updated) in 16m 16s Run: https://github.com/openclaw/clawsweeper/actions/runs/25271141923 initial automerge rebase is delegated to Codex repair
  • 2026-05-03 06:01:06 UTC review queued [`47577579e904`](https://github.com/openclaw/openclaw/commit/47577579e9043453c4df298ac7132c74b48c77b4) (after repair)
  • 2026-05-03 06:05:20 UTC review passed [`47577579e904`](https://github.com/openclaw/openclaw/commit/47577579e9043453c4df298ac7132c74b48c77b4) (structured ClawSweeper verdict: pass (sha=47577579e9043453c4df298ac7132c74b48c7...)
  • 2026-05-03 06:05:31 UTC merged [`47577579e904`](https://github.com/openclaw/openclaw/commit/47577579e9043453c4df298ac7132c74b48c77b4) (merged by ClawSweeper automerge)
  • 2026-05-03 06:05:34 UTC review queued [`47577579e904`](https://github.com/openclaw/openclaw/commit/47577579e9043453c4df298ac7132c74b48c77b4) (queued)
  • 2026-05-03 06:05:37 UTC review queued [`47577579e904`](https://github.com/openclaw/openclaw/commit/47577579e9043453c4df298ac7132c74b48c77b4) (queued)

@jesse-merhi jesse-merhi force-pushed the feat/command-explainer-parser branch from 2a05b5b to 63831a5 Compare May 3, 2026 03:42
Copilot AI reviewed May 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 8 out of 9 changed files in this pull request and generated 3 comments.

Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

Comment thread src/infra/command-explainer/extract.test.ts Outdated
Comment thread src/infra/command-explainer/tree-sitter-runtime.ts Outdated
Comment thread src/infra/command-explainer/tree-sitter-runtime.ts
@clawsweeper clawsweeper Bot force-pushed the feat/command-explainer-parser branch from 63831a5 to a5c9a34 Compare May 3, 2026 04:01
@steipete
Copy link
Copy Markdown
Contributor

steipete commented May 3, 2026

/clawsweeper automerge

@clawsweeper clawsweeper Bot force-pushed the feat/command-explainer-parser branch from a5c9a34 to 940aa21 Compare May 3, 2026 04:15
@clawsweeper clawsweeper Bot force-pushed the feat/command-explainer-parser branch from 940aa21 to 4757757 Compare May 3, 2026 06:01
@clawsweeper clawsweeper Bot merged commit 207aa18 into main May 3, 2026
86 of 87 checks passed
@clawsweeper clawsweeper Bot deleted the feat/command-explainer-parser branch May 3, 2026 06:05
@github-actions github-actions Bot mentioned this pull request May 3, 2026
Open
@clawsweeper clawsweeper Bot mentioned this pull request May 3, 2026
Open
@steipete steipete mentioned this pull request May 3, 2026
Merged
@rubencu rubencu mentioned this pull request May 3, 2026
Merged
lxe pushed a commit to lxe/openclaw that referenced this pull request May 6, 2026
@jesse-merhi @clawsweeper @lxe
Add shell command explainer (openclaw#75004)
8ae5b7a 
Summary:
- The PR adds an internal Tree-sitter-backed shell command explainer under `src/infra`, parser runtime/tests, dependency/build-policy updates, an index export, and a changelog entry.
- Reproducibility: not applicable. this is a feature PR rather than a bug report. For the prior PR blocker, source inspection shows byte-to-string span conversion and focused Unicode span coverage on the exact head.

Automerge notes:
- Ran the ClawSweeper repair loop before final review.
- Included post-review commit in the final squash: Repair shell command explainer automerge blockers
- Included post-review commit in the final squash: fix(clawsweeper): address review for automerge-openclaw-openclaw-7500…

Validation:
- ClawSweeper review passed for head 4757757.
- Required merge gates passed before the squash merge.

Prepared head SHA: 4757757
Review: openclaw#75004 (comment)

Co-authored-by: Jesse Merhi <jessejmerhi@gmail.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
@clawsweeper clawsweeper Bot mentioned this pull request May 6, 2026
Merged
github-actions Bot pushed a commit to Desicool/openclaw that referenced this pull request May 9, 2026
@jesse-merhi @clawsweeper
Add shell command explainer (openclaw#75004)
3bedae1 
Summary:
- The PR adds an internal Tree-sitter-backed shell command explainer under `src/infra`, parser runtime/tests, dependency/build-policy updates, an index export, and a changelog entry.
- Reproducibility: not applicable. this is a feature PR rather than a bug report. For the prior PR blocker, source inspection shows byte-to-string span conversion and focused Unicode span coverage on the exact head.

Automerge notes:
- Ran the ClawSweeper repair loop before final review.
- Included post-review commit in the final squash: Repair shell command explainer automerge blockers
- Included post-review commit in the final squash: fix(clawsweeper): address review for automerge-openclaw-openclaw-7500…

Validation:
- ClawSweeper review passed for head 4757757.
- Required merge gates passed before the squash merge.

Prepared head SHA: 4757757
Review: openclaw#75004 (comment)

Co-authored-by: Jesse Merhi <jessejmerhi@gmail.com>
Co-authored-by: clawsweeper <274271284+clawsweeper[bot]@users.noreply.github.com>
@github-actions github-actions Bot mentioned this pull request May 9, 2026
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@jesse-merhi jesse-merhi

Labels

clawsweeper:automerge Maintainer opted this PR into bounded ClawSweeper-reviewed automerge maintainer Maintainer-authored PR size: XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jesse-merhi @vincentkoc @steipete