Skip to content

Feature: Integrate bashrs for suggestion safety validation #97

Closed
Closed
Feature: Integrate bashrs for suggestion safety validation#97
Labels
enhancementNew feature or request
@noahgift

Description

@noahgift
noahgift
opened on Nov 27, 2025

Feature Request

Integrate with bashrs to validate suggestions for safety before returning them.

Motivation

bashrs can detect dangerous commands:

$ echo 'rm -rf /' | bashrs lint /dev/stdin
✗ 1:1-9 [error] SC2114: CRITICAL: rm -rf on root or root-like path is extremely dangerous

$ echo 'rm target/' | bashrs lint /dev/stdin  
⚠ 1:1-10 [warning] IDEM002: Non-idempotent rm - add -f flag

Proposed Integration

Option 1: Runtime validation

Before returning a suggestion, validate it:

fn suggest(&self, prefix: &str) -> Vec<Suggestion> {
    let candidates = self.model.predict(prefix);
    
    candidates
        .into_iter()
        .filter(|s| !is_dangerous_command(&s.command))
        .collect()
}

fn is_dangerous_command(cmd: &str) -> bool {
    // Use bashrs as library or subprocess
    let output = Command::new("bashrs")
        .args(["lint", "--format", "json", "/dev/stdin"])
        .stdin(Stdio::piped())
        .output()?;
    
    // Check for errors
    let result: LintResult = serde_json::from_slice(&output.stdout)?;
    result.has_errors()
}

Option 2: Build-time integration

Add bashrs as a library dependency:

[dependencies]
bashrs = { version = "6.34", features = ["lint"] }
use bashrs::lint::{lint_command, Severity};

fn is_safe(cmd: &str) -> bool {
    let issues = lint_command(cmd);
    !issues.iter().any(|i| i.severity == Severity::Error)
}

Option 3: Configurable validation level

# In config
[safety]
validation = "strict"  # none, basic, strict

# With strict:
# - Block SC2114 (rm -rf /)
# - Block commands with secrets (#86)
# - Warn on non-idempotent operations

Benefits

  1. Prevent dangerous suggestions - No more rm -rf / accidents
  2. Educate users - Show warnings for risky commands
  3. Leverage existing analysis - bashrs has 6000+ tests and comprehensive checks
  4. ShellCheck compatible - Uses standard SC codes

Example Output

$ aprender-shell suggest "rm -rf "
rm -rf ./target          0.85   # ✅ Safe
rm -rf node_modules      0.72   # ✅ Safe  
# rm -rf /               [blocked - SC2114: dangerous]

Related

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions