Skip to main content

Module compatibility_scorecard

bashkit

Module compatibility_scorecard 

Source
Expand description

Bash compatibility scorecard.

Tracks feature parity with real bash:

  • Implemented vs missing features
  • Builtins, syntax, expansions
  • POSIX compliance status
  • Resource limits

Related: custom_builtins_guide, threat_model

§Bashkit Compatibility Scorecard

Feature parity tracking for bash and common tools

See also:

Legend: ✅ Implemented | ⚠️ Partial | ❌ Not implemented | N/A Security exclusion

§POSIX Shell Compliance

Bashkit provides substantial compliance with IEEE Std 1003.1-2024 (POSIX.1-2024) Shell Command Language. See specs/008-posix-compliance.md for detailed compliance status.

POSIX CategoryStatus
Reserved Words (16)Full compliance
Special Parameters (8)Full compliance
Special Built-ins (15)13/15 implemented
Word ExpansionsSubstantial compliance
RedirectionsFull compliance
Compound CommandsFull compliance

Security Exclusions: exec and trap are intentionally not implemented for sandbox security reasons. See the compliance spec for details.

§Quick Status

CategoryImplementedPlannedTotal
Shell Builtins81081
Text Processing14014
File Operations10010
Network202

§Builtins Reference

§Implemented

BuiltinFlags/FeaturesNotes
echo-n, -e, -EBasic escape sequences
printf%s, %d, %x, %o, %fFormat specifiers
cat(none)Concatenate files/stdin
true-Exit 0
false-Exit 1
exit[N]Exit with code
cd[dir]Change directory
pwd-Print working directory
test-f, -d, -e, -z, -n, -eq, -ne, -lt, -gt, -le, -geConditionals
[(same as test)Alias for test
exportVAR=valueExport variables
readVARRead line into variable
set-e, +e, positionalSet options and positional params
unsetVARUnset variable
shift[N]Shift positional params
localVAR=valueLocal variables
sourcefile [args]Source script; loads functions/variables, PATH search, positional params
.file [args]Alias for source
break[N]Break from loop
continue[N]Continue loop
return[N]Return from function
:-POSIX null utility (no-op)
evalcommand...POSIX construct and execute command
readonlyVAR[=value], -pPOSIX mark variable read-only
times-POSIX display process times
grep-i, -v, -c, -n, -E, -qPattern matching
seds///[g], d, p, q, a, i, c, h/H/g/G/x, -E, -n, !Stream editing
awk'{print}', -F, -v, loops, arrays, increment, ternaryText processing
jq.field, .[n], pipes, file argsJSON processing
sleepN, N.NPause execution (max 60s)
head-n N, -NFirst N lines (default 10)
tail-n N, -NLast N lines (default 10)
basenameNAME [SUFFIX]Strip directory from path
dirnameNAMEStrip last path component
mkdir-pCreate directories
rm-rfRemove files/directories
cp-rCopy files
mv-Move/rename files
touch-Create empty files
chmodMODEChange permissions (octal only)
wc-l, -w, -cCount lines/words/bytes
sort-r, -n, -uSort lines
uniq-c, -d, -uFilter duplicate lines
cut-d DELIM, -f FIELDSExtract fields
tr-d, character rangesTranslate/delete chars
date+FORMAT, -u, -d/--date (relative, compound, epoch)Display/format date
wait[JOB_ID...]Wait for background jobs
curl-s, -o, -X, -d, -H, -I, -f, -L, -w, --compressed, -u, -A, -e, -v, -mHTTP client (requires http_client feature)
wget-q, -O, --spider, --header, -U, --post-data, -tDownload files (requires http_client feature)
timeoutDURATION COMMANDRun with time limit (stub)
ls-l, -a, -h, -1, -RList directory contents
find-name, -type, -maxdepth, -printSearch for files
rmdir-pRemove empty directories
xargs-I, -n, -dBuild commands from stdin
tee-aWrite to files and stdout
watchINTERVAL COMMANDExecute periodically (sandbox mode)
file(none)Detect file type via magic bytes
less(none)View file (behaves like cat in sandbox)
stat-c FORMATDisplay file metadata
tar-c, -x, -t, -v, -f, -zArchive operations
gzip-d, -k, -fCompress files
gunzip-k, -fDecompress files
env[VAR=val]Print/modify environment
printenv[VAR]Print environment variables
history(none)Command history (limited in sandbox)
hostname(none)Display sandbox hostname
uname-a, -s, -n, -r, -v, -m, -oSystem info
whoami(none)Display sandbox username
id-u, -g, -nUser/group IDs
nl-b, -n, -s, -i, -v, -wNumber lines of files
paste-d, -sMerge lines of files
column-t, -s, -oColumnate lists
comm-1, -2, -3Compare two sorted files
diff-u, -q/--briefCompare files line by line
strings-n, -t, -aFind printable strings in binary data
od-A, -t, -N, -jOctal/hex dump
xxd-l, -s, -c, -g, -pHex dump
hexdump-C, -n, -sDisplay file in hex+ASCII

§Not Implemented

BuiltinPriorityStatus
lnLow-
chownLow-
killLow-
execN/ASecurity: intentionally excluded
trapN/ASecurity: intentionally excluded
typeLow-
whichLow-
commandMediumPOSIX utility
hashLow-
declareLowBash extension
typesetLowBash extension
getoptsMediumPOSIX utility

§Shell Syntax

§Operators

OperatorStatusExampleNotes
|cmd1 | cmd2Pipeline
&&cmd1 && cmd2AND list
||cmd1 || cmd2OR list
;cmd1; cmd2Sequential
&⚠️cmd &Parsed, async pending
!! cmdNegate exit code

§Redirections

RedirectStatusExampleNotes
>cmd > fileOutput to file
>>cmd >> fileAppend to file
<cmd < fileInput from file
<<<cmd <<< "string"Here-string
<<EOFHeredocMulti-line input
2>cmd 2> fileStderr redirect
2>&1cmd 2>&1Stderr to stdout
&>cmd &> fileBoth to file

§Control Flow

FeatureStatusExample
if/elif/else/fiif cmd; then ...; fi
for/do/donefor i in a b c; do ...; done
while/do/donewhile cmd; do ...; done
until/do/doneuntil cmd; do ...; done
case/esaccase $x in pat) ...;; esac
{ ... }Brace group
( ... )Subshell
function name { }Function definition
name() { }Function definition

§Expansions

§Variable Expansion

SyntaxStatusExampleDescription
$var$HOMESimple expansion
${var}${HOME}Braced expansion
${var:-default}${X:-fallback}Use default if unset/empty
${var:=default}${X:=value}Assign default if unset/empty
${var:+alt}${X:+yes}Use alt if set
${var:?error}${X:?missing}Error if unset/empty
${#var}${#str}Length of value
${var#pat}${f#*.}Remove shortest prefix
${var##pat}${f##*/}Remove longest prefix
${var%pat}${f%.*}Remove shortest suffix
${var%%pat}${f%%/*}Remove longest suffix
${var/pat/repl}-Substitute (not impl)
${var^}-Uppercase first
${var,}-Lowercase first

§Command Substitution

SyntaxStatusExample
$(cmd)x=$(pwd)
`cmd`Backticks (deprecated)

§Arithmetic

SyntaxStatusExample
$((expr))$((1+2))
+, -, *, /, %Basic ops
==, !=, <, >, <=, >=Comparisons
&, |Bitwise
&&, ||Logical operators
? :Ternary
=, +=, etc.Assignment (not impl)

§Other Expansions

SyntaxStatusExampleDescription
*, ?*.txtGlob patterns
[abc][0-9]Bracket globs
{a,b,c}{1..5}Brace expansion
~~/fileTilde expansion
<(cmd)diff <(a) <(b)Process substitution

§Special Variables

VariableStatusDescription
$?Last exit code
$#Number of positional params
$@All positional params (separate)
$*All positional params (joined)
$0Script/function name
$1-$9Positional parameters
$!Last background job ID (POSIX)
$$Current PID
$-Current option flags (POSIX)
$_Last argument
$RANDOMRandom number (0-32767)
$LINENOCurrent line number

§Arrays

FeatureStatusExample
Declarationarr=(a b c)
Index access${arr[0]}
All elements${arr[@]}
Array length${#arr[@]}
Element length${#arr[0]}
Appendarr+=(d e)
Slice${arr[@]:1:2}
Indices${!arr[@]}
Associativedeclare -A

§Test Operators

§File Tests

OperatorStatusDescription
-e fileExists
-f fileIs regular file
-d fileIs directory
-s fileSize > 0
-r fileIs readable (exists in virtual fs)
-w fileIs writable (exists in virtual fs)
-x fileIs executable (mode & 0o111)
-L fileIs symlink

§String Tests

OperatorStatusDescription
-z strIs empty
-n strIs non-empty
str1 = str2Equal
str1 != str2Not equal
str1 < str2Less than
str1 > str2Greater than

§Numeric Tests

OperatorStatusDescription
-eqEqual
-neNot equal
-ltLess than
-gtGreater than
-leLess or equal
-geGreater or equal

§Resource Limits

Default limits (configurable):

ResourceDefaultNotes
Commands10,000Per execution
Loop iterations100,000Per loop
Function depth100Recursion limit
Output size10MBTotal stdout
Parser timeout5sPrevents infinite parse
Parser operations100,000Fuel-based limit
Input size10MBMax script size
AST depth100Nesting limit

§Filesystem

FeatureStatusNotes
Virtual filesystemInMemoryFs, OverlayFs, MountableFs
Real filesystemSandboxed by default
SymlinksStored but not followed
PermissionsMetadata stored, not enforced
/dev/nullInterpreter-level handling (cannot be bypassed)

§Network

FeatureStatusNotes
HTTP clientFull implementation with security mitigations
URL allowlistDefault-deny whitelist security model
curl builtinFull HTTP client with -s, -o, -X, -d, -H, -I, -f, -L, -w, --compressed, -u, -A, -e, -v, -m
wget builtinFull downloader with -q, -O, --spider, --header, -U, --post-data, -t
Response limits10MB max response size, 30s timeout
Redirect securityRedirects require explicit -L and allowlist check
Raw socketsNot planned

§Network Configuration

use bashkit::{Bash, NetworkAllowlist};

// Enable network with URL allowlist
let bash = Bash::builder()
    .network(NetworkAllowlist::new()
        .allow("https://api.example.com")
        .allow("https://cdn.example.com/assets"))
    .build();

See specs/006-threat-model.md for HTTP security details.

§Running Tests

# All tests
cargo test --all-features

# Spec tests only
cargo test --test spec_tests

# Compare with real bash
cargo test --test spec_tests -- bash_comparison_tests --ignored

§Roadmap

§Completed

  • sleep builtin
  • head/tail builtins
  • File operation builtins (mkdir, rm, cp, mv, touch, chmod)
  • wc builtin
  • Text processing (sort, uniq, cut, tr)
  • Text structure (nl, paste, column)
  • File comparison (diff, comm)
  • Byte inspection (strings, od, xxd, hexdump)
  • basename/dirname builtins
  • date builtin
  • Background execution (&, wait) - parsed, runs synchronously
  • Network (curl, wget) - full HTTP implementation with security mitigations
  • timeout builtin - stub, requires interpreter-level integration
  • Process substitution (<(cmd), >(cmd))
  • Here string edge cases tested
  • set -e (errexit) - exit on command failure
  • Tilde expansion (~) - expands to $HOME
  • Special variables ($$, $RANDOM, $LINENO)
  • File test operators (-r, -w, -x, -L)
  • Stderr redirections (2>, 2>&1, &>)
  • Arithmetic logical operators (&&, ||)
  • Brace expansion ({a,b,c}, {1..5})
  • String comparison operators (< >) in test
  • Array indices ${!arr[@]}
  • /dev/null support (interpreter-level, cannot be bypassed by custom fs)

§TODO: LLM Compatibility Gaps

Identified from eval analysis — features frequently used by LLM-generated scripts:

High Impact (commonly generated by LLMs):

  • chmod +x symbolic mode — LLMs almost always use chmod +x not octal
  • sed ampersand (&) in replacement — very common pattern
  • AWK printf %x/%o/%c format specifiers — hex/octal output
  • AWK match() and gensub() functions — text extraction
  • sed \n literal newline in replacement — line splitting

Medium Impact:

  • AWK power operators (^, **) — math scripts
  • AWK exit statement with code — error handling
  • AWK negation !$1 — filtering empty fields
  • sed grouped commands {cmd1;cmd2} — complex transforms
  • sed branch/label (b/t/:label) — advanced scripts
  • AWK ORS variable — custom output formatting
  • AWK getline — multi-file processing

Low Impact:

  • sed 0~2 step addressing — even/odd line processing
  • sed Q quiet quit command
  • sed 0,/pattern/ first match addressing
  • AWK $0 modification with field re-splitting

§Not Planned

  • Interactive features (history, job control UI)
  • Process spawning (sandboxed environment)
  • Raw filesystem access

§See Also