bashkit 0.3.0

Awesomely fast virtual sandbox with bash and file system
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198

# Bashkit core library
# Sandboxed bash interpreter for multi-tenant environments

[package]
name = "bashkit"
version.workspace = true
edition.workspace = true
license.workspace = true
authors.workspace = true
repository.workspace = true
description.workspace = true
keywords.workspace = true
categories.workspace = true
readme = "../../README.md"

[dependencies]
# Async runtime
tokio = { workspace = true }
async-trait = { workspace = true }
futures-core = { workspace = true }
futures-util = { workspace = true }
tower = { workspace = true }

# Error handling
thiserror = { workspace = true }
anyhow = { workspace = true }

# Serialization
serde = { workspace = true }
serde_json = { workspace = true }
schemars = { workspace = true }

# Regex
regex = { workspace = true }
fancy-regex = { workspace = true }

# Date/Time
chrono = { workspace = true }

# HTTP client (for curl/wget) - optional, enabled with http_client feature
reqwest = { workspace = true, optional = true }
# Direct rustls dep so we can install the `ring` crypto provider at runtime
# (paired with reqwest's `rustls-no-provider` feature). Optional, gated under http_client.
rustls = { workspace = true, optional = true }

# SSH client (for ssh/scp/sftp) - optional, enabled with ssh feature
russh = { workspace = true, optional = true }

# Fault injection for testing (optional)
fail = { workspace = true, optional = true }

# URL parsing
url = "2"

# JSON processing (jq) - optional, enabled with jq feature
jaq-core = { workspace = true, optional = true }
jaq-std = { workspace = true, optional = true }
jaq-json = { workspace = true, optional = true }

# Compression (for gzip/gunzip)
flate2 = { workspace = true }

# Base64 encoding (for base64 builtin and HTTP basic auth)
base64 = { workspace = true }

# Ed25519 signing for bot-auth request signing (optional)
ed25519-dalek = { workspace = true, optional = true }
rand = { workspace = true, optional = true }
zeroize = { workspace = true, optional = true }

# Checksums (for md5sum, sha1sum, sha256sum builtins)
md-5 = { workspace = true }
sha1 = { workspace = true }
sha2 = { workspace = true }
hmac = "0.13"

# Logging/tracing (optional)
tracing = { workspace = true, optional = true }

# Embedded Python interpreter (optional)

# Embedded TypeScript interpreter (optional)
zapcode-core = { version = "1.5", optional = true }

# Embedded SQLite engine via Turso (optional, BETA upstream).
# Pulls a multi-MB transitive dep tree only when the `sqlite` feature is active.
turso_core = { workspace = true, optional = true }

[features]
default = []
# Enable jq builtin via embedded jaq interpreter
# Usage: cargo build --features jq
jq = ["dep:jaq-core", "dep:jaq-std", "dep:jaq-json"]
http_client = ["reqwest", "rustls"]
# Enable Ed25519 request signing per RFC 9421 / web-bot-auth profile
bot-auth = ["http_client", "dep:ed25519-dalek", "dep:rand", "dep:zeroize"]
# Enable fail points for security/fault injection testing
# Usage: FAILPOINTS="fail_point_name=action" cargo test --features failpoints
failpoints = ["fail/failpoints"]
# Enable structured logging via tracing crate
# Usage: cargo build --features logging
logging = ["tracing"]
# Enable git builtin for sandboxed git operations
# Phase 1: Local operations (init, config, add, commit, status, log)
# Phase 2 will add gix dependency for remote operations
# Usage: cargo build --features git
git = []
# Enable ssh/scp/sftp builtins for remote command execution and file transfer
# Usage: cargo build --features ssh
ssh = ["russh"]
# Enable ScriptedTool: compose ToolDef+callback pairs into a single Tool
# Usage: cargo build --features scripted_tool
scripted_tool = []
# Enable python/python3 builtins via embedded Monty interpreter
# Monty is a git dep (not yet on crates.io) — feature unavailable from registry
# Enable ts/node/deno/bun builtins via embedded ZapCode TypeScript interpreter
# Usage: cargo build --features typescript
typescript = ["dep:zapcode-core"]
# Enable sqlite/sqlite3 builtins backed by Turso (pure-Rust SQLite-compatible
# engine). Phase 1 uses turso's `MemoryIO` with a load/flush against the VFS
# at command boundaries; Phase 2 plugs the bashkit VFS in via a custom `IO`
# implementation. Both paths share the same builtin and dot-command surface.
# See specs/sqlite-builtin.md.
#
# Turso is BETA upstream — keep this off by default and document the risk.
# Requires the multi-threaded tokio runtime so the sync `IO` trait can bridge
# back to the async VFS via `block_in_place`.
# Usage: cargo build --features sqlite
sqlite = ["dep:turso_core", "tokio/rt-multi-thread"]
# Enable RealFs backend for accessing host filesystem directories
# WARNING: This intentionally breaks the sandbox boundary.
# Usage: cargo build --features realfs
realfs = []
# Enable native-extension interop contracts such as bashkit::interop::fs.
interop = ["tokio/rt-multi-thread"]

[package.metadata.docs.rs]
all-features = true
rustdoc-args = ["--cfg", "docsrs"]

[dev-dependencies]
tokio-test = { workspace = true }
pretty_assertions = { workspace = true }
insta = { workspace = true }
criterion = { version = "0.8", features = ["async_tokio"] }
proptest = { workspace = true }
tempfile = "3"
serial_test = { workspace = true }

[[bench]]
name = "parallel_execution"
harness = false

[[example]]
name = "agent_tool"
required-features = ["http_client"]

[[example]]
name = "git_workflow"
required-features = ["git"]

[[example]]
name = "ssh_supabase"
required-features = ["ssh"]

[[example]]
name = "scripted_tool"
required-features = ["scripted_tool"]



[[example]]
name = "typescript_scripts"
required-features = ["typescript"]

[[example]]
name = "typescript_external_functions"
required-features = ["typescript"]

[[example]]
name = "realfs_readonly"
required-features = ["realfs"]

[[example]]
name = "realfs_readwrite"
required-features = ["realfs"]

[[example]]
name = "sqlite_basic"
required-features = ["sqlite"]

[[example]]
name = "sqlite_workflow"
required-features = ["sqlite"]

# Additional tokio features needed only on native (not WASM)
[target.'cfg(not(target_arch = "wasm32"))'.dependencies]
tokio = { version = "1", features = ["rt-multi-thread", "fs"] }