rust-bash 0.3.0

A sandboxed bash interpreter for AI Agents with a virtual filesystem
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401

# Filesystem Backends

## Goal

Choose and configure the right virtual filesystem backend for your use case: fully sandboxed, copy-on-write over real files, direct host access, or a composite of all three.

## Overview

| Backend | Reads from | Writes to | Host access | Best for |
|---------|-----------|-----------|-------------|----------|
| `InMemoryFs` | Memory | Memory | None | Sandboxed execution, testing, AI agents |
| `OverlayFs` | Disk (lower) + Memory (upper) | Memory only | Read-only | Code analysis, safe experimentation |
| `ReadWriteFs` | Disk | Disk | Full (or chroot-restricted) | Trusted scripts, build tools |
| `MountableFs` | Delegated per mount | Delegated per mount | Depends on mounts | Composite environments |

## InMemoryFs (Default)

This is what you get with `RustBashBuilder::new().build()`. All data lives in memory; the host filesystem is never touched.

```rust
use rust_bash::RustBashBuilder;
use std::collections::HashMap;

let mut shell = RustBashBuilder::new()
    .files(HashMap::from([
        ("/src/main.rs".into(), b"fn main() {}".to_vec()),
        ("/src/lib.rs".into(), b"pub fn hello() {}".to_vec()),
    ]))
    .build()
    .unwrap();

// Files exist only in memory
let result = shell.exec("find / -name '*.rs'").unwrap();
assert!(result.stdout.contains("/src/main.rs"));
assert!(result.stdout.contains("/src/lib.rs"));

// Writes stay in memory — no host files are created
shell.exec("echo new > /src/new.rs").unwrap();
```

## OverlayFs — Read Real Files, Sandbox Writes

Reads from a real directory on disk but all mutations stay in memory. The disk is never modified.

```rust
use rust_bash::{RustBashBuilder, OverlayFs};
use std::sync::Arc;

// Point at a real directory on the host
let overlay = OverlayFs::new("./my_project").unwrap();
let mut shell = RustBashBuilder::new()
    .fs(Arc::new(overlay))
    .cwd("/")
    .build()
    .unwrap();

// Read files from disk (paths are relative to the overlay root)
let result = shell.exec("cat /Cargo.toml").unwrap();
println!("{}", result.stdout); // actual Cargo.toml contents

// Writes go to the in-memory upper layer
shell.exec("echo modified > /Cargo.toml").unwrap();
let result = shell.exec("cat /Cargo.toml").unwrap();
assert_eq!(result.stdout, "modified\n"); // reads the in-memory version

// Disk file is untouched:
// assert_eq!(std::fs::read_to_string("./my_project/Cargo.toml"), original)
```

### Deletions are tracked with whiteouts

```rust
use rust_bash::{RustBashBuilder, OverlayFs};
use std::sync::Arc;

let overlay = OverlayFs::new("./my_project").unwrap();
let mut shell = RustBashBuilder::new()
    .fs(Arc::new(overlay))
    .cwd("/")
    .build()
    .unwrap();

// Delete a file that exists on disk — it becomes invisible but the disk file remains
shell.exec("rm /README.md").unwrap();
let result = shell.exec("cat /README.md").unwrap();
assert_ne!(result.exit_code, 0); // file appears deleted
// But on disk: std::fs::metadata("./my_project/README.md").is_ok() == true
```

## ReadWriteFs — Direct Filesystem Access

For trusted scripts that need real filesystem access. Use `with_root()` for chroot-like confinement.

```rust
use rust_bash::{RustBashBuilder, ReadWriteFs};
use std::sync::Arc;

// Unrestricted access to the entire filesystem:
// let rwfs = ReadWriteFs::new();

// Confined to a subtree (recommended):
let rwfs = ReadWriteFs::with_root("/tmp/sandbox").unwrap();
let mut shell = RustBashBuilder::new()
    .fs(Arc::new(rwfs))
    .cwd("/")
    .build()
    .unwrap();

// All paths are resolved relative to the root
shell.exec("mkdir -p /output && echo hello > /output/result.txt").unwrap();
// This actually writes to /tmp/sandbox/output/result.txt on disk

// Path traversal beyond the root is blocked
let result = shell.exec("cat /../../etc/passwd").unwrap();
assert_ne!(result.exit_code, 0); // PermissionDenied
```

## MountableFs — Combine Backends

Delegate different path prefixes to different backends. Longest-prefix matching determines which backend handles each operation.

```rust
use rust_bash::{RustBashBuilder, InMemoryFs, MountableFs, OverlayFs};
use std::sync::Arc;

let mountable = MountableFs::new()
    .mount("/", Arc::new(InMemoryFs::new()))                             // in-memory root
    .mount("/project", Arc::new(OverlayFs::new("./myproject").unwrap())) // overlay on real project
    .mount("/tmp", Arc::new(InMemoryFs::new()));                         // separate temp space

let mut shell = RustBashBuilder::new()
    .fs(Arc::new(mountable))
    .cwd("/")
    .build()
    .unwrap();

// /project reads from disk via OverlayFs
shell.exec("cat /project/Cargo.toml").unwrap();

// /tmp is a separate in-memory space
shell.exec("echo scratch > /tmp/work.txt").unwrap();

// / is the default in-memory backend
shell.exec("echo hello > /root-file.txt").unwrap();
```

### Real-world example: isolated build environment

```rust
use rust_bash::{RustBashBuilder, InMemoryFs, MountableFs, ReadWriteFs};
use std::sync::Arc;

let mountable = MountableFs::new()
    .mount("/", Arc::new(InMemoryFs::new()))
    .mount("/output", Arc::new(ReadWriteFs::with_root("/tmp/build-output").unwrap()));

let mut shell = RustBashBuilder::new()
    .fs(Arc::new(mountable))
    .cwd("/")
    .build()
    .unwrap();

// Script can write real files only under /output
shell.exec("echo 'build artifact' > /output/result.txt").unwrap();
// /output/result.txt is a real file at /tmp/build-output/result.txt

// Everything else is sandboxed in memory
shell.exec("echo 'temp data' > /scratch.txt").unwrap();
// /scratch.txt exists only in memory
```

## Seeding Files from a Host Directory

The builder's `.files()` method accepts a `HashMap<String, Vec<u8>>`. To load files from a host directory:

```rust
use rust_bash::RustBashBuilder;
use std::collections::HashMap;
use std::path::Path;

fn load_dir(dir: &Path, prefix: &str) -> HashMap<String, Vec<u8>> {
    let mut files = HashMap::new();
    if let Ok(entries) = std::fs::read_dir(dir) {
        for entry in entries.flatten() {
            let path = entry.path();
            let name = format!("{prefix}/{}", entry.file_name().to_string_lossy());
            if path.is_file() {
                if let Ok(data) = std::fs::read(&path) {
                    files.insert(name, data);
                }
            } else if path.is_dir() {
                files.extend(load_dir(&path, &name));
            }
        }
    }
    files
}

let files = load_dir(Path::new("./test-fixtures"), "");
let mut shell = RustBashBuilder::new()
    .files(files)
    .build()
    .unwrap();
```

This copies files into the InMemoryFs at build time. For large directories, prefer `OverlayFs` to avoid the upfront memory cost.

## Lazy File Loading (TypeScript)

The `rust-bash` package supports three file entry types, letting you defer expensive I/O until the file is actually needed.

### The Three Patterns

```typescript
import { Bash } from 'rust-bash';

const bash = await Bash.create(createBackend, {
  files: {
    // 1. Eager (string) — written immediately at creation time
    '/data.txt': 'hello world',

    // 2. Lazy sync (() => string) — resolved on first exec() or readFile()
    '/config.json': () => JSON.stringify(getConfig()),

    // 3. Lazy async (() => Promise<string>) — resolved on first exec()
    '/remote.txt': async () => {
      const res = await fetch('https://api.example.com/data');
      return await res.text();
    },
  },
});
```

| Type | Signature | When Resolved | Use Case |
|------|-----------|---------------|----------|
| Eager | `string` | Immediately at `Bash.create()` | Small, known-at-definition-time content |
| Lazy sync | `() => string` | On first `exec()` or `readFile()` | Computed content, environment-dependent config |
| Lazy async | `() => Promise<string>` | On first `exec()` (all lazy files materialized) | Remote content, database queries, file reads |

### Deferred Resolution

Lazy files are **not** resolved during `Bash.create()` — construction is instant. They are materialized on first `exec()` call via `Promise.all()` (all lazy files resolved concurrently). Sync lazy files can also be resolved individually via `readFile()`.

If `writeFile()` is called on a lazy path before it's ever read, the lazy callback is skipped entirely (write-before-read optimization).

```typescript
const bash = await Bash.create(createBackend, {
  files: {
    '/api/users.json': async () => {
      const res = await fetch('https://api.example.com/users');
      return await res.text();
    },
    '/api/config.json': async () => {
      const res = await fetch('https://api.example.com/config');
      return await res.text();
    },
    '/generated.txt': () => generateReport(),  // sync, also resolved in parallel batch
    '/static.txt': 'always available',          // eager, written immediately
  },
});
// Bash.create() returns immediately — no I/O happens yet
// Both fetches and generateReport() run in parallel on the first exec() call
```

### Use Cases

**Large files loaded on demand:**

```typescript
const bash = await Bash.create(createBackend, {
  files: {
    // Only reads the 50 MB log file when a Bash instance is actually created
    '/var/log/app.log': () => fs.readFileSync('/real/path/to/app.log', 'utf-8'),
  },
});
```

**Remote content fetched lazily:**

```typescript
const bash = await Bash.create(createBackend, {
  files: {
    '/schema.sql': async () => {
      const res = await fetch('https://raw.githubusercontent.com/org/repo/main/schema.sql');
      return await res.text();
    },
  },
});

await bash.exec('grep CREATE /schema.sql | wc -l');
```

**Environment-dependent configuration:**

```typescript
const bash = await Bash.create(createBackend, {
  files: {
    '/etc/app.conf': () => {
      const env = process.env.NODE_ENV ?? 'development';
      return `environment=${env}\nlog_level=${env === 'production' ? 'warn' : 'debug'}\n`;
    },
  },
});
```

---

## TypeScript: Virtual Filesystem

The `rust-bash` npm package provides file seeding at creation time and direct VFS access.

### Seeding Files

```typescript
import { Bash } from 'rust-bash';

const bash = await Bash.create(createBackend, {
  files: {
    '/src/main.rs': 'fn main() {}',
    '/src/lib.rs': 'pub fn hello() {}',
    '/config.json': '{"debug": true}',
  },
});

const result = await bash.exec('find / -name "*.rs"');
// result.stdout includes /src/main.rs and /src/lib.rs
```

### Lazy File Loading

File values can be functions — resolved concurrently at `Bash.create()` time via `Promise.all`. This keeps the config declarative while deferring expensive I/O until the instance is actually created:

```typescript
const bash = await Bash.create(createBackend, {
  files: {
    // Eager — written immediately
    '/data.txt': 'hello world',

    // Lazy sync — resolved at Bash.create() time
    '/config.json': () => JSON.stringify(getConfig()),

    // Lazy async — resolved at Bash.create() time (awaited)
    '/remote.txt': async () => {
      const res = await fetch('https://example.com/data');
      return await res.text();
    },
  },
});

// /remote.txt is only fetched when a command reads it:
await bash.exec('cat /remote.txt');
```

### Direct VFS Access

The `bash.fs` proxy provides synchronous filesystem operations:

```typescript
// Write files
bash.fs.writeFileSync('/output.txt', 'content');

// Read files
const data = bash.fs.readFileSync('/output.txt');

// Check existence
const exists = bash.fs.existsSync('/output.txt');

// Create directories
bash.fs.mkdirSync('/dir/subdir', { recursive: true });

// List directory contents
const entries = bash.fs.readdirSync('/');

// File stats
const stat = bash.fs.statSync('/output.txt');
console.log(stat.isFile, stat.size);

// Remove files
bash.fs.rmSync('/output.txt');
bash.fs.rmSync('/dir', { recursive: true });
```

### Browser Example

In the browser, only `InMemoryFs` is available (no host filesystem access):

```typescript
import { Bash, initWasm, createWasmBackend } from 'rust-bash/browser';

await initWasm();
const bash = await Bash.create(createWasmBackend, {
  files: {
    '/index.html': '<h1>Hello</h1>',
    '/style.css': 'body { color: red; }',
  },
});

// All operations are in-memory
await bash.exec('cat /index.html | grep -o "Hello"');
bash.fs.writeFileSync('/output.txt', 'generated');
```