Skip to content

OverlayFs, output hooks, curl, bun ci#1

Merged
peteretelej merged 12 commits intomainfrom
v0.1
Mar 19, 2026
Merged

OverlayFs, output hooks, curl, bun ci#1
peteretelej merged 12 commits intomainfrom
v0.1

Conversation

@peteretelej
Copy link
Copy Markdown
Contributor

@peteretelej peteretelej commented Mar 19, 2026
edited
Loading

Adds a Node-only OverlayFs entrypoint plus new execution hooks and network delegation features to the virtual shell, along with new default commands and expanded CI/testing coverage.

Changes:

  • Add OverlayFs read-through filesystem (@mylocalgpt/shell/overlay) with change tracking + security docs.
  • Add per-command interpreter hooks (onBeforeCommand, onCommandResult) and network delegation (ShellOptions.network) to support curl.
  • Add new default commands (curl, timeout, xxd, yes), expand tests/fixtures, and add Bun CI job.

@peteretelej
add fs option and threat model docs
b3fd163 
Allow injecting a custom FileSystem via ShellOptions.fs, expose
SHELL_MAX_OUTPUT env var from execution limits, and add
THREAT_MODEL.md documenting the security model.
@peteretelej
add yes, xxd, timeout commands; fix wc -m
5fb2866 
Three new commands (yes with output cap, xxd hex dump, timeout
with Promise.race) and fixed wc -m to count Unicode characters
via string iterator.
@peteretelej
add per-command hooks for observability
f3c2a0a 
onBeforeCommand and onCommandResult hooks fire for every command
including pipeline stages, enabling logging, blocking, and output
filtering at the command dispatch level.
@peteretelej
add curl command with network delegation
4711446 
curl delegates HTTP to a consumer-provided handler via
ShellOptions.network, with hostname allowlist, redirect
following, and file I/O flags. Core stays network-free.
@peteretelej
add overlay filesystem entry point
9ab2372 
Read-through OverlayFs reads from a host directory, writes to
memory, and exposes getChanges() for tracking. Shipped as
@mylocalgpt/shell/overlay.
@peteretelej
add bun to ci matrix
dd36ea6 
Parallel test-bun job runs unit tests via bun runtime to verify
cross-runtime compatibility.
@peteretelej
update docs and packaging for v0.1.0
737bda2 
Documentation pass across README, AGENTS.md, and design
docs for all v0.1.0 features. Added THREAT_MODEL.md to
package files. Verified all entry points.
@peteretelej
fix url parsing, realpath escape, version
698b183 
- curl: use URL constructor instead of manual parsing
- overlay: fix realpath root prefix check security hole
- version: inject from package.json at build time
@peteretelej
fix fixture recorded_with paths
35f595c 
Use absolute /bin/bash path to work around smokepod
hang when recorded_with is a short name.
@peteretelej peteretelej requested a review from Copilot March 19, 2026 14:17
Copilot AI reviewed Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a Node-only OverlayFs entrypoint plus new execution hooks and network delegation features to the virtual shell, along with new default commands and expanded CI/testing coverage.

Changes:

  • Add OverlayFs read-through filesystem (@mylocalgpt/shell/overlay) with change tracking + security docs.
  • Add per-command interpreter hooks (onBeforeCommand, onCommandResult) and network delegation (ShellOptions.network) to support curl.
  • Add new default commands (curl, timeout, xxd, yes), expand tests/fixtures, and add Bun CI job.

Reviewed changes

Copilot reviewed 35 out of 36 changed files in this pull request and generated 6 comments.

Show a summary per file
File Description
tsdown.config.ts Build config: adds overlay entry and embeds package version define.
tests/shell.test.ts Adds tests for custom FS injection and SHELL_MAX_OUTPUT env exposure.
tests/overlay/overlay.test.ts New OverlayFs unit + integration tests.
tests/hooks.test.ts New tests for per-command hooks behavior.
tests/comparison/fixtures/commands/yes.fixture.json New recorded fixture for comparison tests (yes).
tests/comparison/fixtures/commands/xxd.fixture.json New recorded fixture for comparison tests (xxd).
tests/comparison/fixtures/commands/timeout.fixture.json New recorded fixture for comparison tests (timeout).
tests/comparison/commands/yes.test New smokepod comparison spec for yes.
tests/comparison/commands/xxd.test New smokepod comparison spec for xxd.
tests/comparison/commands/timeout.test New smokepod comparison spec for timeout.
tests/commands/yes.test.ts New unit tests for yes (including output cap behavior).
tests/commands/xxd.test.ts New unit tests for xxd.
tests/commands/timeout.test.ts New unit tests for timeout behavior.
tests/commands/curl.test.ts New unit tests for curl network delegation + allowlist + piping.
src/overlay/types.ts OverlayFs public types (options + changeset).
src/overlay/index.ts OverlayFs implementation (host read + memory write overlay).
src/interpreter/interpreter.ts Adds per-command hooks, exposes output limit via env, passes network config into CommandContext.
src/index.ts ShellOptions adds fs, hooks, network; wires them into Interpreter; updates VERSION injection.
src/commands/yes.ts New yes command with output cap via env.
src/commands/xxd.ts New xxd command implementation with -l/-s.
src/commands/wc.ts Fixes wc character counting to handle surrogate pairs.
src/commands/types.ts Adds NetworkConfig/NetworkRequest/NetworkResponse + exposes ctx.network.
src/commands/timeout.ts New timeout command using Promise.race.
src/commands/defaults.ts Registers new default commands (yes, timeout, xxd, curl).
src/commands/curl.ts New curl command delegating requests to consumer-provided handler with allowlist and redirects.
pnpm-lock.yaml Locks new dev dependency (@types/node).
package.json Exports new ./overlay entrypoint; publishes THREAT_MODEL; adds @types/node.
docs/design/security.md Documents network allowlist + OverlayFs security considerations.
docs/design/filesystem.md Documents OverlayFs architecture and API notes.
docs/design/commands.md Updates default command list and adds docs for new commands.
docs/design.md High-level docs updated for OverlayFs and new command count.
biome.json Disables restricted-import rule for overlay/tests overlay (Node-only).
THREAT_MODEL.md Adds repository threat model document.
README.md Updates public docs: new options, OverlayFs usage, network config, expanded command list.
AGENTS.md Updates contributor docs (CI includes Bun; docs index includes threat model).
.github/workflows/ci.yml Excludes dist/overlay from node-import check; adds Bun test job.
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@peteretelej peteretelej changed the title OverlayFs, output hooks, bun ci OverlayFs, output hooks, curl, bun ci Mar 19, 2026
@peteretelej
strip proxy-auth on redirects, fix path sep
2ad4cf3 
- curl: also filter proxy-authorization header on cross-origin redirects
- overlay: use nodePath.sep for Windows compatibility in escape checks
@peteretelej peteretelej merged commit afa4f7b into main Mar 19, 2026
2 checks passed
@peteretelej peteretelej deleted the v0.1 branch March 19, 2026 15:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@peteretelej