Skip to content

fix(tools): flag piped POSIX utilities before running on Windows#412

Open
PierrunoYT wants to merge 2 commits into
Gitlawb:mainfrom
PierrunoYT:fix/windows-shell-hint-coverage
Open

fix(tools): flag piped POSIX utilities before running on Windows#412
PierrunoYT wants to merge 2 commits into
Gitlawb:mainfrom
PierrunoYT:fix/windows-shell-hint-coverage

Conversation

@PierrunoYT

@PierrunoYT PierrunoYT commented Jul 2, 2026

Copy link
Copy Markdown

Summary

Zero always runs the bash tool through native cmd.exe on Windows. The existing pre-flight Windows-syntax detector (detectShellCommandIssue) only caught bash-style cd /... and bare ls, not the broader family of common POSIX pipe utilities (head, tail, grep, wc, awk, sed, cut, xargs, tr) that cmd.exe has no equivalent for. Piping into any of these (e.g. git log ... | head, a git blame ... | grep pipeline) always failed, wasting a turn — reported in the wild.

This adds a windowsPosixUtilityPattern check alongside the existing cd/ls detectors in internal/tools/shell_runtime.go, blocking these pre-flight with the same "translate to cmd.exe / use Zero's native tools" guidance already used for cd/ls.

Scoped narrowly to the pre-flight command-text check (locale-independent, since it inspects the model-generated command rather than cmd.exe's own translated error output) rather than trying to also expand the post-hoc output-string matcher, which can never be locale-complete.

Linked issue

Fixes #411

Checklist

  • The linked issue already has the issue-approved label.
  • go build ./..., go vet ./..., and go test ./... pass locally.
  • gofmt clean.
  • Tests added/updated for the change (and run under -race where relevant).
  • UI changes include screenshots or a short recording where possible.

Verification notes

  • go build ./... / go vet ./... clean.
  • Added TestDetectShellCommandIssueFlagsPipedPosixUtilities and TestDetectShellCommandIssueAllowsUnrelatedCommands (internal/tools/bash_tool_test.go); both pass alongside the existing cd/ls detector tests.
  • go test ./internal/tools/... passes in full.
  • gofmt -l on the touched files: pre-existing repo-wide CRLF flag (core.autocrlf=true on Windows), not introduced by this change — same as prior PRs against this repo.
  • Verified false-positive safety by hand: git grep foo (real git subcommand, not a pipe target) and findstr /r "..." are unaffected since the pattern only matches at the start of a command or immediately after a |/&/; separator, not as a positional argument.
  • Not a UI change.

Summary by CodeRabbit

  • Bug Fixes
    • Improved Windows shell command detection to flag pipelines that use common POSIX-style utilities (for example, head, grep, wc, tail) where they aren’t supported.
    • Reduced false positives by allowing unrelated Windows-appropriate commands (such as git, dir, findstr, and echo) to pass through unflagged.
  • Tests
    • Added coverage to verify both the new Windows pipeline detection and the unchanged behavior for unrelated commands.

…nning on Windows

Zero always executes the bash tool through native cmd.exe on Windows
(shellExecutable() in bash.go), but the pre-flight Windows-syntax
detector only caught bash-style `cd /...` and bare `ls`. Anything
piped into head/tail/grep/wc/awk/sed/cut/xargs/tr — very common in
model-generated commands like `git log ... | head` — ran straight
through to cmd.exe, which has no such builtins, wasting a turn on a
guaranteed failure. Reported in the wild via `git log ... | head`
and a `git blame ... | grep` pipeline.

detectShellCommandIssue now also flags these before the command
runs, with the same "translate to cmd.exe / use Zero's native tools"
guidance already used for the cd/ls cases.

Note: the existing detectShellOutputIssue path (matching cmd.exe's
error text post-execution) only recognizes English strings and will
miss this on non-English Windows locales — the pre-flight check
above is locale-independent since it inspects the model-generated
command text rather than cmd.exe's translated error output.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7acfa064-73c7-441f-be8a-a750ad5173f0

📥 Commits

Reviewing files that changed from the base of the PR and between 62c0df1 and 88b69a2.

📒 Files selected for processing (2)
  • internal/tools/bash_tool_test.go
  • internal/tools/shell_runtime.go
🚧 Files skipped from review as they are similar to previous changes (2)
  • internal/tools/shell_runtime.go
  • internal/tools/bash_tool_test.go

Walkthrough

Adds a Windows-only pre-flight regex check for piped POSIX utilities in shell commands and returns a windows_shell_syntax issue when matched. Adds unit tests for flagged pipelines and unrelated commands.

Changes

Windows POSIX Utility Detection

Layer / File(s) Summary
POSIX utility detection logic
internal/tools/shell_runtime.go
Adds windowsPosixUtilityPattern regex and a new branch in detectShellCommandIssue that flags commands piping into POSIX utilities on Windows, returning a shellIssue with a windows_shell_syntax kind and remediation suggestion.
Detection tests
internal/tools/bash_tool_test.go
Adds tests confirming piped POSIX utility commands are flagged and unrelated commands are not flagged when targeting Windows.

Estimated code review effort: 1 (Trivial) | ~5 minutes

Sequence Diagram(s)

sequenceDiagram
  participant BashTool
  participant detectShellCommandIssue
  participant windowsPosixUtilityPattern

  BashTool->>detectShellCommandIssue: command, target="windows"
  detectShellCommandIssue->>windowsPosixUtilityPattern: match(command)
  windowsPosixUtilityPattern-->>detectShellCommandIssue: match found
  detectShellCommandIssue-->>BashTool: shellIssue(windows_shell_syntax, suggestion)
Loading

Related issues: #411 — adds pre-flight detection of POSIX pipe utilities on Windows.

Suggested reviewers: none identified from provided context.

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly describes the main Windows preflight fix for piped POSIX utilities.
Linked Issues check ✅ Passed The change matches #411 by blocking piped POSIX utilities on Windows before execution and adds tests for the new behavior.
Out of Scope Changes check ✅ Passed The PR stays focused on Windows shell detection and related tests, with no unrelated code changes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
internal/tools/bash_tool_test.go (1)

177-188: 🎯 Functional Correctness | 🔵 Trivial | ⚡ Quick win

Add a regression case for utility-prefixed script names.

Once the windowsPosixUtilityPattern false-positive on names like tail-log.sh/grep-cli is fixed (see companion comment in shell_runtime.go), add a case here to lock in the fix, e.g. tail-log.sh, grep-cli --version.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/tools/bash_tool_test.go` around lines 177 - 188, Add a regression
case in TestDetectShellCommandIssueAllowsUnrelatedCommands to cover
utility-prefixed script names that should not trigger windowsPosixUtilityPattern
false positives. Extend the existing command list with examples like tail-log.sh
and grep-cli --version, and verify detectShellCommandIssue continues to return
nil for them on windows, matching the fix in detectShellCommandIssue and the
related shell_runtime.go pattern.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/tools/shell_runtime.go`:
- Around line 23-27: The Windows POSIX utility matcher is too broad because the
current boundary after the command name still matches script or executable names
like tail-log.sh, grep-cli, and sed.exe. Update windowsPosixUtilityPattern in
shell_runtime.go to require whitespace or end-of-string after the utility token,
matching the same guard used by the ls pattern, so the regex only flags
standalone commands in the shell command parsing path.

---

Nitpick comments:
In `@internal/tools/bash_tool_test.go`:
- Around line 177-188: Add a regression case in
TestDetectShellCommandIssueAllowsUnrelatedCommands to cover utility-prefixed
script names that should not trigger windowsPosixUtilityPattern false positives.
Extend the existing command list with examples like tail-log.sh and grep-cli
--version, and verify detectShellCommandIssue continues to return nil for them
on windows, matching the fix in detectShellCommandIssue and the related
shell_runtime.go pattern.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: cd6c5f24-df45-47d3-b8eb-d0a6791c2a6b

📥 Commits

Reviewing files that changed from the base of the PR and between cdf9d83 and 62c0df1.

📒 Files selected for processing (2)
  • internal/tools/bash_tool_test.go
  • internal/tools/shell_runtime.go

Comment thread internal/tools/shell_runtime.go Outdated
CodeRabbit review on PR Gitlawb#412: windowsPosixUtilityPattern used \b after
the utility alternation, but \b only requires a non-word character
next — so tail-log.sh, grep-cli, and sed.exe would all false-positive
(the hyphen/dot satisfies \b without being a real command boundary).
Match windowsLSCommandPattern's existing convention: require
whitespace or end-of-string after the utility name instead.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

bash tool wastes a turn piping into head/tail/grep/etc on Windows (cmd.exe has no equivalent)

1 participant