fix: add fallback from rbash to bash/zsh/sh for command execution (#2629)

Signed-off-by: majiayu000 <1835304752@qq.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: Tushar Mathur <tusharmath@gmail.com>

Author: 3 people

crates/forge_infra/src/env.rs

@@ -16,8 +16,8 @@ impl ForgeEnvironmentInfra {
     /// Creates a new EnvironmentFactory with specified working directory
     ///
     /// # Arguments
-    /// * `restricted` - If true, use restricted shell mode (rbash) If false,
-    ///   use unrestricted shell mode (sh/bash)
+    /// * `restricted` - If true, enable restricted mode using the permissions
+    ///   feature. If false, use unrestricted mode
     /// * `cwd` - Required working directory path
     pub fn new(restricted: bool, cwd: PathBuf) -> Self {
         Self::dot_env(&cwd);
@@ -28,9 +28,6 @@ impl ForgeEnvironmentInfra {
     fn get_shell_path(&self) -> String {
         if cfg!(target_os = "windows") {
             std::env::var("COMSPEC").unwrap_or("cmd.exe".to_string())
-        } else if self.restricted {
-            // Default to rbash in restricted mode
-            "/bin/rbash".to_string()
         } else {
             // Use user's preferred shell or fallback to sh
             std::env::var("SHELL").unwrap_or("/bin/sh".to_string())

crates/forge_infra/src/executor.rs

@@ -13,7 +13,6 @@ use crate::console::StdConsoleWriter;
 /// Service for executing shell commands
 #[derive(Clone, Debug)]
 pub struct ForgeCommandExecutorService {
-    restricted: bool,
     env: Environment,
     output_printer: Arc<StdConsoleWriter>,
 
@@ -22,13 +21,8 @@ pub struct ForgeCommandExecutorService {
 }
 
 impl ForgeCommandExecutorService {
-    pub fn new(restricted: bool, env: Environment, output_printer: Arc<StdConsoleWriter>) -> Self {
-        Self {
-            restricted,
-            env,
-            output_printer,
-            ready: Arc::new(Mutex::new(())),
-        }
+    pub fn new(env: Environment, output_printer: Arc<StdConsoleWriter>) -> Self {
+        Self { env, output_printer, ready: Arc::new(Mutex::new(())) }
     }
 
     fn prepare_command(
@@ -39,11 +33,7 @@ impl ForgeCommandExecutorService {
     ) -> Command {
         // Create a basic command
         let is_windows = cfg!(target_os = "windows");
-        let shell = if self.restricted && !is_windows {
-            "rbash"
-        } else {
-            self.env.shell.as_str()
-        };
+        let shell = self.env.shell.as_str();
         let mut command = Command::new(shell);
 
         // Core color settings for general commands
@@ -265,7 +255,7 @@ mod tests {
 
     #[tokio::test]
     async fn test_command_executor() {
-        let fixture = ForgeCommandExecutorService::new(false, test_env(), test_printer());
+        let fixture = ForgeCommandExecutorService::new(test_env(), test_printer());
         let cmd = "echo 'hello world'";
         let dir = ".";
 
@@ -297,7 +287,7 @@ mod tests {
             std::env::set_var("ANOTHER_TEST_VAR", "another_value");
         }
 
-        let fixture = ForgeCommandExecutorService::new(false, test_env(), test_printer());
+        let fixture = ForgeCommandExecutorService::new(test_env(), test_printer());
         let cmd = if cfg!(target_os = "windows") {
             "echo %TEST_ENV_VAR%"
         } else {
@@ -330,7 +320,7 @@ mod tests {
             std::env::remove_var("MISSING_ENV_VAR");
         }
 
-        let fixture = ForgeCommandExecutorService::new(false, test_env(), test_printer());
+        let fixture = ForgeCommandExecutorService::new(test_env(), test_printer());
         let cmd = if cfg!(target_os = "windows") {
             "echo %MISSING_ENV_VAR%"
         } else {
@@ -353,7 +343,7 @@ mod tests {
 
     #[tokio::test]
     async fn test_command_executor_with_empty_env_list() {
-        let fixture = ForgeCommandExecutorService::new(false, test_env(), test_printer());
+        let fixture = ForgeCommandExecutorService::new(test_env(), test_printer());
         let cmd = "echo 'no env vars'";
 
         let actual = fixture
@@ -377,7 +367,7 @@ mod tests {
             std::env::set_var("SECOND_VAR", "second");
         }
 
-        let fixture = ForgeCommandExecutorService::new(false, test_env(), test_printer());
+        let fixture = ForgeCommandExecutorService::new(test_env(), test_printer());
         let cmd = if cfg!(target_os = "windows") {
             "echo %FIRST_VAR% %SECOND_VAR%"
         } else {
@@ -407,7 +397,7 @@ mod tests {
 
     #[tokio::test]
     async fn test_command_executor_silent() {
-        let fixture = ForgeCommandExecutorService::new(false, test_env(), test_printer());
+        let fixture = ForgeCommandExecutorService::new(test_env(), test_printer());
         let cmd = "echo 'silent test'";
         let dir = ".";
 

crates/forge_infra/src/forge_infra.rs

@@ -78,7 +78,6 @@ impl ForgeInfra {
             create_dirs_service: Arc::new(ForgeCreateDirsService),
             directory_reader_service,
             command_executor_service: Arc::new(ForgeCommandExecutorService::new(
-                restricted,
                 env.clone(),
                 output_printer.clone(),
             )),

crates/forge_main/src/cli.rs

@@ -54,7 +54,8 @@ pub struct Cli {
     #[arg(long, default_value_t = false)]
     pub verbose: bool,
 
-    /// Use restricted shell (rbash) for enhanced security.
+    /// Enable restricted mode for enhanced security using the permissions
+    /// feature.
     #[arg(long, default_value_t = false, short = 'r')]
     pub restricted: bool,
 

crates/forge_services/src/tool_services/shell.rs

@@ -11,7 +11,6 @@ fn strip_ansi(content: String) -> String {
     String::from_utf8_lossy(&strip(content.as_bytes())).into_owned()
 }
 
-/// Executes shell commands with safety measures using restricted bash (rbash).
 /// Prevents potentially harmful operations like absolute path execution and
 /// directory changes. Use for file system interaction, running utilities,
 /// installing packages, or executing build commands. For operations requiring