Disable shell history expansion for bash scripts and MCP CLI wrappers#27851
Disable shell history expansion for bash scripts and MCP CLI wrappers#27851
Conversation
…rappers Agent-Logs-Url: https://github.com/github/gh-aw/sessions/8534c956-c597-488b-9ba6-5e83bfcf1386 Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Disables Bash history expansion across repository Bash scripts and generated MCP CLI wrapper scripts to avoid unintended ! history-expansion behavior.
Changes:
- Adds
set +o histexpandnear the top of tracked Bash scripts. - Updates
actions/setup/js/mount_mcp_as_cli.cjsso generated MCP CLI wrapper scripts also disable history expansion. - Extends the same behavior to safe-outputs/mcp-cli generated wrappers via the shared generator.
Show a summary per file
| File | Description |
|---|---|
| test-setup-local.sh | Disables history expansion for local setup test script. |
| socials/scripts.sh | Disables history expansion for socials automation script. |
| skills/github-pr-query/query-prs.sh | Disables history expansion for PR query script. |
| skills/github-issue-query/query-issues.sh | Disables history expansion for issue query script. |
| skills/github-discussion-query/query-discussions.sh | Disables history expansion for discussion query script. |
| scripts/test-install-script.sh | Disables history expansion for install test script. |
| scripts/test-build-release.sh | Disables history expansion for build-release test script. |
| scripts/report-test-failures_test.sh | Disables history expansion for report-test-failures test. |
| scripts/report-test-failures.sh | Disables history expansion for report-test-failures script. |
| scripts/list-all-tests.sh | Disables history expansion for test listing script. |
| scripts/generate-video-posters.sh | Disables history expansion for video poster generation script. |
| scripts/extract-executed-tests.sh | Disables history expansion for executed-tests extraction script. |
| scripts/delete-old-copilot-branches.sh | Disables history expansion for branch cleanup script. |
| scripts/convert-astro-to-gfm.sh | Disables history expansion for Astro→GFM conversion script. |
| scripts/compare-test-coverage.sh | Disables history expansion for coverage comparison script. |
| scripts/check-validator-sizes.sh | Disables history expansion for validator size checker. |
| scripts/check-safe-outputs-conformance.sh | Disables history expansion for safe-outputs conformance checker. |
| scripts/check-file-sizes.sh | Disables history expansion for file size checker. |
| scripts/bundle-wasm-docs.sh | Disables history expansion for wasm docs bundling script. |
| scripts/build-release.sh | Disables history expansion for release build script. |
| scripts/apply-astro-conversion.sh | Disables history expansion for bulk Astro conversion script. |
| install-gh-aw.sh | Disables history expansion for installer script. |
| actions/setup/sh/verify_mcp_gateway_health.sh | Disables history expansion for setup health-check script. |
| actions/setup/sh/validate_prompt_placeholders_test.sh | Disables history expansion for placeholder validation test. |
| actions/setup/sh/validate_prompt_placeholders.sh | Disables history expansion for placeholder validation script. |
| actions/setup/sh/validate_multi_secret.sh | Disables history expansion for multi-secret validation script. |
| actions/setup/sh/validate_gatewayed_server_test.sh | Disables history expansion for gatewayed-server validation test. |
| actions/setup/sh/validate_gatewayed_server.sh | Disables history expansion for gatewayed-server validation script. |
| actions/setup/sh/stop_mcp_gateway.sh | Disables history expansion for gateway stop script. |
| actions/setup/sh/stop_difc_proxy.sh | Disables history expansion for DIFC proxy stop script. |
| actions/setup/sh/stop_cli_proxy.sh | Disables history expansion for CLI proxy stop script. |
| actions/setup/sh/start_safe_outputs_server.sh | Disables history expansion for safe-outputs server start script. |
| actions/setup/sh/start_mcp_scripts_server.sh | Disables history expansion for scripts server start script. |
| actions/setup/sh/start_mcp_gateway_test.sh | Disables history expansion for gateway start test. |
| actions/setup/sh/start_mcp_gateway.sh | Disables history expansion for gateway start script. |
| actions/setup/sh/start_difc_proxy.sh | Disables history expansion for DIFC proxy start script. |
| actions/setup/sh/start_cli_proxy.sh | Disables history expansion for CLI proxy start script. |
| actions/setup/sh/setup_cache_memory_git_test.sh | Disables history expansion for cache-memory git setup test. |
| actions/setup/sh/setup_cache_memory_git.sh | Disables history expansion for cache-memory git setup script. |
| actions/setup/sh/save_base_github_folders_test.sh | Disables history expansion for base snapshot test script. |
| actions/setup/sh/save_base_github_folders.sh | Disables history expansion for base snapshot script. |
| actions/setup/sh/sanitize_path_test.sh | Disables history expansion for sanitize_path test script. |
| actions/setup/sh/sanitize_path.sh | Disables history expansion for sanitize_path script (sourced usage noted). |
| actions/setup/sh/restore_base_github_folders_test.sh | Disables history expansion for base restore test script. |
| actions/setup/sh/restore_base_github_folders.sh | Disables history expansion for base restore script. |
| actions/setup/sh/parse_guard_list.sh | Disables history expansion for guard list parser script. |
| actions/setup/sh/install_gh_cli.sh | Disables history expansion for GH CLI install script. |
| actions/setup/sh/install_docker_macos.sh | Disables history expansion for Docker-on-macOS install script. |
| actions/setup/sh/install_copilot_cli.sh | Disables history expansion for Copilot CLI install script. |
| actions/setup/sh/install_awf_binary.sh | Disables history expansion for AWF install script. |
| actions/setup/sh/download_docker_images_test.sh | Disables history expansion for docker image download test. |
| actions/setup/sh/download_docker_images.sh | Disables history expansion for docker image download script. |
| actions/setup/sh/copy_copilot_session_state.sh | Disables history expansion for session-state copy script. |
| actions/setup/sh/convert_gateway_config_gemini.sh | Disables history expansion for Gemini config converter. |
| actions/setup/sh/convert_gateway_config_crush.sh | Disables history expansion for Crush config converter. |
| actions/setup/sh/convert_gateway_config_copilot.sh | Disables history expansion for Copilot config converter. |
| actions/setup/sh/convert_gateway_config_codex_test.sh | Disables history expansion for Codex config converter test. |
| actions/setup/sh/convert_gateway_config_codex.sh | Disables history expansion for Codex config converter. |
| actions/setup/sh/convert_gateway_config_claude.sh | Disables history expansion for Claude config converter. |
| actions/setup/sh/configure_gh_for_ghe_test.sh | Disables history expansion for GHE config test. |
| actions/setup/sh/configure_gh_for_ghe.sh | Disables history expansion for GHE config script. |
| actions/setup/sh/compute_artifact_prefix.sh | Disables history expansion for artifact prefix computation script. |
| actions/setup/sh/commit_cache_memory_git.sh | Disables history expansion for cache-memory git commit script. |
| actions/setup/sh/clone_repo_memory_branch.sh | Disables history expansion for repo-memory clone script. |
| actions/setup/sh/clean_git_credentials_test.sh | Disables history expansion for credential cleanup test. |
| actions/setup/sh/clean_git_credentials.sh | Disables history expansion for credential cleanup script. |
| actions/setup/sh/check_mcp_servers_test.sh | Disables history expansion for MCP servers check test. |
| actions/setup/sh/check_mcp_servers.sh | Disables history expansion for MCP servers check script. |
| actions/setup/sh/append_agent_step_summary.sh | Disables history expansion for step-summary append script. |
| actions/setup/setup.sh | Disables history expansion for setup entrypoint script. |
| actions/setup/js/mount_mcp_as_cli.cjs | Injects set +o histexpand into generated MCP CLI wrapper scripts. |
| actions/setup/clean.sh | Disables history expansion for setup clean/post script. |
| actions/setup-cli/install_test.sh | Disables history expansion for setup-cli install test. |
| actions/setup-cli/install.sh | Disables history expansion for setup-cli install script. |
| .devcontainer/setup.sh | Disables history expansion for devcontainer setup script. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 75/75 changed files
- Comments generated: 1
| #!/usr/bin/env bash | ||
| set +o histexpand | ||
|
|
There was a problem hiding this comment.
sanitize_path.sh is explicitly intended to be sourced; unconditionally running set +o histexpand will permanently change the caller’s shell option state. Consider capturing whether history expansion was enabled (e.g., via $- containing H), disabling it for the script body, then restoring it before returning so sourcing doesn’t leave the user’s shell modified beyond PATH.
|
@copilot review all comments |
|
✅ Smoke CI completed successfully! |
|
|
|
🌑 The shadows whisper... Smoke Codex failed. The oracle requires further meditation... |
|
📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing... |
|
|
|
|
|
🎬 THE END — Smoke Claude MISSION: ACCOMPLISHED! The hero saves the day! ✨ |
|
🚀 Smoke CI passed — Run: https://github.com/github/gh-aw/actions/runs/24787448895 |
Agent Container Tool Check
Result: 12/12 tools available ✅ — PASS
|
|
📰 VERDICT: Smoke Copilot has concluded. All systems operational. This is a developing story. 🎤 Caution Security scanning requires review for Smoke Copilot DetailsThe threat detection results could not be parsed. The workflow output should be reviewed before merging. Review the workflow run logs for details. |
|
💥 Smoke Test Run §24787456549 — PARTIAL Core Tests #1–12: PR Review Tests #13–19: Overall: PARTIAL (1 failure: Agentic Workflows MCP unavailable; 2 skipped)
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
💥 Automated smoke test review - all systems nominal! History expansion disable pattern looks consistent across all shell scripts.
💥 [THE END] — Illustrated by Smoke Claude · ● 165K
| @@ -1,4 +1,6 @@ | |||
| #!/bin/bash | |||
| set +o histexpand | |||
There was a problem hiding this comment.
✅ Good practice adding set +o histexpand right after the shebang line. This disables Bash history expansion globally for the script, preventing unexpected ! expansion issues. Consider adding a brief inline comment explaining why this is needed for maintainability.
| @@ -289,6 +289,8 @@ function generateCLIWrapperScript(serverName, serverUrl, toolsFile, apiKey, brid | |||
| const safeBridge = shellEscapeDoubleQuoted(bridgeScript); | |||
|
|
|||
| return `#!/usr/bin/env bash | |||
There was a problem hiding this comment.
✅ Excellent — adding set +o histexpand to the generated MCP CLI wrapper script template ensures history expansion is disabled in auto-generated scripts too. This is particularly important since these scripts are auto-generated and could contain user-supplied content with ! characters.
Summary
set +o histexpandactions/setup/js/mount_mcp_as_cli.cjsValidation
make agent-finish(fails due to pre-existing unrelated testifylint issues inpkg/agentdrain/spec_test.go)npx vitest run mount_mcp_as_cli.test.cjsparallel_validation(Code Review + CodeQL)🤖 Smoke CI completed — https://github.com/github/gh-aw/actions/runs/24787448895
✨ PR Review Safe Output Test - Run 24787456549