vercel-labs
diff --git a/‎README.md‎
Lines changed: 18 additions & 4 deletions b/‎README.md‎
Lines changed: 18 additions & 4 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 0 deletions b/‎package.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/BashEnv.ts‎
Lines changed: 49 additions & 17 deletions b/‎src/BashEnv.ts‎
Lines changed: 49 additions & 17 deletions
diff --git a/‎src/commands/awk/awk.limits.test.ts‎
Lines changed: 144 additions & 0 deletions b/‎src/commands/awk/awk.limits.test.ts‎
Lines changed: 144 additions & 0 deletions
diff --git a/‎src/commands/awk/awk.ts‎
Lines changed: 1 addition & 0 deletions b/‎src/commands/awk/awk.ts‎
Lines changed: 1 addition & 0 deletions
@@ -9,7 +9,7 @@ Supports optional network access via `curl` with secure-by-default URL filtering
 ## Security model
 
 - The shell only has access to the provided file system.
-- Execution is protected against infinite loops or recursion through.
+- Execution is protected against infinite loops or recursion through. However, BashEnv is not fully robust against DOS from input. If you need to be robust against this, use process isolation at the OS level.
 - Binaries or even WASM are inherently unsupported (Use [Vercel Sandbox](https://vercel.com/docs/vercel-sandbox) or a similar product if a full VM is needed).
 - There is no network access by default.
 - Network access can be enabled, but requests are checked against URL prefix allow-lists and HTTP-method allow-lists. See [network access](#network-access) for details
@@ -44,8 +44,7 @@ const env = new BashEnv({
   files: { "/data/file.txt": "content" }, // Initial files
   env: { MY_VAR: "value" }, // Initial environment
   cwd: "/app", // Starting directory (default: /home/user)
-  maxCallDepth: 50, // Max recursion (default: 100)
-  maxLoopIterations: 5000, // Max iterations (default: 10000)
+  executionLimits: { maxCallDepth: 50 }, // See "Execution Protection"
 });
 
 // Per-exec overrides
@@ -150,6 +149,7 @@ bash-env -c 'echo hello' --json
 The CLI uses OverlayFS - reads come from the real filesystem, but all writes stay in memory and are discarded after execution. The project root is mounted at `/home/user/project`.
 
 Options:
+
 - `-c <script>` - Execute script from argument
 - `--root <path>` - Root directory (default: current directory)
 - `--cwd <path>` - Working directory in sandbox
@@ -274,7 +274,21 @@ curl -X POST -H "Content-Type: application/json" \
 
 ## Execution Protection
 
-BashEnv protects against infinite loops and deep recursion with configurable limits (`maxCallDepth`, `maxLoopIterations`). Error messages include hints on how to increase limits.
+BashEnv protects against infinite loops and deep recursion with configurable limits:
+
+```typescript
+const env = new BashEnv({
+  executionLimits: {
+    maxCallDepth: 100, // Max function recursion depth
+    maxCommandCount: 10000, // Max total commands executed
+    maxLoopIterations: 10000, // Max iterations per loop
+    maxAwkIterations: 10000, // Max iterations in awk programs
+    maxSedIterations: 10000, // Max iterations in sed scripts
+  },
+});
+```
+
+All limits have sensible defaults. Error messages include hints on which limit to increase. Feel free to increase if your scripts intentionally go beyond them.
 
 ## Development
 
 
@@ -37,6 +37,7 @@
   },
   "scripts": {
     "build": "tsc",
+    "validate": "pnpm build && pnpm typecheck && pnpm lint && pnpm knip && pnpm test:run",
     "typecheck": "tsc --noEmit",
     "lint": "biome check .",
     "lint:fix": "biome check --write .",
 
@@ -16,12 +16,17 @@ import {
 } from "./commands/registry.js";
 import { type IFileSystem, VirtualFs } from "./fs.js";
 import type { InitialFiles } from "./fs-interface.js";
-import { ArithmeticError, ExitError } from "./interpreter/errors.js";
+import {
+  ArithmeticError,
+  ExecutionLimitError,
+  ExitError,
+} from "./interpreter/errors.js";
 import {
   Interpreter,
   type InterpreterOptions,
   type InterpreterState,
 } from "./interpreter/index.js";
+import { type ExecutionLimits, resolveLimits } from "./limits.js";
 import {
   createSecureFetch,
   type NetworkConfig,
@@ -30,18 +35,29 @@ import {
 import { type ParseException, parse } from "./parser/parser.js";
 import type { BashExecResult, Command, CommandRegistry } from "./types.js";
 
-// Default protection limits
-const DEFAULT_MAX_CALL_DEPTH = 100;
-const DEFAULT_MAX_COMMAND_COUNT = 100000;
-const DEFAULT_MAX_LOOP_ITERATIONS = 10000;
+export type { ExecutionLimits } from "./limits.js";
 
 export interface BashEnvOptions {
   files?: InitialFiles;
   env?: Record<string, string>;
   cwd?: string;
   fs?: IFileSystem;
+  /**
+   * Execution limits to prevent runaway compute.
+   * See ExecutionLimits interface for available options.
+   */
+  executionLimits?: ExecutionLimits;
+  /**
+   * @deprecated Use executionLimits.maxCallDepth instead
+   */
   maxCallDepth?: number;
+  /**
+   * @deprecated Use executionLimits.maxCommandCount instead
+   */
   maxCommandCount?: number;
+  /**
+   * @deprecated Use executionLimits.maxLoopIterations instead
+   */
   maxLoopIterations?: number;
   /**
    * Network configuration for commands like curl.
@@ -85,9 +101,7 @@ export class BashEnv {
   readonly fs: IFileSystem;
   private commands: CommandRegistry = new Map();
   private useDefaultLayout: boolean = false;
-  private maxCallDepth: number;
-  private maxCommandCount: number;
-  private maxLoopIterations: number;
+  private limits: Required<ExecutionLimits>;
   private secureFetch?: SecureFetch;
   private sleepFn?: (ms: number) => Promise<void>;
 
@@ -112,10 +126,20 @@ export class BashEnv {
       ...options.env,
     };
 
-    this.maxCallDepth = options.maxCallDepth ?? DEFAULT_MAX_CALL_DEPTH;
-    this.maxCommandCount = options.maxCommandCount ?? DEFAULT_MAX_COMMAND_COUNT;
-    this.maxLoopIterations =
-      options.maxLoopIterations ?? DEFAULT_MAX_LOOP_ITERATIONS;
+    // Resolve limits: new executionLimits takes precedence, then deprecated individual options
+    this.limits = resolveLimits({
+      ...options.executionLimits,
+      // Support deprecated individual options (they override executionLimits if set)
+      ...(options.maxCallDepth !== undefined && {
+        maxCallDepth: options.maxCallDepth,
+      }),
+      ...(options.maxCommandCount !== undefined && {
+        maxCommandCount: options.maxCommandCount,
+      }),
+      ...(options.maxLoopIterations !== undefined && {
+        maxLoopIterations: options.maxLoopIterations,
+      }),
+    });
 
     // Create secure fetch if network is configured
     if (options.network) {
@@ -208,10 +232,10 @@ export class BashEnv {
     }
 
     this.state.commandCount++;
-    if (this.state.commandCount > this.maxCommandCount) {
+    if (this.state.commandCount > this.limits.maxCommandCount) {
       return {
         stdout: "",
-        stderr: `bash: maximum command count (${this.maxCommandCount}) exceeded (possible infinite loop). Increase with maxCommandCount option.\n`,
+        stderr: `bash: maximum command count (${this.limits.maxCommandCount}) exceeded (possible infinite loop). Increase with executionLimits.maxCommandCount option.\n`,
         exitCode: 1,
         env: { ...this.state.env, ...options?.env },
       };
@@ -260,9 +284,7 @@ export class BashEnv {
       const interpreterOptions: InterpreterOptions = {
         fs: this.fs,
         commands: this.commands,
-        maxCallDepth: this.maxCallDepth,
-        maxCommandCount: this.maxCommandCount,
-        maxLoopIterations: this.maxLoopIterations,
+        limits: this.limits,
         exec: this.exec.bind(this),
         fetch: this.secureFetch,
         sleep: this.sleepFn,
@@ -290,6 +312,16 @@ export class BashEnv {
           env: { ...this.state.env, ...options?.env },
         };
       }
+      // ExecutionLimitError is thrown when our conservative limits are exceeded
+      // (command count, recursion depth, loop iterations)
+      if (error instanceof ExecutionLimitError) {
+        return {
+          stdout: error.stdout,
+          stderr: error.stderr,
+          exitCode: ExecutionLimitError.EXIT_CODE,
+          env: { ...this.state.env, ...options?.env },
+        };
+      }
       if ((error as ParseException).name === "ParseException") {
         return {
           stdout: "",
 
@@ -0,0 +1,144 @@
+import { describe, expect, it } from "vitest";
+import { BashEnv } from "../../BashEnv.js";
+
+/**
+ * AWK Execution Limits Tests
+ *
+ * These tests verify that awk commands cannot cause runaway compute.
+ * AWK programs should complete in bounded time regardless of input.
+ *
+ * IMPORTANT: All tests should complete quickly (<1s each).
+ */
+
+describe("AWK Execution Limits", () => {
+  describe("infinite loop protection", () => {
+    it("should protect against while(1) infinite loop", async () => {
+      const env = new BashEnv();
+      const result = await env.exec(
+        `echo "test" | awk 'BEGIN { while(1) print "x" }'`,
+      );
+
+      // Should not hang - awk should have iteration limits
+      expect(result.stderr.length).toBeGreaterThan(0);
+      expect(result.exitCode).not.toBe(0);
+    });
+
+    it("should protect against for loop with always-true condition", async () => {
+      const env = new BashEnv();
+      const result = await env.exec(
+        `echo "test" | awk 'BEGIN { for(i=0; 1; i++) print "x" }'`,
+      );
+
+      expect(result.stderr.length).toBeGreaterThan(0);
+      expect(result.exitCode).not.toBe(0);
+    });
+
+    // TODO: for(;;) requires special parsing - skip for now
+    it.skip("should protect against for(;;) infinite loop", async () => {
+      const env = new BashEnv();
+      const result = await env.exec(
+        `echo "test" | awk 'BEGIN { for(;;) print "x" }'`,
+      );
+
+      expect(result.stderr.length).toBeGreaterThan(0);
+      expect(result.exitCode).not.toBe(0);
+    });
+
+    // TODO: do-while not implemented in our awk
+    it.skip("should protect against do-while infinite loop", async () => {
+      const env = new BashEnv();
+      const result = await env.exec(
+        `echo "test" | awk 'BEGIN { do { print "x" } while(1) }'`,
+      );
+
+      expect(result.stderr.length).toBeGreaterThan(0);
+      expect(result.exitCode).not.toBe(0);
+    });
+  });
+
+  // TODO: User-defined functions not implemented in our awk
+  describe.skip("recursion protection", () => {
+    it("should protect against recursive function calls", async () => {
+      const env = new BashEnv();
+      const result = await env.exec(
+        `echo "test" | awk 'function f() { f() } BEGIN { f() }'`,
+      );
+
+      expect(result.stderr.length).toBeGreaterThan(0);
+      expect(result.exitCode).not.toBe(0);
+    });
+
+    it("should protect against mutual recursion", async () => {
+      const env = new BashEnv();
+      const result = await env.exec(
+        `echo "test" | awk 'function a() { b() } function b() { a() } BEGIN { a() }'`,
+      );
+
+      expect(result.stderr.length).toBeGreaterThan(0);
+      expect(result.exitCode).not.toBe(0);
+    });
+  });
+
+  describe("output size limits", () => {
+    it("should limit output from print in loop", async () => {
+      const env = new BashEnv();
+      const result = await env.exec(
+        `echo "test" | awk 'BEGIN { for(i=0; i<1000000; i++) print "x" }'`,
+      );
+
+      // Should either error or limit output
+      if (result.exitCode === 0) {
+        expect(result.stdout.length).toBeLessThan(10_000_000);
+      }
+    });
+
+    it("should limit string concatenation growth", async () => {
+      const env = new BashEnv();
+      const result = await env.exec(
+        `echo "test" | awk 'BEGIN { s="x"; for(i=0; i<30; i++) s=s s; print length(s) }'`,
+      );
+
+      // Should either error or limit string size
+      expect(result.exitCode).toBeDefined();
+    });
+  });
+
+  describe("array limits", () => {
+    it("should handle large array creation", async () => {
+      const env = new BashEnv();
+      const result = await env.exec(
+        `echo "test" | awk 'BEGIN { for(i=0; i<100000; i++) a[i]=i; print length(a) }'`,
+      );
+
+      // Should complete without hanging
+      expect(result.exitCode).toBeDefined();
+    });
+  });
+
+  // TODO: ReDoS protection requires a different regex engine or timeout
+  // JavaScript's regex engine is vulnerable to pathological patterns
+  describe.skip("regex limits", () => {
+    it("should handle pathological regex patterns", async () => {
+      const env = new BashEnv();
+      // ReDoS-style pattern
+      const result = await env.exec(
+        `echo "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaab" | awk '/^(a+)+$/'`,
+      );
+
+      // Should complete quickly
+      expect(result.exitCode).toBeDefined();
+    });
+  });
+
+  describe("getline limits", () => {
+    it("should not hang on getline in loop", async () => {
+      const env = new BashEnv();
+      const result = await env.exec(
+        `echo "test" | awk '{ while((getline line < "/dev/zero") > 0) print line }'`,
+      );
+
+      // Should either error or be handled safely
+      expect(result.exitCode).toBeDefined();
+    });
+  });
+});
@@ -106,6 +106,7 @@ export const awkCommand: Command = {
       vars,
       arrays: {},
       fieldSep,
+      maxIterations: ctx.limits?.maxAwkIterations,
     };
 
     let stdout = "";