Just-Bash: A Full Shell Environment That Never Touches Your Disk
Just-Bash is a virtual bash environment implemented in TypeScript that allows AI agents to execute shell commands safely without accessing the host system. It uses an in-memory filesystem and a full AST-based parser to support complex shell scripting features while preventing security risks. The tool is designed for integration with AI workflows, offering sandboxed execution with support for custom commands and filesystem overlays.
- ▪Just-Bash parses and executes shell scripts using a proper AST pipeline and runs them against an in-memory filesystem, avoiding any interaction with the host OS.
- ▪It supports advanced shell features including pipes, redirections, loops, functions, glob patterns, and over 70 built-in commands implemented as modular components.
- ▪The architecture includes security measures such as parser depth limits, isolation of JavaScript globals via AsyncLocalStorage, and blocking of dynamic imports to prevent malicious behavior.
- ▪Filesystem options include InMemoryFs, OverlayFs for copy-on-write semantics, and MountableFs for combining multiple filesystems at different mount points.
- ▪Custom commands can be defined and integrated, and the environment can be configured to give AI agents controlled, read-only access to real directories while keeping all writes virtual.
Opening excerpt (first ~120 words) tap to expand
What it does just-bash is a virtual bash environment written in TypeScript. It parses and executes shell scripts through a proper AST pipeline, runs commands against an in-memory filesystem, and never touches the host OS. Designed for AI agents that need shell access without the security risk of real exec(). Why I starred it AI agents need to run shell commands. That is a terrifying sentence if you think about it for more than two seconds. The typical approach is sandboxed VMs or containers, but that adds latency and infrastructure. just-bash takes a different route: reimplement enough of bash in TypeScript that agents can cat, grep, sed, jq, and pipe things around in a process that cannot escape to the real filesystem. The scope is what caught my eye.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Codeline.
Discussion
0 commentsMore from Codeline
