fix: parse interactive bash commands safely

[sonald]

Motivation

• The prior substring-based heuristic treated any occurrence of sudo/su inside comments, strings, or unrelated tokens as an interactive invocation and routed the command to the PTY executor, allowing an AI-controlled command to solicit and leak live terminal input.
• The intent is to only treat true shell invocations of sudo/su (command words at shell command positions) as interactive so PTY routing is only used when stdin could legitimately be read by a child process.

Description

• Replace the substring heuristic in _needs_interactive_bash with a shlex-based tokenizer that respects quoting and # comments and recognizes shell command separators, so only command-position tokens trigger interactive routing.
• Add _INTERACTIVE_COMMANDS, _COMMAND_SEPARATORS, and helper _is_shell_assignment to allow leading environment assignments (e.g. FOO=bar sudo ...), shell negation (!), and separators/pipelines to be handled correctly.
• Update regression test coverage in tests/tools/test_bash_output_offload.py to assert that real sudo/su invocations still match while quoted/comment-only or substring occurrences (e.g. printf 'sudo prompt', echo ok # sudo) no longer trigger PTY execution.

Testing

• Ran uv run pytest tests/tools/test_bash_output_offload.py -q and the file-level tests passed (10 passed).
• Ran uv run pytest tests/tools -q and the tools test suite passed (61 passed).
• Ran uv run ruff check src/aish/tools/code_exec.py tests/tools/test_bash_output_offload.py and lint checks passed, and git diff --check reported no problems.

---

Codex Task

[coderabbitai]

Warning

Rate limit exceeded

@sonald has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 57 minutes and 2 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: aed299a0-a8ab-4951-bbd3-f281cb49004b

📥 Commits

Reviewing files that changed from the base of the PR and between 7d627de and 36d6961.

📒 Files selected for processing (2)

• src/aish/tools/code_exec.py
• tests/tools/test_bash_output_offload.py

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/fix-terminal-input-exposure-vulnerability

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Thanks for the pull request. A maintainer will review it when available.

Please keep the PR focused, explain the why in the description, and make sure local checks pass before requesting review.

Contribution guide: https://github.com/AI-Shell-Team/aish/blob/main/CONTRIBUTING.md

[github-actions]

This pull request description looks incomplete. Please update the missing sections below before review.

Missing items:

• Summary
• User-visible Changes
• Compatibility
• Testing
• Change Type
• Scope

[F16shen]

blocked by #169