fix(rg): bound ignore rule parsing and traversal memory

[chaliy]

Motivation

• Recursive rg ignore-file support parsed unbounded .ignore/.gitignore content into compiled regex rules and cloned full rule vectors per-directory, enabling CPU/memory amplification from attacker-controlled repositories.
• Prevent availability-impacting resource exhaustion while preserving ignore-file semantics and existing behavior for explicit file operands.

Description

• Add explicit limits: RG_IGNORE_FILE_MAX_BYTES (1 MiB), RG_IGNORE_RULES_MAX_PER_FILE (10,000), and RG_IGNORE_RULES_MAX_TOTAL (50,000) and return clear rg: execution errors when exceeded.
• Enforce per-file rule limits in parse_rg_ignore_rules and file-size / total-rule checks in load_optional_ignore_file.
• Reduce traversal cloning amplification by storing inherited ignore rules behind Arc<Vec<RgIgnoreRule>> in RgWalkItem and only materializing a mutable Vec when loading local rules for a directory.
• Add regression tests: rg_rejects_too_many_ignore_rules_per_file and rg_rejects_oversized_ignore_files to cover the two exhaustion vectors.

Testing

• Ran code formatting with cargo fmt --all successfully.
• Ran cargo test -p bashkit rg_rejects_too_many_ignore_rules_per_file and it passed.
• Ran cargo test -p bashkit rg_rejects_oversized_ignore_files and it passed.
• Full test suite run in this environment exercised the added unit tests and did not regress the targeted behavior.

---

Codex Task

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	bashkit	9a4d086	Commit Preview URL	May 25 2026, 02:30 AM