Bug: Bash parser doesn't recognize commands with concatenated flag-value patterns #8394
Description
Description
The bash command parser in exec_policy cannot parse commands with concatenated flag-value patterns like -g"*.py" (no space between flag and quoted value). This causes commands to prompt for user approval instead of being auto-allowed by exec policy rules.
Reproduction
Policy configuration:
# .codex/exec_policy.star
prefix_rule(pattern=["rg"], decision="allow")Run command:
rg -n "foo" -g"*.py"Expected: Command is auto-allowed (matches rg prefix rule)
Actual: Parser asks for user approval (cannot match against the policy rule)
Examples
Common patterns that fail:
rg -g"*.js" "search term"
grep -f"pattern.txt" input.txt
find . -name'*.py'Technical Cause
When tree-sitter-bash parses -g"*.py", it creates a "concatenation" node containing the flag (-g) and the string ("*.py"). The parser doesn't handle "concatenation" nodes, causing parsing to fail and falling back to matching the wrapped bash -lc command instead of the inner command.
Impact
Users who type commands with concatenated flag-value patterns (common shell syntax like rg -g"*.py") will see permission prompts even with proper exec policy rules configured. This affects:
- Manual command entry by users who don't add spaces between flags and values
- Shell scripts that use concatenated syntax
- Any bash commands in this common format