ci(test): lint compiled bash bodies with shellcheck (#496)

* ci(test): lint compiled bash bodies with shellcheck

Adds tests/bash_lint_tests.rs, an integration test that compiles a
representative set of fixtures and runs shellcheck against every
literal bash: body in the generated YAML. The lint catches the actual
silent-failure patterns ADO's "fail on last command" default lets
through (SC2164 cd-without-||, SC2155 masked-return, SC2086/2046
unquoted variables, SC2154 unset refs, SC2088 tilde-in-quotes).

This replaces the previously proposed approach of sprinkling
`set -eo pipefail` across every bash step (PR #492). That approach
added boilerplate to ~27 sites without enforcement, drifted as new
steps were added, and in two spots actually masked errors more than
the original code (`grep ... | tail -1 || true`).

Real bugs surfaced and fixed by the new lint:

* `src/engine.rs` — `Engine::Copilot::log_dir()` returned
  `~/.copilot/logs`. Tilde does not expand inside the double-quoted
  `[ -d "..." ]` test that consumes this value, so the directory check
  always failed and Copilot logs were silently never collected to the
  pipeline artifact. Replaced with `$HOME/.copilot/logs`.
* `src/runtimes/node/mod.rs` and `src/runtimes/dotnet/mod.rs` — the
  ensure-`.npmrc` and ensure-`nuget.config` step generators used Rust
  `\<newline>` line continuations in their format strings, which strip
  leading whitespace. The emitted YAML had body lines flush-left
  against `- bash: |`, producing invalid YAML. Replaced with raw
  string literals so indentation is preserved.
* Multiple `cd "$DOWNLOAD_DIR"` in `base.yml` / `1es-base.yml` had no
  `|| exit` guard. Added.
* `exit $AGENT_EXIT_CODE` (multiple sites) — quoted.
* `mkdir -p {{ working_directory }}/safe_outputs` and the matching
  `cp -a ...` — quoted the substitution.
* `JSON_CONTENT=$(echo "$RESULT_LINE" | sed 's/.*PFX://')` rewritten
  to `${RESULT_LINE##*PFX:}` (avoids forking sed and removes a
  shellcheck SC2001 finding).

Targeted `set -eo pipefail` additions (only where masked-pipeline
exit codes matter):

* `base.yml` / `1es-base.yml` ado-aw download steps (3 stages × 2
  templates): `grep "ado-aw-linux-x64" checksums.txt | sha256sum -c -`
  silently passes when grep matches nothing because sha256sum returns
  0 on empty stdin. Without pipefail, the unverified binary would
  install successfully.
* `src/compile/extensions/trigger_filters.rs` script-download step:
  same `grep | sha256sum` pattern.
* `src/runtimes/lean/mod.rs` install step: `curl ... | sh` would
  silently install nothing on curl failure.

The two pre-existing `set -eo pipefail` instances on the AWF download
+ docker pull steps (introduced in PR #439) and on the `tee`-piped
agent / threat-analysis runs are preserved — those were correct.

Skip vs. enforce:
* Locally, the test prints a notice and returns early when shellcheck
  is missing.
* CI installs shellcheck and sets `ENFORCE_BASH_LINT=1` so a missing
  shellcheck becomes a hard failure rather than a silent skip.

A new `tests/fixtures/runtime-coverage-agent.md` exercises the Lean,
Node-with-feed-url, and .NET-with-feed-url runtimes plus the
cache-memory tool, ensuring every code-generated bash step is reached.
The lint enforces a `REQUIRED_STEP_DISPLAY_NAMES` coverage list to
catch fixture/generator drift.

Documented in AGENTS.md and docs/extending.md.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* fix(bash-lint): close 1ES coverage gap and fix shellcheck 0.9 SC2002

Two changes the CI surfaced after PR #496 landed locally:

1. **shellcheck 0.9.0 (Ubuntu's pinned) flags SC2002 ("Useless cat")
   on `cat file | sed ...` patterns that 0.11.0 does not.** Fixed by
   rewriting the two offending sites in the MCPG start step:
   * `MCPG_CONFIG=$(cat … | sed | sed | sed)` →
     `MCPG_CONFIG=$(sed -e … -e … -e … file)`. Semantically equivalent
     because the three substitutions are over independent placeholder
     patterns.
   * `cat … | python3 -m json.tool` → `python3 -m json.tool < …`.

   Avoids forking `cat` for nothing and is stable across shellcheck
   versions.

2. **Add a `runtime-coverage-1es-agent.md` fixture and assert that
   every known compile target is exercised by at least one fixture.**
   Previously only `1es-test-agent.md` compiled to the 1ES target, and
   it had no `runtimes:` or `tools.cache-memory`. The code-generated
   bash bodies from those extensions (Lean install, `.npmrc`,
   `nuget.config`, cache-memory restore/init) were being linted only
   on the standalone target. Today their bodies are byte-identical
   across targets, but a future target-specific divergence would slip
   past the lint without a 1ES variant.

   `compile_fixture()` now parses `Generated <target> pipeline:` from
   stdout, accumulates targets seen, and the test asserts every entry
   in `REQUIRED_TARGETS = ["standalone", "1es"]` is covered. Sanity-
   checked that removing the 1ES fixtures causes the test to fail with
   `no fixture compiles to the following target(s): ["1es"]`.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: jamesadevine

.github/workflows/rust-tests.yml

@@ -22,8 +22,16 @@ jobs:
 
       - uses: Swatinem/rust-cache@v2
 
+      - name: Install shellcheck
+        # ubuntu-latest already ships shellcheck, but install explicitly to
+        # guarantee it on every refresh of the runner image and to surface
+        # a clear failure when the bash-lint integration test is enforced.
+        run: sudo apt-get update && sudo apt-get install -y shellcheck
+
       - name: Build
         run: cargo build --verbose
 
       - name: Run tests
+        env:
+          ENFORCE_BASH_LINT: "1"
         run: cargo test --verbose

AGENTS.md

@@ -273,6 +273,25 @@ cargo test
 cargo clippy
 ```
 
+### Bash step lint
+
+The `tests/bash_lint_tests.rs` integration test compiles a representative set
+of fixtures and runs `shellcheck` against every literal `bash:` body in the
+generated YAML. It catches silent-failure patterns that ADO's "fail on last
+command" default would let through (e.g. `cd "$X"` without `|| exit`, tilde
+inside double quotes, masked-return assignments).
+
+The test is skipped if `shellcheck` is not on PATH. Install locally with
+`brew install shellcheck` (macOS) or `apt-get install -y shellcheck` (Debian
+/ Ubuntu); CI installs it in `.github/workflows/rust-tests.yml` and sets
+`ENFORCE_BASH_LINT=1` so a missing shellcheck becomes a hard failure rather
+than a silent skip.
+
+When adding a new bash step, run `cargo test --test bash_lint_tests` and fix
+anything it flags. If a finding is genuinely intentional, add a
+`# shellcheck disable=SCxxxx` comment immediately above the offending line in
+the bash body — shellcheck honours the directive and it's inert at runtime.
+
 ## Common Tasks
 
 ### Compile a markdown pipeline

docs/extending.md

@@ -90,3 +90,45 @@ To add a new filter type:
    `validate_pr_filters()` or `validate_pipeline_filters()`
 5. **Write tests** — lowering test, validation test, and codegen test in
    `filter_ir.rs`
+
+## Bash steps in pipeline templates
+
+Pipeline templates and Rust step generators emit dozens of multi-line `bash:`
+steps. ADO bash steps fail only on the *last* command's exit status by
+default, so a chain like `mkdir … && curl … && cd … && cmd` can silently
+swallow earlier failures.
+
+Rather than spread `set -eo pipefail` boilerplate across every step, the
+project enforces hygiene via `tests/bash_lint_tests.rs`, which compiles a set
+of fixtures and runs `shellcheck` against every literal `bash:` body in the
+generated YAML. The lint catches:
+
+- **SC2164** — `cd $X` without `|| exit` (the canonical silent-failure)
+- **SC2155** — `local var=$(cmd)` masking the inner exit code
+- **SC2086 / SC2046** — unquoted variables / command substitutions
+- **SC2154** — variables referenced but never assigned
+- **SC2088** — tilde inside double quotes (does not expand at all)
+
+When you add or modify a bash step:
+
+1. Run `cargo test --test bash_lint_tests` (locally requires `shellcheck` on
+   PATH; install with `brew install shellcheck` or
+   `apt-get install -y shellcheck`). CI sets `ENFORCE_BASH_LINT=1` so a
+   missing shellcheck becomes a hard failure rather than a silent skip.
+2. Fix any finding by adjusting the bash. Common fixes: `cd "$X" || exit 1`,
+   `exit "$CODE"`, `"$HOME/.foo"` instead of `"~/.foo"`, quoting variable
+   expansions.
+3. If a finding is genuinely intentional, add a
+   `# shellcheck disable=SCxxxx` comment immediately above the line in the
+   bash body. Such directives are bash comments and have no runtime effect.
+
+Do **not** sprinkle `set -eo pipefail` into every step to silence the lint —
+that approach was tried (PR #492) and was rejected because it adds noise,
+drifts as new steps are added, and doesn't address the actual silent-failure
+patterns that the lint surfaces. Use targeted `set -eo pipefail` only when a
+step has a real fail-fast requirement that the lint cannot express (the
+current uses are on AWF/MCPG download and the `tee`-piped agent run).
+
+The exclude list (`SC1090`, `SC1091`, `SC2034`, `SC2016`) is documented in
+`tests/bash_lint_tests.rs`. Each entry has a justification — do not extend
+without one.

src/compile/extensions/trigger_filters.rs

@@ -101,6 +101,7 @@ impl CompilerExtension for TriggerFiltersExtension {
         let mut steps = Vec::new();
         steps.push(format!(
             r#"- bash: |
+    set -eo pipefail
     mkdir -p /tmp/ado-aw-scripts
     curl -fsSL "{RELEASE_BASE_URL}/v{version}/checksums.txt" -o /tmp/ado-aw-scripts/checksums.txt
     curl -fsSL "{RELEASE_BASE_URL}/v{version}/scripts.zip" -o /tmp/ado-aw-scripts/scripts.zip

src/data/1es-base.yml

@@ -59,6 +59,7 @@ extends:
                 {{ engine_install_steps }}
 
                 - bash: |
+                    set -eo pipefail
                     COMPILER_VERSION="{{ compiler_version }}"
                     DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler"
                     DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64"
@@ -70,7 +71,7 @@ extends:
                     curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
                     echo "Verifying checksum..."
-                    cd "$DOWNLOAD_DIR"
+                    cd "$DOWNLOAD_DIR" || exit 1
                     grep "ado-aw-linux-x64" checksums.txt | sha256sum -c -
                     mv ado-aw-linux-x64 ado-aw
                     chmod +x ado-aw
@@ -156,7 +157,7 @@ extends:
                     curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
                     echo "Verifying checksum..."
-                    cd "$DOWNLOAD_DIR"
+                    cd "$DOWNLOAD_DIR" || exit 1
                     grep "awf-linux-x64" checksums.txt | sha256sum -c -
                     mv awf-linux-x64 awf
                     chmod +x awf
@@ -204,6 +205,7 @@ extends:
 
                     # Wait for server to be ready
                     READY=false
+                    # shellcheck disable=SC2034 # i is intentionally unused; wait-N-times loop
                     for i in $(seq 1 30); do
                       if curl -sf "http://localhost:$SAFE_OUTPUTS_PORT/health" > /dev/null 2>&1; then
                         echo "SafeOutputs HTTP server is ready"
@@ -221,14 +223,15 @@ extends:
                 # Start MCP Gateway (MCPG) on host
                 - bash: |
                     # Substitute runtime values into MCPG config
-                    MCPG_CONFIG=$(cat /tmp/awf-tools/staging/mcpg-config.json \
-                      | sed "s|\${SAFE_OUTPUTS_PORT}|$(SAFE_OUTPUTS_PORT)|g" \
-                      | sed "s|\${SAFE_OUTPUTS_API_KEY}|$(SAFE_OUTPUTS_API_KEY)|g" \
-                      | sed "s|\${MCP_GATEWAY_API_KEY}|$(MCP_GATEWAY_API_KEY)|g")
+                    MCPG_CONFIG=$(sed \
+                      -e "s|\${SAFE_OUTPUTS_PORT}|$(SAFE_OUTPUTS_PORT)|g" \
+                      -e "s|\${SAFE_OUTPUTS_API_KEY}|$(SAFE_OUTPUTS_API_KEY)|g" \
+                      -e "s|\${MCP_GATEWAY_API_KEY}|$(MCP_GATEWAY_API_KEY)|g" \
+                      /tmp/awf-tools/staging/mcpg-config.json)
 
                     # Log the template config (before API key substitution) for debugging.
                     echo "Starting MCPG with config template:"
-                    cat /tmp/awf-tools/staging/mcpg-config.json | python3 -m json.tool
+                    python3 -m json.tool < /tmp/awf-tools/staging/mcpg-config.json
 
                     # Remove any leftover container or stale output from a previous interrupted run
                     # (--rm only cleans up on clean exit; OOM/SIGKILL may leave it behind)
@@ -267,6 +270,7 @@ extends:
 
                     # Wait for MCPG to be ready
                     READY=false
+                    # shellcheck disable=SC2034 # i is intentionally unused; wait-N-times loop
                     for i in $(seq 1 30); do
                       if curl -sf "http://localhost:{{ mcpg_port }}/health" > /dev/null 2>&1; then
                         echo "MCPG is ready"
@@ -284,6 +288,7 @@ extends:
                     # Health check passing doesn't guarantee stdout is flushed, so poll.
                     echo "Waiting for gateway output file..."
                     GATEWAY_READY=false
+                    # shellcheck disable=SC2034 # i is intentionally unused; wait-N-times loop
                     for i in $(seq 1 15); do
                       if [ -s "$GATEWAY_OUTPUT" ] && jq -e '.mcpServers' "$GATEWAY_OUTPUT" > /dev/null 2>&1; then
                         echo "Gateway output is ready"
@@ -361,7 +366,7 @@ extends:
                       "$(Pipeline.Workspace)/awf/awf" logs summary --source "$(Agent.TempDirectory)/staging/logs/firewall" 2>/dev/null || true
                     fi
 
-                    exit $AGENT_EXIT_CODE
+                    exit "$AGENT_EXIT_CODE"
                   displayName: "Run copilot (AWF network isolated)"
                   workingDirectory: {{ working_directory }}
                   env:
@@ -433,6 +438,7 @@ extends:
                 {{ engine_install_steps }}
 
                 - bash: |
+                    set -eo pipefail
                     COMPILER_VERSION="{{ compiler_version }}"
                     DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler"
                     DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64"
@@ -444,7 +450,7 @@ extends:
                     curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
                     echo "Verifying checksum..."
-                    cd "$DOWNLOAD_DIR"
+                    cd "$DOWNLOAD_DIR" || exit 1
                     grep "ado-aw-linux-x64" checksums.txt | sha256sum -c -
                     mv ado-aw-linux-x64 ado-aw
                     chmod +x ado-aw
@@ -469,7 +475,7 @@ extends:
                     curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
                     echo "Verifying checksum..."
-                    cd "$DOWNLOAD_DIR"
+                    cd "$DOWNLOAD_DIR" || exit 1
                     grep "awf-linux-x64" checksums.txt | sha256sum -c -
                     mv awf-linux-x64 awf
                     chmod +x awf
@@ -487,8 +493,8 @@ extends:
                   displayName: "Pre-pull AWF container images (v{{ firewall_version }})"
 
                 - bash: |
-                    mkdir -p {{ working_directory }}/safe_outputs
-                    cp -a "$(Pipeline.Workspace)/agent_outputs_$(Build.BuildId)/."  {{ working_directory }}/safe_outputs
+                    mkdir -p "{{ working_directory }}/safe_outputs"
+                    cp -a "$(Pipeline.Workspace)/agent_outputs_$(Build.BuildId)/."  "{{ working_directory }}/safe_outputs"
                   displayName: "Prepare safe outputs for analysis"
 
                 - bash: |
@@ -526,7 +532,7 @@ extends:
                       | tee "$THREAT_OUTPUT_FILE" \
                       && AGENT_EXIT_CODE=0 || AGENT_EXIT_CODE=$?
 
-                    exit $AGENT_EXIT_CODE
+                    exit "$AGENT_EXIT_CODE"
                   displayName: "Run threat analysis (AWF network isolated)"
                   workingDirectory: {{ working_directory }}
                   env:
@@ -550,7 +556,7 @@ extends:
                       RESULT_LINE=$(grep "THREAT_DETECTION_RESULT:" "$(Agent.TempDirectory)/threat-analysis-output.txt" | tail -1)
                       if [ -n "$RESULT_LINE" ]; then
                         # Extract JSON after the prefix
-                        JSON_CONTENT=$(echo "$RESULT_LINE" | sed 's/.*THREAT_DETECTION_RESULT://')
+                        JSON_CONTENT="${RESULT_LINE##*THREAT_DETECTION_RESULT:}"
                         echo "$JSON_CONTENT" > "$(Agent.TempDirectory)/analyzed_outputs/threat-analysis.json"
                         echo "Extracted threat analysis JSON:"
                         cat "$(Agent.TempDirectory)/analyzed_outputs/threat-analysis.json"
@@ -635,6 +641,7 @@ extends:
                   artifact: analyzed_outputs_$(Build.BuildId)
 
                 - bash: |
+                    set -eo pipefail
                     COMPILER_VERSION="{{ compiler_version }}"
                     DOWNLOAD_DIR="$(Pipeline.Workspace)/agentic-pipeline-compiler"
                     DOWNLOAD_URL="https://github.com/githubnext/ado-aw/releases/download/v${COMPILER_VERSION}/ado-aw-linux-x64"
@@ -646,7 +653,7 @@ extends:
                     curl -fsSL -o "$DOWNLOAD_DIR/checksums.txt" "$CHECKSUM_URL"
 
                     echo "Verifying checksum..."
-                    cd "$DOWNLOAD_DIR"
+                    cd "$DOWNLOAD_DIR" || exit 1
                     grep "ado-aw-linux-x64" checksums.txt | sha256sum -c -
                     mv ado-aw-linux-x64 ado-aw
                     chmod +x ado-aw