Summary
rtk proxy appears unsafe for compound shell snippets. When I wrapped a multi-command shell loop in rtk proxy '...', shell syntax was not preserved as expected and parts of the snippet were interpreted as command/path arguments. This led to incorrect execution side effects, including bogus directories being created from shell tokens.
Version
Reproduction shape
A command shaped like this is enough to demonstrate the risk pattern:
rtk proxy 'mkdir -p /tmp/rtk-repro && for n in 1 2; do log=/tmp/rtk-repro/$n.log; (echo "$n" > "$log"; echo $? > /tmp/rtk-repro/$n.exit) & echo "pid=$!"; sleep 1; while [ "$(jobs -pr | wc -l | tr -d " ")" -ge 2 ]; do sleep 1; done; done; wait'
The important part is not this exact command, but that it contains normal shell syntax:
&&for ... do ... done- command substitution:
$(...)
- pipes:
|
- redirects:
> / 2>&1
- background jobs:
&
- grouped commands:
( ... )
- nested quotes
Expected behavior
Either:
rtk proxy should pass the full snippet to the shell exactly as a raw command, preserving shell semantics; orrtk proxy should reject compound shell snippets with a clear error message, e.g. "rtk proxy only supports one simple command; do not pass shell snippets".
Actual behavior
The compound snippet was not treated as a single shell program. Parts of the shell syntax were effectively interpreted as command/path tokens, producing incorrect behavior. In my case, token-like fragments such as option names, numeric loop values, and shell keywords became filesystem entries.
Why this matters
The name and help text for proxy can make users think it is safe to wrap arbitrary raw shell code. If it is intended only for simple commands, the CLI should make that explicit and ideally fail closed for detected shell metacharacters.
Suggested fix
- Document that
rtk proxy is only for a single simple command, not shell snippets.
- Add validation/rejection for common shell metacharacters or compound syntax (
|, >, &&, ;, $(), for, while, if, &, parentheses) unless an explicit shell mode is supported.
- Alternatively, provide a separate explicit mode such as
rtk shell -- '<snippet>' that intentionally invokes the user's shell and preserves compound shell semantics.
Summary
rtk proxyappears unsafe for compound shell snippets. When I wrapped a multi-command shell loop inrtk proxy '...', shell syntax was not preserved as expected and parts of the snippet were interpreted as command/path arguments. This led to incorrect execution side effects, including bogus directories being created from shell tokens.Version
Reproduction shape
A command shaped like this is enough to demonstrate the risk pattern:
rtk proxy 'mkdir -p /tmp/rtk-repro && for n in 1 2; do log=/tmp/rtk-repro/$n.log; (echo "$n" > "$log"; echo $? > /tmp/rtk-repro/$n.exit) & echo "pid=$!"; sleep 1; while [ "$(jobs -pr | wc -l | tr -d " ")" -ge 2 ]; do sleep 1; done; done; wait'The important part is not this exact command, but that it contains normal shell syntax:
&&for ... do ... done$(...)|>/2>&1&( ... )Expected behavior
Either:
rtk proxyshould pass the full snippet to the shell exactly as a raw command, preserving shell semantics; orrtk proxyshould reject compound shell snippets with a clear error message, e.g. "rtk proxy only supports one simple command; do not pass shell snippets".Actual behavior
The compound snippet was not treated as a single shell program. Parts of the shell syntax were effectively interpreted as command/path tokens, producing incorrect behavior. In my case, token-like fragments such as option names, numeric loop values, and shell keywords became filesystem entries.
Why this matters
The name and help text for
proxycan make users think it is safe to wrap arbitrary raw shell code. If it is intended only for simple commands, the CLI should make that explicit and ideally fail closed for detected shell metacharacters.Suggested fix
rtk proxyis only for a single simple command, not shell snippets.|,>,&&,;,$(),for,while,if,&, parentheses) unless an explicit shell mode is supported.rtk shell -- '<snippet>'that intentionally invokes the user's shell and preserves compound shell semantics.