v3.0.0 (Phoenix)

Warning

dpshell is under active development with unstable features. It is NOT recommended to use it as the default login shell in production environments.

Caution

Security restrictions such as fork bomb prevention cannot provide full protection. Do not execute untrusted scripts or unknown commands in risky environments.

Important

Certain configuration options like bash_compat will load user profile scripts (~/.bashrc) automatically. Please ensure all sourced scripts come from trusted sources.

Note

dpshell does not source /etc/profile or ~/.bash_profile during login. If your workflow depends on login profile scripts, use bash or brush instead.

---

🧩 Parser

• Recursive‑descent AST – added support for if/elif/else, for, while/until, case/esac, and function definitions as first‑class nodes
• I/O redirection – >, >>, <, >&, <>, >|, <<, <<- with file descriptor tracking and adjacency detection
• Command substitution prescan – preserves nested parentheses and quotes inside $(...)
• Tokenizer split respecting $( – split_respecting_dollar_paren keeps $() content intact during shlex splitting
• Deferred command resolution – unresolved commands at parse time are accepted, allowing runtime function dispatch
• Compound commands – { ... } can be used as pipeline stages
• Loop trailing redirections – while ... done <file is now correctly parsed
• \$ escape handling – passed through expansion pipeline via U+FFFD sentinel

---

🔧 Variable Expansion

• New expand_vars module – supports positional parameters $1…$9, $#, $@, $*
• Parameter modifiers – ${var:-default}, ${var-word}, ${var:+word}, ${var+word}, ${var:=word}
• Pattern stripping – ${var%pattern}, ${var%%pattern}, ${var#pattern}, ${var##pattern}
• Arithmetic expansion – $((expr)) with +, -, *, /, %, comparisons and variable lookup
• Command substitution preservation – $(cmd) content is not prematurely substituted
• Glob matching – simple_glob_match provides fnmatch‑style patterns for case arms and ${var%pat}

---

⚙️ Executor

• Command substitution – capture_subshell_output using fork/pipe/waitpid
• In‑process pipelines – builtins and brace groups run inside the shell without forking
• Runtime binary resolution – deferred command lookup now works for functions and external programs
• Function call threading – ExecContext passes positional parameters correctly
• Exit code propagation – $? (last_exit) is maintained across compound commands and lists
• Bare variable assignments – VAR=value cmd handles command substitution in values
• Loop redirection – while/until loops apply stdin redirection via dup2/restore
• Pipeline output flush – stdout is flushed before process::exit to avoid data loss
• Self‑binary detection – dynamic via current_exe() instead of hardcoded name

---

📦 Builtins

• Modular registry – monolithic builtins.rs split into per‑command files with registry‑based dispatch
• New recognized builtins – echo, read, printf, true, false
• POSIX read – multi‑variable word splitting (splitn on IFS)
• Builtin dispatch in executor – works correctly inside pipelines and functions
• DpShell state – moved to shell/mod.rs with RefCell‑wrapped function table

---

📜 Script Mode

• Non‑interactive execution – dpshell script.sh and dpshell -c 'cmd'
• Multi‑line joining – detects unclosed blocks (if/for/while/case/function bodies)
• Heredoc preprocessing – <<DELIM collects body and substitutes a temp file
• Unified command routing – all script commands go through execute_node for proper expansion
• Login shell profiles – sources /etc/profile, ~/.bash_profile, ~/.profile
• Bash compatibility mode – additionally sources ~/.bashrc and uses ~/.bash_history

---

💻 REPL

• Multi‑line input – heredoc collection and continuation detection
• Dynamic config reload – /etc/deeprotection/config.toml is re‑read at each prompt
• try_exit standalone – used for enforcing‑mode exit authentication

---

🏗️ Build & Code Health

• New dependencies – clap, thiserror, itertools
• Warning suppression – crossterm patch warnings via Cargo.toml lints and #[allow(dead_code)]
• Cleanup – removed all unused imports and variables
• Cargo config – renamed ~/.cargo/config → config.toml to silence deprecation warning
• POSIX test suite – posix_test.sh validates 14 POSIX compatibility tests

---

🧬 Architecture Restructure

• Flat src/*.rs → modules

  • builtins/ (27 files)
  • parser/ (3 files) – moved syntax.rs, expand_vars.rs
  • executor/ (2 files) – moved expand.rs
  • interactive/ (5 files) – moved bash_completer.rs, cycle_menu.rs
  • security/ (4 files) – moved rules.rs, plugins.rs, protection.rs
  • config/, jobs/, logging/, shell/

• Renames and moves

  • ShellState → DpShell (now in shell::mod)
  • ExecContext gained shell_vars, last_exit, positional_params

---

💥 Breaking Changes

• Module paths changed – all imports referencing top‑level modules (syntax, executor, rules, plugins, protection, builtins, logger) must update to their new nested paths
  • e.g. use syntax::... → use parser::syntax::...
  • use builtins::... → use builtins::registry::... (or specific builtin module)
• ShellState renamed to DpShell and moved to shell::mod
• ExecContext now requires additional fields (shell_vars, last_exit, positional_params) – any external code constructing it must adapt
• Standalone binary detection no longer hardcodes the program name – may affect scripts that relied on argv[0] being unchanged

v2.0.0 (Harrier)

🚀 Full refactor of the Deeprotection Shell,
introducing a plugin system, TOML configuration, job control, enhanced path protection, and three runtime operation modes.

---

🧬 New Architecture

• Code restructured into seven well-defined modules:
  cmd, config, executor, logger, plugins, protection, rules, utils
• Modern error handling powered by anyhow + thiserror
• Unified management of command completion, syntax highlighting, and command history via rustyline

🔌 Plugin System

• Load plugins from /etc/deeprotection/plugins/
• Each plugin is declared through plugin.json, receiving commands via standard input and environment variables with a 5‑second timeout
• Plugins are able to allow, block, or rewrite executed commands
• The plugin directory is automatically added to $PATH, enabling direct invocation of plugin-provided binaries (e.g. enls)

⚙️ TOML-Based Configuration

• New primary config path: /etc/deeprotection/config.toml
• Clearly segmented sections: [core], [auth], [paths], and repeated [[rules]] blocks
• Automatic parsing and adaptation for regex rules (prefixed with re:) and plain-text matching rules
• Fine-grained path protection: whitelisted commands + optional administrator password verification

🛡️ Three Runtime Modes

Mode	Behavior
disable	Execute commands directly; only record audit logs
permissive	Apply rules and plugins; bypass strict path protection
enforcing	Full security enforcement: rules → plugins → path protection; admin password required for restricted operations

🧵 Process & Signal Management

• Proper Ctrl+Z handling: child processes run in independent process groups with correct terminal handoff, preventing shell freezing
• Ctrl+C interrupts only the active child command and will not terminate the shell
• exit command requires administrator password authentication under enforcing mode

📜 Logging & Auditing

• Structured JSON Lines audit logs output to /var/log/audit.log
• Each entry includes timestamp, user context, runtime mode, raw command, working directory, PID and more
• Thread-safe log writer with manual flush support

🧭 Other Improvements

• Retained and enhanced interactive directory navigation: cd ? and recursive cd ??
• Safe default flags -i -v automatically applied to rm (overridable via custom rules)
• All built-in security behaviors are rule/plugin-driven with no hardcoded command interception
• Startup banner color varies by mode: green for permissive, red for enforcing

---

💥 Breaking Changes

• Configuration migrated from legacy key=value format to TOML; legacy configs require manual migration
• Removed i18n multi-language support; all terminal messages standardized to English for easier maintenance
• /etc/deeprotection/plugins/ is now a required directory (must exist, even if empty)
• Log file path changed to /var/log/audit.log; legacy log path /var/log/deeprotection.log is no longer written

---

v1.0.2

Warning

This version is deprecated – please download the latest release.

changelog

Bug Fixes

1. Fixed an issue where Enhanced mode failed to activate path protection.
2. Fixed a bug in Permissive mode that caused the deletion-confirmation module to be invoked incorrectly.

New Features

1. Added Tab-completion support.

Other Updates

1. Configuration can now be managed via the Deeprotection-WebGUI web interface.

---

更新日志

bug修复:

1. 修复Enhanced模式无法正常激活路径保护的bug
2. 修复Permissive模式下调用删除确认模块的bug

功能更新:

1. 可以使用Tab键进行补全

其他更新

1. 可以通过Deeprotection-WebGUI使用GUI管理Deeprotection配置

v0.0.6

Warning

This version is deprecated – please download the latest release.

changelog

Feature Updates:

You can default cd when switching working directories

---

更新日志

功能更新:

在切换工作目录时你可以缺省cd

v0.0.5

Warning

This version is deprecated – please download the latest release.

changelog

Bug Fixes:

1. Blocking complex path deletion with rm -rf * is ineffective.

---

更新日志

Bug修复

1. 拦截复杂路径 rm -rf *失效

v0.0.4

Warning

This version is deprecated – please download the latest release.

changelog

Bug Fixes:

1. Fixed the bug where using Ctrl C to interrupt commands in dpshell caused issues.

Compatibility Improvements:

1. You can now move the paths of dplauncher, dploader, and dp without encountering problems.

Feature Updates:

1. Enhanced cd command with additional functionalities.
2. Added colorized output for the ls command.
3. Display the nesting level of sub-shells.
4. You can now browse command history using the up and down arrow keys, and perform reverse searches with Ctrl+R. To save commands, export the /tmp/dpshell_history.XXXXXX file before exiting dpshell.

Documentation Updates:

1. The Simplified Chinese version of the README has been updated to version v0.0.3

---

更新日志

bug修复:

1. 修复dpshell中使用CTRL C中断的bug

兼容性提升:

1. 可以移动dplauncher dploader dp的路径

功能更新:

1. 增强的cd命令
2. ls彩色输出
3. 显示子shell嵌套层级
4. 可通过上下键查阅命令历史,Ctrl+R 反向搜索历史命令
   如果要保存命令请在退出dpshell前导出/tmp/dpshell_history.XXXXXX文件

文档更新:

1. 简体中文版README更新至v0.0.3

v0.0.3

Warning

This version is deprecated – please download the latest release.

changelog

Compatibility Improvements:

1. Support for ARM64(AArch64) architecture Linux has been added
2. No longer call curl to download updates, using pure rust implementation, faster and more stable in high-latency environments

Version selection

OS	Architecture	Filename
Linux	x86_64/AMD64	deeprotection_v1.0.1_amd64.deb
	ARM64/AArch64	deeprotection_v1.0.1_arm64.deb

Q: How do I determine my operating system architecture ?
A: Execute the arch or uname -m command

x86_64 or amd64 → ​​AMD64 architecture​​ (select deeprotection_v1.0.1_amd64.deb)
aarch64 or arm64 → ​​ARM64 architecture​​ (select deeprotection_v1.0.1_arm64.deb)
i386/i686 → 32-bit x86 (currently not supported)

---

更新日志

兼容性提升:

1. 加入了对ARM64(AArch64)架构Linux的支持
2. 不再调用curl下载更新，使用纯rust实现，在高延迟环境下更快速更稳定

版本选择

操作系统	架构	文件名
Linux	x86_64/AMD64	deeprotection_v1.0.1_amd64.deb
	ARM64/AArch64	deeprotection_v1.0.1_arm64.deb

问: 如何确定我的操作系统架构?
答: 执行​​arch 或 uname -m命令

x86_64 或 amd64 → ​​AMD64 架构​​ (选择 deeprotection_v1.0.1_amd64.deb)
aarch64 或 arm64 → ​​ARM64 架构​​ (选择 deeprotection_v1.0.1_arm64.deb)
i386/i686 → 32 位 x86 (暂不支持)

v0.0.2

Warning

This version is deprecated – please download the latest release.

changelog

Bug Fixes:

1. Fixed the issue where activating command interception in Enhanced mode caused an exit from dpshell.
2. Resolved the problem with the Tab key not providing completion in dpshell.
3. Fixed the escape issue with arrow keys in dpshell.

Feature Updates:

1. Added an automatic update feature.

Other Updates:

1. Renamed the original launcher to dplauncher.
2. Renamed mariana-core to dp.

Documentation Updates:

1. Updated the Simplified Chinese version of the README to v0.0.2.

---

更新日志

bug修复:

1. 在Enhanced模式下激活命令拦截导致退出dpsehll
2. dpshell中tab键无法补全
3. dpshell中方向键转义问题

功能更新:

1. 新增自动更新功能

其他更新:

1. 原launcher更名为dplauncher
2. 原mariana-core更名为dp

文档更新:

1. 简体中文版README更新至v0.0.2

v0.0.1 (Hummingbird)

Warning

This version is deprecated – please download the latest release.

da_DK: Dette er den første version.
:) tak fordi du bruger det.

de_DE: Dies ist die erste Version.
:) Danke, dass Sie es benutzen.

This is the first version.
:) Thank you for using it.

Ceci est la première version.
:) Merci de l’utiliser.

Questa è la prima versione.
:) Grazie per averla usata.

これは最初のバージョンです。
:) ご利用いただきありがとうございます。

이것은 첫 번째 버전입니다.
:) 이용해 주셔서 감사합니다.

Dette er den første versjonen.
:) Takk for at du bruker det.

Это первая версия.
:) Спасибо за использование.

Det här är den första versionen.
:) Tack för att du använder den.

这是第一个版本。
:) 感谢您的使用。

這是第一個版本。
:) 多謝使用。

v1.0.0 (Peregrine)

changelog

First official version
Rust rewrite, faster, more stable and safer

Documentation Updates:

1. The Simplified Chinese version of the README has been updated to version v0.0.5

---

更新日志

首个正式版发布
Rust重构，更快、更稳、更安全

文档更新:

1. 简体中文版README更新至v0.0.5

Feature / 特性	Rust (70 % done)	Bash (legacy)
Performance / 性能	Compiled binaries run much faster and use system resources more efficiently. 编译后二进制运行显著更快，资源利用率更高。	Interpreter overhead; slower on large datasets or complex logic. 解释器开销大，数据量大或逻辑复杂时更慢。
Security / 安全性	Memory-safe by design (ownership, lifetimes). Prevents buffer overflows & injection. 内存安全设计，杜绝溢出与注入。	Prone to injection & shell-escaping bugs. 易受注入与转义漏洞影响。
Command History / 命令历史	Optimized storage & lookup; faster search and replay. 优化的存储与检索，搜索和回放更迅速。	Simplistic history; slower on large logs. 简易历史机制，量大时变慢。
Tab Completion / Tab 补全	Not implemented yet – manual path typing required. 暂未实现–需手动输入完整路径。	Fully supported for directories & files. 完整支持目录与文件名补全。
Implicit cd / cd 缺省	Not implemented yet – must use cd <dir>. 暂未实现–必须使用 cd 命令。	Works out-of-the-box: type a directory name to enter it. 原生支持：直接输入目录名即可进入。