Bash Style Guide
Apply this checklist when writing or reviewing bash code.
Trigger Reference
- •Use
references/trigger-matrix.mdas the canonical trigger and co-activation matrix. - •Resolve skill activation from changed files with
python3 scripts/resolve_style_guides.py <changed-path>...when automation is available. - •Validate trigger matrix consistency with
python3 scripts/validate_trigger_matrix_sync.py.
Structure and readability
Quality Gate Reference
- •Use
references/quality-gate-command-matrix.mdfor CI check-only vs local autofix command mapping.
- •Start scripts with
#!/usr/bin/env bashand strict mode:set -euo pipefail. - •Use small functions with one responsibility; keep
mainorchestration-focused. - •Keep constants uppercase (
MAX_RETRIES) and local variables lowercase (retry_count). - •Use
localin functions to avoid leaking state. - •Document non-obvious command pipelines with short intent comments.
Data handling and quoting
- •Quote expansions by default:
"${var}","${array[@]}". - •Use arrays for argument lists; avoid string-concatenated command assembly.
- •Replace magic numbers with named constants and include units in names (
TIMEOUT_SECONDS). - •Avoid
eval; treat it as a security-sensitive last resort. - •Fail early for required environment variables:
- •
: "${API_TOKEN:?API_TOKEN is required}" - •Do not provide silent fallback defaults for required config.
- •
Error handling and control flow
- •Return explicit non-zero exit codes for expected failure modes.
- •Use
trapfor cleanup and emit actionable error messages. - •Handle command failures intentionally (
if ! cmd; then ... fi) instead of masking them. - •Avoid broad
|| true; suppress failures only with explicit rationale. - •Let failures surface when root cause should be fixed, not hidden.
Security and operational safety
- •Treat all external input as untrusted; validate before use.
- •Use
--before positional paths in destructive commands (rm -- "$target"). - •Avoid unbounded globbing and unsafe temporary file handling; prefer
mktemp. - •Minimize secret exposure in logs; never echo credentials.
- •Use least-privilege command execution and avoid unnecessary
sudo.
Performance and scalability
- •Avoid spawning subshells inside tight loops when builtins suffice.
- •Prefer single-pass text processing over repeated
grep | awk | sedchains. - •Batch filesystem operations where possible.
- •Add bounded retry loops with explicit backoff constants.
Testing and verification
- •Add
batstests for critical functions and failure paths. - •Cover edge cases: empty input, whitespace paths, missing env vars, command timeouts.
- •Document manual verification for system-dependent behavior.
- •Verify scripts are idempotent when run repeatedly.
CI required quality gates (check-only)
- •Run
shellcheckwith warnings treated as actionable. - •Run
shfmt -d(or equivalent check mode) and require zero diff. - •Run test suite (for example
bats test/). - •Reject changes with implicit behavior that obscures failures.
Optional autofix commands (local)
- •Run
shfmt -wto apply formatting. - •Apply safe mechanical fixes suggested by
shellcheckand re-run checks.