fix(interpreter): scope deferred process substitutions

[chaliy]

Motivation

• Prevent stale >(cmd) deferred process-substitution commands queued during argument expansion from surviving early-return paths or crossing Bash::exec() boundaries and causing cross-exec command injection or information disclosure.

Description

• Clear the interpreter-wide deferred queue at exec reset by calling self.deferred_proc_subs.clear() from reset_transient_state() in crates/bashkit/src/interpreter/mod.rs.
• Scope deferred entries to the current simple-command frame by recording a deferred_proc_sub_start index at the start of execute_simple_command(), adding discard_deferred_proc_subs_from(start: usize) to truncate the queue, and replacing the global drain with run_deferred_proc_subs_from(start, &mut result) that only drains entries added by that simple command.
• Ensure all early-return/error paths (word expansion errors, nounset, failglob sentinel, alias expansion, assignment errors, and empty-command handling) call the discard helper so command-local deferred entries are dropped instead of persisting.
• Add regression tests validating (1) no leakage after a same-exec failglob early return and (2) no cross-exec leakage when reusing a Bash instance; tests added in crates/bashkit/src/interpreter/mod.rs near existing process_sub tests.

Testing

• Ran cargo fmt --check and formatting check succeeded.
• Ran targeted unit tests cargo test -p bashkit interpreter::tests::test_output_process_sub_cleared -- --nocapture and the new tests passed.
• Ran the process_sub test group via cargo test -p bashkit test_process_sub -- --nocapture and all process_sub tests passed.

---

Codex Task

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	bashkit	55c2bdd	Commit Preview URL	Jun 02 2026, 09:25 AM