fix(snapshot): account function source bytes

[chaliy]

Motivation

• Prevent attacker-controlled trailing EOF comments from being retained in FunctionDef.source without charging against MemoryLimits::max_function_body_bytes, which allowed resource-exhaustion via many large function sources.

Description

• Stop EOF source capture from returning input.len() by using current_span.end.offset at EOF in Parser::current_command_end_offset so skipped trailing comments aren't included in captured source (crates/bashkit/src/parser/mod.rs).
• Add function_storage_bytes(func: &FunctionDef) to charge stored FunctionDef.source bytes when present and fall back to AST span size for legacy cases (crates/bashkit/src/interpreter/mod.rs).
• Use function_storage_bytes when enforcing function insert/replace budgets at runtime and during snapshot restore and budget recompute so stored source is accounted for (crates/bashkit/src/interpreter/mod.rs).
• Add integration tests that assert trailing EOF comments are not spuriously retained and that source-only snapshot restores are charged against max_function_body_bytes (crates/bashkit/tests/integration/snapshot_tests.rs).

Testing

• Ran targeted unit/integration tests snapshot_function_source_excludes_trailing_eof_comment and snapshot_restore_counts_source_bytes_against_function_limit and both passed.
• Ran the full snapshot integration test suite cargo test -p bashkit --test integration snapshot_tests:: and all snapshot tests passed (40 passed, 0 failed).
• Ran cargo fmt --check and cargo clippy -p bashkit --tests -- -D warnings as formatting/lint checks and they succeeded.

---

Codex Task

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	bashkit	89bc3c0	Commit Preview URL	Jun 02 2026, 09:35 AM