security: Python BashTool.reset() drops security config (TM-PY-028) #499
Description
Summary
BashTool::reset() in the Python bindings at bashkit-python/src/lib.rs recreates the interpreter from scratch, potentially dropping configured resource limits. PyBash.reset() at :470 preserves limits correctly, but BashTool.reset() may not.
Impact — MEDIUM
Security limits silently removed after reset. A script that calls reset gets an unrestricted interpreter.
Recommended fix
Ensure BashTool.reset() preserves the original builder configuration (limits, hostname, username, etc.), matching the behavior of PyBash.reset().
Cross-references
- Threat model: TM-PY-028
- Related: TM-PY-026 (reset discards security config — existing threat)
- PR: test(security): deep security audit with regression tests #487