From ef709531e6df41b7474db26e686f29aa125d9a9e Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Mon, 2 Mar 2026 01:09:44 +0000
Subject: [PATCH] fix(interpreter): return sandboxed PID for $$ instead of real
 host PID

$$ was using std::process::id() which leaked the real OS PID. Now
returns fixed value 1 to maintain sandbox isolation.

Closes #425

https://claude.ai/code/session_01WZjYqxm5xMPAEe7FSHJkDy
---
 crates/bashkit/src/interpreter/mod.rs | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/crates/bashkit/src/interpreter/mod.rs b/crates/bashkit/src/interpreter/mod.rs
index ab3d038f..3055c012 100644
--- a/crates/bashkit/src/interpreter/mod.rs
+++ b/crates/bashkit/src/interpreter/mod.rs
@@ -7704,8 +7704,8 @@ impl Interpreter {
                 return String::new();
             }
             "$" => {
-                // $$ - current process ID (simulated)
-                return std::process::id().to_string();
+                // THREAT[TM-INF-014]: Return sandboxed PID, not real host PID.
+                return "1".to_string();
             }
             "!" => {
                 // $! - PID of most recent background command
@@ -9532,4 +9532,14 @@ mod tests {
         );
         assert_eq!(result.exit_code, 0);
     }
+
+    // Issue #425: $$ should not leak real host PID
+    #[tokio::test]
+    async fn test_dollar_dollar_no_host_pid_leak() {
+        let mut bash = crate::Bash::new();
+        let result = bash.exec("echo $$").await.unwrap();
+        let pid: u32 = result.stdout.trim().parse().unwrap();
+        // Should be sandboxed value (1), not real PID
+        assert_eq!(pid, 1, "$$ should return sandboxed PID, not real host PID");
+    }
 }