Implement sudo command modifier (#782)

* Initial plan

* Implement sudo command modifier with detection logic and comprehensive tests

Co-authored-by: Ph0enixKM <29208124+Ph0enixKM@users.noreply.github.com>

* Fix sudo modifier to use runtime detection instead of compile-time detection

Co-authored-by: Ph0enixKM <29208124+Ph0enixKM@users.noreply.github.com>

* Refactor sudo implementation to use __sudo variable name and VarStmtFragment/VarExprFragment

Co-authored-by: Ph0enixKM <29208124+Ph0enixKM@users.noreply.github.com>

* Simplify sudo detection to use concise bash logic and return just VarExprFragment

Co-authored-by: Ph0enixKM <29208124+Ph0enixKM@users.noreply.github.com>

* Update sudo modifier error message for better consistency

Co-authored-by: Ph0enixKM <29208124+Ph0enixKM@users.noreply.github.com>

* Clean up code by removing comments from gen_sudo_prefix function

Co-authored-by: Ph0enixKM <29208124+Ph0enixKM@users.noreply.github.com>

* feat: update grammar ebnf

* feat: properly test sudo

* fix: typo

* Remove else clause from chained modifiers sudo test as requested

Co-authored-by: Ph0enixKM <29208124+Ph0enixKM@users.noreply.github.com>

* Simplify sudo test condition by removing root user check

Co-authored-by: Ph0enixKM <29208124+Ph0enixKM@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Ph0enixKM <29208124+Ph0enixKM@users.noreply.github.com>
Co-authored-by: Phoenix Himself <pkaras.it@gmail.com>

Author: Copilot

grammar.ebnf

@@ -36,6 +36,7 @@ expression =
     builtins_expression |
     command |
     function_call |
+    function_call_failed |
     identifier |
     list |
     null |
@@ -80,6 +81,7 @@ KEYWORD_REF = 'ref' ;
 KEYWORD_RETURN = 'return' ;
 KEYWORD_SILENT = 'silent' ;
 KEYWORD_STATUS = 'status' ;
+KEYWORD_SUDO = 'sudo' ;
 KEYWORD_SUCCEEDED = 'succeeded' ;
 KEYWORD_THEN = 'then' ;
 KEYWORD_TRUST = 'trust' ;
@@ -93,8 +95,6 @@ DIGIT = '0'..'9' ;
 TYPE = 'Text' | 'Num' | 'Bool' | 'Null';
 UNARY_OP = '-' | KEYWORD_NOT ;
 BINARY_OP = '+' | '-' | '*' | '/' | '%' | KEYWORD_AND | KEYWORD_OR | '==' | '!=' | '<' | '<=' | '>' | '>=' ;
-SILENT_MOD = KEYWORD_SILENT ;
-TRUST_MOD = KEYWORD_TRUST ;
 VISIBILITY = KEYWORD_PUB ;
 
 (* Identifier *)
@@ -124,11 +124,10 @@ list = empty_list | full_list ;
 
 (* Command expression *)
 (* The ordering of command modifiers doesn't matter *)
-command_modifier = SILENT_MOD, [ TRUST_MOD ] ;
+command_modifier = [ KEYWORD_SILENT ], [ KEYWORD_TRUST ], [ KEYWORD_SUDO ] ;
 command_modifier_block = command_modifier, multiline_block ;
 command_base = '$', { ANY_CHAR | interpolation }, '$' ;
-command = [ SILENT_MOD ], command_base, [ failure_handler | success_handler ] ;
-command_trust = [ SILENT_MOD ], TRUST_MOD, command_base ;
+command = command_modifier, command_base, [ failure_handler | success_handler ] ;
 
 (* Operations *)
 binary_operation = expression, BINARY_OP, expression ;
@@ -154,10 +153,8 @@ variable_get = identifier, variable_index? ;
 variable_set = identifier, variable_index?, '=', expression ;
 
 (* Function *)
-function_call = identifier, '(', [ expression, { ',', expression } ], ')' ;
-function_call_failed = [ SILENT_MOD ], function_call, failure_handler ;
-function_call_succeeded = [ SILENT_MOD ], function_call, success_handler ;
-function_call_trust = [ SILENT_MOD ], TRUST_MOD, function_call ;
+function_call = command_modifier, identifier, '(', [ expression, { ',', expression } ], ')' ;
+function_call_failed = function_call, [ failure_handler | success_handler ] ;
 function_def = [ VISIBILITY ], KEYWORD_FUN, identifier, '(', [ identifier, { ',', identifier } ], ')', block ;
 function_def_typed = [ VISIBILITY ], KEYWORD_FUN, identifier, '(',
     [ identifier, ':', TYPE, { ',', identifier, ':', TYPE } ], ')', ':', TYPE, block ;

src/modules/command/cmd.rs

@@ -8,7 +8,6 @@ use crate::modules::expression::interpolated_region::{InterpolatedRegionType, pa
 use super::modifier::CommandModifier;
 use heraclitus_compiler::prelude::*;
 use crate::modules::prelude::*;
-use crate::fragments;
 
 #[derive(Debug, Clone)]
 pub struct Command {
@@ -90,7 +89,9 @@ impl Command {
         let succeeded = self.succeeded.translate(meta);
 
         let mut is_silent = self.modifier.is_silent || meta.silenced;
+        let mut is_sudo = self.modifier.is_sudo || meta.sudoed;
         swap(&mut is_silent, &mut meta.silenced);
+        swap(&mut is_sudo, &mut meta.sudoed);
 
         let translation = InterpolableFragment::new(
             self.strings.clone(),
@@ -99,8 +100,12 @@ impl Command {
         ).to_frag();
 
         let silent = meta.gen_silent().to_frag();
-        let translation = fragments!(translation, silent);
+        let sudo_prefix = meta.gen_sudo_prefix().to_frag();
+        let translation = ListFragment::new(vec![sudo_prefix, translation, silent])
+            .with_spaces()
+            .to_frag();
         swap(&mut is_silent, &mut meta.silenced);
+        swap(&mut is_sudo, &mut meta.sudoed);
 
         // Choose between failed, succeeded, or no handler
         let handler = if self.failed.is_parsed {

src/modules/command/modifier.rs

@@ -8,7 +8,8 @@ pub struct CommandModifier {
     pub block: Box<Block>,
     pub is_block: bool,
     pub is_trust: bool,
-    pub is_silent: bool
+    pub is_silent: bool,
+    pub is_sudo: bool
 }
 
 impl CommandModifier {
@@ -57,6 +58,13 @@ impl CommandModifier {
                             self.is_silent = true;
                             meta.increment_index();
                         },
+                        "sudo" => {
+                            if self.is_sudo {
+                                return error!(meta, Some(tok.clone()), "Command modifier 'sudo' has already been declared");
+                            }
+                            self.is_sudo = true;
+                            meta.increment_index();
+                        },
                         _ => break
                     }
                 },
@@ -75,7 +83,8 @@ impl SyntaxModule<ParserMetadata> for CommandModifier {
             block: Box::new(Block::new().with_no_indent()),
             is_block: true,
             is_trust: false,
-            is_silent: false
+            is_silent: false,
+            is_sudo: false
         }
     }
 
@@ -95,8 +104,10 @@ impl TranslateModule for CommandModifier {
     fn translate(&self, meta: &mut TranslateMetadata) -> FragmentKind {
         if self.is_block {
             meta.silenced = self.is_silent;
+            meta.sudoed = self.is_sudo;
             let result = self.block.translate(meta);
             meta.silenced = false;
+            meta.sudoed = false;
             result
         } else {
             FragmentKind::Empty

src/tests/erroring/sudo_duplicate_modifier.ab

@@ -0,0 +1,7 @@
+// Output
+// Command modifier 'sudo' has already been declared
+
+main {
+    // This should fail with duplicate sudo modifier error
+    sudo sudo $ echo "test" $?
+}

src/tests/validity/chained_modifiers_sudo.ab

@@ -0,0 +1,25 @@
+// Output
+// Succeeded
+
+main {
+    trust $ sudo() \{ command sudo -n "\$@"; } $
+
+    // Read first line of sudoers file
+    sudo silent $ head -n1 /etc/sudoers $ failed {
+        let code = status
+        if {
+            // Case when user is not a root
+            code == 1 and trust $ id -u $ != "0":
+                echo "Succeeded"
+            // Case when sudo command is not installed
+            code == 127:
+                echo "Succeeded"
+            else:
+                echo "Unexpected behaviour: {code}"
+        }
+        exit
+    }
+
+    if status == 0:
+        echo "Succeeded"
+}

src/utils/metadata/translate.rs

@@ -4,6 +4,8 @@ use std::collections::VecDeque;
 use super::ParserMetadata;
 use crate::compiler::CompilerOptions;
 use crate::modules::prelude::*;
+use crate::modules::types::Type;
+use crate::raw_fragment;
 use crate::translate::compute::ArithType;
 use crate::utils::function_cache::FunctionCache;
 use crate::utils::function_metadata::FunctionMetadata;
@@ -26,6 +28,8 @@ pub struct TranslateMetadata {
     pub eval_ctx: bool,
     /// Determines whether the current context should be silenced.
     pub silenced: bool,
+    /// Determines whether the current context should use sudo.
+    pub sudoed: bool,
     /// The current indentation level.
     pub indent: i64,
     /// Determines if minify flag was set.
@@ -42,6 +46,7 @@ impl TranslateMetadata {
             value_id: 0,
             eval_ctx: false,
             silenced: false,
+            sudoed: false,
             indent: -1,
             minify: options.minify,
         }
@@ -78,9 +83,26 @@ impl TranslateMetadata {
         id
     }
 
-    pub fn gen_silent(&self) -> RawFragment {
-        let expr = if self.silenced { " >/dev/null 2>&1" } else { "" };
-        RawFragment::new(expr)
+    pub fn gen_silent(&self) -> FragmentKind {
+        if self.silenced {
+            raw_fragment!(">/dev/null 2>&1")
+        } else {
+            FragmentKind::Empty
+        }
+    }
+
+    pub fn gen_sudo_prefix(&mut self) -> FragmentKind {
+        if self.sudoed {
+            let var_name = "__sudo";
+            let condition = r#"[ "$(id -u)" -ne 0 ] && command -v sudo >/dev/null 2>&1 && printf sudo"#;
+            let condition_frag = RawFragment::new(&format!("$({})", condition)).to_frag();
+            let var_stmt = VarStmtFragment::new(var_name, Type::Text, condition_frag);
+            let var_expr = VarExprFragment::from_stmt(&var_stmt).with_quotes(false);
+            self.stmt_queue.push_back(var_stmt.to_frag());
+            var_expr.to_frag()
+        } else {
+            FragmentKind::Empty
+        }
     }
 
     // Returns the appropriate amount of quotes with escape symbols.