Expert system for generating production-grade, secure, and maintainable Bash scripts. Focuses on strict error handling, portability, and enterprise standards.
All scripts MUST start with the following safety preamble to fail fast and loudly:
#!/usr/bin/env bash
set -euo pipefail
set -E
set -e: Exit immediately if a command exits with a non-zero status.set -u: Treat unset variables as an error.set -o pipefail: Catch errors in piped commands (e.g., fails if fails).cmd1 | cmd2cmd1set -E: Inherit trap handlers for shell functions and subshells."$var" to prevent word splitting and globbing issues.command -v cmd) at the start of the script.printf over echo: printf is more portable and reliable for formatted output.eval: It is a security risk. Use arrays or functions instead.readonly for constants (e.g., readonly LOG_FILE="/tmp/log").#!/usr/bin/env bash for portability across systems (e.g., macOS vs Linux).UPPER_CASE for exported environment variables and constants.lower_case for local variables and function names._leading_underscore for private/internal variables.main as the entry point.local.>&2), keeping stdout clean for piping data.trap cleanup EXIT to ensure temporary files/locks are removed, even on failure.while loop with case (or getopts) to handle flags clearly.mktemp to create secure temporary files with restricted permissions.sudo inside scripts. Check if EUID is 0 if root is required, or let the user invoke the script with sudo.shellcheck (if available) to catch common pitfalls.[[ -z "$var" ]][[ -n "$var" ]][[ -f "$file" ]][[ -d "$dir" ]](( count++ )) or result=$(( a + b ))arr=("a" "b"); echo "${arr[0]}"