fix(coreutils-port): harden uu_app builder validation

[chaliy]

Motivation

• The previous validator accepted single-expression uu_app() bodies that could execute side effects (e.g. std::process::Command::new(...).status().map(...).unwrap()), allowing generated Rust to run during CI or at runtime.
• Need a minimal, focused guard that ensures only safe clap builder expressions can be emitted and prevents side-effecting chains from passing validation.

Description

• Tightened validate_uu_app_body in crates/bashkit-coreutils-port/src/args.rs to require a clap::Command::new(...)-style root expression and improved error message.
• Extended UuAppExprValidator with visit_expr_method_call to reject clearly unsafe chain methods and added visitors to reject closures and macros inside the builder expression.
• Added is_disallowed_chain_method helper to enumerate disallowed side-effecting methods (status, spawn, output, map, unwrap, etc.) and made path_ends_with_command_new accept only Command::new or clap::Command::new roots.
• Added regression test rejects_non_clap_command_root_chain to cover the single-expression std::process::Command bypass scenario.

Testing

• Ran cargo fmt --all which completed successfully.
• Ran cargo test -p bashkit-coreutils-port and all tests passed (17 passed, 0 failed), including the new regression test that rejects the bypass.

---

Codex Task

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	bashkit	8c81e7f	Commit Preview URL	May 08 2026, 09:34 PM