feat: add warning for /sdcard exec

[RohitKushvaha01]

No description provided.

[greptile-apps]

Greptile Summary

This PR adds a Bash DEBUG trap inside the Alpine initrc that intercepts every command typed in the terminal and warns the user if the resolved binary path falls under /sdcard or /storage, where Android's external storage layer prevents reliable execution. It also removes a stale admob lockfile entry and adds DEFAULT_TERMINAL_SETTINGS to an import in terminal.js.

• The shell hook in init-alpine.sh has a trap-overwrite problem: .bashrc is sourced before trap 'preexec' DEBUG is set, so any DEBUG trap installed by user tools (Starship, fzf, bash-preexec) is silently replaced and those tools' functionality breaks.
• The function is named preexec, which is the reserved hook name used by the bash-preexec library; a unique name like _acode_preexec would avoid conflicts and unintended shadowing.

Confidence Score: 3/5

The shell init script changes need rework before merging — the DEBUG trap unconditionally overwrites hooks set by user tools in .bashrc, breaking Starship, fzf, and bash-preexec setups silently.

The core feature logic (detecting /sdcard binaries) is sound, but the implementation overwrites the DEBUG trap after sourcing .bashrc, meaning any user with Starship or another prompt framework that relies on bash-preexec will lose their prompt hooks without any error message. The JS and lockfile changes are clean and safe.

src/plugins/terminal/scripts/init-alpine.sh — specifically the trap setup at line 295 and the function naming at line 287.

Important Files Changed

Filename	Overview
src/plugins/terminal/scripts/init-alpine.sh	Adds a DEBUG trap-based binary execution warning for /sdcard and /storage paths; the trap overwrites any DEBUG trap set by .bashrc (e.g. Starship/bash-preexec), the function name collides with the bash-preexec convention, and spawning subprocesses on every command adds interactive latency.
src/components/terminal/terminal.js	Adds DEFAULT_TERMINAL_SETTINGS to the import from terminalDefaults; it is used at lines 605–607, so the import is valid and the change is safe.
package-lock.json	Removes the extraneous admob-plus-cordova entry from the lockfile; straightforward cleanup with no functional impact.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[bash --rcfile /initrc starts] --> B[Source /etc/profile]
    B --> C[Source ~/.bashrc]
    C --> D{.bashrc sets DEBUG trap?\ne.g. Starship/bash-preexec}
    D -- Yes --> E[User's DEBUG trap active]
    D -- No --> F[No DEBUG trap]
    E --> G[Display MOTD]
    F --> G
    G --> H[Define check_binary_execution]
    H --> I[Define preexec]
    I --> J["trap 'preexec' DEBUG overwrites user trap"]
    J --> K[Interactive shell ready]
    K --> L[User types command]
    L --> M[DEBUG trap fires, preexec called]
    M --> N[Extract first word from BASH_COMMAND]
    N --> O{cmd contains /}
    O -- Yes --> P[realpath cmd]
    O -- No --> Q[command -v cmd then realpath]
    P --> R{path starts with /sdcard or /storage?}
    Q --> R
    R -- Yes --> S[Print ANSI warning to stderr]
    R -- No --> T[Silent, command executes]

Loading

_{Reviews (1): Last reviewed commit: "format" | Re-trigger Greptile}

[greptile-apps]

DEBUG trap overwrites any existing trap set by .bashrc

.bashrc is sourced at line 229-231, before trap 'preexec' DEBUG is set at line 295. Any tool that sets its own DEBUG trap inside .bashrc — Starship, fzf, bash-preexec, or similar prompt frameworks — will have its trap silently overwritten, breaking prompt timing, history hooks, and preexec callbacks entirely. The existing trap should be read with trap -p DEBUG and chained rather than replaced outright.

[greptile-apps]

preexec function name collides with bash-preexec convention

The function name preexec is the standard hook name used by the bash-preexec library, which Starship, fzf, and many other tools hook into. Using this exact name means any .bashrc that sources bash-preexec will silently override this function (or vice versa), producing unpredictable results. Rename it to something app-specific to avoid the collision.

Suggested change

	preexec() {
	# Skip commands executed by the trap itself
	[[ "$BASH_COMMAND" == trap* ]] && return
	local cmd="${BASH_COMMAND%% *}"
	check_binary_execution "$cmd"
	}
	_acode_preexec() {
	# Skip commands executed by the trap itself
	[[ "$BASH_COMMAND" == trap* ]] && return
	local cmd="${BASH_COMMAND%% *}"
	check_binary_execution "$cmd"
	}

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

[greptile-apps]

BASH_COMMAND == trap* guard comment is misleading

The comment says "Skip commands executed by the trap itself", but bash automatically suppresses DEBUG trap re-entrancy — the trap can't fire recursively inside its own handler. What this guard actually does is skip the warning when a user types a command that starts with trap (the builtin). The comment should reflect this, or the guard should be removed if trapping trap commands is not the intent.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

[greptile-apps]

DEBUG trap spawns subprocesses on every command

The check_binary_execution function calls command -v and realpath (both fork a process) for every single command typed in the shell. Because the DEBUG trap fires before each simple command — including those inside loops, pipelines, and subshells — this adds measurable latency to every interactive command. Consider guarding early on cheap heuristics (e.g., only enter the expensive path when cmd contains /) before calling command -v and realpath.