Add a --private option to launch fish in private mode

In private mode, access to previous history is blocked and new history does not persist and is only available for the duration of the current session. This mode can be used when it is not desirable for commandline history to leak into a session, e.g. via autocomplete or when it is desirable to test the behavior of fish in the absence of history items without permanently clearing the history. I'm sure there are a lot more features that can be incorporated into private mode, such as restricting access to certain user-specific configuration files, etc. This addresses a lot of the concerns raised in #1363 (which was later changed to track mosh-specific problems). See also #102.
2026-06-11 05:31:14 -03:00 · 2018-09-19 18:56:08 -05:00
parent b427cd1823
commit 379f44fabe
4 changed files with 24 additions and 2 deletions
--- a/src/env.cpp
+++ b/src/env.cpp
@@ -297,7 +297,8 @@ bool string_set_contains(const T &set, const wchar_t *val) {
 /// Check if a variable may not be set using the set command.
 static bool is_read_only(const wchar_t *val) {
    const string_set_t env_read_only = {L"PWD", L"SHLVL", L"history", L"status", L"version", L"fish_pid", L"hostname", L"_"};
-    return string_set_contains(env_read_only, val);
+    return string_set_contains(env_read_only, val) ||
+        (in_private_mode() && wcscmp(L"fish_history", val) == 0);
 }

 static bool is_read_only(const wcstring &val) { return is_read_only(val.c_str()); }