Fix SGR pattern regex to correctly match ANSI escape sequences

.github/workflows/lint.yml

@@ -21,6 +21,7 @@ on:
 jobs:
   lint:
     runs-on: ubuntu-24.04
+    timeout-minutes: 10
 
     strategy:
       fail-fast: false

AGENTS.md

@@ -0,0 +1,11 @@
+# Agents
+
+Detailed guidance for AI agents working on this codebase.
+
+## Policy
+
+- No unicode. All files must be ASCII-only.
+
+## Reference
+
+- [stdisplay](agents/stdisplay-security.md)

agents/stdisplay-security.md

@@ -0,0 +1,9 @@
+# stdisplay
+
+## Line-based vs whole-input processing
+
+`stcat`/`stcatn`/`sttee` sanitize line-by-line (streaming, like their Unix
+counterparts). `stsponge` sanitizes the whole input at once (sponge semantics).
+These are equivalent because no allowed escape sequence can contain `\n` -- SGR
+is composed solely of digits, semicolons, colons, and the `m` terminator. This
+is inherent to the SGR spec, documented in the man page (`man/stdisplay.1.ronn`).

usr/lib/python3/dist-packages/stdisplay/stdisplay.py

@@ -229,7 +229,7 @@ def get_sgr_pattern(
     sgr_combo = rf"({sgr_combo})"
     if exclude_sgr:
         sgr_combo = exclude_pattern(sgr_combo, exclude_sgr)
-    sgr_re = rf"(;*({sgr_combo})?(;+{sgr_combo})*)?;*m"
+    sgr_re = rf";*({sgr_combo}(;+{sgr_combo})*;*)?m"
     return str(sgr_re)
 
 

usr/lib/python3/dist-packages/stdisplay/sttee.py

@@ -5,6 +5,7 @@
 ## See the file COPYING for copying conditions.
 
 """Safely print stdin to stdout and file."""
+
 from sys import argv, stdin, stdout
 from typing import TextIO
 from stdisplay.stdisplay import stdisplay

usr/lib/python3/dist-packages/stdisplay/tests/stdisplay.py

@@ -17,7 +17,6 @@
     stdisplay,
 )
 
-
 ## This is split into a global so it can be used by sanitize_string.py's tests.
 simple_escape_cases: list[tuple[str, str]] = [
     ("\a", "_"),