tenseleyflow/shithub / 0bc8316

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package expr

+

+import (

+	"fmt"

+	"strings"

+)

+

+// Value is the result of evaluating an Expr. It's intentionally

+// stringly-typed (no Go interface{} polymorphism) because the types

+// we care about — strings + booleans — are both representable as a

+// Go string with a Kind tag, and stringly types make the taint flag

+// unambiguous to track.

+//

+// Tainted=true means the value transitively depends on an

+// untrusted-source reference (anything in the shithub.event.*

+// namespace). The runner's exec layer (S41d) refuses to interpolate

+// Tainted values into shell strings.

+type Value struct {

+	Kind    Kind

+	S       string

+	B       bool

+	Tainted bool

+}

+

+// Kind classifies a Value.

+type Kind int

+

+const (

+	KindString Kind = iota

+	KindBool

+	KindNull

+)

+

+// String renders the Value in the canonical form GHA's evaluator uses:

+// strings raw, booleans "true"/"false", null as "". Used by both the

+// admin parse subcommand (S41a) and the runner's command rendering

+// (S41d).

+func (v Value) String() string {

+	switch v.Kind {

+	case KindBool:

+		if v.B {

+			return "true"

+		}

+		return "false"

+	case KindNull:

+		return ""

+	}

+	return v.S

+}

+

+// Truthy implements GHA's truthiness rules used by `if:` expressions

+// and the boolean operators: false, "", null are falsy; anything else

+// is truthy. Numeric truthiness (0 falsy) is irrelevant in v1 since

+// we don't evaluate arithmetic.

+func (v Value) Truthy() bool {

+	switch v.Kind {

+	case KindBool:

+		return v.B

+	case KindString:

+		return v.S != ""

+	}

+	return false

+}

+

+// Context is the read-only state Eval consults for Ref lookups. The

+// caller (S41b trigger pipeline, S41d runner) populates it from the

+// triggering domain_event, the workflow's resolved env / secrets /

+// vars, and the standard `shithub.*` slots.

+//

+// Untrusted is the set of namespace prefixes whose values come from

+// user-controlled sources (the event payload). Refs landing inside

+// any of these get Tainted=true. The default is just "shithub.event"

+// — we may extend in v2 if other namespaces grow user-controlled

+// fields.

+type Context struct {

+	Secrets   map[string]string

+	Vars      map[string]string

+	Env       map[string]string

+	Shithub   ShithubContext

+	Untrusted map[string]struct{} // namespace prefixes

+	JobStatus JobStatus           // for success()/failure()/always()/cancelled()

+}

+

+// ShithubContext is the typed `shithub.*` slot. Event is a free-form

+// map (the trigger payload, JSON-decoded); the named scalars are

+// pre-resolved.

+type ShithubContext struct {

+	Event map[string]any

+	RunID string

+	SHA   string

+	Ref   string

+	Actor string

+}

+

+// JobStatus is the rolling status the success()/failure()/always()/

+// cancelled() functions consult. Filled by the runner before eval.

+type JobStatus struct {

+	Failed    bool

+	Cancelled bool

+}

+

+// DefaultUntrusted returns the standard taint-source allowlist:

+// shithub.event.* is user-controlled, everything else is trusted.

+func DefaultUntrusted() map[string]struct{} {

+	return map[string]struct{}{

+		"shithub.event": {},

+	}

+}

+

+// Eval reduces e against ctx. Errors are precise references back to

+// the AST node ("unknown function 'fromJSON'", "secret 'X' not bound",

+// etc.). Eval never panics on well-formed input.

+func Eval(e Expr, ctx *Context) (Value, error) {

+	switch n := e.(type) {

+	case LitString:

+		return Value{Kind: KindString, S: n.V}, nil

+	case LitBool:

+		return Value{Kind: KindBool, B: n.V}, nil

+	case LitNull:

+		return Value{Kind: KindNull}, nil

+	case Ref:

+		return evalRef(n, ctx)

+	case Call:

+		return evalCall(n, ctx)

+	case Unary:

+		x, err := Eval(n.X, ctx)

+		if err != nil {

+			return Value{}, err

+		}

+		return Value{Kind: KindBool, B: !x.Truthy(), Tainted: x.Tainted}, nil

+	case Binary:

+		return evalBinary(n, ctx)

+	}

+	return Value{}, fmt.Errorf("expr: unknown AST node type")

+}

+

+// evalRef walks a dotted path. The first segment selects the

+// namespace; subsequent segments index into it. Anything outside the

+// allowlist is an error so we don't silently let workflows reach for

+// e.g. `runner.os` (which we don't define).

+func evalRef(r Ref, ctx *Context) (Value, error) {

+	if len(r.Path) == 0 {

+		return Value{}, fmt.Errorf("expr: empty reference")

+	}

+	root := r.Path[0]

+	tainted := isUntrusted(r.Path, ctx.Untrusted)

+	switch root {

+	case "secrets":

+		if len(r.Path) != 2 {

+			return Value{}, fmt.Errorf("expr: secrets.<name> requires exactly one member")

+		}

+		v, ok := ctx.Secrets[r.Path[1]]

+		if !ok {

+			return Value{}, fmt.Errorf("expr: secret %q not bound", r.Path[1])

+		}

+		// Secrets are NEVER tainted — they're operator-controlled.

+		// The runner's log scrubber (S41e) replaces their values in

+		// log output, but the shell-injection guard cares about

+		// untrusted-source taint, not secret-vs-not.

+		return Value{Kind: KindString, S: v}, nil

+	case "vars":

+		if len(r.Path) != 2 {

+			return Value{}, fmt.Errorf("expr: vars.<name> requires exactly one member")

+		}

+		v, ok := ctx.Vars[r.Path[1]]

+		if !ok {

+			// Missing var resolves to empty string (matches GHA).

+			return Value{Kind: KindString, S: ""}, nil

+		}

+		return Value{Kind: KindString, S: v}, nil

+	case "env":

+		if len(r.Path) != 2 {

+			return Value{}, fmt.Errorf("expr: env.<name> requires exactly one member")

+		}

+		v, ok := ctx.Env[r.Path[1]]

+		if !ok {

+			return Value{Kind: KindString, S: ""}, nil

+		}

+		return Value{Kind: KindString, S: v}, nil

+	case "shithub":

+		return evalShithub(r.Path[1:], ctx, tainted)

+	}

+	return Value{}, fmt.Errorf("expr: unknown namespace %q (allowed: secrets, vars, env, shithub)", root)

+}

+

+func evalShithub(rest []string, ctx *Context, tainted bool) (Value, error) {

+	if len(rest) == 0 {

+		return Value{}, fmt.Errorf("expr: shithub.<...> requires a member")

+	}

+	switch rest[0] {

+	case "run_id":

+		return Value{Kind: KindString, S: ctx.Shithub.RunID}, nil

+	case "sha":

+		return Value{Kind: KindString, S: ctx.Shithub.SHA}, nil

+	case "ref":

+		return Value{Kind: KindString, S: ctx.Shithub.Ref}, nil

+	case "actor":

+		return Value{Kind: KindString, S: ctx.Shithub.Actor}, nil

+	case "event":

+		return evalEventPath(rest[1:], ctx.Shithub.Event, tainted)

+	}

+	return Value{}, fmt.Errorf("expr: unknown shithub field %q (allowed: run_id, sha, ref, actor, event)", rest[0])

+}

+

+// evalEventPath walks into a JSON-decoded map. Missing keys resolve

+// to null (GHA convention). Every value here is tainted because the

+// payload is user-controlled.

+func evalEventPath(path []string, event map[string]any, tainted bool) (Value, error) {

+	var cur any = event

+	for _, key := range path {

+		m, ok := cur.(map[string]any)

+		if !ok {

+			return Value{Kind: KindNull, Tainted: tainted}, nil

+		}

+		cur = m[key]

+	}

+	if cur == nil {

+		return Value{Kind: KindNull, Tainted: tainted}, nil

+	}

+	switch v := cur.(type) {

+	case string:

+		return Value{Kind: KindString, S: v, Tainted: tainted}, nil

+	case bool:

+		return Value{Kind: KindBool, B: v, Tainted: tainted}, nil

+	case float64:

+		return Value{Kind: KindString, S: fmt.Sprintf("%v", v), Tainted: tainted}, nil

+	}

+	// Maps + slices stringify in JSON-like form for if-comparisons.

+	return Value{Kind: KindString, S: fmt.Sprintf("%v", cur), Tainted: tainted}, nil

+}

+

+// isUntrusted checks if r.Path traces into any prefix in the untrusted

+// set. Prefixes are dot-joined like "shithub.event"; a path matches

+// when it equals or extends the prefix.

+func isUntrusted(path []string, untrusted map[string]struct{}) bool {

+	if len(untrusted) == 0 {

+		return false

+	}

+	for i := range path {

+		joined := strings.Join(path[:i+1], ".")

+		if _, ok := untrusted[joined]; ok {

+			return true

+		}

+	}

+	return false

+}

+

+// evalCall dispatches the seven allowlisted functions. Any other call

+// is an error — this is the closed door the campaign §"Risks" warns

+// about ("expression evaluator is a footgun if permissive"). Adding

+// a function requires a security note in the commit message.

+func evalCall(c Call, ctx *Context) (Value, error) {

+	switch c.Name {

+	case "contains":

+		return strFnArity2(c, ctx, "contains", strings.Contains)

+	case "startsWith":

+		return strFnArity2(c, ctx, "startsWith", strings.HasPrefix)

+	case "endsWith":

+		return strFnArity2(c, ctx, "endsWith", strings.HasSuffix)

+	case "success":

+		if len(c.Args) != 0 {

+			return Value{}, fmt.Errorf("expr: success() takes no arguments")

+		}

+		return Value{Kind: KindBool, B: !ctx.JobStatus.Failed && !ctx.JobStatus.Cancelled}, nil

+	case "failure":

+		if len(c.Args) != 0 {

+			return Value{}, fmt.Errorf("expr: failure() takes no arguments")

+		}

+		return Value{Kind: KindBool, B: ctx.JobStatus.Failed && !ctx.JobStatus.Cancelled}, nil

+	case "always":

+		if len(c.Args) != 0 {

+			return Value{}, fmt.Errorf("expr: always() takes no arguments")

+		}

+		return Value{Kind: KindBool, B: true}, nil

+	case "cancelled":

+		if len(c.Args) != 0 {

+			return Value{}, fmt.Errorf("expr: cancelled() takes no arguments")

+		}

+		return Value{Kind: KindBool, B: ctx.JobStatus.Cancelled}, nil

+	}

+	return Value{}, fmt.Errorf("expr: unknown function %q (allowed: contains, startsWith, endsWith, success, failure, always, cancelled)", c.Name)

+}

+

+func strFnArity2(c Call, ctx *Context, name string, fn func(string, string) bool) (Value, error) {

+	if len(c.Args) != 2 {

+		return Value{}, fmt.Errorf("expr: %s() takes 2 arguments, got %d", name, len(c.Args))

+	}

+	a, err := Eval(c.Args[0], ctx)

+	if err != nil {

+		return Value{}, err

+	}

+	b, err := Eval(c.Args[1], ctx)

+	if err != nil {

+		return Value{}, err

+	}

+	tainted := a.Tainted || b.Tainted

+	return Value{Kind: KindBool, B: fn(a.String(), b.String()), Tainted: tainted}, nil

+}

+

+func evalBinary(n Binary, ctx *Context) (Value, error) {

+	l, err := Eval(n.L, ctx)

+	if err != nil {

+		return Value{}, err

+	}

+	switch n.Op {

+	case "&&":

+		if !l.Truthy() {

+			return l, nil // short-circuit — preserves taint

+		}

+		r, err := Eval(n.R, ctx)

+		if err != nil {

+			return Value{}, err

+		}

+		return Value{Kind: r.Kind, S: r.S, B: r.B, Tainted: l.Tainted || r.Tainted}, nil

+	case "||":

+		if l.Truthy() {

+			return l, nil

+		}

+		r, err := Eval(n.R, ctx)

+		if err != nil {

+			return Value{}, err

+		}

+		return Value{Kind: r.Kind, S: r.S, B: r.B, Tainted: l.Tainted || r.Tainted}, nil

+	}

+	r, err := Eval(n.R, ctx)

+	if err != nil {

+		return Value{}, err

+	}

+	tainted := l.Tainted || r.Tainted

+	switch n.Op {

+	case "==":

+		return Value{Kind: KindBool, B: valuesEqual(l, r), Tainted: tainted}, nil

+	case "!=":

+		return Value{Kind: KindBool, B: !valuesEqual(l, r), Tainted: tainted}, nil

+	}

+	return Value{}, fmt.Errorf("expr: unknown binary operator %q", n.Op)

+}

+

+func valuesEqual(a, b Value) bool {

+	if a.Kind == KindNull || b.Kind == KindNull {

+		return a.Kind == b.Kind

+	}

+	if a.Kind == KindBool && b.Kind == KindBool {

+		return a.B == b.B

+	}

+	return a.String() == b.String()

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+// Package expr is the strict-allowlist expression evaluator for

+// `${{ … }}` blocks in workflow files.

+//

+// The evaluator is intentionally tiny:

+//   - Allowed namespaces: secrets, env, vars, shithub.event, shithub.run_id,

+//     shithub.sha, shithub.ref, shithub.actor.

+//   - Allowed functions: contains, startsWith, endsWith,

+//     success(), failure(), always(), cancelled().

+//   - Operators: && || ! == != binary string concat (none — we don't

+//     support arithmetic or anything else in v1).

+//

+// Anything outside that set is an evaluation error. This is the load-

+// bearing security surface — the more we accept, the more attack

+// surface we open. Future expansion goes through a reviewer-required

+// note in the commit message (per the campaign §"Risks": "block any

+// S41 PR that adds an evaluator function without a security note").

+//

+// Every produced Value carries a Tainted bool. References that

+// resolve into the shithub.event.* namespace are tagged Tainted=true;

+// taint propagates through string concatenation, comparisons (the

+// boolean output isn't tainted, but the comparison operands' values

+// are checked), and function returns.

+package expr

+

+import (

+	"fmt"

+	"strings"

+	"unicode"

+)

+

+// TokenKind classifies a lexed token.

+type TokenKind int

+

+const (

+	TokInvalid TokenKind = iota

+	TokIdent             // foo, secrets, shithub

+	TokDot               // .

+	TokLParen            // (

+	TokRParen            // )

+	TokComma             // ,

+	TokString            // 'literal' (single-quoted only — GHA convention)

+	TokBool              // true | false

+	TokNull              // null

+	TokAnd               // &&

+	TokOr                // ||

+	TokNot               // !

+	TokEq                // ==

+	TokNe                // !=

+	TokEOF

+)

+

+// Token is a single lexed unit. Pos is the byte offset in the original

+// source (useful for diagnostic spans).

+type Token struct {

+	Kind  TokenKind

+	Value string

+	Pos   int

+}

+

+func (k TokenKind) String() string {

+	switch k {

+	case TokIdent:

+		return "identifier"

+	case TokDot:

+		return "."

+	case TokLParen:

+		return "("

+	case TokRParen:

+		return ")"

+	case TokComma:

+		return ","

+	case TokString:

+		return "string literal"

+	case TokBool:

+		return "boolean"

+	case TokNull:

+		return "null"

+	case TokAnd:

+		return "&&"

+	case TokOr:

+		return "||"

+	case TokNot:

+		return "!"

+	case TokEq:

+		return "=="

+	case TokNe:

+		return "!="

+	case TokEOF:

+		return "end of input"

+	}

+	return "invalid"

+}

+

+// Lex returns the token stream for src or an error on the first lexical

+// problem. Whitespace is skipped silently. The lexer doesn't strip the

+// surrounding `${{ … }}` — the caller does that before calling Lex.

+func Lex(src string) ([]Token, error) {

+	var out []Token

+	i := 0

+	for i < len(src) {

+		c := src[i]

+		switch {

+		case c == ' ' || c == '\t' || c == '\n' || c == '\r':

+			i++

+		case c == '.':

+			out = append(out, Token{Kind: TokDot, Value: ".", Pos: i})

+			i++

+		case c == '(':

+			out = append(out, Token{Kind: TokLParen, Value: "(", Pos: i})

+			i++

+		case c == ')':

+			out = append(out, Token{Kind: TokRParen, Value: ")", Pos: i})

+			i++

+		case c == ',':

+			out = append(out, Token{Kind: TokComma, Value: ",", Pos: i})

+			i++

+		case c == '\'':

+			tok, n, err := lexString(src[i:], i)

+			if err != nil {

+				return nil, err

+			}

+			out = append(out, tok)

+			i += n

+		case c == '&':

+			if i+1 < len(src) && src[i+1] == '&' {

+				out = append(out, Token{Kind: TokAnd, Value: "&&", Pos: i})

+				i += 2

+			} else {

+				return nil, fmt.Errorf("expr: stray '&' at offset %d (expected '&&')", i)

+			}

+		case c == '|':

+			if i+1 < len(src) && src[i+1] == '|' {

+				out = append(out, Token{Kind: TokOr, Value: "||", Pos: i})

+				i += 2

+			} else {

+				return nil, fmt.Errorf("expr: stray '|' at offset %d (expected '||')", i)

+			}

+		case c == '!':

+			if i+1 < len(src) && src[i+1] == '=' {

+				out = append(out, Token{Kind: TokNe, Value: "!=", Pos: i})

+				i += 2

+			} else {

+				out = append(out, Token{Kind: TokNot, Value: "!", Pos: i})

+				i++

+			}

+		case c == '=':

+			if i+1 < len(src) && src[i+1] == '=' {

+				out = append(out, Token{Kind: TokEq, Value: "==", Pos: i})

+				i += 2

+			} else {

+				return nil, fmt.Errorf("expr: stray '=' at offset %d (expected '==')", i)

+			}

+		case isIdentStart(c):

+			tok, n := lexIdent(src[i:], i)

+			out = append(out, tok)

+			i += n

+		default:

+			return nil, fmt.Errorf("expr: unexpected character %q at offset %d", c, i)

+		}

+	}

+	out = append(out, Token{Kind: TokEOF, Pos: i})

+	return out, nil

+}

+

+func lexString(src string, basePos int) (Token, int, error) {

+	if len(src) < 2 {

+		return Token{}, 0, fmt.Errorf("expr: unterminated string at offset %d", basePos)

+	}

+	// Walk until matching '. GHA expressions do NOT support backslash

+	// escapes; the only escape is doubling the quote: '' produces '.

+	var b strings.Builder

+	i := 1 // skip opening '

+	for i < len(src) {

+		c := src[i]

+		if c == '\'' {

+			if i+1 < len(src) && src[i+1] == '\'' {

+				b.WriteByte('\'')

+				i += 2

+				continue

+			}

+			return Token{Kind: TokString, Value: b.String(), Pos: basePos}, i + 1, nil

+		}

+		b.WriteByte(c)

+		i++

+	}

+	return Token{}, 0, fmt.Errorf("expr: unterminated string at offset %d", basePos)

+}

+

+func lexIdent(src string, basePos int) (Token, int) {

+	i := 0

+	for i < len(src) && isIdentChar(src[i]) {

+		i++

+	}

+	v := src[:i]

+	switch v {

+	case "true", "false":

+		return Token{Kind: TokBool, Value: v, Pos: basePos}, i

+	case "null":

+		return Token{Kind: TokNull, Value: v, Pos: basePos}, i

+	}

+	return Token{Kind: TokIdent, Value: v, Pos: basePos}, i

+}

+

+func isIdentStart(c byte) bool {

+	return unicode.IsLetter(rune(c)) || c == '_'

+}

+

+func isIdentChar(c byte) bool {

+	return unicode.IsLetter(rune(c)) || unicode.IsDigit(rune(c)) || c == '_'

+}

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package expr

+

+import "fmt"

+

+// Expr is the AST node interface. Each concrete type captures one

+// kind of expression we support.

+type Expr interface {

+	exprNode()

+}

+

+// LitString is a quoted string literal in the expression source.

+type LitString struct{ V string }

+

+// LitBool is `true` or `false`.

+type LitBool struct{ V bool }

+

+// LitNull is the `null` keyword. Used in equality checks against

+// possibly-missing context fields.

+type LitNull struct{}

+

+// Ref is a dotted reference like `secrets.MY_SECRET` or

+// `shithub.event.pull_request.title`. Path is a non-empty slice of

+// identifiers (the lexer enforces leading-letter idents).

+type Ref struct{ Path []string }

+

+// Call is a function invocation: `contains('foo', 'bar')`. Name is

+// validated against the allowlist at eval time, not parse time, so

+// we can produce a precise error pointing at the call site.

+type Call struct {

+	Name string

+	Args []Expr

+}

+

+// Unary is `!x`.

+type Unary struct {

+	Op string // "!"

+	X  Expr

+}

+

+// Binary is `x op y`. Op ∈ {==, !=, &&, ||}. Concat would go here too

+// if we supported it (we don't in v1 — we tell users to use shell-side

+// concat in `run:`).

+type Binary struct {

+	Op string

+	L  Expr

+	R  Expr

+}

+

+func (LitString) exprNode() {}

+func (LitBool) exprNode()   {}

+func (LitNull) exprNode()   {}

+func (Ref) exprNode()       {}

+func (Call) exprNode()      {}

+func (Unary) exprNode()     {}

+func (Binary) exprNode()    {}

+

+// Parse turns a token stream into an AST. The grammar is small enough

+// that we hand-write a recursive-descent parser with explicit

+// precedence: || → && → equality → unary → primary.

+func Parse(tokens []Token) (Expr, error) {

+	p := &parser{tokens: tokens}

+	e, err := p.parseOr()

+	if err != nil {

+		return nil, err

+	}

+	if p.peek().Kind != TokEOF {

+		t := p.peek()

+		return nil, fmt.Errorf("expr: unexpected %s after expression at offset %d", t.Kind, t.Pos)

+	}

+	return e, nil

+}

+

+type parser struct {

+	tokens []Token

+	pos    int

+}

+

+func (p *parser) peek() Token { return p.tokens[p.pos] }

+func (p *parser) advance() Token {

+	t := p.tokens[p.pos]

+	p.pos++

+	return t

+}

+

+func (p *parser) parseOr() (Expr, error) {

+	left, err := p.parseAnd()

+	if err != nil {

+		return nil, err

+	}

+	for p.peek().Kind == TokOr {

+		op := p.advance().Value

+		right, err := p.parseAnd()

+		if err != nil {

+			return nil, err

+		}

+		left = Binary{Op: op, L: left, R: right}

+	}

+	return left, nil

+}

+

+func (p *parser) parseAnd() (Expr, error) {

+	left, err := p.parseEquality()

+	if err != nil {

+		return nil, err

+	}

+	for p.peek().Kind == TokAnd {

+		op := p.advance().Value

+		right, err := p.parseEquality()

+		if err != nil {

+			return nil, err

+		}

+		left = Binary{Op: op, L: left, R: right}

+	}

+	return left, nil

+}

+

+func (p *parser) parseEquality() (Expr, error) {

+	left, err := p.parseUnary()

+	if err != nil {

+		return nil, err

+	}

+	for p.peek().Kind == TokEq || p.peek().Kind == TokNe {

+		op := p.advance().Value

+		right, err := p.parseUnary()

+		if err != nil {

+			return nil, err

+		}

+		left = Binary{Op: op, L: left, R: right}

+	}

+	return left, nil

+}

+

+func (p *parser) parseUnary() (Expr, error) {

+	if p.peek().Kind == TokNot {

+		p.advance()

+		x, err := p.parseUnary()

+		if err != nil {

+			return nil, err

+		}

+		return Unary{Op: "!", X: x}, nil

+	}

+	return p.parsePrimary()

+}

+

+func (p *parser) parsePrimary() (Expr, error) {

+	t := p.peek()

+	switch t.Kind {

+	case TokString:

+		p.advance()

+		return LitString{V: t.Value}, nil

+	case TokBool:

+		p.advance()

+		return LitBool{V: t.Value == "true"}, nil

+	case TokNull:

+		p.advance()

+		return LitNull{}, nil

+	case TokLParen:

+		p.advance()

+		e, err := p.parseOr()

+		if err != nil {

+			return nil, err

+		}

+		if p.peek().Kind != TokRParen {

+			return nil, fmt.Errorf("expr: expected ')' at offset %d", p.peek().Pos)

+		}

+		p.advance()

+		return e, nil

+	case TokIdent:

+		return p.parseRefOrCall()

+	}

+	return nil, fmt.Errorf("expr: unexpected %s at offset %d", t.Kind, t.Pos)

+}

+

+func (p *parser) parseRefOrCall() (Expr, error) {

+	first := p.advance()

+	// Function call: ident immediately followed by '('

+	if p.peek().Kind == TokLParen {

+		p.advance()

+		var args []Expr

+		if p.peek().Kind != TokRParen {

+			for {

+				a, err := p.parseOr()

+				if err != nil {

+					return nil, err

+				}

+				args = append(args, a)

+				if p.peek().Kind == TokComma {

+					p.advance()

+					continue

+				}

+				break

+			}

+		}

+		if p.peek().Kind != TokRParen {

+			return nil, fmt.Errorf("expr: expected ')' to close call at offset %d", p.peek().Pos)

+		}

+		p.advance()

+		return Call{Name: first.Value, Args: args}, nil

+	}

+	// Otherwise it's a dotted reference. Walk subsequent `.ident`

+	// segments. The base segment IS allowed to stand alone (e.g.

+	// `secrets`) but we'll catch that at eval as "namespace requires

+	// a member".

+	path := []string{first.Value}

+	for p.peek().Kind == TokDot {

+		p.advance()

+		next := p.peek()

+		if next.Kind != TokIdent {

+			return nil, fmt.Errorf("expr: expected identifier after '.' at offset %d", next.Pos)

+		}

+		p.advance()

+		path = append(path, next.Value)

+	}

+	return Ref{Path: path}, nil

+}