# ShellCheck Compliance Required
## Rule
All Bash scripts MUST pass ShellCheck with zero warnings. Use inline directives only for documented false positives, never to suppress legitimate issues.
## Format
```bash
# Run ShellCheck on every script
shellcheck script.sh
# Check all scripts in a project
shellcheck **/*.sh
```
## Critical ShellCheck Rules
| Code | Issue | Fix |
|------|-------|-----|
| SC2086 | Unquoted variable | Always quote: "$var" |
| SC2046 | Unquoted command substitution | Quote: "$(cmd)" |
| SC2006 | Legacy backticks | Use $(command) instead |
| SC2064 | Trap with expanding variables | Use single quotes in trap |
| SC2155 | Declare and assign separately | Split: local var; var=$(cmd) |
## Good Examples
```bash
#!/usr/bin/env bash
set -euo pipefail
readonly file_path="${1:?Usage: script.sh <file>}"
# Properly quoted variables
if [[ -f "${file_path}" ]]; then
line_count=$(wc -l < "${file_path}")
echo "Lines: ${line_count}"
fi
# Proper array handling
files=("file1.txt" "file2.txt" "file 3.txt")
for f in "${files[@]}"; do
echo "Processing: ${f}"
done
```
## Bad Examples
```bash
#!/bin/bash
# SC2086: Double quote to prevent word splitting
for f in $(ls *.txt); do # Breaks on spaces in filenames
cat $f # Unquoted variable
done
# SC2006: Use $(...) instead of backticks
count=\`wc -l file.txt\`
# SC2155: Declare and assign separately
local result=$(some_command) # Masks exit code
```
## Inline Suppressions (Use Sparingly)
```bash
# Acceptable: documented false positive
# shellcheck disable=SC2029
ssh server "echo ${remote_var}" # Intentionally expanded remotely
# NOT acceptable: suppressing real issues
# shellcheck disable=SC2086
rm -rf $dir # NEVER suppress quoting warnings
```
## Enforcement
- Install ShellCheck in CI: `apt-get install shellcheck`
- Pre-commit hook: `shellcheck --severity=warning *.sh`
- IDE integration: VS Code ShellCheck extension for real-time linting