shellwrap

package

v0.24.1 Latest Latest Go to latest Published: Apr 11, 2026 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/smart-mcp-proxy/mcpproxy-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package shellwrap provides platform-level helpers for wrapping commands in the user's login shell and for resolving tool binaries (e.g. docker) with PATH caching.

It exists so that both the upstream proxy code (internal/upstream/core) and the security scanner (internal/security/scanner) can share a single, well-tested implementation of shell quoting + login-shell wrapping instead of each rolling their own.

Index ¶

func MinimalEnv() []string
func ResolveDockerPath(logger *zap.Logger) (string, error)
func Shellescape(s string) string
func WrapWithUserShell(logger *zap.Logger, command string, args []string) (shell string, shellArgs []string)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func MinimalEnv ¶

func MinimalEnv() []string

MinimalEnv returns a minimal, allow-listed environment suitable for subprocesses that must NOT inherit the user's ambient credentials (e.g. AWS_ACCESS_KEY_ID, GITHUB_TOKEN, etc). It includes PATH + HOME on Unix and PATH + USERPROFILE on Windows so that `docker` itself still functions.

Callers that need TLS or Docker-specific variables (DOCKER_HOST, DOCKER_CONFIG, …) should append them explicitly.

func ResolveDockerPath ¶

func ResolveDockerPath(logger *zap.Logger) (string, error)

ResolveDockerPath returns the absolute path to the `docker` binary. The result is cached for the process lifetime so that repeated calls from hot paths (health checks, connection diagnostics) do not re-spawn a login shell on every invocation.

Resolution order:

exec.LookPath("docker") — cheap, works when mcpproxy was started from a terminal or when the LaunchAgent PATH already contains docker.
Fallback: ask the user's login shell `command -v docker` so we pick up Homebrew / Colima / Docker Desktop installs that only exist in the interactive PATH. This fallback is only run once.

func Shellescape ¶

func Shellescape(s string) string

Shellescape escapes a single argument for safe inclusion in a shell command string. On Unix it uses POSIX single-quoting; on Windows it performs a best-effort cmd.exe quoting.

This mirrors the implementation in internal/upstream/core so both code paths can converge on one function.

func WrapWithUserShell ¶

func WrapWithUserShell(logger *zap.Logger, command string, args []string) (shell string, shellArgs []string)

WrapWithUserShell wraps a command and its arguments in the user's login shell so the child process inherits the interactive PATH (important when mcpproxy is launched from a GUI / LaunchAgent on macOS).

It returns the shell to exec and the shell arguments (e.g. ["-l", "-c", "docker run ..."] on Unix, ["/c", "docker run ..."] on Windows cmd).

logger may be nil; when non-nil a debug line is emitted mirroring the existing upstream/core helper.

Types ¶

This section is empty.

Source Files ¶

View all Source files

shellwrap.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL