Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var BaseEnvKeys = []string{
"PATH",
"HOME",
"USER",
"TMPDIR",
"LANG",
"TERM",
"SHELL",
"XDG_CONFIG_HOME",
"XDG_CACHE_HOME",
"XDG_DATA_HOME",
"XDG_RUNTIME_DIR",
}
BaseEnvKeys are always passed through env -i to ensure a functioning Unix environment. These are read-only identifiers and paths — no secrets.
Functions ¶
func NewShellTool ¶
func NewShellTool(executor codeexecutor.CodeExecutor, secrets security.SecretProvider, config ShellToolConfig) tool.Tool
NewShellTool creates a new ShellTool with the given executor, secret provider, and config. Environment filtering is always active — only PATH (plus any keys listed in config.AllowedEnv) is resolved via the SecretProvider and injected into the shell process.
Types ¶
type ShellTool ¶
type ShellTool struct {
// contains filtered or unexported fields
}
ShellTool is a simplified tool for running shell commands. It wraps a codeexecutor.CodeExecutor but exposes a simpler "command" interface that is friendlier to models than the full codeexec.Tool.
func (*ShellTool) AllowedEnvKeys ¶
AllowedEnvKeys returns the set of allowed env var names (for testing).
func (*ShellTool) Declaration ¶
func (t *ShellTool) Declaration() *tool.Declaration
type ShellToolConfig ¶
type ShellToolConfig struct {
// AllowedEnv controls which environment variables are visible to shell
// commands. Only listed variables (plus base Unix variables like PATH,
// HOME, TMPDIR, etc.) are resolved via the SecretProvider and injected.
// When empty or nil, only the base Unix variables are visible.
AllowedEnv []string `yaml:"allowed_env" toml:"allowed_env"`
// Timeout overrides the default 10-minute shell execution timeout.
// Use Go duration syntax (e.g. "5m", "30s").
Timeout time.Duration `yaml:"timeout,omitempty" toml:"timeout,omitempty"`
}
ShellToolConfig configures the run_shell tool's security behaviour.
Source Files