llm-multiverse/llm-multiverse
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
987ecbb2c38f0f8913a1aa5ff643c7d47a6a08fc
llm-multiverse/implementation-plans/issue-085.md
Pi Agent aadacefd65 docs: mark issue #85 as COMPLETED 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 07:58:43 +01:00

2.4 KiB
Raw Blame History

Issue #85: Implement run_shell and package_install executors

Field Value
Issue #85
Title Implement run_shell and package_install executors
Milestone Phase 10: Remaining Agent Types
Status COMPLETED
Language Rust
Related Plans issue-058.md, issue-082.md, issue-083.md

Acceptance Criteria

  • run_shell: execute shell commands with timeout and output capture
  • run_shell: environment variable injection (non-secret)
  • run_shell: working directory configuration
  • package_install: install system packages via appropriate package manager
  • package_install: support apt, dnf, pacman detection
  • Both tools enforce path and network restrictions via Tool Broker
  • Dangerous command detection (rm -rf /, dd, etc.) with warning

Implementation Summary

Files Created

  • services/tool-broker/src/executors/common.rs — Shared execution utilities (ExecutionResult, run_with_timeout, apply_resource_limits)
  • services/tool-broker/src/executors/run_shell.rs — RunShellExecutor with dangerous command detection, env var injection, working_dir support
  • services/tool-broker/src/executors/package_install.rs — PackageInstallExecutor with package manager detection, name validation

Files Modified

  • services/tool-broker/src/executors/run_code.rs — Refactored to import shared utilities from common.rs
  • services/tool-broker/src/executors/mod.rs — Added new modules and registration functions
  • services/tool-broker/src/discovery.rs — Expanded run_shell and package_install tool definitions

Key Design Decisions

  • Extracted common execution utilities (ExecutionResult, run_with_timeout, apply_resource_limits) from run_code.rs into common.rs
  • Dangerous command detection uses substring matching with word boundary awareness to avoid false positives
  • Pipe-to-shell detection (curl ... | sh) uses segment analysis rather than simple substring matching
  • Package names validated with strict character whitelist to prevent shell injection
  • PackageInstallExecutor uses direct Command::new (not /bin/sh -c) to prevent injection through package names
  • env_* parameter convention: strip prefix, uppercase key, inject as environment variable

Deviation Log

Deviation Reason
Used pipe segment analysis instead of substring for curl|sh detection Simple substring matching failed when URL appeared between curl and pipe
Reference in New Issue View Git Blame Copy Permalink