Skip to content

Add BashTool for executing system commands with permissions #282

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ItsBarryZ wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add BashTool for executing system commands with permissions #282

ItsBarryZ wants to merge 1 commit into from

Conversation

@ItsBarryZ
Copy link
Collaborator

@ItsBarryZ ItsBarryZ commented Jul 7, 2025
edited
Loading

  • Implements configurable bash command execution tool
  • Supports granular permission control via allowed/denied commands
  • Allows directory restrictions and feature toggles (pipes, redirects)
  • Follows agents framework pattern with dynamic tool descriptions
  • Includes proper async execution with timeout support

@ItsBarryZ @claude
Add BashTool for executing system commands with permissions
88e89ff 
Implements configurable bash command execution tool with granular permission control.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <[email protected]>
@etd-23
Copy link
Collaborator

etd-23 commented Jul 7, 2025

Type Hints

Add Optional for nullable fields:

from typing import List, Optional

allowed_commands: Optional[List[str]] = field(default=None)
working_directories: Optional[List[str]] = field(default=None)

Security Issue

The startswith() check can be bypassed. If "ls" is allowed, "ls && rm -rf /" passes validation.

Consider exact matching or using shlex:

import shlex

def _is_command_allowed(self, command: str) -> bool:
    try:
        parsed = shlex.split(command)
        base_command = parsed[0] if parsed else ""
    except ValueError:
        return False
    
    if self.allowed_commands:
        return base_command in self.allowed_commands

@etd-23
Copy link
Collaborator

etd-23 commented Jul 7, 2025

mostly claude-code suggestions above. A little nit-picky on the typing, but agreed on the security point

rgb-prithvi
rgb-prithvi reviewed Jul 8, 2025
View reviewed changes
Copy link

@rgb-prithvi rgb-prithvi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM for the most part, but maybe we should add a small change to the notebook and / or documentation to highlight the tool and show it in action? otherwise I doubt most folks will see this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@rgb-prithvi rgb-prithvi rgb-prithvi left review comments

@kmk142789 kmk142789 kmk142789 approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ItsBarryZ @etd-23 @rgb-prithvi @kmk142789