Expand description
Sandboxed shell tool for agent subprocess execution.
Executes shell commands with capability-based allowlisting.
Commands are validated against Capability::Shell { allowed_commands }
before execution (Poka-Yoke: mistake-proofing).
Security constraints:
- Only allowlisted commands are executable
- Working directory is restricted
- Output is truncated to prevent context overflow
- Timeout enforced via
tokio::time::timeout(Jidoka)
Structsยง
- Shell
Tool - Sandboxed shell command execution.