cognis 0.2.0

LLM application framework built on cognis-core
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191

//! Shell command execution tool.
//!
//! Executes shell commands via `tokio::process::Command` with optional command
//! whitelisting and configurable timeout.

use async_trait::async_trait;
use cognis_core::error::{CognisError, Result};
use cognis_core::tools::base::BaseTool;
use cognis_core::tools::types::{ToolInput, ToolOutput};
use serde_json::{json, Value};
use std::time::Duration;

/// Execute shell commands safely.
pub struct ShellTool {
    /// Optional whitelist of allowed command prefixes. `None` means allow all.
    pub allowed_commands: Option<Vec<String>>,
    /// Optional working directory for command execution.
    pub working_dir: Option<String>,
    /// Timeout in seconds (default: 30).
    pub timeout_secs: u64,
}

impl Default for ShellTool {
    fn default() -> Self {
        Self {
            allowed_commands: None,
            working_dir: None,
            timeout_secs: 30,
        }
    }
}

#[async_trait]
impl BaseTool for ShellTool {
    fn name(&self) -> &str {
        "shell"
    }

    fn description(&self) -> &str {
        "Execute shell commands. Use with caution."
    }

    fn args_schema(&self) -> Option<Value> {
        Some(json!({
            "type": "object",
            "properties": {
                "command": {
                    "type": "string"
                }
            },
            "required": ["command"]
        }))
    }

    async fn _run(&self, input: ToolInput) -> Result<ToolOutput> {
        let command = extract_command(&input)?;

        // Validate against allowed commands whitelist
        if let Some(ref allowed) = self.allowed_commands {
            let cmd_trimmed = command.trim();
            let is_allowed = allowed.iter().any(|prefix| {
                cmd_trimmed == prefix.as_str() || cmd_trimmed.starts_with(&format!("{} ", prefix))
            });
            if !is_allowed {
                return Err(CognisError::ToolException(format!(
                    "Command not allowed: '{command}'. Allowed commands: {allowed:?}"
                )));
            }
        }

        let mut cmd = tokio::process::Command::new("sh");
        cmd.arg("-c").arg(&command);

        if let Some(ref dir) = self.working_dir {
            cmd.current_dir(dir);
        }

        let output = tokio::time::timeout(Duration::from_secs(self.timeout_secs), cmd.output())
            .await
            .map_err(|_| {
                CognisError::ToolException(format!(
                    "Command timed out after {} seconds",
                    self.timeout_secs
                ))
            })?
            .map_err(|e| CognisError::ToolException(format!("Failed to execute command: {e}")))?;

        let stdout = String::from_utf8_lossy(&output.stdout);
        let stderr = String::from_utf8_lossy(&output.stderr);

        let combined = if stderr.is_empty() {
            stdout.to_string()
        } else if stdout.is_empty() {
            stderr.to_string()
        } else {
            format!("{stdout}{stderr}")
        };

        Ok(ToolOutput::Content(Value::String(combined)))
    }
}

/// Extract the command string from various input formats.
fn extract_command(input: &ToolInput) -> Result<String> {
    match input {
        ToolInput::Text(s) => Ok(s.clone()),
        ToolInput::Structured(map) => {
            if let Some(Value::String(cmd)) = map.get("command") {
                Ok(cmd.clone())
            } else {
                Err(CognisError::ToolValidationError(
                    "Missing required field 'command'".into(),
                ))
            }
        }
        ToolInput::ToolCall(tc) => {
            if let Some(Value::String(cmd)) = tc.args.get("command") {
                Ok(cmd.clone())
            } else {
                Err(CognisError::ToolValidationError(
                    "Missing required field 'command'".into(),
                ))
            }
        }
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    #[tokio::test]
    async fn test_shell_echo() {
        let tool = ShellTool::default();
        let input = ToolInput::Structured(
            [(
                "command".to_string(),
                Value::String("echo hello".to_string()),
            )]
            .into_iter()
            .collect(),
        );
        let result = tool._run(input).await.unwrap();
        match result {
            ToolOutput::Content(Value::String(s)) => assert_eq!(s, "hello\n"),
            other => panic!("Expected Content(String), got: {other:?}"),
        }
    }

    #[tokio::test]
    async fn test_shell_with_allowed_commands() {
        let tool = ShellTool {
            allowed_commands: Some(vec!["echo".to_string()]),
            ..Default::default()
        };

        // Allowed command should succeed
        let input = ToolInput::Structured(
            [(
                "command".to_string(),
                Value::String("echo hello".to_string()),
            )]
            .into_iter()
            .collect(),
        );
        let result = tool._run(input).await;
        assert!(result.is_ok());

        // Blocked command should fail
        let input = ToolInput::Structured(
            [("command".to_string(), Value::String("rm -rf /".to_string()))]
                .into_iter()
                .collect(),
        );
        let result = tool._run(input).await;
        assert!(result.is_err());
        let err = result.unwrap_err();
        assert!(
            err.to_string().contains("not allowed"),
            "Expected 'not allowed' in error: {err}"
        );
    }

    #[tokio::test]
    async fn test_shell_via_run_json() {
        let tool = ShellTool::default();
        let input = serde_json::json!({"command": "echo test"});
        let result = tool.run_json(&input).await.unwrap();
        assert_eq!(result, Value::String("test\n".to_string()));
    }
}