zeph-tools
Tool executor trait with shell, web scrape, and composite executors for Zeph.
Overview
Defines the ToolExecutor trait for sandboxed tool invocation and ships concrete executors for shell commands, file operations, and web scraping. The CompositeExecutor chains multiple backends with output filtering, permission checks, trust gating, anomaly detection, and audit logging.
Key modules
| Module | Description |
|---|---|
executor |
ToolExecutor trait, ToolOutput, ToolCall; DynExecutor newtype wrapping Arc<dyn ErasedToolExecutor> for object-safe executor composition |
shell |
Shell command executor with tokenizer-based command detection, escape normalization, and transparent wrapper skipping; receives skill-scoped env vars injected by the agent for active skills that declare x-requires-secrets |
file |
File operation executor |
scrape |
Web scraping executor with SSRF protection (post-DNS private IP validation, pinned address client) |
composite |
CompositeExecutor — chains executors with middleware |
filter |
Output filtering pipeline — unified declarative TOML engine with 9 strategy types (strip_noise, truncate, keep_matching, strip_annotated, test_summary, group_by_rule, git_status, git_diff, dedup) and 19 embedded built-in rules; user-configurable via filters.toml |
permissions |
Permission checks for tool invocation |
audit |
AuditLogger — tool execution audit trail |
registry |
Tool registry and discovery |
trust_gate |
Trust-based tool access control |
anomaly |
AnomalyDetector — unusual execution pattern detection |
overflow |
Large output offload to filesystem — configurable threshold (default 50K chars), retention-based cleanup with symlink-safe deletion, 0o600 file permissions on Unix, path canonicalization |
config |
Per-tool TOML configuration; OverflowConfig for [tools.overflow] section (threshold, retention_days, optional custom dir) |
Re-exports: CompositeExecutor, AuditLogger, AnomalyDetector
Installation
License
MIT