Module exec_tool 

Unified execution tool for Oxios agents.

Provides two execution modes:

• shell — Execute a raw command string via bash -c <cmd>. Intended for general-purpose workspace commands (compilation, tests, etc.).

• structured — Execute a binary with explicit args, subject to allowlist enforcement and shell-metacharacter blocking. Intended for host-sensitive operations (git, gh, osascript, open) that need stricter control.

Security model

shell mode: runs through bash -c — the command string is passed as-is. Access control is enforced upstream by AccessManager (RBAC, path sandboxing).

structured mode: binary must be in the allowlist (from ExecConfig), and all arguments are validated against shell metacharacters (;, |, $, backtick, <, >, etc.) and path traversal (..).

Structs

ExecResult

Result of a command execution.

ExecTool

Unified execution tool for agents.