Struct ExecTool 

pub struct ExecTool { /* private fields */ }

Unified execution tool for agents.

Wraps both shell-string and structured binary+args execution behind a single AgentTool implementation that uses a mode parameter to dispatch to the appropriate method.

Access control is enforced based on agent_name:

• shell_exec: audit logging (cannot sandbox arbitrary shell).
• structured_exec: pre-flight permission check via AccessManager.

Implementations

impl ExecTool

pub fn new( config: SharedExecConfig, access: Arc<Mutex<AccessManager>>, context: AgentContext, ) -> Self

Create a new ExecTool with an AgentContext (production path).

All executions are attributed to the agent and pass through access checks.

pub fn new_gated( config: SharedExecConfig, context: AgentContext, gate: Arc<AccessGate>, ) -> Self

Create a gated ExecTool with both context and access gate.

pub fn from_kernel_with_context( kernel: &KernelHandle, context: AgentContext, ) -> Self

Create an ExecTool from a [KernelHandle] with an agent context.

This is the primary production constructor.

pub fn from_kernel(kernel: &KernelHandle) -> Self

Create an ExecTool from a [KernelHandle] (legacy, no context).

Binds the tool to the default agent name "oxios-agent". Prefer from_kernel_with_context for full security.

pub fn for_agent( config: SharedExecConfig, access: Arc<Mutex<AccessManager>>, _agent_name: String, ) -> Self

Create a new ExecTool bound to a specific agent name (legacy).

Prefer new() with AgentContext for full security.

pub fn new_unrestricted( config: SharedExecConfig, access: Arc<Mutex<AccessManager>>, ) -> Self

Legacy constructor without agent context (for backward compatibility).

Warning: This bypasses the new AgentContext / AccessGate path. Use only for migration or testing.

pub async fn shell_exec( &self, command: &str, timeout_ms: u64, shutdown: Option<Receiver<()>>, ) -> Result<ExecResult, String>

Execute a raw command string via bash -c <cmd>.

Primary shell execution path. The entire command string is forwarded to bash -c, so pipelines, redirects, and compound commands all work.

If a shutdown signal is provided and fires before the command completes, the child process is killed and an error is returned.

pub async fn structured_exec( &self, binary: &str, args: Vec<String>, timeout_ms: u64, shutdown: Option<Receiver<()>>, ) -> Result<ExecResult, String>

Execute a binary with explicit args, enforcing allowlist + metachar blocking.

Primary structured execution path. Security checks:

1. Binary must be a bare name (no / or ..).
2. Binary must be in the allowlist (or allowlist is empty = dev mode).
3. Arguments must not contain shell metacharacters or path traversal.

If a shutdown signal is provided and fires before the command completes, the child process is killed and an error is returned.

Trait Implementations

impl AgentTool for ExecTool

fn name(&self) -> &str

Tool name (used in function calls)

fn label(&self) -> &str

Human-readable label

fn description(&self) -> &'static str

Description for the model

fn parameters_schema(&self) -> Value

JSON Schema for parameters

fn execute<'life0, 'life1, 'life2, 'async_trait>( &'life0 self, _tool_call_id: &'life1 str, params: Value, shutdown: Option<Receiver<()>>, _ctx: &'life2 ToolContext, ) -> Pin<Box<dyn Future<Output = Result<AgentToolResult, String>> + Send + 'async_trait>>

where Self: 'async_trait, 'life0: 'async_trait, 'life1: 'async_trait, 'life2: 'async_trait,

Execute the tool with the given tool call ID and parameters.

fn essential(&self) -> bool

Whether this tool is essential (cannot be disabled). Essential tools: read, write, edit, bash, grep, find, ls Optional tools: web_search, github, subagent, etc.

fn on_progress(&self, _callback: Arc<dyn Fn(String) + Send + Sync>)

Called with progress updates during execution. Tools can override this to emit streaming updates.

fn on_browse_progress( &self, _callback: Arc<dyn Fn(BrowseProgress) + Send + Sync>, )

Structured browse progress callback for browser tool context enrichment. Default implementation is no-op. Only browse tools override this to register a callback that enriches ToolCallContext with structured data from BrowseProgress events.

fn render_call(&self, _params: &Value) -> Option<RenderOutput>

Custom rendering for tool call (TUI visualization). Return None to use the default tool_renderer.rs formatter.

fn render_result(&self, _result: &AgentToolResult) -> Option<RenderOutput>

Custom rendering for tool result (TUI visualization). Return None to use the default tool_renderer.rs formatter.

fn execution_mode(&self) -> ToolExecutionMode

Execution mode for parallel safety. Defaults to ParallelSafe. Override for file-mutating or sequential tools.

fn current_tab_id(&self) -> Option<Uuid>

Return the current active tab ID, if this tool manages browser tabs. Defaults to None. Browser tools override this to return the tab ID of the currently-open tab during execution, so the agent loop can populate ToolExecutionUpdate.tab_id.

fn set_tab_id_slot(&self, _slot: Arc<Mutex<RawMutex, Option<Uuid>>>)

Receive a shared slot where the tool can write the current tab ID. The agent loop creates the slot and passes it before on_progress; the tool writes Some(tab_id) when it opens a tab and None when it closes it. Defaults to a no-op — only tab-aware tools override.

fn to_definition(&self) -> ToolDefinition

Convert to ToolDefinition

impl Debug for ExecTool

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.