Skip to main content

ShellExecutor

zeph_tools::shell

Struct ShellExecutor 

Source 
pub struct ShellExecutor { /* private fields */ }
Expand description

Bash block extraction and execution via tokio::process::Command.

Parses ```bash fenced blocks from LLM responses (legacy path) and handles structured bash tool calls (modern path). Use ShellExecutor::new with a ShellConfig and chain optional builder methods to attach audit logging, event streaming, permission policies, and cancellation.

§Example

use zeph_tools::{ShellExecutor, ToolExecutor, config::ShellConfig};

let executor = ShellExecutor::new(&ShellConfig::default());

// Execute a fenced bash block.
let response = "```bash\npwd\n```";
if let Ok(Some(output)) = executor.execute(response).await {
    println!("{}", output.summary);
}

Implementations§

Source§

impl ShellExecutor

Source

pub fn new(config: &ShellConfig) -> Self

Create a new ShellExecutor from configuration.

Merges the built-in DEFAULT_BLOCKED_COMMANDS with any additional blocked commands from config, then subtracts any explicitly allowed commands. No subprocess is spawned at construction time.

Source

pub fn set_skill_env(&self, env: Option<HashMap<String, String>>)

Set environment variables to inject when executing the active skill’s bash blocks.

Source

pub fn with_audit(self, logger: Arc<AuditLogger>) -> Self

Attach an audit logger. Each shell invocation will emit an AuditEntry.

Source

pub fn with_tool_event_tx(self, tx: ToolEventTx) -> Self

Attach a tool-event sender for streaming output to the TUI or channel adapter.

When set, ToolEvent::Started, ToolEvent::OutputChunk, and ToolEvent::Completed events are sent on tx during execution.

Source

pub fn with_permissions(self, policy: PermissionPolicy) -> Self

Attach a permission policy for confirmation-gate enforcement.

Commands matching the policy’s rules may require user approval before execution proceeds.

Source

pub fn with_cancel_token(self, token: CancellationToken) -> Self

Attach a cancellation token. When the token is cancelled, the running subprocess is killed and the executor returns ToolError::Cancelled.

Source

pub fn with_output_filters(self, registry: OutputFilterRegistry) -> Self

Attach an output filter registry. Filters are applied to stdout+stderr before the summary is stored in ToolOutput and sent to the LLM.

Source

pub async fn execute_confirmed( &self, response: &str, ) -> Result<Option<ToolOutput>, ToolError>

Execute a bash block bypassing the confirmation check (called after user confirms).

§Errors

Returns ToolError on blocked commands, sandbox violations, or execution failures.

Trait Implementations§

Source§

impl Debug for ShellExecutor

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl ToolExecutor for ShellExecutor

Source§

async fn execute(&self, response: &str) -> Result<Option<ToolOutput>, ToolError>

Parse response for fenced tool blocks and execute them. Read more
Source§

fn tool_definitions(&self) -> Vec<ToolDef>

Return the tool definitions this executor can handle. Read more
Source§

async fn execute_tool_call( &self, call: &ToolCall, ) -> Result<Option<ToolOutput>, ToolError>

Execute a structured tool call. Returns Ok(None) if call.tool_id is not handled. Read more
Source§

fn set_skill_env(&self, env: Option<HashMap<String, String>>)

Inject environment variables for the currently active skill. No-op by default. Read more
Source§

fn execute_confirmed( &self, response: &str, ) -> impl Future<Output = Result<Option<ToolOutput>, ToolError>> + Send

Execute bypassing confirmation checks (called after user approves). Read more
Source§

fn execute_tool_call_confirmed( &self, call: &ToolCall, ) -> impl Future<Output = Result<Option<ToolOutput>, ToolError>> + Send

Execute a structured tool call bypassing confirmation checks. Read more
Source§

fn set_effective_trust(&self, _level: SkillTrustLevel)

Set the effective trust level for the currently active skill. No-op by default. Read more
Source§

fn is_tool_retryable(&self, _tool_id: &str) -> bool

Whether the executor can safely retry this tool call on a transient error. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> ErasedToolExecutor for T
where T: ToolExecutor,

Source§

fn execute_erased<'a>( &'a self, response: &'a str, ) -> Pin<Box<dyn Future<Output = Result<Option<ToolOutput>, ToolError>> + Send + 'a>>

Source§

fn execute_confirmed_erased<'a>( &'a self, response: &'a str, ) -> Pin<Box<dyn Future<Output = Result<Option<ToolOutput>, ToolError>> + Send + 'a>>

Source§

fn tool_definitions_erased(&self) -> Vec<ToolDef>

Source§

fn execute_tool_call_erased<'a>( &'a self, call: &'a ToolCall, ) -> Pin<Box<dyn Future<Output = Result<Option<ToolOutput>, ToolError>> + Send + 'a>>

Source§

fn execute_tool_call_confirmed_erased<'a>( &'a self, call: &'a ToolCall, ) -> Pin<Box<dyn Future<Output = Result<Option<ToolOutput>, ToolError>> + Send + 'a>>

Source§

fn set_skill_env(&self, env: Option<HashMap<String, String>>)

Inject environment variables for the currently active skill. No-op by default.
Source§

fn set_effective_trust(&self, level: SkillTrustLevel)

Set the effective trust level for the currently active skill. No-op by default.
Source§

fn is_tool_retryable_erased(&self, tool_id: &str) -> bool

Whether the executor can safely retry this tool call on a transient error.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more