/** * Bash Tool - Execute shell commands */ import type { Tool } from '../types.js'; import { type ShellManager } from './shell-manager.js'; /** * Input parameters for bash tool */ export interface BashInput { /** * Command to execute */ command: string; /** * Working directory for the command */ cwd?: string; /** * Timeout in milliseconds (default: 60000 = 1 minute) * Ignored when run_in_background is true */ timeout?: number; /** * Environment variables to set */ env?: Record; /** * Run command in background and return immediately with a shell ID. * Use bash_output tool to retrieve output later. */ run_in_background?: boolean; /** * Description of what this command does (for display purposes) */ description?: string; } /** * Result of bash command execution */ export interface BashResult { /** * Standard output */ stdout: string; /** * Standard error */ stderr: string; /** * Exit code (0 = success) */ exitCode: number; } /** * FIFO detection result */ export interface FifoDetectionResult { /** * Whether potential FIFO/pipe usage was detected */ detected: boolean; /** * Patterns that matched */ patterns: string[]; /** * Warning message to display */ warning?: string; } /** * Detect potential FIFO/named pipe usage in a command * Commands that read from FIFOs can hang indefinitely if no writer is available */ export declare function detectFifoUsage(command: string): FifoDetectionResult; /** * Bash tool definition */ export declare const bashTool: Tool; /** * Factory function to create a bash tool with custom options * * SECURITY NOTE: The blockedCommands and allowedCommands options provide * ADVISORY filtering only. They are NOT a security boundary. Shell commands * can be obfuscated in many ways (quotes, escape sequences, command substitution, * environment variables, etc.) that bypass simple string matching. * * For actual security isolation, use: * - Container/sandbox environments * - seccomp/AppArmor profiles * - Dedicated restricted shells (rbash) * - User namespace isolation */ export declare function createBashTool(options?: { /** * Default working directory */ cwd?: string; /** * Default timeout in milliseconds */ timeout?: number; /** * Maximum output size returned to agent (default: 50KB). * Larger outputs are truncated to prevent memory bloat. */ maxOutputSize?: number; /** * Commands or patterns that are not allowed (ADVISORY ONLY - see security note) */ blockedCommands?: string[]; /** * If true, only allow commands in allowedCommands list (ADVISORY ONLY) */ restrictToAllowed?: boolean; /** * List of allowed commands - must match exactly (only used if restrictToAllowed is true) */ allowedCommands?: string[]; /** * Shell to use (default: /bin/bash) */ shell?: string; /** * Custom shell manager for background processes */ shellManager?: ShellManager; /** * How to handle FIFO/named pipe usage detection * - 'warn': Add warning to result (default) * - 'block': Return error if FIFO usage detected * - 'allow': Ignore FIFO detection */ fifoMode?: 'warn' | 'block' | 'allow'; }): Tool; /** * Execute a command with streaming output (for long-running commands) * * Note: This is a lower-level function for cases where you need * to stream output as it arrives. */ export declare function execStream(command: string, options?: { cwd?: string; env?: Record; shell?: string; }): { stdout: AsyncIterable; stderr: AsyncIterable; promise: Promise; };