feat: Task 2.6 - Implement ShellTool with security sandboxing

smartprogrammer93 · smartprogrammer93 · commit 310cceaecab7 · 2026-02-15T12:16:57.000Z
- Executes shell commands via /bin/bash -c
- Enforces security policy via ISecurityPolicy interface
- Configurable timeout (default 30s) with process termination
- Output truncation at 10KB limit to prevent memory issues
- Captures both stdout and stderr
- Returns proper error codes and messages
- All 8 unit tests passing with TDD methodology
diff --git a/ClawSharp.slnx b/ClawSharp.slnx
@@ -17,6 +17,7 @@
     <Project Path="tests/ClawSharp.Core.Tests/ClawSharp.Core.Tests.csproj" />
     <Project Path="tests/ClawSharp.Infrastructure.Tests/ClawSharp.Infrastructure.Tests.csproj" />
     <Project Path="tests/ClawSharp.Providers.Tests/ClawSharp.Providers.Tests.csproj" />
+    <Project Path="tests/ClawSharp.Tools.Tests/ClawSharp.Tools.Tests.csproj" />
     <Project Path="tests/ClawSharp.TestHelpers/ClawSharp.TestHelpers.csproj" />
   </Folder>
 </Solution>
diff --git a/src/ClawSharp.Tools/ShellTool.cs b/src/ClawSharp.Tools/ShellTool.cs
@@ -0,0 +1,172 @@
+using System.Diagnostics;
+using System.Text;
+using System.Text.Json;
+using ClawSharp.Core.Security;
+using ClawSharp.Core.Tools;
+
+namespace ClawSharp.Tools;
+
+/// <summary>
+/// Tool for executing shell commands with security policy enforcement.
+/// </summary>
+public class ShellTool : ITool
+{
+    private readonly ISecurityPolicy _securityPolicy;
+    private readonly TimeSpan _timeout;
+    private const int MaxOutputBytes = 10_240; // 10KB
+
+    public string Name => "shell";
+    
+    public string Description => "Execute a shell command and return its output. Use this to interact with the system, run programs, check dates, list files, etc.";
+
+    public ToolSpec Specification => new(
+        Name: "shell",
+        Description: Description,
+        ParametersSchema: JsonSerializer.Deserialize<JsonElement>("""
+        {
+            "type": "object",
+            "properties": {
+                "command": {
+                    "type": "string",
+                    "description": "The shell command to execute"
+                }
+            },
+            "required": ["command"]
+        }
+        """)
+    );
+
+    public ShellTool(ISecurityPolicy securityPolicy, TimeSpan? timeout = null)
+    {
+        _securityPolicy = securityPolicy ?? throw new ArgumentNullException(nameof(securityPolicy));
+        _timeout = timeout ?? TimeSpan.FromSeconds(30);
+    }
+
+    public async Task<ToolResult> ExecuteAsync(JsonElement arguments, CancellationToken ct = default)
+    {
+        // Extract command from arguments
+        if (!arguments.TryGetProperty("command", out var commandElement))
+        {
+            return new ToolResult(false, "", "Missing required parameter: command");
+        }
+
+        var command = commandElement.GetString();
+        if (string.IsNullOrWhiteSpace(command))
+        {
+            return new ToolResult(false, "", "Command cannot be empty");
+        }
+
+        // Check security policy
+        if (!_securityPolicy.IsCommandAllowed(command))
+        {
+            return new ToolResult(false, "", $"Command not allowed by security policy: {command}");
+        }
+
+        // Execute command
+        try
+        {
+            var (exitCode, output, error) = await ExecuteCommandAsync(command, ct);
+
+            if (exitCode != 0)
+            {
+                var errorMessage = $"Command exited with exit code {exitCode}";
+                if (!string.IsNullOrWhiteSpace(error))
+                    errorMessage += $"\nStderr: {error}";
+                return new ToolResult(false, output, errorMessage);
+            }
+
+            return new ToolResult(true, output);
+        }
+        catch (OperationCanceledException)
+        {
+            return new ToolResult(false, "", "Command execution timed out");
+        }
+        catch (Exception ex)
+        {
+            return new ToolResult(false, "", $"Error executing command: {ex.Message}");
+        }
+    }
+
+    private async Task<(int ExitCode, string Output, string Error)> ExecuteCommandAsync(string command, CancellationToken ct)
+    {
+        using var cts = CancellationTokenSource.CreateLinkedTokenSource(ct);
+        cts.CancelAfter(_timeout);
+
+        var processInfo = new ProcessStartInfo
+        {
+            FileName = "/bin/bash",
+            Arguments = $"-c \"{command.Replace("\"", "\\\"")}\"",
+            RedirectStandardOutput = true,
+            RedirectStandardError = true,
+            UseShellExecute = false,
+            CreateNoWindow = true
+        };
+
+        using var process = new Process { StartInfo = processInfo };
+        process.Start();
+
+        // Read output and error with size limits
+        var outputTask = ReadStreamWithLimitAsync(process.StandardOutput, MaxOutputBytes, cts.Token);
+        var errorTask = ReadStreamWithLimitAsync(process.StandardError, MaxOutputBytes, cts.Token);
+
+        try
+        {
+            await process.WaitForExitAsync(cts.Token);
+        }
+        catch (OperationCanceledException)
+        {
+            // Timeout - kill the process
+            try
+            {
+                process.Kill(entireProcessTree: true);
+            }
+            catch
+            {
+                // Process might have already exited
+            }
+            throw new OperationCanceledException("Command execution timed out");
+        }
+
+        var output = await outputTask;
+        var error = await errorTask;
+
+        // Combine stderr into output if there's no error
+        if (process.ExitCode == 0 && !string.IsNullOrWhiteSpace(error))
+        {
+            output = string.IsNullOrWhiteSpace(output) ? error : $"{output}\n{error}";
+            error = "";
+        }
+
+        return (process.ExitCode, output, error);
+    }
+
+    private async Task<string> ReadStreamWithLimitAsync(StreamReader reader, int maxBytes, CancellationToken ct)
+    {
+        var builder = new StringBuilder();
+        var bytesRead = 0;
+        var truncated = false;
+
+        while (true)
+        {
+            var line = await reader.ReadLineAsync(ct);
+            if (line == null)
+                break;
+
+            var lineBytes = Encoding.UTF8.GetByteCount(line) + Environment.NewLine.Length;
+
+            if (bytesRead + lineBytes <= maxBytes)
+            {
+                builder.AppendLine(line);
+                bytesRead += lineBytes;
+            }
+            else if (!truncated)
+            {
+                builder.AppendLine("\n[Output truncated - exceeded 10KB limit]");
+                truncated = true;
+                // Continue reading to drain the stream, but don't add more
+            }
+        }
+
+        return builder.ToString().TrimEnd();
+    }
+}
diff --git a/tests/ClawSharp.Tools.Tests/ClawSharp.Tools.Tests.csproj b/tests/ClawSharp.Tools.Tests/ClawSharp.Tools.Tests.csproj
@@ -0,0 +1,29 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <TargetFramework>net10.0</TargetFramework>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+    <IsPackable>false</IsPackable>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="coverlet.collector" Version="6.0.4" />
+    <PackageReference Include="FluentAssertions" Version="8.8.0" />
+    <PackageReference Include="Microsoft.Extensions.Logging" Version="10.0.3" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.14.1" />
+    <PackageReference Include="NSubstitute" Version="5.3.0" />
+    <PackageReference Include="xunit" Version="2.9.3" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.1.4" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Using Include="Xunit" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\src\ClawSharp.Tools\ClawSharp.Tools.csproj" />
+    <ProjectReference Include="..\..\src\ClawSharp.Core\ClawSharp.Core.csproj" />
+  </ItemGroup>
+
+</Project>
diff --git a/tests/ClawSharp.Tools.Tests/ShellToolTests.cs b/tests/ClawSharp.Tools.Tests/ShellToolTests.cs
@@ -0,0 +1,141 @@
+using System.Text.Json;
+using ClawSharp.Core.Security;
+using ClawSharp.Core.Tools;
+using FluentAssertions;
+using NSubstitute;
+
+namespace ClawSharp.Tools.Tests;
+
+public class ShellToolTests
+{
+    [Fact]
+    public async Task ExecuteAsync_AllowedCommand_ReturnsOutput()
+    {
+        // Arrange
+        var security = Substitute.For<ISecurityPolicy>();
+        security.IsCommandAllowed(Arg.Any<string>()).Returns(true);
+        var tool = new ShellTool(security);
+        var args = JsonSerializer.Deserialize<JsonElement>("""{"command": "echo hello"}""");
+
+        // Act
+        var result = await tool.ExecuteAsync(args);
+
+        // Assert
+        result.Success.Should().BeTrue();
+        result.Output.Should().Contain("hello");
+    }
+
+    [Fact]
+    public async Task ExecuteAsync_DisallowedCommand_ReturnsError()
+    {
+        // Arrange
+        var security = Substitute.For<ISecurityPolicy>();
+        security.IsCommandAllowed(Arg.Any<string>()).Returns(false);
+        var tool = new ShellTool(security);
+        var args = JsonSerializer.Deserialize<JsonElement>("""{"command": "rm -rf /"}""");
+
+        // Act
+        var result = await tool.ExecuteAsync(args);
+
+        // Assert
+        result.Success.Should().BeFalse();
+        result.Error.Should().Contain("not allowed");
+    }
+
+    [Fact]
+    public async Task ExecuteAsync_Timeout_KillsProcess()
+    {
+        // Arrange
+        var security = Substitute.For<ISecurityPolicy>();
+        security.IsCommandAllowed(Arg.Any<string>()).Returns(true);
+        var tool = new ShellTool(security, TimeSpan.FromMilliseconds(100));
+        var args = JsonSerializer.Deserialize<JsonElement>("""{"command": "sleep 10"}""");
+
+        // Act
+        var result = await tool.ExecuteAsync(args);
+
+        // Assert
+        result.Success.Should().BeFalse();
+        result.Error.Should().Contain("timed out");
+    }
+
+    [Fact]
+    public async Task ExecuteAsync_LargeOutput_Truncates()
+    {
+        // Arrange
+        var security = Substitute.For<ISecurityPolicy>();
+        security.IsCommandAllowed(Arg.Any<string>()).Returns(true);
+        var tool = new ShellTool(security);
+        var args = JsonSerializer.Deserialize<JsonElement>("""{"command": "seq 1 100000"}""");
+
+        // Act
+        var result = await tool.ExecuteAsync(args);
+
+        // Assert
+        result.Output.Length.Should().BeLessThanOrEqualTo(11_000); // 10KB + truncation message
+    }
+
+    [Fact]
+    public void Specification_HasCorrectSchema()
+    {
+        // Arrange
+        var security = Substitute.For<ISecurityPolicy>();
+        var tool = new ShellTool(security);
+
+        // Act & Assert
+        tool.Name.Should().Be("shell");
+        tool.Specification.Name.Should().Be("shell");
+        tool.Description.Should().NotBeEmpty();
+    }
+
+    [Fact]
+    public async Task ExecuteAsync_MissingCommandParameter_ReturnsError()
+    {
+        // Arrange
+        var security = Substitute.For<ISecurityPolicy>();
+        var tool = new ShellTool(security);
+        var args = JsonSerializer.Deserialize<JsonElement>("""{}""");
+
+        // Act
+        var result = await tool.ExecuteAsync(args);
+
+        // Assert
+        result.Success.Should().BeFalse();
+        result.Error.Should().Contain("command");
+    }
+
+    [Fact]
+    public async Task ExecuteAsync_NonZeroExitCode_IncludesExitCodeInOutput()
+    {
+        // Arrange
+        var security = Substitute.For<ISecurityPolicy>();
+        security.IsCommandAllowed(Arg.Any<string>()).Returns(true);
+        var tool = new ShellTool(security);
+        var args = JsonSerializer.Deserialize<JsonElement>("""{"command": "exit 42"}""");
+
+        // Act
+        var result = await tool.ExecuteAsync(args);
+
+        // Assert
+        result.Success.Should().BeFalse();
+        result.Error.Should().Contain("exit code");
+        result.Error.Should().Contain("42");
+    }
+
+    [Fact]
+    public async Task ExecuteAsync_CapturesStderr()
+    {
+        // Arrange
+        var security = Substitute.For<ISecurityPolicy>();
+        security.IsCommandAllowed(Arg.Any<string>()).Returns(true);
+        var tool = new ShellTool(security);
+        var args = JsonSerializer.Deserialize<JsonElement>("""{"command": "echo error >&2"}""");
+
+        // Act
+        var result = await tool.ExecuteAsync(args);
+
+        // Assert
+        result.Success.Should().BeTrue();
+        result.Output.Should().Contain("error");
+    }
+}
