@framers/agentos-ext-cli-executor 1.1.0 → 1.1.1

package/README.md

@@ -18,30 +18,36 @@ npm install @framers/agentos-ext-cli-executor
 ## Quick Start
 
 ```typescript
-import { createExtensionPack } from '@framers/agentos-ext-cli-executor';
 import { ExtensionManager } from '@framers/agentos';
+import { createExtensionPack } from '@framers/agentos-ext-cli-executor';
 
 const extensionManager = new ExtensionManager();
 
-// Register the CLI extension
-extensionManager.register(createExtensionPack({
-  options: {
-    defaultShell: 'bash',
-    timeout: 60000,
-    blockedCommands: ['rm -rf /', 'format']
-  },
-  logger: console
-}));
+// Load the pack into the runtime
+await extensionManager.loadPackFromFactory(
+  createExtensionPack({
+    options: {
+      defaultShell: 'bash',
+      timeout: 60000,
+      blockedCommands: ['rm -rf /', 'format'],
+      // Restrict file_* tools to a per-agent workspace
+      filesystem: { allowRead: true, allowWrite: true },
+      agentWorkspace: { agentId: 'my-agent' },
+    },
+    logger: console,
+  }),
+  '@framers/agentos-ext-cli-executor',
+);
 ```
 
 ## Tools
 
-### shellExecute
+### shell_execute
 
 Execute a shell command.
 
 ```typescript
-const result = await gmi.executeTool('shellExecute', {
+const result = await gmi.executeTool('shell_execute', {
   command: 'npm install lodash',
   cwd: '/path/to/project',
   timeout: 30000
@@ -49,31 +55,31 @@ const result = await gmi.executeTool('shellExecute', {
 // Returns: { command, exitCode, stdout, stderr, duration, success }
 ```
 
-### fileRead
+### file_read
 
 Read file contents.
 
 ```typescript
-const result = await gmi.executeTool('fileRead', {
+const result = await gmi.executeTool('file_read', {
   path: './package.json',
   encoding: 'utf-8'
 });
 // Returns: { path, content, size, truncated, encoding }
 
 // Read last 50 lines
-const logs = await gmi.executeTool('fileRead', {
+const logs = await gmi.executeTool('file_read', {
   path: './app.log',
   lines: 50,
   fromEnd: true
 });
 ```
 
-### fileWrite
+### file_write
 
 Write content to a file.
 
 ```typescript
-const result = await gmi.executeTool('fileWrite', {
+const result = await gmi.executeTool('file_write', {
   path: './config.json',
   content: JSON.stringify({ key: 'value' }),
   createDirs: true
@@ -81,12 +87,12 @@ const result = await gmi.executeTool('fileWrite', {
 // Returns: { path, bytesWritten, created, appended }
 ```
 
-### listDirectory
+### list_directory
 
 List directory contents.
 
 ```typescript
-const result = await gmi.executeTool('listDirectory', {
+const result = await gmi.executeTool('list_directory', {
   path: './src',
   recursive: true,
   pattern: '*.ts',
@@ -119,6 +125,18 @@ createExtensionPack({
 });
 ```
 
+### Disabling Safety Checks (Dangerous)
+
+If you need full control (for example, in a locked-down container or local dev), you can disable all command safety checks:
+
+```typescript
+createExtensionPack({
+  options: {
+    dangerouslySkipSecurityChecks: true
+  }
+});
+```
+
 ### Risk Assessment
 
 Each command is assessed for risk level:
@@ -138,24 +156,61 @@ Each command is assessed for risk level:
 | `defaultShell` | string | `auto` | Shell to use (bash, powershell, cmd, zsh) |
 | `timeout` | number | `60000` | Default timeout (ms) |
 | `workingDirectory` | string | `process.cwd()` | Default working directory |
+| `filesystem` | object | `undefined` | Optional policy for file_* tools (allowRead/allowWrite + roots) |
+| `agentWorkspace` | object | `undefined` | Optional per-agent workspace directory helper |
 | `allowedCommands` | string[] | `[]` | Command whitelist (empty = all) |
-| `blockedCommands` | string[] | `[...]` | Command blacklist |
+| `blockedCommands` | string[] | `[]` | Command blacklist (additional to built-in dangerous patterns) |
+| `dangerouslySkipSecurityChecks` | boolean | `false` | Disable all command safety checks (use only in trusted environments) |
 | `env` | object | `{}` | Environment variables |
 
+### Filesystem Policy (Recommended)
+
+By default, the `file_*` tools can access any path (legacy behavior). To enforce a safe filesystem sandbox, configure `filesystem` + roots:
+
+```ts
+createExtensionPack({
+  options: {
+    filesystem: {
+      allowRead: true,
+      allowWrite: true,
+      readRoots: ['/Users/me/Documents/AgentOS/agents/my-agent'],
+      writeRoots: ['/Users/me/Documents/AgentOS/agents/my-agent'],
+    },
+  },
+});
+```
+
+### Per-Agent Workspace Helper
+
+To simplify safe defaults, you can configure `agentWorkspace`. When paired with `filesystem.allowRead/allowWrite`, the extension defaults roots to the workspace directory.
+
+```ts
+createExtensionPack({
+  options: {
+    filesystem: { allowRead: true, allowWrite: true },
+    agentWorkspace: {
+      agentId: 'my-agent',
+      // baseDir defaults to ~/Documents/AgentOS
+      subdirs: ['assets', 'exports', 'tmp'],
+    },
+  },
+});
+```
+
 ## Use Cases
 
 ### Code Generation and Execution
 
 ```typescript
 // Write generated code
-await gmi.executeTool('fileWrite', {
+await gmi.executeTool('file_write', {
   path: './generated/app.py',
   content: generatedPythonCode,
   createDirs: true
 });
 
 // Execute it
-await gmi.executeTool('shellExecute', {
+await gmi.executeTool('shell_execute', {
   command: 'python ./generated/app.py',
   timeout: 30000
 });
@@ -165,12 +220,12 @@ await gmi.executeTool('shellExecute', {
 
 ```typescript
 // Create project structure
-await gmi.executeTool('shellExecute', {
+await gmi.executeTool('shell_execute', {
   command: 'npx create-react-app my-app --template typescript'
 });
 
 // Install dependencies
-await gmi.executeTool('shellExecute', {
+await gmi.executeTool('shell_execute', {
   command: 'npm install axios lodash',
   cwd: './my-app'
 });
@@ -180,7 +235,7 @@ await gmi.executeTool('shellExecute', {
 
 ```typescript
 // Read recent logs
-const logs = await gmi.executeTool('fileRead', {
+const logs = await gmi.executeTool('file_read', {
   path: '/var/log/app.log',
   lines: 100,
   fromEnd: true
@@ -216,6 +271,3 @@ Together, an intelligent agent can:
 ## License
 
 MIT © Frame.dev
-
-
-

package/dist/index.d.ts

@@ -5,11 +5,14 @@
  * capabilities for AgentOS agents.
  *
  * @module @framers/agentos-ext-cli-executor
- * @version 1.0.0
+ * @version 1.1.0
  * @license MIT
  */
-import type { ExtensionContext, ExtensionPack } from '@framers/agentos';
-import type { ShellConfig } from './types';
+import { ExecuteTool } from './tools/execute.js';
+import { FileReadTool } from './tools/fileRead.js';
+import { FileWriteTool } from './tools/fileWrite.js';
+import { ListDirectoryTool } from './tools/listDir.js';
+import type { ShellConfig } from './types.js';
 /**
  * Extension configuration options
  */
@@ -37,12 +40,53 @@ export interface CLIExecutorExtensionOptions extends ShellConfig {
  * });
  * ```
  */
-export declare function createExtensionPack(context: ExtensionContext): ExtensionPack;
-export { ShellService } from './services/shellService';
-export { ExecuteTool } from './tools/execute';
-export { FileReadTool } from './tools/fileRead';
-export { FileWriteTool } from './tools/fileWrite';
-export { ListDirectoryTool } from './tools/listDir';
-export * from './types';
+export declare function createExtensionPack(context: {
+    options?: Record<string, unknown>;
+    secrets?: Record<string, string>;
+    logger?: {
+        info: (...args: unknown[]) => void;
+    };
+    onActivate?: () => Promise<void>;
+    onDeactivate?: () => Promise<void>;
+    [key: string]: unknown;
+}): {
+    name: string;
+    version: string;
+    descriptors: ({
+        id: string;
+        kind: string;
+        priority: number;
+        payload: ExecuteTool;
+    } | {
+        id: string;
+        kind: string;
+        priority: number;
+        payload: FileReadTool;
+    } | {
+        id: string;
+        kind: string;
+        priority: number;
+        payload: FileWriteTool;
+    } | {
+        id: string;
+        kind: string;
+        priority: number;
+        payload: ListDirectoryTool;
+    })[];
+    /**
+     * Called when extension is activated
+     */
+    onActivate: () => Promise<void>;
+    /**
+     * Called when extension is deactivated
+     */
+    onDeactivate: () => Promise<void>;
+};
+export { ShellService } from './services/shellService.js';
+export { ExecuteTool } from './tools/execute.js';
+export { FileReadTool } from './tools/fileRead.js';
+export { FileWriteTool } from './tools/fileWrite.js';
+export { ListDirectoryTool } from './tools/listDir.js';
+export * from './types.js';
 export default createExtensionPack;
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAMxE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C;;GAEG;AACH,MAAM,WAAW,2BAA4B,SAAQ,WAAW;IAC9D,sCAAsC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,gBAAgB,GAAG,aAAa,CAqE5E;AAGD,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,cAAc,SAAS,CAAC;AAGxB,eAAe,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAE9C;;GAEG;AACH,MAAM,WAAW,2BAA4B,SAAQ,WAAW;IAC9D,sCAAsC;IACtC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE;IAC3C,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACjC,MAAM,CAAC,EAAE;QAAE,IAAI,EAAE,CAAC,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAA;KAAE,CAAC;IAChD,UAAU,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,YAAY,CAAC,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IACnC,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;;;;;;;;;;;;;;;;;;;;;;;;IAuFG;;OAEG;;IAcH;;OAEG;;EAQN;AAGD,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,cAAc,YAAY,CAAC;AAG3B,eAAe,mBAAmB,CAAC"}

package/dist/index.js

@@ -5,14 +5,17 @@
  * capabilities for AgentOS agents.
  *
  * @module @framers/agentos-ext-cli-executor
- * @version 1.0.0
+ * @version 1.1.0
  * @license MIT
  */
-import { ShellService } from './services/shellService';
-import { ExecuteTool } from './tools/execute';
-import { FileReadTool } from './tools/fileRead';
-import { FileWriteTool } from './tools/fileWrite';
-import { ListDirectoryTool } from './tools/listDir';
+import * as fs from 'node:fs/promises';
+import * as os from 'node:os';
+import * as path from 'node:path';
+import { ShellService } from './services/shellService.js';
+import { ExecuteTool } from './tools/execute.js';
+import { FileReadTool } from './tools/fileRead.js';
+import { FileWriteTool } from './tools/fileWrite.js';
+import { ListDirectoryTool } from './tools/listDir.js';
 /**
  * Creates the CLI executor extension pack
  *
@@ -35,13 +38,46 @@ import { ListDirectoryTool } from './tools/listDir';
  */
 export function createExtensionPack(context) {
     const options = context.options || {};
+    let workspaceDir;
+    let workspaceSubdirs = [];
+    const workspaceConfig = options.agentWorkspace;
+    if (workspaceConfig && workspaceConfig.enabled !== false) {
+        const baseDir = (workspaceConfig.baseDir && String(workspaceConfig.baseDir).trim()) ||
+            path.join(os.homedir(), 'Documents', 'AgentOS');
+        const agentId = String(workspaceConfig.agentId || '').trim();
+        if (agentId) {
+            workspaceDir = path.resolve(baseDir, agentId);
+            workspaceSubdirs = Array.isArray(workspaceConfig.subdirs) && workspaceConfig.subdirs.length > 0
+                ? workspaceConfig.subdirs.map((d) => String(d)).filter(Boolean)
+                : ['assets', 'exports', 'tmp'];
+        }
+    }
+    const workingDirectory = options.workingDirectory || workspaceDir;
+    const filesystem = options.filesystem
+        ? {
+            ...options.filesystem,
+            readRoots: options.filesystem.allowRead === true &&
+                (!options.filesystem.readRoots || options.filesystem.readRoots.length === 0) &&
+                workspaceDir
+                ? [workspaceDir]
+                : options.filesystem.readRoots,
+            writeRoots: options.filesystem.allowWrite === true &&
+                (!options.filesystem.writeRoots || options.filesystem.writeRoots.length === 0) &&
+                workspaceDir
+                ? [workspaceDir]
+                : options.filesystem.writeRoots,
+        }
+        : undefined;
     // Initialize shell service with configuration
     const shellService = new ShellService({
         defaultShell: options.defaultShell,
         timeout: options.timeout,
-        workingDirectory: options.workingDirectory,
+        workingDirectory,
+        filesystem,
+        agentWorkspace: options.agentWorkspace,
         allowedCommands: options.allowedCommands,
         blockedCommands: options.blockedCommands,
+        dangerouslySkipSecurityChecks: options.dangerouslySkipSecurityChecks,
         env: options.env,
     });
     // Create tool instances
@@ -51,28 +87,28 @@ export function createExtensionPack(context) {
     const listDirectoryTool = new ListDirectoryTool(shellService);
     return {
         name: '@framers/agentos-ext-cli-executor',
-        version: '1.0.0',
+        version: '1.1.0',
         descriptors: [
             {
-                id: 'shellExecute',
+                id: executeTool.name,
                 kind: 'tool',
                 priority: options.priority || 50,
                 payload: executeTool,
             },
             {
-                id: 'fileRead',
+                id: fileReadTool.name,
                 kind: 'tool',
                 priority: options.priority || 50,
                 payload: fileReadTool,
             },
             {
-                id: 'fileWrite',
+                id: fileWriteTool.name,
                 kind: 'tool',
                 priority: options.priority || 50,
                 payload: fileWriteTool,
             },
             {
-                id: 'listDirectory',
+                id: listDirectoryTool.name,
                 kind: 'tool',
                 priority: options.priority || 50,
                 payload: listDirectoryTool,
@@ -85,6 +121,12 @@ export function createExtensionPack(context) {
             if (context.onActivate) {
                 await context.onActivate();
             }
+            if (workspaceDir && workspaceConfig?.createIfMissing !== false) {
+                await fs.mkdir(workspaceDir, { recursive: true });
+                for (const sub of workspaceSubdirs) {
+                    await fs.mkdir(path.join(workspaceDir, sub), { recursive: true });
+                }
+            }
             context.logger?.info('CLI Executor Extension activated');
         },
         /**
@@ -99,12 +141,12 @@ export function createExtensionPack(context) {
     };
 }
 // Export types and classes for consumers
-export { ShellService } from './services/shellService';
-export { ExecuteTool } from './tools/execute';
-export { FileReadTool } from './tools/fileRead';
-export { FileWriteTool } from './tools/fileWrite';
-export { ListDirectoryTool } from './tools/listDir';
-export * from './types';
+export { ShellService } from './services/shellService.js';
+export { ExecuteTool } from './tools/execute.js';
+export { FileReadTool } from './tools/fileRead.js';
+export { FileWriteTool } from './tools/fileWrite.js';
+export { ListDirectoryTool } from './tools/listDir.js';
+export * from './types.js';
 // Default export for convenience
 export default createExtensionPack;
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAGH,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAWpD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAAyB;IAC3D,MAAM,OAAO,GAAI,OAAO,CAAC,OAAuC,IAAI,EAAE,CAAC;IAEvE,8CAA8C;IAC9C,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC;QACpC,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;QAC1C,eAAe,EAAE,OAAO,CAAC,eAAe;QACxC,eAAe,EAAE,OAAO,CAAC,eAAe;QACxC,GAAG,EAAE,OAAO,CAAC,GAAG;KACjB,CAAC,CAAC;IAEH,wBAAwB;IACxB,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,iBAAiB,GAAG,IAAI,iBAAiB,CAAC,YAAY,CAAC,CAAC;IAE9D,OAAO;QACL,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE;YACX;gBACE,EAAE,EAAE,cAAc;gBAClB,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;gBAChC,OAAO,EAAE,WAAW;aACrB;YACD;gBACE,EAAE,EAAE,UAAU;gBACd,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;gBAChC,OAAO,EAAE,YAAY;aACtB;YACD;gBACE,EAAE,EAAE,WAAW;gBACf,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;gBAChC,OAAO,EAAE,aAAa;aACvB;YACD;gBACE,EAAE,EAAE,eAAe;gBACnB,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;gBAChC,OAAO,EAAE,iBAAiB;aAC3B;SACF;QAED;;WAEG;QACH,UAAU,EAAE,KAAK,IAAI,EAAE;YACrB,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBACvB,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;YAC7B,CAAC;YACD,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAC3D,CAAC;QAED;;WAEG;QACH,YAAY,EAAE,KAAK,IAAI,EAAE;YACvB,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBACzB,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAC7D,CAAC;KACF,CAAC;AACJ,CAAC;AAED,yCAAyC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,cAAc,SAAS,CAAC;AAExB,iCAAiC;AACjC,eAAe,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,MAAM,kBAAkB,CAAC;AACvC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AAWvD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,UAAU,mBAAmB,CAAC,OAOnC;IACC,MAAM,OAAO,GAAI,OAAO,CAAC,OAAuC,IAAI,EAAE,CAAC;IAEvE,IAAI,YAAgC,CAAC;IACrC,IAAI,gBAAgB,GAAa,EAAE,CAAC;IACpC,MAAM,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IAC/C,IAAI,eAAe,IAAI,eAAe,CAAC,OAAO,KAAK,KAAK,EAAE,CAAC;QACzD,MAAM,OAAO,GACX,CAAC,eAAe,CAAC,OAAO,IAAI,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,IAAI,EAAE,CAAC;YACnE,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,WAAW,EAAE,SAAS,CAAC,CAAC;QAClD,MAAM,OAAO,GAAG,MAAM,CAAC,eAAe,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;QAC7D,IAAI,OAAO,EAAE,CAAC;YACZ,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC9C,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,OAAO,CAAC,IAAI,eAAe,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC;gBAC7F,CAAC,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;gBAC/D,CAAC,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,KAAK,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAED,MAAM,gBAAgB,GAAG,OAAO,CAAC,gBAAgB,IAAI,YAAY,CAAC;IAClE,MAAM,UAAU,GAAG,OAAO,CAAC,UAAU;QACnC,CAAC,CAAC;YACE,GAAG,OAAO,CAAC,UAAU;YACrB,SAAS,EACP,OAAO,CAAC,UAAU,CAAC,SAAS,KAAK,IAAI;gBACrC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC;gBAC5E,YAAY;gBACV,CAAC,CAAC,CAAC,YAAY,CAAC;gBAChB,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,SAAS;YAClC,UAAU,EACR,OAAO,CAAC,UAAU,CAAC,UAAU,KAAK,IAAI;gBACtC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU,IAAI,OAAO,CAAC,UAAU,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,CAAC;gBAC9E,YAAY;gBACV,CAAC,CAAC,CAAC,YAAY,CAAC;gBAChB,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,UAAU;SACpC;QACH,CAAC,CAAC,SAAS,CAAC;IAEd,8CAA8C;IAC9C,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC;QACpC,YAAY,EAAE,OAAO,CAAC,YAAY;QAClC,OAAO,EAAE,OAAO,CAAC,OAAO;QACxB,gBAAgB;QAChB,UAAU;QACV,cAAc,EAAE,OAAO,CAAC,cAAc;QACtC,eAAe,EAAE,OAAO,CAAC,eAAe;QACxC,eAAe,EAAE,OAAO,CAAC,eAAe;QACxC,6BAA6B,EAAE,OAAO,CAAC,6BAA6B;QACpE,GAAG,EAAE,OAAO,CAAC,GAAG;KACjB,CAAC,CAAC;IAEH,wBAAwB;IACxB,MAAM,WAAW,GAAG,IAAI,WAAW,CAAC,YAAY,CAAC,CAAC;IAClD,MAAM,YAAY,GAAG,IAAI,YAAY,CAAC,YAAY,CAAC,CAAC;IACpD,MAAM,aAAa,GAAG,IAAI,aAAa,CAAC,YAAY,CAAC,CAAC;IACtD,MAAM,iBAAiB,GAAG,IAAI,iBAAiB,CAAC,YAAY,CAAC,CAAC;IAE9D,OAAO;QACL,IAAI,EAAE,mCAAmC;QACzC,OAAO,EAAE,OAAO;QAChB,WAAW,EAAE;YACX;gBACE,EAAE,EAAE,WAAW,CAAC,IAAI;gBACpB,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;gBAChC,OAAO,EAAE,WAAW;aACrB;YACD;gBACE,EAAE,EAAE,YAAY,CAAC,IAAI;gBACrB,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;gBAChC,OAAO,EAAE,YAAY;aACtB;YACD;gBACE,EAAE,EAAE,aAAa,CAAC,IAAI;gBACtB,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;gBAChC,OAAO,EAAE,aAAa;aACvB;YACD;gBACE,EAAE,EAAE,iBAAiB,CAAC,IAAI;gBAC1B,IAAI,EAAE,MAAM;gBACZ,QAAQ,EAAE,OAAO,CAAC,QAAQ,IAAI,EAAE;gBAChC,OAAO,EAAE,iBAAiB;aAC3B;SACF;QAED;;WAEG;QACH,UAAU,EAAE,KAAK,IAAI,EAAE;YACrB,IAAI,OAAO,CAAC,UAAU,EAAE,CAAC;gBACvB,MAAM,OAAO,CAAC,UAAU,EAAE,CAAC;YAC7B,CAAC;YACD,IAAI,YAAY,IAAI,eAAe,EAAE,eAAe,KAAK,KAAK,EAAE,CAAC;gBAC/D,MAAM,EAAE,CAAC,KAAK,CAAC,YAAY,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBAClD,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE,CAAC;oBACnC,MAAM,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;gBACpE,CAAC;YACH,CAAC;YACD,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,kCAAkC,CAAC,CAAC;QAC3D,CAAC;QAED;;WAEG;QACH,YAAY,EAAE,KAAK,IAAI,EAAE;YACvB,IAAI,OAAO,CAAC,YAAY,EAAE,CAAC;gBACzB,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC;YAC/B,CAAC;YACD,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,oCAAoC,CAAC,CAAC;QAC7D,CAAC;KACF,CAAC;AACJ,CAAC;AAED,yCAAyC;AACzC,OAAO,EAAE,YAAY,EAAE,MAAM,4BAA4B,CAAC;AAC1D,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACvD,cAAc,YAAY,CAAC;AAE3B,iCAAiC;AACjC,eAAe,mBAAmB,CAAC"}

package/dist/services/shellService.d.ts

@@ -4,13 +4,18 @@
  *
  * @module @framers/agentos-ext-cli-executor
  */
-import type { ShellConfig, ExecutionResult, ScriptOptions, ScriptResult, FileReadOptions, FileReadResult, FileWriteOptions, FileWriteResult, ListDirectoryOptions, ListDirectoryResult, SecurityCheckResult } from '../types';
+import type { ShellConfig, ExecutionResult, ScriptOptions, ScriptResult, FileReadOptions, FileReadResult, FileWriteOptions, FileWriteResult, ListDirectoryOptions, ListDirectoryResult, SecurityCheckResult } from '../types.js';
 /**
  * Shell service for executing commands
  */
 export declare class ShellService {
     private config;
     constructor(config?: ShellConfig);
+    private resolveAbsolutePath;
+    private isFilesystemPolicyEnabled;
+    private isWithinRoot;
+    private resolvePathForAuthorization;
+    private assertFilesystemAllowed;
     /**
      * Detect the appropriate shell for the current platform
      */

package/dist/services/shellService.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"shellService.d.ts","sourceRoot":"","sources":["../../src/services/shellService.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,WAAW,EACX,eAAe,EACf,aAAa,EACb,YAAY,EACZ,eAAe,EACf,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,mBAAmB,EAEnB,mBAAmB,EACpB,MAAM,UAAU,CAAC;AAuBlB;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAc;gBAEhB,MAAM,GAAE,WAAgB;IASpC;;OAEG;IACH,OAAO,CAAC,WAAW;IAenB;;OAEG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,mBAAmB;IAuEnD;;OAEG;IACG,OAAO,CACX,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GACzE,OAAO,CAAC,eAAe,CAAC;IAwD3B;;OAEG;IACG,SAAS,CACb,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,YAAY,CAAC;IAiCxB;;OAEG;IACG,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IA4CpF;;OAEG;IACG,SAAS,CACb,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,eAAe,CAAC;IAkC3B;;OAEG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,oBAAoB,GAC7B,OAAO,CAAC,mBAAmB,CAAC;CA6EhC"}
+{"version":3,"file":"shellService.d.ts","sourceRoot":"","sources":["../../src/services/shellService.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,OAAO,KAAK,EACV,WAAW,EACX,eAAe,EACf,aAAa,EACb,YAAY,EACZ,eAAe,EACf,cAAc,EACd,gBAAgB,EAChB,eAAe,EACf,oBAAoB,EACpB,mBAAmB,EAEnB,mBAAmB,EACpB,MAAM,aAAa,CAAC;AAuBrB;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAAc;gBAEhB,MAAM,GAAE,WAAgB;IAUpC,OAAO,CAAC,mBAAmB;IAM3B,OAAO,CAAC,yBAAyB;IAIjC,OAAO,CAAC,YAAY;YAKN,2BAA2B;YAwB3B,uBAAuB;IAoCrC;;OAEG;IACH,OAAO,CAAC,WAAW;IAenB;;OAEG;IACH,aAAa,CAAC,OAAO,EAAE,MAAM,GAAG,mBAAmB;IAgFnD;;OAEG;IACG,OAAO,CACX,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;QAAE,GAAG,CAAC,EAAE,MAAM,CAAC;QAAC,GAAG,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QAAC,OAAO,CAAC,EAAE,MAAM,CAAA;KAAE,GACzE,OAAO,CAAC,eAAe,CAAC;IAwD3B;;OAEG;IACG,SAAS,CACb,UAAU,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,aAAa,GACtB,OAAO,CAAC,YAAY,CAAC;IAiCxB;;OAEG;IACG,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,eAAe,GAAG,OAAO,CAAC,cAAc,CAAC;IA4CpF;;OAEG;IACG,SAAS,CACb,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,gBAAgB,GACzB,OAAO,CAAC,eAAe,CAAC;IAkC3B;;OAEG;IACG,aAAa,CACjB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,oBAAoB,GAC7B,OAAO,CAAC,mBAAmB,CAAC;CA6EhC"}

package/dist/services/shellService.js

@@ -37,9 +37,76 @@ export class ShellService {
             defaultShell: 'auto',
             timeout: 60000,
             blockedCommands: [],
+            dangerouslySkipSecurityChecks: false,
             ...config,
         };
     }
+    resolveAbsolutePath(filePath) {
+        const baseDir = this.config.workingDirectory || process.cwd();
+        const abs = path.isAbsolute(filePath) ? filePath : path.resolve(baseDir, filePath);
+        return path.normalize(abs);
+    }
+    isFilesystemPolicyEnabled() {
+        return !!this.config.filesystem;
+    }
+    isWithinRoot(targetPath, rootPath) {
+        const rel = path.relative(rootPath, targetPath);
+        return rel === '' || (!rel.startsWith(`..${path.sep}`) && rel !== '..' && !path.isAbsolute(rel));
+    }
+    async resolvePathForAuthorization(absolutePath, op) {
+        try {
+            return await fs.realpath(absolutePath);
+        }
+        catch {
+            // For writes, resolve the closest existing ancestor so symlink escapes are still detected.
+            if (op !== 'write')
+                return absolutePath;
+            let cursor = path.dirname(absolutePath);
+            while (true) {
+                try {
+                    const realCursor = await fs.realpath(cursor);
+                    const remainder = path.relative(cursor, absolutePath);
+                    return path.join(realCursor, remainder);
+                }
+                catch {
+                    const parent = path.dirname(cursor);
+                    if (parent === cursor)
+                        break;
+                    cursor = parent;
+                }
+            }
+            return absolutePath;
+        }
+    }
+    async assertFilesystemAllowed(op, absolutePath) {
+        if (!this.isFilesystemPolicyEnabled())
+            return;
+        const policy = this.config.filesystem;
+        const allow = op === 'write' ? policy.allowWrite === true : policy.allowRead === true;
+        if (!allow) {
+            throw new Error(`Filesystem ${op} is disabled by policy`);
+        }
+        const rootsRaw = op === 'write' ? policy.writeRoots : policy.readRoots;
+        if (!Array.isArray(rootsRaw) || rootsRaw.length === 0) {
+            throw new Error(`Filesystem ${op} roots are not configured`);
+        }
+        const baseDir = this.config.workingDirectory || process.cwd();
+        const roots = await Promise.all(rootsRaw.map(async (root) => {
+            const absRoot = path.isAbsolute(root) ? root : path.resolve(baseDir, root);
+            const normalized = path.normalize(absRoot);
+            try {
+                return await fs.realpath(normalized);
+            }
+            catch {
+                return normalized;
+            }
+        }));
+        const authPath = await this.resolvePathForAuthorization(absolutePath, op);
+        const allowed = roots.some((root) => this.isWithinRoot(authPath, root));
+        if (!allowed) {
+            throw new Error(`Path is outside allowed filesystem ${op} roots: ${absolutePath}`);
+        }
+    }
     /**
      * Detect the appropriate shell for the current platform
      */
@@ -62,6 +129,14 @@ export class ShellService {
      * Check if a command is safe to execute
      */
     checkSecurity(command) {
+        if (this.config.dangerouslySkipSecurityChecks) {
+            return {
+                allowed: true,
+                reason: 'Security checks disabled by configuration',
+                riskLevel: 'critical',
+                warnings: ['Security checks are disabled'],
+            };
+        }
         const warnings = [];
         let riskLevel = 'safe';
         // Check against blocked commands list
@@ -219,9 +294,8 @@ export class ShellService {
      */
     async readFile(filePath, options) {
         const encoding = options?.encoding || 'utf-8';
-        const absolutePath = path.isAbsolute(filePath)
-            ? filePath
-            : path.resolve(this.config.workingDirectory || process.cwd(), filePath);
+        const absolutePath = this.resolveAbsolutePath(filePath);
+        await this.assertFilesystemAllowed('read', absolutePath);
         const stats = await fs.stat(absolutePath);
         let content;
         let truncated = false;
@@ -263,9 +337,8 @@ export class ShellService {
      */
     async writeFile(filePath, content, options) {
         const encoding = options?.encoding || 'utf-8';
-        const absolutePath = path.isAbsolute(filePath)
-            ? filePath
-            : path.resolve(this.config.workingDirectory || process.cwd(), filePath);
+        const absolutePath = this.resolveAbsolutePath(filePath);
+        await this.assertFilesystemAllowed('write', absolutePath);
         // Check if file exists
         let fileExists = true;
         try {
@@ -296,9 +369,8 @@ export class ShellService {
      * List directory contents
      */
     async listDirectory(dirPath, options) {
-        const absolutePath = path.isAbsolute(dirPath)
-            ? dirPath
-            : path.resolve(this.config.workingDirectory || process.cwd(), dirPath);
+        const absolutePath = this.resolveAbsolutePath(dirPath);
+        await this.assertFilesystemAllowed('list', absolutePath);
         const entries = [];
         const readDir = async (dir, depth) => {
             const items = await fs.readdir(dir, { withFileTypes: true });
@@ -332,7 +404,7 @@ export class ShellService {
                 // Include stats if requested
                 if (options?.includeStats) {
                     try {
-                        const stats = await fs.stat(itemPath);
+                        const stats = await fs.lstat(itemPath);
                         entry.size = stats.size;
                         entry.modifiedAt = stats.mtime.toISOString();
                         entry.createdAt = stats.birthtime.toISOString();