keystone-cli 0.6.0 → 0.7.0

package/src/runner/debug-repl.test.ts

@@ -1,19 +1,27 @@
-import { describe, expect, test } from 'bun:test';
+import { describe, expect, mock, spyOn, test } from 'bun:test';
+import * as cp from 'node:child_process';
+import * as fs from 'node:fs';
 import { PassThrough } from 'node:stream';
 import type { ExpressionContext } from '../expression/evaluator.ts';
 import type { Step } from '../parser/schema.ts';
+import type { Logger } from '../utils/logger.ts';
 import { DebugRepl } from './debug-repl.ts';
 
 describe('DebugRepl', () => {
   const mockContext: ExpressionContext = { inputs: { foo: 'bar' } };
-  // biome-ignore lint/suspicious/noExplicitAny: mock step typing
-  const mockStep: Step = { id: 'test-step', type: 'shell', run: 'echo "fail"' } as any;
+  // mock step typing
+  const mockStep: Step = { id: 'test-step', type: 'shell', run: 'echo "fail"' } as unknown as Step;
   const mockError = new Error('Test Error');
 
   test('should resolve with "skip" when user types "skip"', async () => {
     const input = new PassThrough();
     const output = new PassThrough();
-    const mockLogger = { log: () => {}, error: () => {}, warn: () => {} };
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
     const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
 
     const promise = repl.start();
@@ -30,7 +38,12 @@ describe('DebugRepl', () => {
   test('should resolve with "retry" when user types "retry"', async () => {
     const input = new PassThrough();
     const output = new PassThrough();
-    const mockLogger = { log: () => {}, error: () => {}, warn: () => {} };
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
     const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
 
     const promise = repl.start();
@@ -48,7 +61,12 @@ describe('DebugRepl', () => {
   test('should resolve with "continue_failure" when user types "exit"', async () => {
     const input = new PassThrough();
     const output = new PassThrough();
-    const mockLogger = { log: () => {}, error: () => {}, warn: () => {} };
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
     const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
 
     const promise = repl.start();
@@ -60,6 +78,137 @@ describe('DebugRepl', () => {
     expect(result).toEqual({ type: 'continue_failure' });
   });
 
+  test('should handle "context" command', async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
+    const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
+
+    repl.start();
+
+    await new Promise((r) => setTimeout(r, 10));
+    input.write('context\n');
+    await new Promise((r) => setTimeout(r, 10));
+
+    expect(mockLogger.log).toHaveBeenCalled();
+    // biome-ignore lint/suspicious/noExplicitAny: accessing mock property
+    const lastCall = (mockLogger.log as unknown as any).mock.calls.find((call: any[]) =>
+      String(call[0]).includes('foo')
+    );
+    expect(lastCall?.[0]).toContain('bar');
+    input.write('exit\n');
+  });
+
+  test('should handle "eval" command', async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
+    const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
+
+    repl.start();
+
+    await new Promise((r) => setTimeout(r, 10));
+    input.write('eval inputs.foo\n');
+    await new Promise((r) => setTimeout(r, 10));
+
+    expect(mockLogger.log).toHaveBeenCalledWith('bar');
+    input.write('exit\n');
+  });
+
+  test('should handle "eval" command with error', async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
+    const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
+
+    repl.start();
+
+    await new Promise((r) => setTimeout(r, 10));
+    input.write('eval nonExistent.bar\n');
+    await new Promise((r) => setTimeout(r, 10));
+
+    expect(mockLogger.error).toHaveBeenCalled();
+    input.write('exit\n');
+  });
+
+  test('should handle "eval" command without arguments', async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
+    const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
+
+    repl.start();
+
+    await new Promise((r) => setTimeout(r, 10));
+    input.write('eval\n');
+    await new Promise((r) => setTimeout(r, 10));
+
+    expect(mockLogger.log).toHaveBeenCalledWith('Usage: eval <expression>');
+    input.write('exit\n');
+  });
+
+  test('should handle unknown command', async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
+    const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
+
+    repl.start();
+
+    await new Promise((r) => setTimeout(r, 10));
+    input.write('unknown_cmd\n');
+    await new Promise((r) => setTimeout(r, 10));
+
+    expect(mockLogger.log).toHaveBeenCalledWith('Unknown command: unknown_cmd');
+    input.write('exit\n');
+  });
+
+  test('should handle empty input', async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
+    const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
+
+    repl.start();
+
+    await new Promise((r) => setTimeout(r, 10));
+    input.write('\n');
+    await new Promise((r) => setTimeout(r, 10));
+
+    expect(mockLogger.log).not.toHaveBeenCalledWith('Unknown command: ');
+    input.write('exit\n');
+  });
+
   test('should parse shell commands correctly', () => {
     // We import the function dynamically to test it, or we assume it's exported
     const { parseShellCommand } = require('./debug-repl.ts');
@@ -71,4 +220,89 @@ describe('DebugRepl', () => {
     expect(parseShellCommand('editor -a -b -c')).toEqual(['editor', '-a', '-b', '-c']);
     expect(parseShellCommand('  spaced   command  ')).toEqual(['spaced', 'command']);
   });
+
+  test('should handle "edit" command and update step', async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
+    const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
+
+    const spySpawnSync = spyOn(cp, 'spawnSync').mockImplementation(
+      // biome-ignore lint/suspicious/noExplicitAny: mocking child_process
+      () => ({ error: null, status: 0 }) as any
+    );
+    const spyWriteFileSync = spyOn(fs, 'writeFileSync').mockImplementation(() => {});
+    const updatedStep = { ...mockStep, run: 'echo "fixed"' };
+    const spyReadFileSync = spyOn(fs, 'readFileSync').mockImplementation((() =>
+      JSON.stringify(updatedStep)) as unknown as typeof fs.readFileSync);
+    const spyExistsSync = spyOn(fs, 'existsSync').mockImplementation(() => true);
+    const spyUnlinkSync = spyOn(fs, 'unlinkSync').mockImplementation(() => {});
+
+    try {
+      repl.start();
+      await new Promise((r) => setTimeout(r, 50));
+      input.write('edit\n');
+      await new Promise((r) => setTimeout(r, 50));
+
+      expect(mockLogger.log).toHaveBeenCalledWith(
+        expect.stringContaining('Step definition updated')
+      );
+
+      input.write('retry\n');
+      await new Promise((r) => setTimeout(r, 50));
+    } finally {
+      spySpawnSync.mockRestore();
+      spyWriteFileSync.mockRestore();
+      spyReadFileSync.mockRestore();
+      spyExistsSync.mockRestore();
+      spyUnlinkSync.mockRestore();
+    }
+  });
+
+  test('should handle "edit" command with parse error', async () => {
+    const input = new PassThrough();
+    const output = new PassThrough();
+    const mockLogger: Logger = {
+      log: mock(() => {}),
+      error: mock(() => {}),
+      warn: mock(() => {}),
+      info: mock(() => {}),
+    };
+    const repl = new DebugRepl(mockContext, mockStep, mockError, mockLogger, input, output);
+
+    const spySpawnSync = spyOn(cp, 'spawnSync').mockImplementation(
+      // biome-ignore lint/suspicious/noExplicitAny: mocking child_process
+      () => ({ error: null, status: 0 }) as any
+    );
+    const spyWriteFileSync = spyOn(fs, 'writeFileSync').mockImplementation(() => {});
+    const spyReadFileSync = spyOn(fs, 'readFileSync').mockImplementation(
+      (() => 'invalid json') as unknown as typeof fs.readFileSync
+    );
+    const spyExistsSync = spyOn(fs, 'existsSync').mockImplementation(() => true);
+    const spyUnlinkSync = spyOn(fs, 'unlinkSync').mockImplementation(() => {});
+
+    try {
+      repl.start();
+      await new Promise((r) => setTimeout(r, 50));
+      input.write('edit\n');
+      await new Promise((r) => setTimeout(r, 50));
+
+      expect(mockLogger.error).toHaveBeenCalledWith(
+        expect.stringContaining('Failed to parse JSON')
+      );
+      input.write('exit\n');
+      await new Promise((r) => setTimeout(r, 50));
+    } finally {
+      spySpawnSync.mockRestore();
+      spyWriteFileSync.mockRestore();
+      spyReadFileSync.mockRestore();
+      spyExistsSync.mockRestore();
+      spyUnlinkSync.mockRestore();
+    }
+  });
 });

package/src/runner/llm-adapter.test.ts

@@ -105,7 +105,9 @@ describe('AnthropicAdapter', () => {
     // @ts-ignore
     const fetchMock = global.fetch as MockFetch;
     // @ts-ignore
-    const [url, init] = fetchMock.mock.calls[0];
+    // @ts-ignore
+    // biome-ignore lint/suspicious/noExplicitAny: mock fetch init
+    const [url, init] = fetchMock.mock.calls[0] as [string, any];
 
     expect(url).toBe('https://api.anthropic.com/v1/messages');
     expect(init.headers['x-api-key']).toBe('fake-anthropic-key');
@@ -179,7 +181,8 @@ describe('AnthropicAdapter', () => {
     ]);
 
     // @ts-ignore
-    const init = global.fetch.mock.calls[0][1];
+    // biome-ignore lint/suspicious/noExplicitAny: mock fetch init
+    const init = global.fetch.mock.calls[0][1] as any;
     const body = JSON.parse(init.body);
     expect(body.messages[0].role).toBe('assistant');
     expect(body.messages[0].content).toHaveLength(2);
@@ -208,7 +211,8 @@ describe('AnthropicAdapter', () => {
     ]);
 
     // @ts-ignore
-    const init = global.fetch.mock.calls[0][1];
+    // biome-ignore lint/suspicious/noExplicitAny: mock fetch init
+    const init = global.fetch.mock.calls[0][1] as any;
     const body = JSON.parse(init.body);
     expect(body.messages[0].role).toBe('user');
     expect(body.messages[0].content[0]).toEqual({
@@ -255,7 +259,9 @@ describe('CopilotAdapter', () => {
     // @ts-ignore
     const fetchMock = global.fetch as MockFetch;
     // @ts-ignore
-    const [url, init] = fetchMock.mock.calls[0];
+    // @ts-ignore
+    // biome-ignore lint/suspicious/noExplicitAny: mock fetch init
+    const [url, init] = fetchMock.mock.calls[0] as [string, any];
     expect(url).toBe('https://api.githubcopilot.com/chat/completions');
     expect(init.headers.Authorization).toBe('Bearer mock-token');
     spy.mockRestore();

package/src/runner/llm-executor.ts

@@ -9,13 +9,14 @@ import { RedactionBuffer, Redactor } from '../utils/redactor';
 import { type LLMMessage, getAdapter } from './llm-adapter';
 import { MCPClient } from './mcp-client';
 import type { MCPManager, MCPServerConfig } from './mcp-manager';
+import { STANDARD_TOOLS, validateStandardToolSecurity } from './standard-tools';
 import type { StepResult } from './step-executor';
 
 interface ToolDefinition {
   name: string;
   description?: string;
   parameters: unknown;
-  source: 'agent' | 'step' | 'mcp';
+  source: 'agent' | 'step' | 'mcp' | 'standard';
   execution?: Step;
   mcpClient?: MCPClient;
 }
@@ -105,7 +106,24 @@ export async function executeLlmStep(
       }
     }
 
-    // 3. Add MCP tools
+    // 3. Add Standard tools
+    if (step.useStandardTools) {
+      for (const tool of STANDARD_TOOLS) {
+        allTools.push({
+          name: tool.name,
+          description: tool.description,
+          parameters: tool.parameters || {
+            type: 'object',
+            properties: {},
+            additionalProperties: true,
+          },
+          source: 'standard',
+          execution: tool.execution,
+        });
+      }
+    }
+
+    // 4. Add MCP tools
     const mcpServersToConnect: (string | MCPServerConfig)[] = [...(step.mcpServers || [])];
     if (step.useGlobalMcp && mcpManager) {
       const globalServers = mcpManager.getGlobalServers();
@@ -374,10 +392,28 @@ export async function executeLlmStep(
             });
           }
         } else if (toolInfo.execution) {
+          // Security validation for standard tools
+          if (toolInfo.source === 'standard') {
+            try {
+              validateStandardToolSecurity(toolInfo.name, args, {
+                allowOutsideCwd: step.allowOutsideCwd,
+                allowInsecure: step.allowInsecure,
+              });
+            } catch (error) {
+              messages.push({
+                role: 'tool',
+                tool_call_id: toolCall.id,
+                name: toolCall.function.name,
+                content: `Security Error: ${error instanceof Error ? error.message : String(error)}`,
+              });
+              continue;
+            }
+          }
+
           // Execute the tool as a step
           const toolContext: ExpressionContext = {
             ...context,
-            item: args, // Use item to pass args to tool execution
+            args, // Use args to pass parameters to tool execution
           };
 
           const result = await executeStepFn(toolInfo.execution, toolContext);

package/src/runner/shell-executor.ts

@@ -136,14 +136,11 @@ export async function executeShell(
   const cwd = step.dir ? ExpressionEvaluator.evaluateString(step.dir, context) : undefined;
   const mergedEnv = Object.keys(env).length > 0 ? { ...Bun.env, ...env } : Bun.env;
 
-  // Safe Fast Path: If command contains only safe characters (alphanumeric, -, _, ., /) and spaces,
-  // we can split it and execute directly without a shell.
-  // This completely eliminates shell injection risks for simple commands.
-  const isSimpleCommand = /^[a-zA-Z0-9_\-./]+(?: [a-zA-Z0-9_\-./]+)*$/.test(command);
+  // Shell metacharacters that require a real shell
+  const hasShellMetas = /[|&;<>`$!]/.test(command);
 
   // Common shell builtins that must run in a shell
-  const splitArgs = command.split(/\s+/);
-  const cmd = splitArgs[0];
+  const firstWord = command.trim().split(/\s+/)[0];
   const isBuiltin = [
     'exit',
     'cd',
@@ -155,19 +152,50 @@ export async function executeShell(
     'unalias',
     'eval',
     'set',
-  ].includes(cmd);
+    'true',
+    'false',
+  ].includes(firstWord);
+
+  const canUseSpawn = !hasShellMetas && !isBuiltin;
 
   try {
     let stdoutString = '';
     let stderrString = '';
     let exitCode = 0;
 
-    if (isSimpleCommand && !isBuiltin) {
-      // split by spaces
-      const args = splitArgs.slice(1);
-      if (!cmd) throw new Error('Empty command');
+    if (canUseSpawn) {
+      // Robust splitting that handles single and double quotes
+      const args: string[] = [];
+      let current = '';
+      let inQuote = false;
+      let quoteChar = '';
+
+      for (let i = 0; i < command.length; i++) {
+        const char = command[i];
+        if ((char === "'" || char === '"') && (i === 0 || command[i - 1] !== '\\')) {
+          if (inQuote && char === quoteChar) {
+            inQuote = false;
+            quoteChar = '';
+          } else if (!inQuote) {
+            inQuote = true;
+            quoteChar = char;
+          } else {
+            current += char;
+          }
+        } else if (/\s/.test(char) && !inQuote) {
+          if (current) {
+            args.push(current);
+            current = '';
+          }
+        } else {
+          current += char;
+        }
+      }
+      if (current) args.push(current);
+
+      if (args.length === 0) throw new Error('Empty command');
 
-      const proc = Bun.spawn([cmd, ...args], {
+      const proc = Bun.spawn(args, {
         cwd,
         env: mergedEnv,
         stdout: 'pipe',

package/src/runner/standard-tools-integration.test.ts

@@ -0,0 +1,147 @@
+import { afterAll, beforeAll, describe, expect, it, mock, spyOn } from 'bun:test';
+import type { ExpressionContext } from '../expression/evaluator';
+import type { LlmStep, Step } from '../parser/schema';
+import { ConsoleLogger } from '../utils/logger';
+import { OpenAIAdapter } from './llm-adapter';
+import { executeLlmStep } from './llm-executor';
+
+describe('Standard Tools Integration', () => {
+  const originalOpenAIChat = OpenAIAdapter.prototype.chat;
+
+  beforeAll(() => {
+    // Mocking OpenAI Adapter
+  });
+
+  afterAll(() => {
+    OpenAIAdapter.prototype.chat = originalOpenAIChat;
+  });
+
+  it('should inject standard tools when useStandardTools is true', async () => {
+    // biome-ignore lint/suspicious/noExplicitAny: mock
+    let capturedTools: any[] = [];
+
+    OpenAIAdapter.prototype.chat = mock(async (messages, options) => {
+      capturedTools = options.tools || [];
+      return {
+        message: {
+          role: 'assistant',
+          content: 'I will read the file',
+          tool_calls: [
+            {
+              id: 'call_1',
+              type: 'function',
+              function: {
+                name: 'read_file',
+                arguments: JSON.stringify({ path: 'test.txt' }),
+              },
+            },
+          ],
+        },
+        usage: { prompt_tokens: 10, completion_tokens: 10, total_tokens: 20 },
+        // biome-ignore lint/suspicious/noExplicitAny: mock
+      } as any;
+    });
+
+    const step: LlmStep = {
+      id: 'l1',
+      type: 'llm',
+      agent: 'test-agent',
+      needs: [],
+      prompt: 'read test.txt',
+      useStandardTools: true,
+      maxIterations: 1,
+    };
+
+    const context: ExpressionContext = { inputs: {}, steps: {} };
+    const executeStepFn = mock(async (s: Step) => {
+      return { status: 'success', output: 'file content' };
+    });
+
+    // We catch the "Max iterations reached" error because we set maxIterations to 1
+    // but we can still check if tools were injected and the tool call was made.
+    try {
+      // biome-ignore lint/suspicious/noExplicitAny: mock
+      await executeLlmStep(step, context, executeStepFn as any);
+    } catch (e) {
+      if ((e as Error).message !== 'Max ReAct iterations reached') throw e;
+    }
+
+    expect(capturedTools.some((t) => t.function.name === 'read_file')).toBe(true);
+    expect(executeStepFn).toHaveBeenCalled();
+    const toolStep = executeStepFn.mock.calls[0][0] as Step;
+    expect(toolStep.type).toBe('file');
+  });
+
+  it('should block risky standard tools without allowInsecure', async () => {
+    OpenAIAdapter.prototype.chat = mock(async (messages, options) => {
+      return {
+        message: {
+          role: 'assistant',
+          content: 'I will run a command',
+          tool_calls: [
+            {
+              id: 'call_2',
+              type: 'function',
+              function: {
+                name: 'run_command',
+                arguments: JSON.stringify({ command: 'rm -rf /' }),
+              },
+            },
+          ],
+        },
+        usage: { prompt_tokens: 10, completion_tokens: 10, total_tokens: 20 },
+        // biome-ignore lint/suspicious/noExplicitAny: mock
+      } as any;
+    });
+
+    const step: LlmStep = {
+      id: 'l1',
+      type: 'llm',
+      agent: 'test-agent',
+      needs: [],
+      prompt: 'run risky command',
+      useStandardTools: true,
+      allowInsecure: false, // Explicitly false
+      maxIterations: 2,
+    };
+
+    const context: ExpressionContext = { inputs: {}, steps: {} };
+    const executeStepFn = mock(async () => ({ status: 'success', output: '' }));
+
+    // The execution should not throw, but it should return a tool error message to the LLM
+    // However, in our mock, we want to see if executeStepFn was called.
+    // Actually, in llm-executor.ts, it pushes a "Security Error" message if check fails and continues loop.
+
+    let securityErrorMessage = '';
+    OpenAIAdapter.prototype.chat = mock(async (messages) => {
+      const lastMessage = messages[messages.length - 1];
+      if (lastMessage.role === 'tool') {
+        securityErrorMessage = lastMessage.content;
+        return {
+          message: { role: 'assistant', content: 'stop' },
+          usage: { prompt_tokens: 1, completion_tokens: 1, total_tokens: 2 },
+          // biome-ignore lint/suspicious/noExplicitAny: mock
+        } as any;
+      }
+      return {
+        message: {
+          role: 'assistant',
+          tool_calls: [
+            {
+              id: 'c2',
+              type: 'function',
+              function: { name: 'run_command', arguments: '{"command":"rm -rf /"}' },
+            },
+          ],
+        },
+        // biome-ignore lint/suspicious/noExplicitAny: mock
+      } as any;
+    });
+
+    // biome-ignore lint/suspicious/noExplicitAny: mock
+    await executeLlmStep(step, context, executeStepFn as any);
+
+    expect(securityErrorMessage).toContain('Security Error');
+    expect(executeStepFn).not.toHaveBeenCalled();
+  });
+});

package/src/runner/standard-tools.test.ts

@@ -0,0 +1,69 @@
+import { describe, expect, it } from 'bun:test';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import { STANDARD_TOOLS, validateStandardToolSecurity } from './standard-tools';
+
+describe('Standard Tools Security', () => {
+  const options = { allowOutsideCwd: false, allowInsecure: false };
+
+  it('should allow paths within CWD', () => {
+    expect(() => {
+      validateStandardToolSecurity('read_file', { path: 'src/cli.ts' }, options);
+    }).not.toThrow();
+    expect(() => {
+      validateStandardToolSecurity('search_files', { pattern: '**/*.ts', dir: 'src' }, options);
+    }).not.toThrow();
+  });
+
+  it('should block paths outside CWD by default', () => {
+    expect(() => {
+      validateStandardToolSecurity('read_file', { path: '../../etc/passwd' }, options);
+    }).toThrow(/Access denied/);
+    expect(() => {
+      validateStandardToolSecurity('read_file_lines', { path: '../../etc/passwd' }, options);
+    }).toThrow(/Access denied/);
+    expect(() => {
+      validateStandardToolSecurity('search_files', { pattern: '*', dir: '/etc' }, options);
+    }).toThrow(/Access denied/);
+  });
+
+  it('should allow paths outside CWD if allowOutsideCwd is true', () => {
+    expect(() => {
+      validateStandardToolSecurity(
+        'read_file',
+        { path: '../../etc/passwd' },
+        { allowOutsideCwd: true }
+      );
+    }).not.toThrow();
+  });
+
+  it('should block risky commands by default', () => {
+    expect(() => {
+      validateStandardToolSecurity('run_command', { command: 'ls; rm -rf /' }, options);
+    }).toThrow(/Security Error/);
+  });
+
+  it('should allow risky commands if allowInsecure is true', () => {
+    expect(() => {
+      validateStandardToolSecurity(
+        'run_command',
+        { command: 'ls; rm -rf /' },
+        { allowInsecure: true }
+      );
+    }).not.toThrow();
+  });
+});
+
+describe('Standard Tools Definition', () => {
+  it('should have read_file tool', () => {
+    const readTool = STANDARD_TOOLS.find((t) => t.name === 'read_file');
+    expect(readTool).toBeDefined();
+    expect(readTool?.execution?.type).toBe('file');
+  });
+
+  it('should have list_files tool with script execution', () => {
+    const listTool = STANDARD_TOOLS.find((t) => t.name === 'list_files');
+    expect(listTool).toBeDefined();
+    expect(listTool?.execution?.type).toBe('script');
+  });
+});