amd-gaia 0.15.0__py3-none-any.whl → 0.15.2__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (185) hide show
  1. {amd_gaia-0.15.0.dist-info → amd_gaia-0.15.2.dist-info}/METADATA +222 -223
  2. amd_gaia-0.15.2.dist-info/RECORD +182 -0
  3. {amd_gaia-0.15.0.dist-info → amd_gaia-0.15.2.dist-info}/WHEEL +1 -1
  4. {amd_gaia-0.15.0.dist-info → amd_gaia-0.15.2.dist-info}/entry_points.txt +1 -0
  5. {amd_gaia-0.15.0.dist-info → amd_gaia-0.15.2.dist-info}/licenses/LICENSE.md +20 -20
  6. gaia/__init__.py +29 -29
  7. gaia/agents/__init__.py +19 -19
  8. gaia/agents/base/__init__.py +9 -9
  9. gaia/agents/base/agent.py +2132 -2177
  10. gaia/agents/base/api_agent.py +119 -120
  11. gaia/agents/base/console.py +1967 -1841
  12. gaia/agents/base/errors.py +237 -237
  13. gaia/agents/base/mcp_agent.py +86 -86
  14. gaia/agents/base/tools.py +88 -83
  15. gaia/agents/blender/__init__.py +7 -0
  16. gaia/agents/blender/agent.py +553 -556
  17. gaia/agents/blender/agent_simple.py +133 -135
  18. gaia/agents/blender/app.py +211 -211
  19. gaia/agents/blender/app_simple.py +41 -41
  20. gaia/agents/blender/core/__init__.py +16 -16
  21. gaia/agents/blender/core/materials.py +506 -506
  22. gaia/agents/blender/core/objects.py +316 -316
  23. gaia/agents/blender/core/rendering.py +225 -225
  24. gaia/agents/blender/core/scene.py +220 -220
  25. gaia/agents/blender/core/view.py +146 -146
  26. gaia/agents/chat/__init__.py +9 -9
  27. gaia/agents/chat/agent.py +809 -835
  28. gaia/agents/chat/app.py +1065 -1058
  29. gaia/agents/chat/session.py +508 -508
  30. gaia/agents/chat/tools/__init__.py +15 -15
  31. gaia/agents/chat/tools/file_tools.py +96 -96
  32. gaia/agents/chat/tools/rag_tools.py +1744 -1729
  33. gaia/agents/chat/tools/shell_tools.py +437 -436
  34. gaia/agents/code/__init__.py +7 -7
  35. gaia/agents/code/agent.py +549 -549
  36. gaia/agents/code/cli.py +377 -0
  37. gaia/agents/code/models.py +135 -135
  38. gaia/agents/code/orchestration/__init__.py +24 -24
  39. gaia/agents/code/orchestration/checklist_executor.py +1763 -1763
  40. gaia/agents/code/orchestration/checklist_generator.py +713 -713
  41. gaia/agents/code/orchestration/factories/__init__.py +9 -9
  42. gaia/agents/code/orchestration/factories/base.py +63 -63
  43. gaia/agents/code/orchestration/factories/nextjs_factory.py +118 -118
  44. gaia/agents/code/orchestration/factories/python_factory.py +106 -106
  45. gaia/agents/code/orchestration/orchestrator.py +841 -841
  46. gaia/agents/code/orchestration/project_analyzer.py +391 -391
  47. gaia/agents/code/orchestration/steps/__init__.py +67 -67
  48. gaia/agents/code/orchestration/steps/base.py +188 -188
  49. gaia/agents/code/orchestration/steps/error_handler.py +314 -314
  50. gaia/agents/code/orchestration/steps/nextjs.py +828 -828
  51. gaia/agents/code/orchestration/steps/python.py +307 -307
  52. gaia/agents/code/orchestration/template_catalog.py +469 -469
  53. gaia/agents/code/orchestration/workflows/__init__.py +14 -14
  54. gaia/agents/code/orchestration/workflows/base.py +80 -80
  55. gaia/agents/code/orchestration/workflows/nextjs.py +186 -186
  56. gaia/agents/code/orchestration/workflows/python.py +94 -94
  57. gaia/agents/code/prompts/__init__.py +11 -11
  58. gaia/agents/code/prompts/base_prompt.py +77 -77
  59. gaia/agents/code/prompts/code_patterns.py +2034 -2036
  60. gaia/agents/code/prompts/nextjs_prompt.py +40 -40
  61. gaia/agents/code/prompts/python_prompt.py +109 -109
  62. gaia/agents/code/schema_inference.py +365 -365
  63. gaia/agents/code/system_prompt.py +41 -41
  64. gaia/agents/code/tools/__init__.py +42 -42
  65. gaia/agents/code/tools/cli_tools.py +1138 -1138
  66. gaia/agents/code/tools/code_formatting.py +319 -319
  67. gaia/agents/code/tools/code_tools.py +769 -769
  68. gaia/agents/code/tools/error_fixing.py +1347 -1347
  69. gaia/agents/code/tools/external_tools.py +180 -180
  70. gaia/agents/code/tools/file_io.py +845 -845
  71. gaia/agents/code/tools/prisma_tools.py +190 -190
  72. gaia/agents/code/tools/project_management.py +1016 -1016
  73. gaia/agents/code/tools/testing.py +321 -321
  74. gaia/agents/code/tools/typescript_tools.py +122 -122
  75. gaia/agents/code/tools/validation_parsing.py +461 -461
  76. gaia/agents/code/tools/validation_tools.py +806 -806
  77. gaia/agents/code/tools/web_dev_tools.py +1758 -1758
  78. gaia/agents/code/validators/__init__.py +16 -16
  79. gaia/agents/code/validators/antipattern_checker.py +241 -241
  80. gaia/agents/code/validators/ast_analyzer.py +197 -197
  81. gaia/agents/code/validators/requirements_validator.py +145 -145
  82. gaia/agents/code/validators/syntax_validator.py +171 -171
  83. gaia/agents/docker/__init__.py +7 -7
  84. gaia/agents/docker/agent.py +643 -642
  85. gaia/agents/emr/__init__.py +8 -8
  86. gaia/agents/emr/agent.py +1504 -1506
  87. gaia/agents/emr/cli.py +1322 -1322
  88. gaia/agents/emr/constants.py +475 -475
  89. gaia/agents/emr/dashboard/__init__.py +4 -4
  90. gaia/agents/emr/dashboard/server.py +1972 -1974
  91. gaia/agents/jira/__init__.py +11 -11
  92. gaia/agents/jira/agent.py +894 -894
  93. gaia/agents/jira/jql_templates.py +299 -299
  94. gaia/agents/routing/__init__.py +7 -7
  95. gaia/agents/routing/agent.py +567 -570
  96. gaia/agents/routing/system_prompt.py +75 -75
  97. gaia/agents/summarize/__init__.py +11 -0
  98. gaia/agents/summarize/agent.py +885 -0
  99. gaia/agents/summarize/prompts.py +129 -0
  100. gaia/api/__init__.py +23 -23
  101. gaia/api/agent_registry.py +238 -238
  102. gaia/api/app.py +305 -305
  103. gaia/api/openai_server.py +575 -575
  104. gaia/api/schemas.py +186 -186
  105. gaia/api/sse_handler.py +373 -373
  106. gaia/apps/__init__.py +4 -4
  107. gaia/apps/llm/__init__.py +6 -6
  108. gaia/apps/llm/app.py +184 -169
  109. gaia/apps/summarize/app.py +116 -633
  110. gaia/apps/summarize/html_viewer.py +133 -133
  111. gaia/apps/summarize/pdf_formatter.py +284 -284
  112. gaia/audio/__init__.py +2 -2
  113. gaia/audio/audio_client.py +439 -439
  114. gaia/audio/audio_recorder.py +269 -269
  115. gaia/audio/kokoro_tts.py +599 -599
  116. gaia/audio/whisper_asr.py +432 -432
  117. gaia/chat/__init__.py +16 -16
  118. gaia/chat/app.py +428 -430
  119. gaia/chat/prompts.py +522 -522
  120. gaia/chat/sdk.py +1228 -1225
  121. gaia/cli.py +5659 -5632
  122. gaia/database/__init__.py +10 -10
  123. gaia/database/agent.py +176 -176
  124. gaia/database/mixin.py +290 -290
  125. gaia/database/testing.py +64 -64
  126. gaia/eval/batch_experiment.py +2332 -2332
  127. gaia/eval/claude.py +542 -542
  128. gaia/eval/config.py +37 -37
  129. gaia/eval/email_generator.py +512 -512
  130. gaia/eval/eval.py +3179 -3179
  131. gaia/eval/groundtruth.py +1130 -1130
  132. gaia/eval/transcript_generator.py +582 -582
  133. gaia/eval/webapp/README.md +167 -167
  134. gaia/eval/webapp/package-lock.json +875 -875
  135. gaia/eval/webapp/package.json +20 -20
  136. gaia/eval/webapp/public/app.js +3402 -3402
  137. gaia/eval/webapp/public/index.html +87 -87
  138. gaia/eval/webapp/public/styles.css +3661 -3661
  139. gaia/eval/webapp/server.js +415 -415
  140. gaia/eval/webapp/test-setup.js +72 -72
  141. gaia/installer/__init__.py +23 -0
  142. gaia/installer/init_command.py +1275 -0
  143. gaia/installer/lemonade_installer.py +619 -0
  144. gaia/llm/__init__.py +10 -2
  145. gaia/llm/base_client.py +60 -0
  146. gaia/llm/exceptions.py +12 -0
  147. gaia/llm/factory.py +70 -0
  148. gaia/llm/lemonade_client.py +3421 -3221
  149. gaia/llm/lemonade_manager.py +294 -294
  150. gaia/llm/providers/__init__.py +9 -0
  151. gaia/llm/providers/claude.py +108 -0
  152. gaia/llm/providers/lemonade.py +118 -0
  153. gaia/llm/providers/openai_provider.py +79 -0
  154. gaia/llm/vlm_client.py +382 -382
  155. gaia/logger.py +189 -189
  156. gaia/mcp/agent_mcp_server.py +245 -245
  157. gaia/mcp/blender_mcp_client.py +138 -138
  158. gaia/mcp/blender_mcp_server.py +648 -648
  159. gaia/mcp/context7_cache.py +332 -332
  160. gaia/mcp/external_services.py +518 -518
  161. gaia/mcp/mcp_bridge.py +811 -550
  162. gaia/mcp/servers/__init__.py +6 -6
  163. gaia/mcp/servers/docker_mcp.py +83 -83
  164. gaia/perf_analysis.py +361 -0
  165. gaia/rag/__init__.py +10 -10
  166. gaia/rag/app.py +293 -293
  167. gaia/rag/demo.py +304 -304
  168. gaia/rag/pdf_utils.py +235 -235
  169. gaia/rag/sdk.py +2194 -2194
  170. gaia/security.py +183 -163
  171. gaia/talk/app.py +287 -289
  172. gaia/talk/sdk.py +538 -538
  173. gaia/testing/__init__.py +87 -87
  174. gaia/testing/assertions.py +330 -330
  175. gaia/testing/fixtures.py +333 -333
  176. gaia/testing/mocks.py +493 -493
  177. gaia/util.py +46 -46
  178. gaia/utils/__init__.py +33 -33
  179. gaia/utils/file_watcher.py +675 -675
  180. gaia/utils/parsing.py +223 -223
  181. gaia/version.py +100 -100
  182. amd_gaia-0.15.0.dist-info/RECORD +0 -168
  183. gaia/agents/code/app.py +0 -266
  184. gaia/llm/llm_client.py +0 -723
  185. {amd_gaia-0.15.0.dist-info → amd_gaia-0.15.2.dist-info}/top_level.txt +0 -0
gaia/agents/chat/tools/shell_tools.py CHANGED
@@ -1,436 +1,437 @@
1
- # Copyright(C) 2025-2026 Advanced Micro Devices, Inc. All rights reserved.
2
- # SPDX-License-Identifier: MIT
3
- """
4
- Shell Tools Mixin for Chat Agent.
5
-
6
- Provides shell command execution capabilities for file operations and system queries.
7
- """
8
-
9
- import logging
10
- import os
11
- import shlex
12
- import subprocess
13
- import time
14
- from collections import deque
15
- from datetime import datetime
16
- from pathlib import Path
17
- from typing import Any, Dict, Optional
18
-
19
- logger = logging.getLogger(__name__)
20
-
21
-
22
- class ShellToolsMixin:
23
- """
24
- Mixin providing shell command execution tools with rate limiting.
25
-
26
- Tools provided:
27
- - run_shell_command: Execute terminal commands with timeout and safety checks
28
-
29
- Rate Limiting:
30
- - Max 10 commands per minute to prevent DOS
31
- - Max 3 commands per 10 seconds for burst prevention
32
- """
33
-
34
- def __init__(self, *args, **kwargs):
35
- """Initialize shell tools with rate limiting."""
36
- super().__init__(*args, **kwargs)
37
-
38
- # Rate limiting configuration
39
- self.shell_command_times = deque(maxlen=100) # Track last 100 command times
40
- self.max_commands_per_minute = 10
41
- self.max_commands_per_10_seconds = 3
42
-
43
- def _check_rate_limit(self) -> tuple:
44
- """
45
- Check if rate limit allows another command.
46
-
47
- Returns:
48
- (allowed: bool, reason: str, wait_time: float)
49
- """
50
- # Initialize if not already done (defensive programming)
51
- if not hasattr(self, "shell_command_times"):
52
- self.shell_command_times = deque(maxlen=100)
53
- self.max_commands_per_minute = 10
54
- self.max_commands_per_10_seconds = 3
55
-
56
- current_time = time.time()
57
-
58
- # Remove old timestamps outside the window
59
- minute_ago = current_time - 60
60
- ten_sec_ago = current_time - 10
61
-
62
- # Count recent commands
63
- recent_minute = sum(1 for t in self.shell_command_times if t > minute_ago)
64
- recent_10_sec = sum(1 for t in self.shell_command_times if t > ten_sec_ago)
65
-
66
- # Check 10-second burst limit
67
- if recent_10_sec >= self.max_commands_per_10_seconds:
68
- recent_times = [t for t in self.shell_command_times if t > ten_sec_ago]
69
- if recent_times:
70
- oldest_in_window = min(recent_times)
71
- wait_time = 10 - (current_time - oldest_in_window)
72
- else:
73
- wait_time = 10.0
74
- return (
75
- False,
76
- f"Rate limit: max {self.max_commands_per_10_seconds} commands per 10 seconds. Wait {wait_time:.1f}s",
77
- wait_time,
78
- )
79
-
80
- # Check 1-minute limit
81
- if recent_minute >= self.max_commands_per_minute:
82
- recent_times = [t for t in self.shell_command_times if t > minute_ago]
83
- if recent_times:
84
- oldest_in_window = min(recent_times)
85
- wait_time = 60 - (current_time - oldest_in_window)
86
- else:
87
- wait_time = 60.0
88
- return (
89
- False,
90
- f"Rate limit: max {self.max_commands_per_minute} commands per minute. Wait {wait_time:.1f}s",
91
- wait_time,
92
- )
93
-
94
- return True, "", 0.0
95
-
96
- def _record_command_execution(self):
97
- """Record command execution timestamp for rate limiting."""
98
- self.shell_command_times.append(time.time())
99
-
100
- def register_shell_tools(self) -> None:
101
- """Register shell command execution tools."""
102
- from gaia.agents.base.tools import tool
103
-
104
- @tool(
105
- name="run_shell_command",
106
- description="Execute a shell/terminal command. Useful for listing directories (ls/dir), checking files (cat, stat), finding files (find), text processing (grep, head, tail), and navigation (pwd).",
107
- parameters={
108
- "command": {
109
- "type": "str",
110
- "description": "The shell command to execute (e.g., 'ls -la', 'pwd', 'cat file.txt')",
111
- "required": True,
112
- },
113
- "working_directory": {
114
- "type": "str",
115
- "description": "Directory to run the command in (defaults to current directory)",
116
- "required": False,
117
- },
118
- "timeout": {
119
- "type": "int",
120
- "description": "Timeout in seconds (default: 30)",
121
- "required": False,
122
- },
123
- },
124
- )
125
- def run_shell_command(
126
- command: str, working_directory: Optional[str] = None, timeout: int = 30
127
- ) -> Dict[str, Any]:
128
- """
129
- Execute a shell command and return the output.
130
-
131
- Args:
132
- command: Shell command to execute
133
- working_directory: Directory to run command in
134
- timeout: Maximum execution time in seconds
135
-
136
- Returns:
137
- Dictionary with status, output, and error information
138
- """
139
- try:
140
- # Check rate limits first to prevent DOS
141
- allowed, reason, wait_time = self._check_rate_limit()
142
- if not allowed:
143
- return {
144
- "status": "error",
145
- "error": f"{reason}. Please wait {wait_time:.1f} seconds.",
146
- "has_errors": True,
147
- "rate_limited": True,
148
- "wait_time_seconds": wait_time,
149
- "hint": "Rate limiting prevents excessive command execution",
150
- }
151
-
152
- # Validate working directory if specified
153
- if working_directory:
154
- if not os.path.exists(working_directory):
155
- return {
156
- "status": "error",
157
- "error": f"Working directory not found: {working_directory}",
158
- "has_errors": True,
159
- }
160
-
161
- if not os.path.isdir(working_directory):
162
- return {
163
- "status": "error",
164
- "error": f"Path is not a directory: {working_directory}",
165
- "has_errors": True,
166
- }
167
-
168
- # Validate path is allowed
169
- # Use PathValidator if available (ChatAgent), otherwise fallback or skip
170
- if hasattr(self, "path_validator"):
171
- if not self.path_validator.is_path_allowed(working_directory):
172
- return {
173
- "status": "error",
174
- "error": f"Access denied: {working_directory} is not in allowed paths",
175
- "has_errors": True,
176
- }
177
- elif hasattr(self, "_is_path_allowed"):
178
- # Backward compatibility
179
- if not self._is_path_allowed(working_directory):
180
- return {
181
- "status": "error",
182
- "error": f"Access denied: {working_directory} is not in allowed paths",
183
- "has_errors": True,
184
- }
185
-
186
- cwd = str(Path(working_directory).resolve())
187
- else:
188
- cwd = str(Path.cwd())
189
-
190
- # Parse command safely
191
- try:
192
- cmd_parts = shlex.split(command)
193
- except ValueError as e:
194
- return {
195
- "status": "error",
196
- "error": f"Invalid command syntax: {e}",
197
- "has_errors": True,
198
- }
199
-
200
- if not cmd_parts:
201
- return {
202
- "status": "error",
203
- "error": "Empty command",
204
- "has_errors": True,
205
- }
206
-
207
- # Validate arguments for path traversal
208
- # This prevents "cat ../secret.txt" even if "cat" is allowed
209
- if hasattr(self, "path_validator"):
210
- for arg in cmd_parts[1:]:
211
- # Skip flags that don't look like paths (simple heuristics)
212
- # We check for path separators or ".."
213
- # We also handle --flag=/path/to/file
214
-
215
- candidate_path = arg
216
- if arg.startswith("-"):
217
- if "=" in arg:
218
- _, candidate_path = arg.split("=", 1)
219
- else:
220
- # Skip flags without value (e.g. -l, --verbose)
221
- # But what about -f/path? Hard to parse without knowing the tool.
222
- # We'll assume if it has a path separator, it might be a path attached to a flag
223
- if os.sep not in arg and "/" not in arg:
224
- continue
225
- # If it has separators, treat the whole thing or part of it as path?
226
- # Treating "-f/tmp" as a path "/tmp" is hard.
227
- # Let's be conservative: if it contains separators, check it.
228
-
229
- # Check if it looks like a path
230
- if (
231
- os.sep in candidate_path
232
- or "/" in candidate_path
233
- or ".." in candidate_path
234
- ):
235
- # Ignore URLs
236
- if candidate_path.startswith(
237
- ("http://", "https://", "git://", "ssh://")
238
- ):
239
- continue
240
-
241
- # Resolve path relative to CWD
242
- try:
243
- # Handle potential flag prefix if we didn't split it cleanly
244
- # This is best-effort.
245
- clean_path = candidate_path
246
-
247
- # Resolve
248
- resolved_path = str(
249
- Path(cwd).joinpath(clean_path).resolve()
250
- )
251
-
252
- if not self.path_validator.is_path_allowed(
253
- resolved_path
254
- ):
255
- return {
256
- "status": "error",
257
- "error": f"Access denied: Argument '{arg}' resolves to forbidden path '{resolved_path}'",
258
- "has_errors": True,
259
- }
260
- except Exception:
261
- # If we can't resolve it (e.g. invalid chars), we might warn or ignore.
262
- # For security, maybe ignore if it's not a valid path anyway?
263
- pass
264
-
265
- # Security: WHITELIST approach - only allow explicitly safe commands
266
- # This is much safer than a blacklist which always misses dangerous commands
267
- ALLOWED_COMMANDS = {
268
- # File listing and navigation (READ-ONLY)
269
- "ls",
270
- "dir",
271
- "pwd",
272
- "cd",
273
- # File content viewing (READ-ONLY)
274
- "cat",
275
- "head",
276
- "tail",
277
- "more",
278
- "less",
279
- # Text processing (READ-ONLY)
280
- "grep",
281
- "find",
282
- "wc",
283
- "sort",
284
- "uniq",
285
- "diff",
286
- # File information (READ-ONLY)
287
- "file",
288
- "stat",
289
- "du",
290
- "df",
291
- # System information (READ-ONLY)
292
- "whoami",
293
- "hostname",
294
- "uname",
295
- "date",
296
- "uptime",
297
- # Path utilities
298
- "which",
299
- "whereis",
300
- "basename",
301
- "dirname",
302
- # Safe output
303
- "echo",
304
- "printf",
305
- # Process information (READ-ONLY)
306
- "ps",
307
- "top",
308
- "jobs",
309
- # Git commands (mostly safe, read-only operations)
310
- "git", # Individual git subcommands checked separately
311
- }
312
-
313
- cmd_base = cmd_parts[0].lower()
314
-
315
- # Special handling for git - only allow read-only operations
316
- if cmd_base == "git":
317
- if len(cmd_parts) > 1:
318
- git_subcmd = cmd_parts[1].lower()
319
- safe_git_commands = {
320
- "status",
321
- "log",
322
- "show",
323
- "diff",
324
- "branch",
325
- "remote",
326
- "ls-files",
327
- "ls-tree",
328
- "describe",
329
- "rev-parse",
330
- "config",
331
- "help",
332
- }
333
- if git_subcmd not in safe_git_commands:
334
- return {
335
- "status": "error",
336
- "error": f"Git command '{git_subcmd}' is not allowed. Only read-only git operations are permitted.",
337
- "has_errors": True,
338
- "allowed_git_commands": list(safe_git_commands),
339
- }
340
- elif cmd_base not in ALLOWED_COMMANDS:
341
- return {
342
- "status": "error",
343
- "error": f"Command '{cmd_base}' is not in the allowed list for security reasons",
344
- "has_errors": True,
345
- "hint": "Only read-only, informational commands are allowed",
346
- "examples": "ls, cat, grep, find, git status, etc.",
347
- }
348
-
349
- # Log command execution (debug mode)
350
- if hasattr(self, "debug") and self.debug:
351
- logger.info(f"Executing command: {command} in {cwd}")
352
-
353
- # Execute command
354
- start_time = datetime.utcnow()
355
- try:
356
- result = subprocess.run(
357
- cmd_parts,
358
- cwd=cwd,
359
- capture_output=True,
360
- text=True,
361
- timeout=timeout,
362
- check=False,
363
- env=os.environ.copy(),
364
- )
365
- duration = (datetime.utcnow() - start_time).total_seconds()
366
-
367
- # Record successful command execution for rate limiting
368
- self._record_command_execution()
369
- except subprocess.TimeoutExpired as exc:
370
- duration = (datetime.utcnow() - start_time).total_seconds()
371
-
372
- # Handle timeout gracefully
373
- stdout_str = ""
374
- stderr_str = ""
375
- if exc.stdout:
376
- stdout_str = (
377
- exc.stdout
378
- if isinstance(exc.stdout, str)
379
- else exc.stdout.decode("utf-8", errors="replace")
380
- )
381
- if exc.stderr:
382
- stderr_str = (
383
- exc.stderr
384
- if isinstance(exc.stderr, str)
385
- else exc.stderr.decode("utf-8", errors="replace")
386
- )
387
-
388
- return {
389
- "status": "error",
390
- "error": f"Command timed out after {timeout} seconds",
391
- "command": command,
392
- "stdout": stdout_str,
393
- "stderr": stderr_str,
394
- "has_errors": True,
395
- "timed_out": True,
396
- "timeout": timeout,
397
- "duration_seconds": duration,
398
- "cwd": cwd,
399
- }
400
-
401
- # Capture and truncate output if too long
402
- stdout = result.stdout or ""
403
- stderr = result.stderr or ""
404
- truncated = False
405
- max_output = 10_000
406
-
407
- if len(stdout) > max_output:
408
- stdout = stdout[:max_output] + "\n...output truncated (stdout)..."
409
- truncated = True
410
-
411
- if len(stderr) > max_output:
412
- stderr = stderr[:max_output] + "\n...output truncated (stderr)..."
413
- truncated = True
414
-
415
- # Debug logging
416
- if hasattr(self, "debug") and self.debug:
417
- logger.info(
418
- f"Command completed in {duration:.2f}s with return code {result.returncode}"
419
- )
420
-
421
- return {
422
- "status": "success",
423
- "command": command,
424
- "stdout": stdout,
425
- "stderr": stderr,
426
- "return_code": result.returncode,
427
- "has_errors": result.returncode != 0,
428
- "duration_seconds": duration,
429
- "timeout": timeout,
430
- "cwd": cwd,
431
- "output_truncated": truncated,
432
- }
433
-
434
- except Exception as exc:
435
- logger.error(f"Error executing shell command: {exc}")
436
- return {"status": "error", "error": str(exc), "has_errors": True}
1
+ # Copyright(C) 2025-2026 Advanced Micro Devices, Inc. All rights reserved.
2
+ # SPDX-License-Identifier: MIT
3
+ """
4
+ Shell Tools Mixin for Chat Agent.
5
+
6
+ Provides shell command execution capabilities for file operations and system queries.
7
+ """
8
+
9
+ import logging
10
+ import os
11
+ import shlex
12
+ import subprocess
13
+ import time
14
+ from collections import deque
15
+ from datetime import datetime
16
+ from pathlib import Path
17
+ from typing import Any, Dict, Optional
18
+
19
+ logger = logging.getLogger(__name__)
20
+
21
+
22
+ class ShellToolsMixin:
23
+ """
24
+ Mixin providing shell command execution tools with rate limiting.
25
+
26
+ Tools provided:
27
+ - run_shell_command: Execute terminal commands with timeout and safety checks
28
+
29
+ Rate Limiting:
30
+ - Max 10 commands per minute to prevent DOS
31
+ - Max 3 commands per 10 seconds for burst prevention
32
+ """
33
+
34
+ def __init__(self, *args, **kwargs):
35
+ """Initialize shell tools with rate limiting."""
36
+ super().__init__(*args, **kwargs)
37
+
38
+ # Rate limiting configuration
39
+ self.shell_command_times = deque(maxlen=100) # Track last 100 command times
40
+ self.max_commands_per_minute = 10
41
+ self.max_commands_per_10_seconds = 3
42
+
43
+ def _check_rate_limit(self) -> tuple:
44
+ """
45
+ Check if rate limit allows another command.
46
+
47
+ Returns:
48
+ (allowed: bool, reason: str, wait_time: float)
49
+ """
50
+ # Initialize if not already done (defensive programming)
51
+ if not hasattr(self, "shell_command_times"):
52
+ self.shell_command_times = deque(maxlen=100)
53
+ self.max_commands_per_minute = 10
54
+ self.max_commands_per_10_seconds = 3
55
+
56
+ current_time = time.time()
57
+
58
+ # Remove old timestamps outside the window
59
+ minute_ago = current_time - 60
60
+ ten_sec_ago = current_time - 10
61
+
62
+ # Count recent commands
63
+ recent_minute = sum(1 for t in self.shell_command_times if t > minute_ago)
64
+ recent_10_sec = sum(1 for t in self.shell_command_times if t > ten_sec_ago)
65
+
66
+ # Check 10-second burst limit
67
+ if recent_10_sec >= self.max_commands_per_10_seconds:
68
+ recent_times = [t for t in self.shell_command_times if t > ten_sec_ago]
69
+ if recent_times:
70
+ oldest_in_window = min(recent_times)
71
+ wait_time = 10 - (current_time - oldest_in_window)
72
+ else:
73
+ wait_time = 10.0
74
+ return (
75
+ False,
76
+ f"Rate limit: max {self.max_commands_per_10_seconds} commands per 10 seconds. Wait {wait_time:.1f}s",
77
+ wait_time,
78
+ )
79
+
80
+ # Check 1-minute limit
81
+ if recent_minute >= self.max_commands_per_minute:
82
+ recent_times = [t for t in self.shell_command_times if t > minute_ago]
83
+ if recent_times:
84
+ oldest_in_window = min(recent_times)
85
+ wait_time = 60 - (current_time - oldest_in_window)
86
+ else:
87
+ wait_time = 60.0
88
+ return (
89
+ False,
90
+ f"Rate limit: max {self.max_commands_per_minute} commands per minute. Wait {wait_time:.1f}s",
91
+ wait_time,
92
+ )
93
+
94
+ return True, "", 0.0
95
+
96
+ def _record_command_execution(self):
97
+ """Record command execution timestamp for rate limiting."""
98
+ self.shell_command_times.append(time.time())
99
+
100
+ def register_shell_tools(self) -> None:
101
+ """Register shell command execution tools."""
102
+ from gaia.agents.base.tools import tool
103
+
104
+ @tool(
105
+ atomic=True,
106
+ name="run_shell_command",
107
+ description="Execute a shell/terminal command. Useful for listing directories (ls/dir), checking files (cat, stat), finding files (find), text processing (grep, head, tail), and navigation (pwd).",
108
+ parameters={
109
+ "command": {
110
+ "type": "str",
111
+ "description": "The shell command to execute (e.g., 'ls -la', 'pwd', 'cat file.txt')",
112
+ "required": True,
113
+ },
114
+ "working_directory": {
115
+ "type": "str",
116
+ "description": "Directory to run the command in (defaults to current directory)",
117
+ "required": False,
118
+ },
119
+ "timeout": {
120
+ "type": "int",
121
+ "description": "Timeout in seconds (default: 30)",
122
+ "required": False,
123
+ },
124
+ },
125
+ )
126
+ def run_shell_command(
127
+ command: str, working_directory: Optional[str] = None, timeout: int = 30
128
+ ) -> Dict[str, Any]:
129
+ """
130
+ Execute a shell command and return the output.
131
+
132
+ Args:
133
+ command: Shell command to execute
134
+ working_directory: Directory to run command in
135
+ timeout: Maximum execution time in seconds
136
+
137
+ Returns:
138
+ Dictionary with status, output, and error information
139
+ """
140
+ try:
141
+ # Check rate limits first to prevent DOS
142
+ allowed, reason, wait_time = self._check_rate_limit()
143
+ if not allowed:
144
+ return {
145
+ "status": "error",
146
+ "error": f"{reason}. Please wait {wait_time:.1f} seconds.",
147
+ "has_errors": True,
148
+ "rate_limited": True,
149
+ "wait_time_seconds": wait_time,
150
+ "hint": "Rate limiting prevents excessive command execution",
151
+ }
152
+
153
+ # Validate working directory if specified
154
+ if working_directory:
155
+ if not os.path.exists(working_directory):
156
+ return {
157
+ "status": "error",
158
+ "error": f"Working directory not found: {working_directory}",
159
+ "has_errors": True,
160
+ }
161
+
162
+ if not os.path.isdir(working_directory):
163
+ return {
164
+ "status": "error",
165
+ "error": f"Path is not a directory: {working_directory}",
166
+ "has_errors": True,
167
+ }
168
+
169
+ # Validate path is allowed
170
+ # Use PathValidator if available (ChatAgent), otherwise fallback or skip
171
+ if hasattr(self, "path_validator"):
172
+ if not self.path_validator.is_path_allowed(working_directory):
173
+ return {
174
+ "status": "error",
175
+ "error": f"Access denied: {working_directory} is not in allowed paths",
176
+ "has_errors": True,
177
+ }
178
+ elif hasattr(self, "_is_path_allowed"):
179
+ # Backward compatibility
180
+ if not self._is_path_allowed(working_directory):
181
+ return {
182
+ "status": "error",
183
+ "error": f"Access denied: {working_directory} is not in allowed paths",
184
+ "has_errors": True,
185
+ }
186
+
187
+ cwd = str(Path(working_directory).resolve())
188
+ else:
189
+ cwd = str(Path.cwd())
190
+
191
+ # Parse command safely
192
+ try:
193
+ cmd_parts = shlex.split(command)
194
+ except ValueError as e:
195
+ return {
196
+ "status": "error",
197
+ "error": f"Invalid command syntax: {e}",
198
+ "has_errors": True,
199
+ }
200
+
201
+ if not cmd_parts:
202
+ return {
203
+ "status": "error",
204
+ "error": "Empty command",
205
+ "has_errors": True,
206
+ }
207
+
208
+ # Validate arguments for path traversal
209
+ # This prevents "cat ../secret.txt" even if "cat" is allowed
210
+ if hasattr(self, "path_validator"):
211
+ for arg in cmd_parts[1:]:
212
+ # Skip flags that don't look like paths (simple heuristics)
213
+ # We check for path separators or ".."
214
+ # We also handle --flag=/path/to/file
215
+
216
+ candidate_path = arg
217
+ if arg.startswith("-"):
218
+ if "=" in arg:
219
+ _, candidate_path = arg.split("=", 1)
220
+ else:
221
+ # Skip flags without value (e.g. -l, --verbose)
222
+ # But what about -f/path? Hard to parse without knowing the tool.
223
+ # We'll assume if it has a path separator, it might be a path attached to a flag
224
+ if os.sep not in arg and "/" not in arg:
225
+ continue
226
+ # If it has separators, treat the whole thing or part of it as path?
227
+ # Treating "-f/tmp" as a path "/tmp" is hard.
228
+ # Let's be conservative: if it contains separators, check it.
229
+
230
+ # Check if it looks like a path
231
+ if (
232
+ os.sep in candidate_path
233
+ or "/" in candidate_path
234
+ or ".." in candidate_path
235
+ ):
236
+ # Ignore URLs
237
+ if candidate_path.startswith(
238
+ ("http://", "https://", "git://", "ssh://")
239
+ ):
240
+ continue
241
+
242
+ # Resolve path relative to CWD
243
+ try:
244
+ # Handle potential flag prefix if we didn't split it cleanly
245
+ # This is best-effort.
246
+ clean_path = candidate_path
247
+
248
+ # Resolve
249
+ resolved_path = str(
250
+ Path(cwd).joinpath(clean_path).resolve()
251
+ )
252
+
253
+ if not self.path_validator.is_path_allowed(
254
+ resolved_path
255
+ ):
256
+ return {
257
+ "status": "error",
258
+ "error": f"Access denied: Argument '{arg}' resolves to forbidden path '{resolved_path}'",
259
+ "has_errors": True,
260
+ }
261
+ except Exception:
262
+ # If we can't resolve it (e.g. invalid chars), we might warn or ignore.
263
+ # For security, maybe ignore if it's not a valid path anyway?
264
+ pass
265
+
266
+ # Security: WHITELIST approach - only allow explicitly safe commands
267
+ # This is much safer than a blacklist which always misses dangerous commands
268
+ ALLOWED_COMMANDS = {
269
+ # File listing and navigation (READ-ONLY)
270
+ "ls",
271
+ "dir",
272
+ "pwd",
273
+ "cd",
274
+ # File content viewing (READ-ONLY)
275
+ "cat",
276
+ "head",
277
+ "tail",
278
+ "more",
279
+ "less",
280
+ # Text processing (READ-ONLY)
281
+ "grep",
282
+ "find",
283
+ "wc",
284
+ "sort",
285
+ "uniq",
286
+ "diff",
287
+ # File information (READ-ONLY)
288
+ "file",
289
+ "stat",
290
+ "du",
291
+ "df",
292
+ # System information (READ-ONLY)
293
+ "whoami",
294
+ "hostname",
295
+ "uname",
296
+ "date",
297
+ "uptime",
298
+ # Path utilities
299
+ "which",
300
+ "whereis",
301
+ "basename",
302
+ "dirname",
303
+ # Safe output
304
+ "echo",
305
+ "printf",
306
+ # Process information (READ-ONLY)
307
+ "ps",
308
+ "top",
309
+ "jobs",
310
+ # Git commands (mostly safe, read-only operations)
311
+ "git", # Individual git subcommands checked separately
312
+ }
313
+
314
+ cmd_base = cmd_parts[0].lower()
315
+
316
+ # Special handling for git - only allow read-only operations
317
+ if cmd_base == "git":
318
+ if len(cmd_parts) > 1:
319
+ git_subcmd = cmd_parts[1].lower()
320
+ safe_git_commands = {
321
+ "status",
322
+ "log",
323
+ "show",
324
+ "diff",
325
+ "branch",
326
+ "remote",
327
+ "ls-files",
328
+ "ls-tree",
329
+ "describe",
330
+ "rev-parse",
331
+ "config",
332
+ "help",
333
+ }
334
+ if git_subcmd not in safe_git_commands:
335
+ return {
336
+ "status": "error",
337
+ "error": f"Git command '{git_subcmd}' is not allowed. Only read-only git operations are permitted.",
338
+ "has_errors": True,
339
+ "allowed_git_commands": list(safe_git_commands),
340
+ }
341
+ elif cmd_base not in ALLOWED_COMMANDS:
342
+ return {
343
+ "status": "error",
344
+ "error": f"Command '{cmd_base}' is not in the allowed list for security reasons",
345
+ "has_errors": True,
346
+ "hint": "Only read-only, informational commands are allowed",
347
+ "examples": "ls, cat, grep, find, git status, etc.",
348
+ }
349
+
350
+ # Log command execution (debug mode)
351
+ if hasattr(self, "debug") and self.debug:
352
+ logger.info(f"Executing command: {command} in {cwd}")
353
+
354
+ # Execute command
355
+ start_time = datetime.utcnow()
356
+ try:
357
+ result = subprocess.run(
358
+ cmd_parts,
359
+ cwd=cwd,
360
+ capture_output=True,
361
+ text=True,
362
+ timeout=timeout,
363
+ check=False,
364
+ env=os.environ.copy(),
365
+ )
366
+ duration = (datetime.utcnow() - start_time).total_seconds()
367
+
368
+ # Record successful command execution for rate limiting
369
+ self._record_command_execution()
370
+ except subprocess.TimeoutExpired as exc:
371
+ duration = (datetime.utcnow() - start_time).total_seconds()
372
+
373
+ # Handle timeout gracefully
374
+ stdout_str = ""
375
+ stderr_str = ""
376
+ if exc.stdout:
377
+ stdout_str = (
378
+ exc.stdout
379
+ if isinstance(exc.stdout, str)
380
+ else exc.stdout.decode("utf-8", errors="replace")
381
+ )
382
+ if exc.stderr:
383
+ stderr_str = (
384
+ exc.stderr
385
+ if isinstance(exc.stderr, str)
386
+ else exc.stderr.decode("utf-8", errors="replace")
387
+ )
388
+
389
+ return {
390
+ "status": "error",
391
+ "error": f"Command timed out after {timeout} seconds",
392
+ "command": command,
393
+ "stdout": stdout_str,
394
+ "stderr": stderr_str,
395
+ "has_errors": True,
396
+ "timed_out": True,
397
+ "timeout": timeout,
398
+ "duration_seconds": duration,
399
+ "cwd": cwd,
400
+ }
401
+
402
+ # Capture and truncate output if too long
403
+ stdout = result.stdout or ""
404
+ stderr = result.stderr or ""
405
+ truncated = False
406
+ max_output = 10_000
407
+
408
+ if len(stdout) > max_output:
409
+ stdout = stdout[:max_output] + "\n...output truncated (stdout)..."
410
+ truncated = True
411
+
412
+ if len(stderr) > max_output:
413
+ stderr = stderr[:max_output] + "\n...output truncated (stderr)..."
414
+ truncated = True
415
+
416
+ # Debug logging
417
+ if hasattr(self, "debug") and self.debug:
418
+ logger.info(
419
+ f"Command completed in {duration:.2f}s with return code {result.returncode}"
420
+ )
421
+
422
+ return {
423
+ "status": "success",
424
+ "command": command,
425
+ "stdout": stdout,
426
+ "stderr": stderr,
427
+ "return_code": result.returncode,
428
+ "has_errors": result.returncode != 0,
429
+ "duration_seconds": duration,
430
+ "timeout": timeout,
431
+ "cwd": cwd,
432
+ "output_truncated": truncated,
433
+ }
434
+
435
+ except Exception as exc:
436
+ logger.error(f"Error executing shell command: {exc}")
437
+ return {"status": "error", "error": str(exc), "has_errors": True}