strands-shell 0.1.0__tar.gz → 0.2.0__tar.gz

{strands_shell-0.1.0 → strands_shell-0.2.0}/.github/workflows/ci.yml

@@ -146,3 +146,26 @@ jobs:
 
       - name: npm test
         run: npm test
+
+  # Single required status check. Branch protection can require just this one
+  # context ("CI Gate") instead of every matrix leg (Rust/Python/Node/audit),
+  # whose names change whenever the matrix changes. This job fails if any
+  # needed job failed or was cancelled, so it is a faithful aggregate gate.
+  gate:
+    name: CI Gate
+    if: always()
+    needs: [rust, python, audit, node]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Verify all required jobs succeeded
+        env:
+          RESULTS: ${{ join(needs.*.result, ' ') }}
+        run: |
+          echo "Needed job results: $RESULTS"
+          for result in $RESULTS; do
+            if [ "$result" != "success" ]; then
+              echo "::error::A required CI job did not succeed (result: $result)."
+              exit 1
+            fi
+          done
+          echo "All required CI jobs succeeded."

{strands_shell-0.1.0 → strands_shell-0.2.0}/AGENTS.md

@@ -163,5 +163,5 @@ PR titles must follow [Conventional Commits](https://www.conventionalcommits.org
 - [CONTRIBUTING.md](./CONTRIBUTING.md) — human contributor guidelines, full development environment setup
 - [SECURITY.md](./SECURITY.md) — vulnerability reporting
 - [README.md](./README.md) — product overview, configuration, supported commands
-- [COMMANDS.md](./COMMANDS.md) — per-command status and known gaps
+- [Command Reference](https://strandsagents.com/docs/user-guide/shell/commands/) — per-command status and known gaps
 - [Strands Agents Documentation](https://strandsagents.com/)

{strands_shell-0.1.0 → strands_shell-0.2.0}/Cargo.lock

@@ -1606,7 +1606,7 @@ checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596"
 
 [[package]]
 name = "strands-shell"
-version = "0.1.0"
+version = "0.2.0"
 dependencies = [
  "async-trait",
  "axum",

{strands_shell-0.1.0 → strands_shell-0.2.0}/Cargo.toml

@@ -2,7 +2,7 @@
 name = "strands-shell"
 # Placeholder — the real version comes from the release git tag, stamped at
 # build time by .github/actions/stamp-version. Do not bump this by hand.
-version = "0.1.0"
+version = "0.2.0"
 edition = "2024"
 description = "A virtual shell sandbox for AI agents"
 license = "Apache-2.0"

{strands_shell-0.1.0 → strands_shell-0.2.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: strands-shell
-Version: 0.1.0
+Version: 0.2.0
 Classifier: Programming Language :: Rust
 Classifier: Programming Language :: Python :: Implementation :: CPython
 License-File: LICENSE
@@ -37,7 +37,7 @@ Project-URL: Repository, https://github.com/strands-agents/shell
   </div>
 
   <p>
-    <a href="https://strandsagents.com/">Documentation</a>
+    <a href="https://strandsagents.com/docs/user-guide/shell/">Documentation</a>
     ◆ <a href="#mcp-server">MCP Server</a>
     ◆ <a href="#python">Python</a>
     ◆ <a href="#nodejs">Node.js</a>
@@ -157,6 +157,47 @@ shell = strands_shell.Shell(
 
 > ⚠️ **`mode: "direct"` mounts are live.** The agent can read and modify host files in real time. Use only for designated output directories. Never direct-bind directories containing secrets, credentials, or configuration you don't want the agent to modify.
 
+### Inspecting configuration
+
+A constructed shell exposes a read-only snapshot of how it was configured. This
+is useful when you embed Strands Shell as a sandbox in a larger framework and
+need to build tool descriptions, surface the network allowlist, or report the
+active resource caps from a shell object you were handed.
+
+```python
+shell = strands_shell.Shell(
+    allowed_urls=["https://api.example.com/"],
+    credentials=[strands_shell.Cred("https://api.example.com/", env_var="API_TOKEN")],
+    timeout=30.0,
+)
+
+cfg = shell.config           # a frozen ShellConfig snapshot
+cfg.allowed_urls             # ('https://api.example.com/',)
+cfg.timeout                  # 30.0
+cfg.credentials[0].url       # 'https://api.example.com/'
+cfg.credentials[0].env_var   # 'API_TOKEN'  (the secret value is never exposed)
+```
+
+```javascript
+const shell = await Shell.create({
+  allowedUrls: ['https://api.example.com/'],
+  credentials: [{ url: 'https://api.example.com/', envVar: 'API_TOKEN' }],
+  timeout: 30,
+})
+
+const cfg = await shell.config()   // a deep-frozen snapshot object
+cfg.allowedUrls                    // ['https://api.example.com/']
+cfg.timeout                        // 30
+cfg.credentials[0].envVar          // 'API_TOKEN'  (the secret value is never exposed)
+```
+
+The snapshot reports binds, credentials, the network allowlist, environment
+variables, umask, timeout, and resource limits. Credential **secrets are never
+included** — each entry reports its URL pattern, kind, and source (a literal
+token was supplied, or the name of the environment variable it is read from),
+so you can reason about credentials without the agent or your tooling ever
+seeing the secret itself.
+
 ### TOML
 
 You can load all of this from a config file instead:
@@ -225,7 +266,7 @@ Out of the box, the shell is an empty sandbox — no files, no network, no crede
 
 The commands agents use constantly: `grep`, `find`, `cat`, `head`, `tail`, `jq` for reading and searching. `sed`, `sort`, `tr`, `cut` for transforming output. `cp`, `mv`, `rm`, `mkdir` for managing files. `curl` for HTTP (SSRF-guarded, credentials auto-injected). `lua` for scripting when shell gets awkward.
 
-[COMMANDS.md](COMMANDS.md) has the full inventory with implementation status, supported flags, and known gaps vs GNU coreutils.
+The [full command reference](https://strandsagents.com/docs/user-guide/shell/commands/) has the inventory with implementation status, supported flags, and known gaps vs GNU coreutils.
 
 ## File Operations API
 

{strands_shell-0.1.0 → strands_shell-0.2.0}/README.md

@@ -21,7 +21,7 @@
   </div>
 
   <p>
-    <a href="https://strandsagents.com/">Documentation</a>
+    <a href="https://strandsagents.com/docs/user-guide/shell/">Documentation</a>
     ◆ <a href="#mcp-server">MCP Server</a>
     ◆ <a href="#python">Python</a>
     ◆ <a href="#nodejs">Node.js</a>
@@ -141,6 +141,47 @@ shell = strands_shell.Shell(
 
 > ⚠️ **`mode: "direct"` mounts are live.** The agent can read and modify host files in real time. Use only for designated output directories. Never direct-bind directories containing secrets, credentials, or configuration you don't want the agent to modify.
 
+### Inspecting configuration
+
+A constructed shell exposes a read-only snapshot of how it was configured. This
+is useful when you embed Strands Shell as a sandbox in a larger framework and
+need to build tool descriptions, surface the network allowlist, or report the
+active resource caps from a shell object you were handed.
+
+```python
+shell = strands_shell.Shell(
+    allowed_urls=["https://api.example.com/"],
+    credentials=[strands_shell.Cred("https://api.example.com/", env_var="API_TOKEN")],
+    timeout=30.0,
+)
+
+cfg = shell.config           # a frozen ShellConfig snapshot
+cfg.allowed_urls             # ('https://api.example.com/',)
+cfg.timeout                  # 30.0
+cfg.credentials[0].url       # 'https://api.example.com/'
+cfg.credentials[0].env_var   # 'API_TOKEN'  (the secret value is never exposed)
+```
+
+```javascript
+const shell = await Shell.create({
+  allowedUrls: ['https://api.example.com/'],
+  credentials: [{ url: 'https://api.example.com/', envVar: 'API_TOKEN' }],
+  timeout: 30,
+})
+
+const cfg = await shell.config()   // a deep-frozen snapshot object
+cfg.allowedUrls                    // ['https://api.example.com/']
+cfg.timeout                        // 30
+cfg.credentials[0].envVar          // 'API_TOKEN'  (the secret value is never exposed)
+```
+
+The snapshot reports binds, credentials, the network allowlist, environment
+variables, umask, timeout, and resource limits. Credential **secrets are never
+included** — each entry reports its URL pattern, kind, and source (a literal
+token was supplied, or the name of the environment variable it is read from),
+so you can reason about credentials without the agent or your tooling ever
+seeing the secret itself.
+
 ### TOML
 
 You can load all of this from a config file instead:
@@ -209,7 +250,7 @@ Out of the box, the shell is an empty sandbox — no files, no network, no crede
 
 The commands agents use constantly: `grep`, `find`, `cat`, `head`, `tail`, `jq` for reading and searching. `sed`, `sort`, `tr`, `cut` for transforming output. `cp`, `mv`, `rm`, `mkdir` for managing files. `curl` for HTTP (SSRF-guarded, credentials auto-injected). `lua` for scripting when shell gets awkward.
 
-[COMMANDS.md](COMMANDS.md) has the full inventory with implementation status, supported flags, and known gaps vs GNU coreutils.
+The [full command reference](https://strandsagents.com/docs/user-guide/shell/commands/) has the inventory with implementation status, supported flags, and known gaps vs GNU coreutils.
 
 ## File Operations API
 

{strands_shell-0.1.0 → strands_shell-0.2.0}/index.d.ts

@@ -63,6 +63,61 @@ export interface ShellConfig {
   configFile?: string
 }
 
+/** A bind mount in a {@link ShellConfigSnapshot}. */
+export interface BindInfo {
+  readonly source: string
+  readonly destination: string
+  /** `'copy'` (build-time snapshot) or `'direct'` (host passthrough). */
+  readonly mode: 'copy' | 'direct'
+  readonly readonly: boolean
+}
+
+/**
+ * A credential rule in a {@link ShellConfigSnapshot}.
+ *
+ * The secret value is never exposed. `envVar` holds the environment-variable
+ * name when the credential was configured from the environment; `fromLiteral`
+ * is `true` when a literal token was supplied directly (its value is withheld).
+ */
+export interface CredInfo {
+  readonly url: string
+  readonly kind: 'bearer' | 'query'
+  readonly methods: readonly string[]
+  readonly param: string | null
+  readonly envVar: string | null
+  readonly fromLiteral: boolean
+}
+
+/** Resource caps in a {@link ShellConfigSnapshot}. Every cap is present. */
+export interface LimitsInfo {
+  readonly maxDepth: number
+  readonly maxOutput: number
+  readonly maxFds: number
+  readonly maxBgJobs: number
+  readonly maxPipeline: number
+  readonly maxInput: number
+  readonly maxFileSize: number
+  readonly maxInodes: number
+}
+
+/**
+ * A read-only snapshot of how a {@link Shell} was configured, returned by
+ * {@link Shell.config}. Lets an embedder introspect a constructed shell — to
+ * build tool descriptions, surface the network allowlist, or report active
+ * limits — without having held onto the {@link ShellConfig} it was built from.
+ * Secret values are never included.
+ */
+export interface ShellConfigSnapshot {
+  readonly binds: readonly BindInfo[]
+  readonly credentials: readonly CredInfo[]
+  readonly allowedUrls: readonly string[]
+  readonly env: Readonly<Record<string, string>>
+  readonly umask: number
+  /** Per-command timeout in seconds, or `null` for no timeout. */
+  readonly timeout: number | null
+  readonly limits: LimitsInfo
+}
+
 /** errno-style discriminator carried on every {@link ShellError}. */
 export type ShellErrorCode = 'ENOENT' | 'EACCES' | 'EFBIG' | 'EOTHER'
 
@@ -89,6 +144,11 @@ export declare class Shell {
   setEnv(key: string, value: string): Promise<void>
   /** Get an environment variable. */
   getEnv(key: string): Promise<string | null>
+  /**
+   * A read-only snapshot of how this shell was configured. Secret values are
+   * never included — see {@link CredInfo}. The returned object is deep-frozen.
+   */
+  config(): Promise<ShellConfigSnapshot>
   /** Read a file as raw bytes. Rejects with {@link NotFoundError} if missing. */
   readFile(path: string): Promise<Uint8Array>
   /** Write raw bytes; creates parent dirs (mkdir -p) and truncates. */

{strands_shell-0.1.0 → strands_shell-0.2.0}/index.js

@@ -190,6 +190,52 @@ class Shell {
     return this._inner.getEnv(key)
   }
 
+  // ---- Configuration introspection ----
+
+  /**
+   * A read-only snapshot of how this shell was configured. Resolves to an
+   * object reporting binds, credentials, allowedUrls, env, umask, timeout,
+   * and limits.
+   *
+   * Secret values are never included: each credential reports its `url`
+   * pattern, `kind`, and source (`envVar` name, or `fromLiteral: true`), but
+   * never the token itself. The returned object and its nested objects/arrays
+   * are deep-frozen so the snapshot cannot be mutated.
+   */
+  async config() {
+    const c = await this._inner.config()
+    const snapshot = {
+      binds: c.binds.map((b) =>
+        Object.freeze({
+          source: b.source,
+          destination: b.destination,
+          mode: b.mode,
+          readonly: b.readonly,
+        }),
+      ),
+      credentials: c.credentials.map((cr) =>
+        Object.freeze({
+          url: cr.url,
+          kind: cr.kind,
+          methods: Object.freeze([...cr.methods]),
+          param: cr.param ?? null,
+          envVar: cr.envVar ?? null,
+          fromLiteral: cr.fromLiteral,
+        }),
+      ),
+      allowedUrls: c.allowedUrls,
+      env: c.env,
+      umask: c.umask,
+      timeout: c.timeout ?? null,
+      limits: Object.freeze({ ...c.limits }),
+    }
+    Object.freeze(snapshot.binds)
+    Object.freeze(snapshot.credentials)
+    Object.freeze(snapshot.allowedUrls)
+    Object.freeze(snapshot.env)
+    return Object.freeze(snapshot)
+  }
+
   // ---- VFS file operations ----
 
   readFile(path) {

{strands_shell-0.1.0 → strands_shell-0.2.0}/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@strands-agents/shell",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Strands Shell — a virtual shell sandbox for AI agents (Node.js bindings)",
   "license": "Apache-2.0",
   "repository": {

{strands_shell-0.1.0 → strands_shell-0.2.0}/pyproject.toml

@@ -6,7 +6,7 @@ build-backend = "maturin"
 name = "strands-shell"
 # Placeholder — the real version comes from the release git tag, stamped at
 # build time by .github/actions/stamp-version. Do not bump this by hand.
-version = "0.1.0"
+version = "0.2.0"
 description = "A virtual shell for AI agents"
 readme = "README.md"
 requires-python = ">=3.10"

{strands_shell-0.1.0 → strands_shell-0.2.0}/python/strands_shell/__init__.py

@@ -27,6 +27,10 @@ __all__ = [
     "Limits",
     "Output",
     "FileInfo",
+    "ShellConfig",
+    "ConfigBind",
+    "ConfigCred",
+    "ConfigLimits",
     "ShellError",
     "FileNotFoundError",
     "PermissionDeniedError",
@@ -99,6 +103,120 @@ class Limits:
     max_depth: int = 64
 
 
+# --------------------------------------------------------------------------- #
+# Read-only config snapshot (returned by ``Shell.config``)
+# --------------------------------------------------------------------------- #
+
+
+@dataclass(frozen=True)
+class ConfigBind:
+    """A bind mount as reported by :attr:`Shell.config`.
+
+    Read-only view; mirrors the :class:`Bind` you pass in, with ``mode``
+    normalized to ``"copy"`` / ``"direct"``.
+    """
+
+    source: str
+    destination: str
+    mode: Literal["direct", "copy"]
+    readonly: bool
+
+
+@dataclass(frozen=True)
+class ConfigCred:
+    """A credential rule as reported by :attr:`Shell.config`.
+
+    The secret value is **never** exposed. ``env_var`` holds the environment
+    variable name when the credential was configured from the environment;
+    ``from_literal`` is ``True`` when a literal token was supplied directly
+    (its value is still withheld).
+    """
+
+    url: str
+    kind: str
+    methods: tuple[str, ...]
+    param: str | None
+    env_var: str | None
+    from_literal: bool
+
+
+@dataclass(frozen=True)
+class ConfigLimits:
+    """Resource caps as reported by :attr:`Shell.config`.
+
+    Unlike :class:`Limits` (the input bundle), this view always carries every
+    cap with its concrete active value.
+    """
+
+    max_depth: int
+    max_output: int
+    max_fds: int
+    max_bg_jobs: int
+    max_pipeline: int
+    max_input: int
+    max_file_size: int
+    max_inodes: int
+
+
+@dataclass(frozen=True)
+class ShellConfig:
+    """A read-only snapshot of how a :class:`Shell` was configured.
+
+    Returned by :attr:`Shell.config`. Lets an embedder introspect a constructed
+    shell after the fact (to build tool descriptions, surface the network
+    allowlist, or report active limits) without having held onto the
+    construction arguments. Secret values are never included.
+    """
+
+    binds: tuple[ConfigBind, ...]
+    credentials: tuple[ConfigCred, ...]
+    allowed_urls: tuple[str, ...]
+    env: dict[str, str]
+    umask: int
+    timeout: float | None
+    limits: ConfigLimits
+
+
+def _snapshot_from_native(native_config: object) -> ShellConfig:
+    """Convert a ``_native.ShellConfig`` into the frozen public dataclass."""
+    return ShellConfig(
+        binds=tuple(
+            ConfigBind(
+                source=b.source,
+                destination=b.destination,
+                mode=b.mode,  # type: ignore[arg-type]
+                readonly=b.readonly,
+            )
+            for b in native_config.binds
+        ),
+        credentials=tuple(
+            ConfigCred(
+                url=c.url,
+                kind=c.kind,
+                methods=tuple(c.methods),
+                param=c.param,
+                env_var=c.env_var,
+                from_literal=c.from_literal,
+            )
+            for c in native_config.credentials
+        ),
+        allowed_urls=tuple(native_config.allowed_urls),
+        env=dict(native_config.env),
+        umask=native_config.umask,
+        timeout=native_config.timeout,
+        limits=ConfigLimits(
+            max_depth=native_config.limits.max_depth,
+            max_output=native_config.limits.max_output,
+            max_fds=native_config.limits.max_fds,
+            max_bg_jobs=native_config.limits.max_bg_jobs,
+            max_pipeline=native_config.limits.max_pipeline,
+            max_input=native_config.limits.max_input,
+            max_file_size=native_config.limits.max_file_size,
+            max_inodes=native_config.limits.max_inodes,
+        ),
+    )
+
+
 # --------------------------------------------------------------------------- #
 # Exception hierarchy
 # --------------------------------------------------------------------------- #
@@ -251,6 +369,23 @@ class Shell:
     def get_env(self, key: str) -> str | None:
         return self._shell.get_env(key)
 
+    # ---- Configuration introspection ----
+
+    @property
+    def config(self) -> ShellConfig:
+        """A read-only snapshot of how this shell was configured.
+
+        Reports bind mounts, credential rules, the network allowlist, seeded
+        environment variables, umask, timeout, and resource caps. Useful for
+        introspecting a constructed shell — e.g. to build tool descriptions or
+        surface the allowlist — without having held onto the constructor args.
+
+        Secret values are never included: each :class:`ConfigCred` reports its
+        URL pattern, kind, and source (literal vs environment variable name),
+        but never the token itself.
+        """
+        return _snapshot_from_native(self._shell.config())
+
     # ---- VFS file operations ----
     # Each accepts **kwargs and ignores unknown keys, matching the
     # kwargs-tolerant strands.sandbox.Sandbox contract the adapter passes

{strands_shell-0.1.0 → strands_shell-0.2.0}/src/js.rs

@@ -166,6 +166,66 @@ pub struct FileInfo {
     pub size: Option<u32>,
 }
 
+// ---------------------------------------------------------------------------
+// Read-only config snapshot — plain object shapes mirrored from the core
+// `crate::shell::{ShellConfig, BindInfo, CredInfo, LimitsInfo}` view types.
+// Returned by `Shell.config()`. Secret values are never carried — see
+// `CredInfo`.
+// ---------------------------------------------------------------------------
+
+/// A single bind mount in a config snapshot.
+#[napi(object)]
+pub struct BindInfo {
+    pub source: String,
+    pub destination: String,
+    /// `"copy"` or `"direct"`.
+    pub mode: String,
+    pub readonly: bool,
+}
+
+/// A single credential rule in a config snapshot. Never carries the secret.
+#[napi(object)]
+pub struct CredInfo {
+    pub url: String,
+    /// `"bearer"` or `"query"`.
+    pub kind: String,
+    pub methods: Vec<String>,
+    pub param: Option<String>,
+    /// Name of the env var the secret is read from, or `null` for a literal.
+    pub env_var: Option<String>,
+    /// True when a literal token was supplied (value itself never exposed).
+    pub from_literal: bool,
+}
+
+/// Resource caps in a config snapshot.
+#[napi(object)]
+pub struct LimitsInfo {
+    // f64 because JS numbers are doubles; values fit comfortably (max_inodes
+    // default 10_000, max_file_size default 10 MiB — well within 2^53).
+    pub max_depth: f64,
+    pub max_output: f64,
+    pub max_fds: f64,
+    pub max_bg_jobs: f64,
+    pub max_pipeline: f64,
+    pub max_input: f64,
+    pub max_file_size: f64,
+    pub max_inodes: f64,
+}
+
+/// A read-only snapshot of how a `Shell` was configured.
+#[napi(object)]
+pub struct ShellConfig {
+    pub binds: Vec<BindInfo>,
+    pub credentials: Vec<CredInfo>,
+    pub allowed_urls: Vec<String>,
+    /// Seeded environment variables as a plain object.
+    pub env: std::collections::HashMap<String, String>,
+    pub umask: f64,
+    /// Per-command timeout in seconds, or `null` for no timeout.
+    pub timeout: Option<f64>,
+    pub limits: LimitsInfo,
+}
+
 // ---------------------------------------------------------------------------
 // ShellBuilder
 // ---------------------------------------------------------------------------
@@ -400,6 +460,57 @@ impl Shell {
             .await
     }
 
+    /// Read-only snapshot of the configuration this shell was built with.
+    ///
+    /// Mirrors `Shell::config()` in the core. Never carries secret values —
+    /// each credential reports its source (literal vs env-var name) only.
+    #[napi]
+    pub async fn config(&self) -> Result<ShellConfig> {
+        self.worker
+            .run(move |shell, _rt| {
+                let c = shell.config();
+                ShellConfig {
+                    binds: c
+                        .binds
+                        .iter()
+                        .map(|b| BindInfo {
+                            source: b.source.clone(),
+                            destination: b.destination.clone(),
+                            mode: b.mode.to_string(),
+                            readonly: b.readonly,
+                        })
+                        .collect(),
+                    credentials: c
+                        .credentials
+                        .iter()
+                        .map(|cr| CredInfo {
+                            url: cr.url.clone(),
+                            kind: cr.kind.to_string(),
+                            methods: cr.methods.clone(),
+                            param: cr.param.clone(),
+                            env_var: cr.env_var.clone(),
+                            from_literal: cr.from_literal,
+                        })
+                        .collect(),
+                    allowed_urls: c.allowed_urls.clone(),
+                    env: c.env.iter().cloned().collect(),
+                    umask: c.umask as f64,
+                    timeout: c.timeout_secs,
+                    limits: LimitsInfo {
+                        max_depth: c.limits.max_depth as f64,
+                        max_output: c.limits.max_output as f64,
+                        max_fds: c.limits.max_fds as f64,
+                        max_bg_jobs: c.limits.max_bg_jobs as f64,
+                        max_pipeline: c.limits.max_pipeline as f64,
+                        max_input: c.limits.max_input as f64,
+                        max_file_size: c.limits.max_file_size as f64,
+                        max_inodes: c.limits.max_inodes as f64,
+                    },
+                }
+            })
+            .await
+    }
+
     /// Read a file from the virtual filesystem as raw bytes.
     #[napi]
     pub async fn read_file(&self, path: String) -> Result<Uint8Array> {

{strands_shell-0.1.0 → strands_shell-0.2.0}/src/lib.rs

@@ -164,5 +164,8 @@ pub mod python;
 pub mod js;
 
 // Primary public API
-pub use shell::{FileInfo, FileOpErrorKind, Output, Shell, ShellBuilder};
+pub use shell::{
+    BindInfo, CredInfo, FileInfo, FileOpErrorKind, LimitsInfo, Output, Shell, ShellBuilder,
+    ShellConfig,
+};
 pub use vfs_config::CredKind;