-
Notifications
You must be signed in to change notification settings - Fork 1.7k
.NET: Feat/dotnet shell tool #5604
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 11 commits
Commits
Show all changes
36 commits
Select commit
Hold shift + click to select a range
c2e0ae4
feat(dotnet): add Microsoft.Agents.AI.Tools.Shell with LocalShellTool
c397780
feat(shell): close Python parity gaps for LocalShellTool
8255bbc
feat(shell): add DockerShellTool sandboxed shell tier
7bc0932
test(shell): add DockerShellTool integration tests
ab3c0c9
style(shell): apply dotnet format pass
ad3fd51
docs(shell): add DockerShellTool walkthrough with sequence diagrams
d7e5707
PR 5604 review fixes (group a): libc DllImport, namespace cleanup, po…
3ac13b2
PR 5604 review fix (group b): add ShellKind.Sh for /bin/sh fallback
b74ea0b
PR 5604 review fix (group d): honor timeout=null, add DefaultTimeout
1579a83
PR 5604 review fix (group e): smart requireApproval default for Docke…
0022bb9
PR 5604 review fix (group c): wrap POSIX shell in setsid for correct …
b40ed60
.Net: DockerShellTool design + caller-cancel container leak fixes (PR…
6b30f56
.Net: Fill PR #5604 test coverage gaps for Shell tools
cb1ac20
feat(dotnet/shell): add ShellEnvironmentProvider for OS-aware shell i…
83b1270
fix(dotnet/shell): address PR review feedback round 3
4ce489f
Address PR #5604 round 4 review feedback
fe041a4
Add Async suffix to async test methods to satisfy IDE1006
3a0a513
Fix CPU busy-spin in WaitForSentinelAsync
3bfd332
Remove unused onCommand audit hook from shell tools
4972f2c
Align Shell csproj with Foundry.Hosting preview-package conventions
d5d2e25
Document why ShellEnvironmentProvider uses Instructions, not Messages
b55e86a
Clarify which probe failures ShellEnvironmentProvider swallows
5339a80
Strip cross-language and bug-history narrative from shell tool comments
f329604
Address PR #5604 round 5 review feedback
2a0af41
Address PR #5604 round 6 review feedback
ede4d33
Address PR #5604 round 7 review feedback
dfa1fa1
Address PR #5604 round 8 review feedback
1d09869
Address PR #5604 round 9 review feedback
7618e54
Address PR #5604 round 10 review feedback
94acaca
fix(dotnet): address PR #5604 round-3 review feedback
1351c55
fix(dotnet): address PR #5604 round-3 follow-up nits
106c2b1
Refactor shell tool: abstract ShellExecutor, options classes, Contain…
4f702df
Remove IsHardenedConfiguration; AsAIFunction defaults to approval-gated
2022da7
Replace ShellExecutionException/ShellTimeoutException with standard e…
ff7d8e4
Remove ShellPolicy.DefaultDenyList; default policy is empty
ba0b137
Document single-session ownership for persistent shell mode
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
677 changes: 677 additions & 0 deletions
677
dotnet/src/Microsoft.Agents.AI.Tools.Shell/DockerShellTool.cs
Large diffs are not rendered by default.
Oops, something went wrong.
53 changes: 53 additions & 0 deletions
53
dotnet/src/Microsoft.Agents.AI.Tools.Shell/IShellExecutor.cs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| // Copyright (c) Microsoft. All rights reserved. | ||
|
|
||
| using System; | ||
| using System.Threading; | ||
| using System.Threading.Tasks; | ||
|
|
||
| namespace Microsoft.Agents.AI.Tools.Shell; | ||
|
|
||
| /// <summary> | ||
| /// Pluggable backend that runs shell commands on behalf of a tool. | ||
| /// </summary> | ||
| /// <remarks> | ||
| /// <para> | ||
| /// <see cref="LocalShellTool"/> runs commands directly on the host (no | ||
| /// isolation; approval-in-the-loop is the security boundary). A future | ||
| /// <c>DockerShellTool</c> runs them inside a container with resource | ||
| /// limits, network isolation, and a non-root user — the container itself | ||
| /// is the security boundary, which is why it can be used without approval | ||
| /// gating for untrusted-input scenarios. | ||
| /// </para> | ||
| /// <para> | ||
| /// The interface is intentionally minimal so callers can plug in their own | ||
| /// executor (Firecracker microVM, remote SSH, WASI runtime, etc.) without | ||
| /// forking the framework. Mirrors the Python <c>ShellExecutor</c> Protocol | ||
| /// in <c>agent_framework_tools.shell._executor_base</c>. | ||
| /// </para> | ||
| /// </remarks> | ||
| public interface IShellExecutor : IAsyncDisposable | ||
| { | ||
| /// <summary> | ||
| /// Eagerly initialize the backend. Idempotent; subsequent calls are | ||
| /// no-ops once the executor is started. For stateless executors this | ||
| /// is typically a no-op. | ||
| /// </summary> | ||
| /// <param name="cancellationToken">Cancellation token.</param> | ||
| Task StartAsync(CancellationToken cancellationToken = default); | ||
|
alliscode marked this conversation as resolved.
Outdated
|
||
|
|
||
| /// <summary> | ||
| /// Tear down all backend resources. Idempotent; safe to call multiple | ||
| /// times. | ||
| /// </summary> | ||
| /// <param name="cancellationToken">Cancellation token.</param> | ||
| Task CloseAsync(CancellationToken cancellationToken = default); | ||
|
|
||
| /// <summary> | ||
| /// Run a single command and return its result. Implementations are | ||
| /// expected to apply the configured per-command timeout and surface | ||
| /// it via <see cref="ShellResult.TimedOut"/> + <c>ExitCode = 124</c>. | ||
| /// </summary> | ||
| /// <param name="command">The shell command to execute.</param> | ||
| /// <param name="cancellationToken">Cancellation token.</param> | ||
| Task<ShellResult> RunAsync(string command, CancellationToken cancellationToken = default); | ||
| } | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.