7207// src/tools/shell.ts
L7208: import { exec } from "node:child_process";
L7209:
7226const id = `bg_${++this.seq}`;
L7227: const proc = spawn(command, { shell: true, cwd, stdio: ["ignore", "pipe", "pipe"] });
L7228: const job = { id, command, proc, buf: "", cursor: 0, status: "running", code: null, startedAt: Date.now() };
7328schema: { name: "shell", description: "run a shell command and return stdout/stderr + exit code. Pass background:true for a long-running command (dev server, watch, tail) \u2014 it...
L7329: command: { type: "string", description: "the command line to run (sh -c)" },
L7330: cwd: { type: "string", description: "working directory (optional; defaults to where agentos was launched)" },
...
L7335: if (!command || !command.trim()) return { error: "empty command" };
L7336: const dir = cwd || process.env["AGENTOS_CWD"] || process.cwd();
L7337: if (background) {
...
L7340: }
L7341: return new Promise((resolve4) => {
L7342: exec(command, { cwd: dir, timeout: 3e4, maxBuffer: 1 << 20 }, (err, stdout, stderr) => {
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/cli.jsView on unpkg · L7328 19550if (paintTimer) clearInterval(paintTimer);
L19551: if (tty) process.stderr.write("\n");
L19552: try {
...
L19557: closeLocal();
L19558: resolve4();
L19559: };
...
L19565: // src/cli.ts
L19566: import { spawnSync, spawn as spawn8 } from "node:child_process";
L19567: import { homedir as homedir11 } from "node:os";
HighCommand Output Exfiltration
Source combines command execution, command-output handling, and outbound requests; review data flow before blocking.
dist/cli.jsView on unpkg · L19550 191function charWidth(ch) {
L192: const cc = ch.length === 1 ? ch.charCodeAt(0) : -1;
L193: if (cc >= 32 && cc <= 126) return 1;
...
L285: GLYPH_MARKERS = /* @__PURE__ */ new Set(["\u23FA", "\u23BF", "\u2713", "\u2717", "\u25B8", "\u25CC", "\xB7", "-", "*", "!", "?", "\u25CF", "\u2514", "\xD7", "\u25BA", "\u25CB"]);
L286: legacyWin = process.platform === "win32" && !process.env["WT_SESSION"] && process.env["TERM_PROGRAM"] !== "vscode" && !/xterm|screen|vt100/i.test(process.env["TERM"] ?? "");
L287: GLYPH = {
...
L366: function terminalWidth() {
L367: return process.stdout.columns || 80;
L368: }
...
L1257: graph[models[i]] = {
L1258: // http://jsperf.com/1-vs-infinity
L1259: // micro-opt, but this is simple.
HighSandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/cli.jsView on unpkg · L191 6583var openaiResponses = (cfg2) => {
L6584: const base4 = (cfg2.baseUrl ?? "https://api.openai.com/v1").replace(/\/$/, "");
L6585: const headers = { "Content-Type": "application/json", Authorization: `Bearer ${cfg2.apiKey}` };
...
L7207: // src/tools/shell.ts
L7208: import { exec } from "node:child_process";
L7209:
...
L7391: try {
L7392: const content = readFileSync(abs, "utf8");
L7393: const total = content.length;
...
L9760: if (b.goal) parts.push(`Goal: ${b.goal}`);
L9761: if (b.tools?.length) parts.push(`Available tools: ${b.tools.join(", ")}`);
L9762: if (b.lessons?.length) parts.push(`Lessons to bake in:
HighRemote Agent Bridge
Source exposes local file and command tools to a remote model endpoint.
dist/cli.jsView on unpkg · L6583 1539"use strict";
L1540: var os = __require("os");
L1541: var tty = __require("tty");
MediumDynamic Require
Package source references dynamic require/import behavior.
dist/cli.jsView on unpkg · L1539