Class: RubyLLM::Toolbox::Safety::CommandGuard

Inherits:

Object

Object
RubyLLM::Toolbox::Safety::CommandGuard

show all

Defined in:: lib/ruby_llm/toolbox/safety/command_guard.rb

Overview

Validates the executable name for BashTool. The actual execution path uses array-form spawning (no shell), so this guard only has to ensure the program itself is on the allowlist and isn’t smuggling a path or shell metacharacters. Arguments are passed verbatim as argv and are therefore inert — there is no shell to interpret them.

Defined Under Namespace

Classes: Blocked

Constant Summary collapse

SHELL_META =

/[;&|<>`$(){}\[\]*?!#~\n\r]/

PATH_SEP =

%r{[/\\]}

Instance Method Summary collapse

#check!(command) ⇒ Object

Returns the validated executable name, or raises Blocked.
#initialize(allowed) ⇒ CommandGuard constructor

A new instance of CommandGuard.

Constructor Details

#initialize(allowed) ⇒ `CommandGuard`

Returns a new instance of CommandGuard.



17
18
19

# File 'lib/ruby_llm/toolbox/safety/command_guard.rb', line 17

def initialize(allowed)
  @allowed = Array(allowed).map(&:to_s)
end

Instance Method Details

#check!(command) ⇒ `Object`

Returns the validated executable name, or raises Blocked.

Raises:

(Blocked)

# File 'lib/ruby_llm/toolbox/safety/command_guard.rb', line 22

def check!(command)
  cmd = command.to_s
  raise Blocked, "no command given" if cmd.empty?

  if cmd.match?(PATH_SEP)
    raise Blocked, "executable name may not contain a path: #{cmd.inspect}"
  end
  if cmd.match?(SHELL_META)
    raise Blocked, "executable name may not contain shell metacharacters: #{cmd.inspect}"
  end
  unless @allowed.include?(cmd)
    raise Blocked, "command not allowed: #{cmd.inspect} " \
                   "(allowed: #{@allowed.empty? ? '(none)' : @allowed.join(', ')})"
  end

  cmd
end