Shell Access Toolset#

Generated byAI

This toolset provides tools for executing shell commands within the current project directory.

shell_command#

Executes one of the allowed shell commands within the current project’s root directory and returns the shell command’s output.

Heads up! The tool tries to err on the side of caution and detect and prompt you for confirmation even when you’ve approved commands but built-in (and custom) restricted strings are detected. Regardless, you and only you are responsible for the outcome of any commands run via this tool.

Parameters#

  • command (String, required): The shell command(s) to execute. Multiple commands can be supplied separated by supported delimiters.

Tool Settings#

The allowed and approved command lists can be pre‑configured in the config file under the tool_settings: section:

tool_settings:
  shell_command:
    allowed_commands: [ ... ]
    approved_commands: [ ... ]

Supported properties#

  • allowed_commands

    • An array of executable names that are permitted.
    • If unset, falls back to the ENKAIDU_ALLOWED_EXECUTABLES environment variable (space‑separated).
    • Defaults to ls cat grep whoami file wc find when not set.

  • approved_commands

    • An array of executables that can run without user confirmation.
    • If not set, falls back to the ENKAIDU_APPROVED_EXECUTABLES environment variable (space‑separated).
    • Defaults to an empty list.

  • restricted_terms

    • Additional strings that, when present anywhere in the command, require user confirmation
    • If not set, checks ENKAIDU_RESTRICTED_TERMS environment variable or a config entry.
    • The following OS‑specific terms are always included (checking is case insensitive):
      • Windows: RM, DEL, EVAL, FOR, --EXPRESSION, -E , -E=, |, ;
      • Unix: RM, EVAL, $(, --EXPRESSION, -E , -E=, |, ;

Notes#

  • Forbidden strings:

    • On Unix the characters &, <, >, .. are forbidden.
    • On Windows & is allowed (it separates commands), while .., < and > remain forbidden.

  • Multi‑command splitting:

    • An internal platform-specific regex is used to split commands in case there are multiple
    • Each split command is checked for safety

  • Safety checks:

    • Commands must start with one of the allowed executables (exact match or followed by a space).
    • It must not contain any forbidden substrings (.., <, >, & on Unix).
    • Commands that include any restricted terms or that are not approved require user confirmation before execution.
    • The tool raises PermissionError if the user denies the confirmation, and SafetyError for unsafe commands.
Backward Text Editing Toolset File Management Toolset Forward
Enkaidu - Copyright © 2025, 2026 @nogginly and friends