Bash
Overview¶
The bash tool executes shell commands in the working directory. It uses an automatic classifier to determine whether a command is read-only or requires write/execute permissions.
Parameters¶
| Parameter | Type | Required | Description |
|---|---|---|---|
command |
string | Yes | The shell command to execute |
timeout |
integer | No | Timeout in seconds (default: 120) |
Command Classification¶
Rusty classifies bash commands to determine permission requirements automatically.
Read-Only Commands¶
These commands are auto-allowed and bypass write permissions:
File inspection: ls, cat, head, tail, wc, find, file, stat, du
Git read operations: git status, git log, git diff, git show, git branch, git remote
Build and test: cargo check, cargo test, cargo clippy, cargo build, npm test, yarn test, pytest
Package info: npm list, cargo tree, pip list
System info: uname, whoami, pwd, which, env, date
Write/Execute Commands¶
These commands require explicit permission in default mode:
Git write operations: git commit, git push, git checkout, git merge, git rebase, git stash
File operations: rm, mv, cp, chmod, chown, mkdir, touch
Package management: npm install, pip install, cargo install
Execution: docker, ssh, curl, wget, python, node
Piped Commands¶
When commands are piped, the classifier examines the full pipeline. If all components are read-only, the command is classified as read-only:
# Read-only: ls piped to grep
ls -la | grep ".rs"
# Write: redirect to file
echo "hello" > output.txt
Examples¶
Error Handling¶
- Commands that exit with a non-zero status return the stderr output along with the exit code.
- Commands exceeding the timeout are terminated and return a timeout error.
- The working directory is always the project root (or the directory specified with
--cwd).