Add command filtering and timeout config to zeph-tools (#40) (#48)

bug-ops · web-flow · commit 0a2872ef0ce8 · 2026-02-07T00:46:22.000Z
- ShellExecutor blocks dangerous commands before execution
- Default blocked list: rm -rf /, sudo, mkfs, dd if=, curl, wget, nc, ncat, netcat, shutdown, reboot, halt
- Config: tools.shell.blocked_commands, tools.shell.timeout
- User patterns normalized to lowercase before merge+dedup
- Unit tests for exact match, case-insensitive, network exfiltration, system control
- Integration with zeph-core Config [tools] section and ZEPH_TOOLS_TIMEOUT env var
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -32,6 +32,7 @@ zeph-core = { path = "crates/zeph-core", version = "0.2.0" }
 zeph-llm = { path = "crates/zeph-llm", version = "0.2.0" }
 zeph-memory = { path = "crates/zeph-memory", version = "0.2.0" }
 zeph-skills = { path = "crates/zeph-skills", version = "0.2.0" }
+zeph-tools = { path = "crates/zeph-tools", version = "0.2.0" }
 
 [workspace.lints.clippy]
 all = "warn"
diff --git a/config/default.toml b/config/default.toml
@@ -16,3 +16,10 @@ paths = ["./skills"]
 [memory]
 sqlite_path = "./data/zeph.db"
 history_limit = 50
+
+[tools]
+enabled = true
+
+[tools.shell]
+timeout = 30
+blocked_commands = []
diff --git a/crates/zeph-core/Cargo.toml b/crates/zeph-core/Cargo.toml
@@ -15,6 +15,7 @@ toml.workspace = true
 tracing.workspace = true
 zeph-llm.workspace = true
 zeph-memory.workspace = true
+zeph-tools.workspace = true
 
 [dev-dependencies]
 tempfile.workspace = true
diff --git a/crates/zeph-core/src/config.rs b/crates/zeph-core/src/config.rs
@@ -2,6 +2,7 @@ use std::path::Path;
 
 use anyhow::Context;
 use serde::Deserialize;
+use zeph_tools::ToolsConfig;
 
 #[derive(Debug, Deserialize)]
 pub struct Config {
@@ -10,6 +11,8 @@ pub struct Config {
     pub skills: SkillsConfig,
     pub memory: MemoryConfig,
     pub telegram: Option<TelegramConfig>,
+    #[serde(default)]
+    pub tools: ToolsConfig,
 }
 
 #[derive(Debug, Deserialize)]
@@ -89,6 +92,11 @@ impl Config {
             });
             tg.token = Some(v);
         }
+        if let Ok(v) = std::env::var("ZEPH_TOOLS_TIMEOUT")
+            && let Ok(secs) = v.parse::<u64>()
+        {
+            self.tools.shell.timeout = secs;
+        }
     }
 
     fn default() -> Self {
@@ -110,6 +118,7 @@ impl Config {
                 history_limit: 50,
             },
             telegram: None,
+            tools: ToolsConfig::default(),
         }
     }
 }
@@ -143,6 +152,9 @@ mod tests {
         assert_eq!(config.memory.history_limit, 50);
         assert!(config.llm.cloud.is_none());
         assert!(config.telegram.is_none());
+        assert!(config.tools.enabled);
+        assert_eq!(config.tools.shell.timeout, 30);
+        assert!(config.tools.shell.blocked_commands.is_empty());
     }
 
     #[test]
@@ -281,4 +293,103 @@ allowed_users = ["alice", "bob"]
         let tg = config.telegram.unwrap();
         assert_eq!(tg.token.as_deref(), Some("env-token"));
     }
+
+    #[test]
+    fn config_with_tools_section() {
+        let dir = tempfile::tempdir().unwrap();
+        let path = dir.path().join("tools.toml");
+        let mut f = std::fs::File::create(&path).unwrap();
+        write!(
+            f,
+            r#"
+[agent]
+name = "Zeph"
+
+[llm]
+provider = "ollama"
+base_url = "http://localhost:11434"
+model = "mistral:7b"
+
+[skills]
+paths = ["./skills"]
+
+[memory]
+sqlite_path = "./data/zeph.db"
+history_limit = 50
+
+[tools]
+enabled = true
+
+[tools.shell]
+timeout = 60
+blocked_commands = ["custom-danger"]
+"#
+        )
+        .unwrap();
+
+        clear_llm_env();
+
+        let config = Config::load(&path).unwrap();
+        assert!(config.tools.enabled);
+        assert_eq!(config.tools.shell.timeout, 60);
+        assert_eq!(config.tools.shell.blocked_commands, vec!["custom-danger"]);
+    }
+
+    #[test]
+    fn config_without_tools_section() {
+        let dir = tempfile::tempdir().unwrap();
+        let path = dir.path().join("no_tools.toml");
+        let mut f = std::fs::File::create(&path).unwrap();
+        write!(
+            f,
+            r#"
+[agent]
+name = "Zeph"
+
+[llm]
+provider = "ollama"
+base_url = "http://localhost:11434"
+model = "mistral:7b"
+
+[skills]
+paths = ["./skills"]
+
+[memory]
+sqlite_path = "./data/zeph.db"
+history_limit = 50
+"#
+        )
+        .unwrap();
+
+        clear_llm_env();
+
+        let config = Config::load(&path).unwrap();
+        assert!(config.tools.enabled);
+        assert_eq!(config.tools.shell.timeout, 30);
+        assert!(config.tools.shell.blocked_commands.is_empty());
+    }
+
+    #[test]
+    fn env_override_tools_timeout() {
+        let mut config = Config::default();
+        assert_eq!(config.tools.shell.timeout, 30);
+
+        unsafe { std::env::set_var("ZEPH_TOOLS_TIMEOUT", "120") };
+        config.apply_env_overrides();
+        unsafe { std::env::remove_var("ZEPH_TOOLS_TIMEOUT") };
+
+        assert_eq!(config.tools.shell.timeout, 120);
+    }
+
+    #[test]
+    fn env_override_tools_timeout_invalid_ignored() {
+        let mut config = Config::default();
+        assert_eq!(config.tools.shell.timeout, 30);
+
+        unsafe { std::env::set_var("ZEPH_TOOLS_TIMEOUT", "not-a-number") };
+        config.apply_env_overrides();
+        unsafe { std::env::remove_var("ZEPH_TOOLS_TIMEOUT") };
+
+        assert_eq!(config.tools.shell.timeout, 30);
+    }
 }
diff --git a/crates/zeph-tools/src/shell.rs b/crates/zeph-tools/src/shell.rs
