Support timeout on eca_shell_command with default to 1min.

Author: ericdallo

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 ## Unreleased
 
+- Support timeout on `eca_shell_command` with default to 1min.
+
 ## 0.50.2
 
 - Fix setting the `web-search` capability in the relevant models

src/eca/features/tools/shell.clj

@@ -12,9 +12,13 @@
 
 (def ^:private logger-tag "[TOOLS-SHELL]")
 
+(def ^:private default-timeout 60000)
+(def ^:private max-timeout (* 60000 10))
+
 (defn ^:private shell-command [arguments {:keys [db]}]
   (let [command-args (get arguments "command")
-        user-work-dir (get arguments "working_directory")]
+        user-work-dir (get arguments "working_directory")
+        timeout (min (or (get arguments "timeout") default-timeout) max-timeout)]
     (or (tools.util/invalid-arguments arguments [["working_directory" #(or (nil? %)
                                                                            (fs/exists? %)) "working directory $working_directory does not exist"]])
         (let [work-dir (or (some-> user-work-dir fs/canonicalize str)
@@ -25,27 +29,40 @@
                            (config/get-property "user.home"))
               _ (logger/debug logger-tag "Running command:" command-args)
               result (try
-                       (p/shell {:dir work-dir
-                                 :out :string
-                                 :err :string
-                                 :continue true} "bash -c" command-args)
+                       (deref (p/process {:dir work-dir
+                                          :out :string
+                                          :err :string
+                                          :timeout timeout
+                                          :continue true} "bash -c" command-args)
+                              timeout
+                              ::timeout)
                        (catch Exception e
                          {:exit 1 :err (.getMessage e)}))
               err (some-> (:err result) string/trim)
               out (some-> (:out result) string/trim)]
-          (logger/debug logger-tag "Command executed:" result)
-          (if (zero? (:exit result))
-            (tools.util/single-text-content (:out result))
-            {:error true
-             :contents (remove nil?
-                               (concat [{:type :text
-                                         :text (str "Exit code " (:exit result))}]
-                                       (when-not (string/blank? err)
-                                         [{:type :text
-                                           :text (str "Stderr:\n" err)}])
-                                       (when-not (string/blank? out)
-                                         [{:type :text
-                                           :text (str "Stdout:\n" out)}])))})))))
+          (cond
+            (= result ::timeout)
+            (do
+              (logger/debug logger-tag "Command timed out after " timeout " ms")
+              (tools.util/single-text-content (str "Command timed out after " timeout " ms") true))
+
+            (zero? (:exit result))
+            (do (logger/debug logger-tag "Command executed:" result)
+                (tools.util/single-text-content (:out result)))
+
+            :else
+            (do
+              (logger/debug logger-tag "Command executed:" result)
+              {:error true
+               :contents (remove nil?
+                                 (concat [{:type :text
+                                           :text (str "Exit code " (:exit result))}]
+                                         (when-not (string/blank? err)
+                                           [{:type :text
+                                             :text (str "Stderr:\n" err)}])
+                                         (when-not (string/blank? out)
+                                           [{:type :text
+                                             :text (str "Stdout:\n" out)}])))}))))))
 
 (defn shell-command-summary [args]
   (if-let [command (get args "command")]
@@ -61,7 +78,9 @@
                  :properties {"command" {:type "string"
                                          :description "The shell command to execute."}
                               "working_directory" {:type "string"
-                                                   :description "The directory to run the command in. Default to the first workspace root."}}
+                                                   :description "The directory to run the command in. (Default: first workspace-root)"}
+                              "timeout" {:type "integer"
+                                         :description (format "Optional timeout in milliseconds (Default: %s)" default-timeout)}}
                  :required ["command"]}
     :handler #'shell-command
     :require-approval-fn (fn [args {:keys [db]}]

test/eca/features/tools/shell_test.clj

@@ -2,7 +2,7 @@
   (:require
    [babashka.fs :as fs]
    [babashka.process :as p]
-   [clojure.test :refer [deftest is testing are]]
+   [clojure.test :refer [are deftest is testing]]
    [eca.config :as config]
    [eca.features.tools :as f.tools]
    [eca.features.tools.shell :as f.tools.shell]
@@ -28,7 +28,7 @@
                      {:type :text
                       :text "Stderr:\nSome error"}]}
          (with-redefs [fs/exists? (constantly true)
-                       p/shell (constantly {:exit 1 :err "Some error"})]
+                       p/process (constantly (future {:exit 1 :err "Some error"}))]
            ((get-in f.tools.shell/definitions ["eca_shell_command" :handler])
             {"command" "ls -lh"}
             {:db {:workspace-folders [{:uri (h/file-uri "file:///project/foo") :name "foo"}]}})))))
@@ -38,7 +38,7 @@
           :contents [{:type :text
                       :text "Some text"}]}
          (with-redefs [fs/exists? (constantly true)
-                       p/shell (constantly {:exit 0 :out "Some text" :err "Other text"})]
+                       p/process (constantly (future {:exit 0 :out "Some text" :err "Other text"}))]
            ((get-in f.tools.shell/definitions ["eca_shell_command" :handler])
             {"command" "ls -lh"}
             {:db {:workspace-folders [{:uri (h/file-uri "file:///project/foo") :name "foo"}]}})))))
@@ -48,12 +48,22 @@
           :contents [{:type :text
                       :text "Some text"}]}
          (with-redefs [fs/exists? (constantly true)
-                       p/shell (constantly {:exit 0 :out "Some text" :err "Other text"})]
+                       p/process (constantly (future {:exit 0 :out "Some text" :err "Other text"}))]
            ((get-in f.tools.shell/definitions ["eca_shell_command" :handler])
             {"command" "ls -lh"
              "working_directory" (h/file-path "/project/foo/src")}
             {:db {:workspace-folders [{:uri (h/file-uri "file:///project/foo") :name "foo"}]}})))))
-)
+  (testing "command exceeds timeout"
+    (is (match?
+         {:error true
+          :contents [{:type :text
+                      :text "Command timed out after 50 ms"}]}
+         (with-redefs [fs/exists? (constantly true)
+                       p/process (constantly (future (Thread/sleep 100) {:exit 0 :err "ok"}))]
+           ((get-in f.tools.shell/definitions ["eca_shell_command" :handler])
+            {"command" "ls -lh"
+             "timeout" 50}
+            {:db {:workspace-folders [{:uri (h/file-uri "file:///project/foo") :name "foo"}]}}))))))
 
 (deftest shell-require-approval-fn-test
   (let [approval-fn (get-in f.tools.shell/definitions ["eca_shell_command" :require-approval-fn])
@@ -84,7 +94,7 @@
                      :contents [{:type :text
                                  :text "Some output"}]}
                     (with-redefs [fs/exists? (constantly true)
-                                  p/shell (constantly {:exit 0 :out "Some output"})]
+                                  p/process (constantly (future {:exit 0 :out "Some output"}))]
                       ((get-in f.tools.shell/definitions ["eca_shell_command" :handler])
                        {"command" command}
                        {:db {:workspace-folders [{:uri (h/file-uri "file:///project/foo") :name "foo"}]}
@@ -102,11 +112,11 @@
 (deftest plan-mode-approval-restrictions-test
   (let [all-tools [{:name "eca_shell_command" :server "eca"}]
         config config/initial-config]
-    
+
     (testing "dangerous commands blocked in plan mode via approval"
-      (are [command] (= :deny 
-                       (f.tools/approval all-tools "eca_shell_command" 
-                                       {"command" command} {} config "plan"))
+      (are [command] (= :deny
+                        (f.tools/approval all-tools "eca_shell_command"
+                                          {"command" command} {} config "plan"))
         "echo 'test' > file.txt"
         "cat file.txt > output.txt"
         "ls >> log.txt"
@@ -121,19 +131,19 @@
         "npm install package"
         "python -c \"open('file.txt','w').write('test')\""
         "bash -c 'echo test > file.txt'"))
-    
+
     (testing "non-dangerous commands default to ask in plan mode"
       (are [command] (= :ask
-                       (f.tools/approval all-tools "eca_shell_command"
-                                       {"command" command} {} config "plan"))
+                        (f.tools/approval all-tools "eca_shell_command"
+                                          {"command" command} {} config "plan"))
         "python --version"  ; not matching dangerous patterns, defaults to ask
         "node script.js"     ; not matching dangerous patterns, defaults to ask
         "clojure -M:test"))  ; not matching dangerous patterns, defaults to ask
-    
+
     (testing "safe commands not denied in plan mode"
       (are [command] (not= :deny
-                          (f.tools/approval all-tools "eca_shell_command"
-                                          {"command" command} {} config "plan"))
+                           (f.tools/approval all-tools "eca_shell_command"
+                                             {"command" command} {} config "plan"))
         "git status"
         "ls -la"
         "find . -name '*.clj'"
@@ -143,11 +153,11 @@
         "pwd"
         "date"
         "env"))
-    
+
     (testing "same commands work fine in agent mode (not denied)"
       (are [command] (not= :deny
-                          (f.tools/approval all-tools "eca_shell_command"
-                                          {"command" command} {} config "agent"))
+                           (f.tools/approval all-tools "eca_shell_command"
+                                             {"command" command} {} config "agent"))
         "echo 'test' > file.txt"
         "rm file.txt"
         "git add ."