7 unstable releases (3 breaking)
Uses new Rust 2024
| new 0.3.0 | Apr 16, 2026 |
|---|---|
| 0.2.2 | Apr 16, 2026 |
| 0.1.1 | Apr 11, 2026 |
| 0.0.2 | Apr 10, 2026 |
#316 in Operating systems
Used in 2 crates
(via polaris_internal)
520KB
8K
SLoC
polaris_shell
Shell command execution for Polaris agents.
Overview
Provides shell command execution with a safety-first permission model, directory sandboxing, timeout enforcement, and output truncation.
ShellExecutor- Execution engine with permission checking (global resource)ShellTools- LLM-facing tool wrapper for the tool registryShellPlugin- Plugin that registers both of the aboveShellConfig- Configuration for allowed/denied commands and directories
Permission Model
Every command is matched against glob patterns, evaluated in precedence order:
| Priority | Matches | Result |
|---|---|---|
| 1 (highest) | denied_commands |
Deny — command is rejected |
| 2 | allowed_commands |
Allow — command runs immediately |
| 3 (default) | neither list | Confirm — requires user approval |
Compound commands (&&, ||, ;, |) are split and each subcommand is evaluated separately. The most restrictive result applies.
Example
use polaris_shell::{ShellConfig, ShellPlugin};
let plugin = ShellPlugin::new(
ShellConfig::new()
.with_allowed_commands(vec!["cargo *".into(), "git *".into()])
.with_denied_commands(vec!["rm -rf *".into(), "sudo *".into()])
.with_allowed_dirs(vec!["/home/user/project".into()])
);
License
Apache-2.0
Dependencies
~11–17MB
~239K SLoC