amr/passepartout
1
0
Fork 0
Code Issues 15 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
f28363dc458c9ba1df61faf62efcc716ac45bb75
passepartout/org/system-actuator-shell.org
Amr Gharbeia 33993d2d73
Some checks failed
Deploy (Gitea) / deploy (push) Failing after 2s
Details
rename: remaining Bouncer mentions → Dispatcher 
- BOUNCER-PRIVACY-TAGS → *DISPATCHER-PRIVACY-TAGS*
- BOUNCER-SHELL-TIMEOUT → *DISPATCHER-SHELL-TIMEOUT*
- BOUNCER-SHELL-MAX-OUTPUT → *DISPATCHER-SHELL-MAX-OUTPUT*
- bouncer-privacy-tags docstrings → Dispatcher privacy tags
- 'Bouncer' in log messages, docstrings, test descriptions
- 'Bouncer Security Dispatcher' → 'Security Dispatcher'
2026-05-06 18:43:25 -04:00

2.5 KiB
Raw Blame History

SKILL: Shell Actuator (org-skill-shell-actuator.org)

Overview: The Physical Actuator

The Shell Actuator is the agent's hand in the physical world. Given a shell command, it executes it via bash -c and returns the output. This is how the agent installs packages, reads files, runs scripts, and interacts with any Unix tool.

Because shell execution is the highest-risk operation in the system, the Shell Actuator is protected by multiple safety layers:

  1. The Dispatcher's shell safety gate blocks destructive commands (rm -rf /, dd, mkfs)
  2. The Dispatcher's injection gate blocks backtick and $() patterns
  3. The Dispatcher's network exfil gate blocks connections to unwhitelisted hosts
  4. The actuator enforces a timeout (default 30s) so hanging commands don't freeze the agent
  5. The actuator caps output (default 100KB) so infinite output doesn't exhaust memory

Implementation

Shell Execution (actuator-shell-execute)

;; REPL-VERIFIED: 2026-05-03T13:00:00

(defun actuator-shell-execute (action context)
  "Executes a shell command via the OS timeout binary with output limit."
  (declare (ignore context))
  (let* ((payload (getf action :payload))
         (cmd (getf payload :cmd))
         (timeout-sym (find-symbol "*DISPATCHER-SHELL-TIMEOUT*" :passepartout))
         (timeout (or (getf payload :timeout) (if timeout-sym (symbol-value timeout-sym) 30)))
         (max-sym (find-symbol "*DISPATCHER-SHELL-MAX-OUTPUT*" :passepartout))
         (max-output (or (getf payload :max-output) (if max-sym (symbol-value max-sym) 100000))))
    (log-message "ACT [Shell]: ~a (timeout: ~as)" cmd timeout)
    (multiple-value-bind (out err code)
        (uiop:run-program (list "timeout" (format nil "~a" timeout) "bash" "-c" cmd)
                          :output :string :error-output :string
                          :ignore-error-status t)
      (cond
        ((= code 124) (format nil "ERROR: Command timed out after ~a seconds" timeout))
        ((> (length out) max-output)
         (format nil "~a~%... (output truncated to ~a chars)" (subseq out 0 max-output) max-output))
        ((= code 0) out)
        (t (format nil "ERROR [~a]: ~a" code err))))))

Skill Registration 

(register-actuator :shell #'actuator-shell-execute)

(defskill :passepartout-system-actuator-shell
  :priority 50
  :trigger (lambda (ctx) (declare (ignore ctx)) nil))
Reference in New Issue View Git Blame Copy Permalink