#1152 - Delete BashTools to prevent arbitrary command execution.

[simeshev]

Per internal discussion, we don't see a path forward for protecting framework users from arbitrary command exection using Bash. Embabel users must extreme caution when considering building LLM tools capable of execution of arbitrary commands.

[Copilot]

Pull request overview

This pull request removes the BashTools LLM tool (and its associated tests) to eliminate a built-in mechanism for executing arbitrary shell commands via /bin/bash -c, reducing the risk of command execution abuse in Embabel tool integrations.

Changes:

• Deleted BashTools (@LlmTool-exposed) implementation that executed arbitrary bash commands via ProcessBuilder.
• Deleted BashToolsTest that validated command execution behavior on Linux/macOS.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
embabel-agent-code/src/main/kotlin/com/embabel/coding/tools/bash/BashTools.kt	Removes the @LlmTool that executed arbitrary bash commands.
embabel-agent-code/src/test/kotlin/com/embabel/coding/tools/bash/BashToolsTest.kt	Removes tests that exercised the deleted bash execution tool.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[simeshev]

@alexheifetz - please take a look when you have time. This is change in functionality, so we should update release notes accordingly.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[igordayen]

@simeshev, @alexheifetz - while BashTools seems to be removed (no references so far), unsafe command execution remains - see:

/embabel-agent/embabel-agent-code/src/main/kotlin/com/embabel/coding/tools/ci/Ci.kt

Thanks