CLI Execution

The shell tool lets agents run shell commands on the server. Commands execute in /bin/bash within a sandboxed environment with configurable restrictions on filesystem access, network, and execution time.

Usage

Agents use the shell tool when they need to:

• Run code (compile, execute scripts, run tests)
• Process data with command-line utilities
• Install packages or manage files
• Interact with APIs via curl or similar tools

Parameters

Parameter	Type	Required	Description
command	string	yes	The shell command to execute

Sandboxing

On Linux, shell commands run inside a Landlock sandbox that restricts:

• Filesystem access: limited to the agent’s workspace directory
• Network access: controlled per agent
• Execution time: limited by timeout (default: 30 seconds)

Sandbox settings per agent

Each agent can have its own sandbox configuration:

Setting	Default	Description
network_access	true	Allow outbound network connections
allowed_network_destinations	[]	Specific hosts to allow
timeout_secs	30	Max execution time

Platform differences

• Linux: full Landlock-based sandboxing
• macOS: limited sandboxing (no Landlock support)
• Other: no-op sandbox (commands run unrestricted)

Disabling the sandbox

Set FRONA_SERVER_SANDBOX_DISABLED=true to turn off sandboxing entirely. This is not recommended for production deployments.

Workspace context

Shell commands run in the context of the agent’s workspace. The working directory is set to the workspace path, so agents can read and write files relative to the workspace root.

Output handling

Command output (stdout and stderr) is captured and returned to the agent as a tool result. The agent can then use this output in its response.

Large outputs may be truncated to stay within context limits.