.NET: Feat/dotnet shell tool

dotnet/agent-framework-dotnet.slnx

@@ -65,6 +65,7 @@
     <Project Path="samples/02-agents/Agents/Agent_Step18_CompactionPipeline/Agent_Step18_CompactionPipeline.csproj" />
     <Project Path="samples/02-agents/Agents/Agent_Step19_InFunctionLoopCheckpointing/Agent_Step19_InFunctionLoopCheckpointing.csproj" />
     <Project Path="samples/02-agents/Agents/Agent_Step20_DynamicFunctionTools/Agent_Step20_DynamicFunctionTools.csproj" />
+    <Project Path="samples/02-agents/Agents/Agent_Step21_ShellWithEnvironment/Agent_Step21_ShellWithEnvironment.csproj" />
   </Folder>
   <Folder Name="/Samples/02-agents/DeclarativeAgents/">
     <Project Path="samples/02-agents/DeclarativeAgents/ChatClient/DeclarativeChatClientAgents.csproj" />
@@ -556,6 +557,7 @@
     <Project Path="src/Microsoft.Agents.AI.Mem0/Microsoft.Agents.AI.Mem0.csproj" />
     <Project Path="src/Microsoft.Agents.AI.OpenAI/Microsoft.Agents.AI.OpenAI.csproj" />
     <Project Path="src/Microsoft.Agents.AI.Purview/Microsoft.Agents.AI.Purview.csproj" />
+    <Project Path="src/Microsoft.Agents.AI.Tools.Shell/Microsoft.Agents.AI.Tools.Shell.csproj" />
     <Project Path="src/Microsoft.Agents.AI.Workflows.Declarative.Foundry/Microsoft.Agents.AI.Workflows.Declarative.Foundry.csproj" />
     <Project Path="src/Microsoft.Agents.AI.Workflows.Declarative.Mcp/Microsoft.Agents.AI.Workflows.Declarative.Mcp.csproj" />
     <Project Path="src/Microsoft.Agents.AI.Workflows.Declarative/Microsoft.Agents.AI.Workflows.Declarative.csproj" />
@@ -575,6 +577,7 @@
     <Project Path="tests/Microsoft.Agents.AI.Hosting.AGUI.AspNetCore.IntegrationTests/Microsoft.Agents.AI.Hosting.AGUI.AspNetCore.IntegrationTests.csproj" />
     <Project Path="tests/Microsoft.Agents.AI.Hosting.AzureFunctions.IntegrationTests/Microsoft.Agents.AI.Hosting.AzureFunctions.IntegrationTests.csproj" />
     <Project Path="tests/Microsoft.Agents.AI.Mem0.IntegrationTests/Microsoft.Agents.AI.Mem0.IntegrationTests.csproj" />
+    <Project Path="tests/Microsoft.Agents.AI.Tools.Shell.IntegrationTests/Microsoft.Agents.AI.Tools.Shell.IntegrationTests.csproj" />
     <Project Path="tests/Microsoft.Agents.AI.Workflows.Declarative.IntegrationTests/Microsoft.Agents.AI.Workflows.Declarative.IntegrationTests.csproj" />
     <Project Path="tests/OpenAIAssistant.IntegrationTests/OpenAIAssistant.IntegrationTests.csproj" />
     <Project Path="tests/OpenAIChatCompletion.IntegrationTests/OpenAIChatCompletion.IntegrationTests.csproj" />
@@ -601,6 +604,7 @@
     <Project Path="tests/Microsoft.Agents.AI.Mem0.UnitTests/Microsoft.Agents.AI.Mem0.UnitTests.csproj" />
     <Project Path="tests/Microsoft.Agents.AI.OpenAI.UnitTests/Microsoft.Agents.AI.OpenAI.UnitTests.csproj" />
     <Project Path="tests/Microsoft.Agents.AI.Purview.UnitTests/Microsoft.Agents.AI.Purview.UnitTests.csproj" />
+    <Project Path="tests/Microsoft.Agents.AI.Tools.Shell.UnitTests/Microsoft.Agents.AI.Tools.Shell.UnitTests.csproj" />
     <Project Path="tests/Microsoft.Agents.AI.UnitTests/Microsoft.Agents.AI.UnitTests.csproj" />
     <Project Path="tests/Microsoft.Agents.AI.Workflows.Declarative.Mcp.UnitTests/Microsoft.Agents.AI.Workflows.Declarative.Mcp.UnitTests.csproj" />
     <Project Path="tests/Microsoft.Agents.AI.Workflows.Declarative.UnitTests/Microsoft.Agents.AI.Workflows.Declarative.UnitTests.csproj" />

dotnet/samples/02-agents/Agents/Agent_Step21_ShellWithEnvironment/Agent_Step21_ShellWithEnvironment.csproj

@@ -0,0 +1,22 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFrameworks>net10.0</TargetFrameworks>
+
+    <Nullable>enable</Nullable>
+    <ImplicitUsings>enable</ImplicitUsings>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Azure.AI.OpenAI" />
+    <PackageReference Include="Azure.Identity" />
+    <PackageReference Include="Microsoft.Extensions.AI.OpenAI" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="..\..\..\..\src\Microsoft.Agents.AI.OpenAI\Microsoft.Agents.AI.OpenAI.csproj" />
+    <ProjectReference Include="..\..\..\..\src\Microsoft.Agents.AI.Tools.Shell\Microsoft.Agents.AI.Tools.Shell.csproj" />
+  </ItemGroup>
+
+</Project>

dotnet/samples/02-agents/Agents/Agent_Step21_ShellWithEnvironment/Program.cs

@@ -0,0 +1,130 @@
+// Copyright (c) Microsoft. All rights reserved.
+
+// Shell tool with environment-aware system prompt
+//
+// WARNING: This sample uses LocalShellExecutor, which executes real commands
+// against the shell on this machine. Approval gating is disabled here so
+// the demo runs unattended; in any real application keep approval on
+// (the default), or use DockerShellExecutor for container isolation. The
+// commands the model emits below are read-only or scoped (echo, cd into
+// a temp folder, set a process-local env var) but a different model or
+// prompt could choose to do something destructive. Run this only in an
+// environment where you are comfortable with the agent typing into your
+// terminal.
+//
+// Demonstrates LocalShellExecutor in both modes paired with
+// ShellEnvironmentProvider, an AIContextProvider that probes the live
+// shell (OS, family, version, CWD, common CLIs) and injects authoritative
+// system-prompt instructions so the agent emits commands in the right
+// idiom (PowerShell vs POSIX).
+//
+// Two runs:
+//   1) Stateless mode: each tool call runs in a fresh shell. Useful when
+//      commands are independent (read-only scripts, version checks, file
+//      listings) and you want strong isolation between calls. Side
+//      effects in one call (cd, exported variables) do NOT carry to the
+//      next.
+//   2) Persistent mode: a single long-lived shell is reused across calls,
+//      so working directory and exported environment variables are
+//      preserved. Useful for multi-step workflows that build state
+//      (cd into a folder and run a sequence of commands there; set a
+//      token in one step and read it in the next).
+
+using Azure.AI.OpenAI;
+using Azure.Identity;
+using Microsoft.Agents.AI;
+using Microsoft.Agents.AI.Tools.Shell;
+using Microsoft.Extensions.AI;
+using OpenAI.Chat;
+
+var endpoint = Environment.GetEnvironmentVariable("AZURE_OPENAI_ENDPOINT") ?? throw new InvalidOperationException("AZURE_OPENAI_ENDPOINT is not set.");
+var deploymentName = Environment.GetEnvironmentVariable("AZURE_OPENAI_DEPLOYMENT_NAME") ?? "gpt-5.4-mini";
+
+var chatClient = new AzureOpenAIClient(new Uri(endpoint), new DefaultAzureCredential())
+    .GetChatClient(deploymentName);
+
+const string Instructions = """
+    You are an agent with a single tool: run_shell. Use it to satisfy the
+    user's request. Do not describe what you would do — actually run the
+    commands. Reply with the final answer derived from real output.
+    """;
+
+// --------------------------------------------------------------------
+// 1. Stateless mode — each call gets a fresh shell.
+// --------------------------------------------------------------------
+Console.WriteLine("### Stateless mode\n");
+await using (var statelessShell = new LocalShellExecutor(new() { Mode = ShellMode.Stateless, AcknowledgeUnsafe = true }))
+{
+    var envProvider = new ShellEnvironmentProvider(statelessShell);
+    var statelessAgent = chatClient.AsAIAgent(new ChatClientAgentOptions
+    {
+        ChatOptions = new()
+        {
+            Instructions = Instructions,
+            Tools = [statelessShell.AsAIFunction(requireApproval: false)],
+        },
+        AIContextProviders = [envProvider],
+    });
+
+    var statelessSession = await statelessAgent.CreateSessionAsync();
+    Console.WriteLine(await statelessAgent.RunAsync("Print the current working directory.", statelessSession));
+    Console.WriteLine();
+
+    // Show that side effects do NOT carry between stateless calls: ask the
+    // agent to cd into the system temp directory in one call, then ask
+    // for the CWD in a second call. Stateless mode means the cd is gone.
+    Console.WriteLine(await statelessAgent.RunAsync("Change directory into the system temp folder, then print the current working directory.", statelessSession));
+    Console.WriteLine();
+    Console.WriteLine(await statelessAgent.RunAsync("In a NEW shell call, print the current working directory again. Tell me whether it matches the temp folder from the previous call.", statelessSession));
+    Console.WriteLine();
+
+    PrintSnapshot(envProvider.CurrentSnapshot!);
+}
+
+// --------------------------------------------------------------------
+// 2. Persistent mode — one shell, reused across calls. State carries.
+// --------------------------------------------------------------------
+Console.WriteLine("\n### Persistent mode\n");
+await using (var persistentShell = new LocalShellExecutor(new() { Mode = ShellMode.Persistent, AcknowledgeUnsafe = true }))
+{
+    var envProvider = new ShellEnvironmentProvider(persistentShell);
+    var persistentAgent = chatClient.AsAIAgent(new ChatClientAgentOptions
+    {
+        ChatOptions = new()
+        {
+            Instructions = Instructions,
+            Tools = [persistentShell.AsAIFunction(requireApproval: false)],
+        },
+        AIContextProviders = [envProvider],
+    });
+
+    var persistentSession = await persistentAgent.CreateSessionAsync();
+
+    // State carries across calls in persistent mode: cd into temp, then
+    // verify the next call sees the new CWD.
+    Console.WriteLine(await persistentAgent.RunAsync("Change directory into the system temp folder, then print the current working directory.", persistentSession));
+    Console.WriteLine();
+    Console.WriteLine(await persistentAgent.RunAsync("In a NEW shell call, print the current working directory again. Tell me whether it still matches the temp folder.", persistentSession));
+    Console.WriteLine();
+
+    // Same idea with an exported variable: set in one call, read in the next.
+    Console.WriteLine(await persistentAgent.RunAsync("Set the environment variable DEMO_TOKEN to the value 'hello-world'.", persistentSession));
+    Console.WriteLine();
+    Console.WriteLine(await persistentAgent.RunAsync("Print the current value of DEMO_TOKEN. Tell me exactly what value the shell reports.", persistentSession));
+    Console.WriteLine();
+
+    PrintSnapshot(envProvider.CurrentSnapshot!);
+}
+
+static void PrintSnapshot(ShellEnvironmentSnapshot snap)
+{
+    Console.WriteLine("--- Captured environment snapshot ---");
+    Console.WriteLine($"  Family:  {snap.Family}");
+    Console.WriteLine($"  OS:      {snap.OSDescription}");
+    Console.WriteLine($"  Shell:   {snap.ShellVersion ?? "(unknown)"}");
+    Console.WriteLine($"  CWD:     {snap.WorkingDirectory}");
+    foreach (var (tool, version) in snap.ToolVersions)
+    {
+        Console.WriteLine($"  {tool,-8} {version ?? "(not installed)"}");
+    }
+}

dotnet/src/Microsoft.Agents.AI.Tools.Shell/ContainerUser.cs

@@ -0,0 +1,34 @@
+// Copyright (c) Microsoft. All rights reserved.
+
+using System;
+using System.Globalization;
+
+namespace Microsoft.Agents.AI.Tools.Shell;
+
+/// <summary>
+/// UID/GID pair passed to <c>docker run --user</c>.
+/// </summary>
+/// <param name="Uid">User ID (numeric string, e.g. <c>"65534"</c>; <c>"root"</c> or <c>"0"</c> selects the container's root user).</param>
+/// <param name="Gid">Group ID (numeric string).</param>
+public sealed record ContainerUser(string Uid, string Gid)
+{
+    /// <summary>
+    /// Default unprivileged user (<c>nobody:nogroup</c> on most distros, UID/GID 65534).
+    /// </summary>
+    public static ContainerUser Default { get; } = new("65534", "65534");
+
+    /// <summary>
+    /// Container root (UID/GID 0). Avoid in production; use only for diagnostics.
+    /// </summary>
+    public static ContainerUser Root { get; } = new("0", "0");
+
+    /// <summary>Render as the <c>uid:gid</c> string Docker expects.</summary>
+    public override string ToString() => $"{this.Uid}:{this.Gid}";
+
+    /// <summary>
+    /// Returns <see langword="true"/> when this user maps to UID 0 (root).
+    /// </summary>
+    public bool IsRoot =>
+        this.Uid.Equals("root", StringComparison.OrdinalIgnoreCase)
+        || (int.TryParse(this.Uid, NumberStyles.Integer, CultureInfo.InvariantCulture, out var uid) && uid == 0);
+}

dotnet/src/Microsoft.Agents.AI.Tools.Shell/DockerNetworkMode.cs

@@ -0,0 +1,22 @@
+// Copyright (c) Microsoft. All rights reserved.
+
+namespace Microsoft.Agents.AI.Tools.Shell;
+
+/// <summary>
+/// Well-known values for the <c>network</c> parameter on
+/// <see cref="DockerShellExecutor"/>. The parameter type stays
+/// <see langword="string"/> so callers can supply user-defined networks
+/// (e.g. <c>"my-private-net"</c>) — these constants exist for
+/// discoverability and to avoid stringly-typed defaults.
+/// </summary>
+public static class DockerNetworkMode
+{
+    /// <summary>No network — the container has no network interfaces. The default.</summary>
+    public const string None = "none";
+
+    /// <summary>Docker's default bridge network — egress to the host network.</summary>
+    public const string Bridge = "bridge";
+
+    /// <summary>Share the host's network namespace — strongly discouraged for untrusted code.</summary>
+    public const string Host = "host";
+}