fix: rename bash tool to exec (#748) (thanks @myfunc)

src/agents/pi-tools-agent-config.test.ts

@@ -30,7 +30,7 @@ describe("Agent-specific tool filtering", () => {
     const toolNames = tools.map((t) => t.name);
     expect(toolNames).toContain("read");
     expect(toolNames).toContain("write");
-    expect(toolNames).not.toContain("bash");
+    expect(toolNames).not.toContain("exec");
   });
 
   it("should keep global tool policy when agent only sets tools.elevated", () => {
@@ -62,7 +62,7 @@ describe("Agent-specific tool filtering", () => {
     });
 
     const toolNames = tools.map((t) => t.name);
-    expect(toolNames).toContain("bash");
+    expect(toolNames).toContain("exec");
     expect(toolNames).toContain("read");
     expect(toolNames).not.toContain("write");
   });
@@ -70,7 +70,7 @@ describe("Agent-specific tool filtering", () => {
   it("should apply agent-specific tool policy", () => {
     const cfg: ClawdbotConfig = {
       tools: {
-        allow: ["read", "write", "bash"],
+        allow: ["read", "write", "exec"],
         deny: [],
       },
       agents: {
@@ -80,7 +80,7 @@ describe("Agent-specific tool filtering", () => {
             workspace: "~/clawd-restricted",
             tools: {
               allow: ["read"], // Agent override: only read
-              deny: ["bash", "write", "edit"],
+              deny: ["exec", "write", "edit"],
             },
           },
         ],
@@ -96,7 +96,7 @@ describe("Agent-specific tool filtering", () => {
 
     const toolNames = tools.map((t) => t.name);
     expect(toolNames).toContain("read");
-    expect(toolNames).not.toContain("bash");
+    expect(toolNames).not.toContain("exec");
     expect(toolNames).not.toContain("write");
     expect(toolNames).not.toContain("edit");
   });
@@ -115,7 +115,7 @@ describe("Agent-specific tool filtering", () => {
             workspace: "~/clawd-family",
             tools: {
               allow: ["read"],
-              deny: ["bash", "write", "edit", "process"],
+              deny: ["exec", "write", "edit", "process"],
             },
           },
         ],
@@ -130,7 +130,7 @@ describe("Agent-specific tool filtering", () => {
       agentDir: "/tmp/agent-main",
     });
     const mainToolNames = mainTools.map((t) => t.name);
-    expect(mainToolNames).toContain("bash");
+    expect(mainToolNames).toContain("exec");
     expect(mainToolNames).toContain("write");
     expect(mainToolNames).toContain("edit");
 
@@ -143,7 +143,7 @@ describe("Agent-specific tool filtering", () => {
     });
     const familyToolNames = familyTools.map((t) => t.name);
     expect(familyToolNames).toContain("read");
-    expect(familyToolNames).not.toContain("bash");
+    expect(familyToolNames).not.toContain("exec");
     expect(familyToolNames).not.toContain("write");
     expect(familyToolNames).not.toContain("edit");
   });
@@ -159,7 +159,7 @@ describe("Agent-specific tool filtering", () => {
             id: "work",
             workspace: "~/clawd-work",
             tools: {
-              deny: ["bash", "process"], // Agent deny (override)
+              deny: ["exec", "process"], // Agent deny (override)
             },
           },
         ],
@@ -176,7 +176,7 @@ describe("Agent-specific tool filtering", () => {
     const toolNames = tools.map((t) => t.name);
     // Agent policy overrides global: browser is allowed again
     expect(toolNames).toContain("browser");
-    expect(toolNames).not.toContain("bash");
+    expect(toolNames).not.toContain("exec");
     expect(toolNames).not.toContain("process");
   });
 
@@ -199,7 +199,7 @@ describe("Agent-specific tool filtering", () => {
             },
             tools: {
               allow: ["read"], // Agent further restricts to only read
-              deny: ["bash", "write"],
+              deny: ["exec", "write"],
             },
           },
         ],
@@ -207,7 +207,7 @@ describe("Agent-specific tool filtering", () => {
       tools: {
         sandbox: {
           tools: {
-            allow: ["read", "write", "bash"], // Sandbox allows these
+            allow: ["read", "write", "exec"], // Sandbox allows these
             deny: [],
           },
         },
@@ -237,7 +237,7 @@ describe("Agent-specific tool filtering", () => {
           capDrop: [],
         } satisfies SandboxDockerConfig,
         tools: {
-          allow: ["read", "write", "bash"],
+          allow: ["read", "write", "exec"],
           deny: [],
         },
         browserAllowHostControl: false,
@@ -246,14 +246,14 @@ describe("Agent-specific tool filtering", () => {
 
     const toolNames = tools.map((t) => t.name);
     // Agent policy should be applied first, then sandbox
-    // Agent allows only "read", sandbox allows ["read", "write", "bash"]
+    // Agent allows only "read", sandbox allows ["read", "write", "exec"]
     // Result: only "read" (most restrictive wins)
     expect(toolNames).toContain("read");
-    expect(toolNames).not.toContain("bash");
+    expect(toolNames).not.toContain("exec");
     expect(toolNames).not.toContain("write");
   });
 
-  it("should run bash synchronously when process is denied", async () => {
+  it("should run exec synchronously when process is denied", async () => {
     const cfg: ClawdbotConfig = {
       tools: {
         deny: ["process"],
@@ -266,10 +266,10 @@ describe("Agent-specific tool filtering", () => {
       workspaceDir: "/tmp/test-main",
       agentDir: "/tmp/agent-main",
     });
-    const bash = tools.find((tool) => tool.name === "bash");
-    expect(bash).toBeDefined();
+    const execTool = tools.find((tool) => tool.name === "exec");
+    expect(execTool).toBeDefined();
 
-    const result = await bash?.execute("call1", {
+    const result = await execTool?.execute("call1", {
       command: "echo done",
       yieldMs: 10,
     });