Skip to content

feat: use separate python venv for bash tool #1087

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
EItanya merged 12 commits into from
Nov 5, 2025
Merged

feat: use separate python venv for bash tool #1087

EItanya merged 12 commits into from
Nov 5, 2025

Conversation

@supreme-gg-gg
Copy link
Contributor

@supreme-gg-gg supreme-gg-gg commented Nov 5, 2025

Creates a separate venv for ADK container and prepends its path into PATH so that this is used by bash tool instead of the application venv.

@supreme-gg-gg
agent skills initial commit
45cedd4 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
refactor two skills system, update prompts
302b3f5 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
update bash tool to use srt
54e4778 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
refactor and expand artifacts util tools
5d10703 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
files tools
d5ea276 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
agent working directory
1a5d306 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
fix init files
c5057e9 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
ruff
972ffc4 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
fix file path relative check
baa3e00 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
merge
928c3d2 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
use separate venv for bash tool
5762d9f 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg
merge main
90cd479 
Signed-off-by: Jet Chiang <jetjiang.ez@gmail.com>
@supreme-gg-gg supreme-gg-gg marked this pull request as ready for review November 5, 2025 15:32
Copilot AI review requested due to automatic review settings November 5, 2025 15:32
Copilot AI reviewed Nov 5, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR creates a separate Python virtual environment for bash tool commands to isolate them from the main application environment. The bash tool now uses a dedicated sandbox venv at /.kagent/sandbox-venv instead of the app's venv.

Key changes:

  • Created a new sandbox virtual environment in the Dockerfile for bash tool isolation
  • Modified bash_tool.py to use the sandbox venv by prepending it to PATH and setting VIRTUAL_ENV
  • Added BASH_VENV_PATH environment variable to configure the sandbox venv path

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
python/Dockerfile Creates the bash tool sandbox venv during Docker build and sets BASH_VENV_PATH environment variable
python/packages/kagent-adk/src/kagent/adk/tools/bash_tool.py Modifies environment variables to use the bash tool sandbox venv instead of the app's venv

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

python/packages/kagent-adk/src/kagent/adk/tools/bash_tool.py
Comment on lines +122 to +127
# Use the separate bash tool venv instead of the app's venv
bash_venv_path = os.environ.get("BASH_VENV_PATH", "/.kagent/sandbox-venv")
bash_venv_bin = os.path.join(bash_venv_path, "bin")
# Prepend bash venv to PATH so its python and pip are used
env["PATH"] = f"{bash_venv_bin}:{env.get('PATH', '')}"
env["VIRTUAL_ENV"] = bash_venv_path
Copy link

Copilot AI Nov 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The bash_venv_path is read from an environment variable without validation. A malicious value could potentially be used to point to an attacker-controlled directory. Consider validating that the path exists and is a directory before using it, or use the hardcoded default value directly since it's set in the Dockerfile.

Copilot uses AI. Check for mistakes.
@EItanya EItanya merged commit 1c2d6d6 into kagent-dev:main Nov 5, 2025
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@EItanya EItanya EItanya approved these changes

@peterj peterj Awaiting requested review from peterj peterj is a code owner

@yuval-k yuval-k Awaiting requested review from yuval-k yuval-k is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@supreme-gg-gg @EItanya