Skip to content

Add shell_open: open files with default app / URLs in browser#426

Merged
JE-Chen merged 3 commits into
devfrom
feat/shell-open-batch
Jun 24, 2026
Merged

Add shell_open: open files with default app / URLs in browser#426
JE-Chen merged 3 commits into
devfrom
feat/shell-open-batch

Conversation

@JE-Chen

@JE-Chen JE-Chen commented Jun 24, 2026

Copy link
Copy Markdown
Member

Why

The framework could launch a literal executable (start_exe / shell_process), but not the single most common "hand off to another app" RPA step: open report.pdf with its registered app, print a document, or open a URL in the default browser. shell_open adds that, routed per-OS to os.startfile / open / xdg-open / webbrowser.

  • plan_open — pure planner: classify URL vs file path, validate (URL scheme allow-list; realpath for files), return the dispatch descriptor
  • open_path — run the plan through an injectable opener (the real OS call by default)

First feature of the ROUND-15 cross-app OS lane (the agent's top quick-win).

Design

  • Pure stdlib. A scheme:// target (or mailto:/tel:) is a URL — only allow-listed schemes (http/https/ftp/file/mailto/tel) accepted, else ValueError; a Windows drive C:\ is correctly a file path, not a scheme. The dispatch logic is unit-testable via the injectable opener — no launching in tests. The real os.startfile (verb from the allow-listed plan) carries # noqa: S606 # nosec B606; the xdg-open/open path uses subprocess.Popen([backend, target]) (argv, no shell).
  • 5 layers wired: core → facade __all__AC_open_path (side-effect) + AC_plan_open (pure) → ac_* MCP tools → Script Builder (Shell). Qt-free verified.

Tests

test/unit_test/headless/test_shell_open_batch.py — URL/mailto/tel classification, file realpath, Windows-drive-not-scheme, verb carry, bad-scheme/empty rejection, open_path dispatch to an injected opener + result passthrough, the pure executor path, and 5-layer wiring. 17 passed with the ax_events sibling.

The framework could launch a literal .exe but not the most common hand-
off step: open report.pdf with its registered app, print a document, or
open a URL in the default browser. Route per-OS to os.startfile/open/
xdg-open/webbrowser. plan_open is a pure planner (classify URL vs file,
scheme allow-list, realpath; Windows drive is a path not a scheme);
open_path runs it through an injectable opener so the logic is testable
without launching anything.
@codacy-production

codacy-production Bot commented Jun 24, 2026

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 34 complexity · 0 duplication

Metric Results
Complexity 34
Duplication 0

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

JE-Chen added 2 commits June 25, 2026 07:18
Codacy's Semgrep dangerous-spawn/subprocess rules flag os.startfile and
subprocess.Popen on dynamic content; add line-level # nosemgrep with
justification (file path from the allow-listed plan; argv list, no
shell - injection-safe), matching the shell_command handler's pattern.
The Windows-drive test literal C:\tmp\a.txt tripped Sonar's
publicly-writable-directory rule on the 'tmp' substring (a false
positive - a test string, no runtime temp dir). Use C:\Users\me\... ,
testing the same drive-is-not-a-scheme behaviour.
@JE-Chen JE-Chen merged commit cb27d10 into dev Jun 24, 2026
16 checks passed
@JE-Chen JE-Chen deleted the feat/shell-open-batch branch June 24, 2026 23:48
@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant