Add shell_open: open files with default app / URLs in browser#426
Merged
Conversation
The framework could launch a literal .exe but not the most common hand- off step: open report.pdf with its registered app, print a document, or open a URL in the default browser. Route per-OS to os.startfile/open/ xdg-open/webbrowser. plan_open is a pure planner (classify URL vs file, scheme allow-list, realpath; Windows drive is a path not a scheme); open_path runs it through an injectable opener so the logic is testable without launching anything.
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 34 |
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
Codacy's Semgrep dangerous-spawn/subprocess rules flag os.startfile and subprocess.Popen on dynamic content; add line-level # nosemgrep with justification (file path from the allow-listed plan; argv list, no shell - injection-safe), matching the shell_command handler's pattern.
The Windows-drive test literal C:\tmp\a.txt tripped Sonar's publicly-writable-directory rule on the 'tmp' substring (a false positive - a test string, no runtime temp dir). Use C:\Users\me\... , testing the same drive-is-not-a-scheme behaviour.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



Why
The framework could launch a literal executable (
start_exe/shell_process), but not the single most common "hand off to another app" RPA step: openreport.pdfwith its registered app,printa document, or open a URL in the default browser.shell_openadds that, routed per-OS toos.startfile/open/xdg-open/webbrowser.plan_open— pure planner: classify URL vs file path, validate (URL scheme allow-list;realpathfor files), return the dispatch descriptoropen_path— run the plan through an injectableopener(the real OS call by default)First feature of the ROUND-15 cross-app OS lane (the agent's top quick-win).
Design
scheme://target (ormailto:/tel:) is a URL — only allow-listed schemes (http/https/ftp/file/mailto/tel) accepted, elseValueError; a Windows driveC:\is correctly a file path, not a scheme. The dispatch logic is unit-testable via the injectableopener— no launching in tests. The realos.startfile(verb from the allow-listed plan) carries# noqa: S606 # nosec B606; thexdg-open/openpath usessubprocess.Popen([backend, target])(argv, no shell).__all__→AC_open_path(side-effect) +AC_plan_open(pure) →ac_*MCP tools → Script Builder (Shell). Qt-free verified.Tests
test/unit_test/headless/test_shell_open_batch.py— URL/mailto/tel classification, file realpath, Windows-drive-not-scheme, verb carry, bad-scheme/empty rejection,open_pathdispatch to an injected opener + result passthrough, the pure executor path, and 5-layer wiring. 17 passed with the ax_events sibling.