feat: Phase 6.2 宿主机安全操控 — 沙箱执行 + 文件系统隔离 + 进程管理

- host.Sandbox: 命令白名单 + 目录限制 + 超时控制 + 环境变量过滤 - host.Manager: 文件读写列表 + 系统信息查询 + 路径验证 - 3个新工具: host_exec (沙箱命令执行), host_file (文件操作), host_system (系统信息) - 后台思考器自主工具策略已更新，允许安全使用主机工具 - host_exec 标记为高风险工具，受频率限制 Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-23 22:23:45 +08:00
parent 313f41633a
commit 38b36fc5ad
5 changed files with 662 additions and 3 deletions
@@ -17,6 +17,7 @@ import (
 	"github.com/yourname/cyrene-ai/ai-core/internal/background"
 	aiConfig "github.com/yourname/cyrene-ai/ai-core/internal/config"
 	ctxbuild "github.com/yourname/cyrene-ai/ai-core/internal/context"
+	"github.com/yourname/cyrene-ai/ai-core/internal/host"
 	"github.com/yourname/cyrene-ai/ai-core/internal/llm"
 	"github.com/yourname/cyrene-ai/ai-core/internal/memory"
 	"github.com/yourname/cyrene-ai/ai-core/internal/model"
@@ -122,6 +123,13 @@ func main() {
 		log.Println("IoT 客户端未配置 (IOT_SERVICE_URL 和 IOT_DEBUG_SERVICE_URL 均为空)")
 	}

+	// 初始化主机操控管理器 (Phase 6.2: 沙箱执行 + 文件系统隔离)
+	hostSandbox := host.NewSandbox(host.DefaultSandboxConfig())
+	hostManager := host.NewManager(hostSandbox)
+	dataDir := getEnv("DATA_DIR", "/tmp/cyrene_data")
+	hostManager.SetAllowedDirs([]string{dataDir, os.TempDir(), "."})
+	log.Printf("主机操控管理器已就绪: 沙箱执行 + 文件隔离 (数据目录=%s)", dataDir)
+
 	// 初始化工具注册中心
 	toolRegistry := tools.NewRegistry()
 	if getEnvBool("ENABLE_TOOLS", true) {
@@ -137,13 +145,19 @@ func main() {
 		toolRegistry.Register(tools.NewMarkdownTool())

 		// File tool uses DATA_DIR or defaults to /tmp/cyrene_data
-		dataDir := getEnv("DATA_DIR", "/tmp/cyrene_data")
 		toolRegistry.Register(tools.NewFileTool(dataDir))

 		if iotClient != nil {
 			toolRegistry.Register(tools.NewIoTQueryTool(iotClient))
 			toolRegistry.Register(tools.NewIoTControlTool(iotClient))
 		}
+
+		// Phase 6.2: 主机操控工具
+		if hostManager != nil {
+			toolRegistry.Register(tools.NewHostExecTool(hostManager))
+			toolRegistry.Register(tools.NewHostFileTool(hostManager))
+			toolRegistry.Register(tools.NewHostSystemTool(hostManager))
+		}
 		log.Printf("工具注册中心已就绪: %d 个工具 (%v)", len(toolRegistry.ListTools()), toolRegistry.ListTools())
 	}

@@ -131,10 +131,14 @@ type AutonomousToolPolicy struct {
 // DefaultAutonomousToolPolicy 默认安全策略
 func DefaultAutonomousToolPolicy() *AutonomousToolPolicy {
 	return &AutonomousToolPolicy{
-		AllowedTools:         []string{"iot_query", "iot_control", "memory_search", "web_search", "calculator", "datetime", "web_fetch"},
+		AllowedTools: []string{
+			"iot_query", "iot_control", "memory_search", "web_search",
+			"calculator", "datetime", "web_fetch",
+			"host_exec", "host_file", "host_system",
+		},
 		MaxToolCallsPerRound: 5,
 		MaxHighRiskPerHour:   10,
-		HighRiskTools:        []string{"iot_control"},
+		HighRiskTools:        []string{"iot_control", "host_exec"},
 	}
 }

@@ -0,0 +1,208 @@
+package host
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"runtime"
+	"strings"
+	"time"
+)
+
+// Manager provides controlled access to the host machine.
+// It wraps a Sandbox for command execution and adds file system
+// operations with path allow-list enforcement.
+type Manager struct {
+	sandbox    *Sandbox
+	allowedDirs []string
+}
+
+// NewManager creates a new host Manager.
+func NewManager(sandbox *Sandbox) *Manager {
+	m := &Manager{sandbox: sandbox}
+	if sandbox != nil {
+		m.allowedDirs = sandbox.cfg.AllowedDirs
+	}
+	return m
+}
+
+// SetAllowedDirs updates the list of directories accessible for file operations.
+func (m *Manager) SetAllowedDirs(dirs []string) {
+	m.allowedDirs = dirs
+	m.sandbox.cfg.AllowedDirs = dirs
+}
+
+// Exec runs a command in the sandbox.
+func (m *Manager) Exec(ctx context.Context, command, workDir string, timeout time.Duration) (*ExecResult, error) {
+	return m.sandbox.Exec(ctx, command, workDir, timeout)
+}
+
+// ReadFile reads the contents of a file within allowed directories.
+func (m *Manager) ReadFile(path string, maxBytes int) (string, error) {
+	if maxBytes <= 0 {
+		maxBytes = 1024 * 1024
+	}
+	if err := m.validatePath(path); err != nil {
+		return "", err
+	}
+	info, err := os.Stat(path)
+	if err != nil {
+		return "", fmt.Errorf("cannot stat file: %w", err)
+	}
+	if info.IsDir() {
+		return "", fmt.Errorf("path is a directory: %s", path)
+	}
+	if info.Size() > int64(maxBytes) {
+		return "", fmt.Errorf("file too large: %d bytes (max %d)", info.Size(), maxBytes)
+	}
+	data, err := os.ReadFile(path)
+	if err != nil {
+		return "", fmt.Errorf("cannot read file: %w", err)
+	}
+	if len(data) > maxBytes {
+		data = data[:maxBytes]
+	}
+	return string(data), nil
+}
+
+// WriteFile writes data to a file within allowed directories.
+func (m *Manager) WriteFile(path, content string, maxBytes int) error {
+	if maxBytes <= 0 {
+		maxBytes = 1024 * 1024
+	}
+	if len(content) > maxBytes {
+		return fmt.Errorf("content too large: %d bytes (max %d)", len(content), maxBytes)
+	}
+	if err := m.validatePath(path); err != nil {
+		return err
+	}
+	dir := filepath.Dir(path)
+	if err := os.MkdirAll(dir, 0755); err != nil {
+		return fmt.Errorf("cannot create directory: %w", err)
+	}
+	return os.WriteFile(path, []byte(content), 0644)
+}
+
+// ListDir lists directory contents within allowed directories.
+func (m *Manager) ListDir(path string) ([]DirEntry, error) {
+	if err := m.validatePath(path); err != nil {
+		return nil, err
+	}
+	entries, err := os.ReadDir(path)
+	if err != nil {
+		return nil, fmt.Errorf("cannot read directory: %w", err)
+	}
+	result := make([]DirEntry, 0, len(entries))
+	for _, e := range entries {
+		info, _ := e.Info()
+		size := int64(0)
+		modTime := time.Time{}
+		if info != nil {
+			size = info.Size()
+			modTime = info.ModTime()
+		}
+		result = append(result, DirEntry{
+			Name:    e.Name(),
+			IsDir:   e.IsDir(),
+			Size:    size,
+			ModTime: modTime.Format(time.RFC3339),
+		})
+	}
+	return result, nil
+}
+
+// DirEntry represents a filesystem directory entry.
+type DirEntry struct {
+	Name    string `json:"name"`
+	IsDir   bool   `json:"is_dir"`
+	Size    int64  `json:"size"`
+	ModTime string `json:"mod_time"`
+}
+
+// SystemInfo returns basic system information.
+func (m *Manager) SystemInfo() map[string]interface{} {
+	hostname, _ := os.Hostname()
+	wd, _ := os.Getwd()
+
+	info := map[string]interface{}{
+		"hostname":    hostname,
+		"os":          runtime.GOOS,
+		"arch":        runtime.GOARCH,
+		"num_cpu":     runtime.NumCPU(),
+		"go_version":  runtime.Version(),
+		"work_dir":    wd,
+	}
+
+	if runtime.GOOS == "windows" {
+		cmd := exec.Command("systeminfo")
+		out, err := cmd.Output()
+		if err == nil {
+			lines := strings.Split(string(out), "\n")
+			for _, line := range lines {
+				line = strings.TrimSpace(line)
+				if strings.Contains(line, "Total Physical Memory") {
+					parts := strings.SplitN(line, ":", 2)
+					if len(parts) == 2 {
+						info["total_memory"] = strings.TrimSpace(parts[1])
+					}
+				}
+				if strings.Contains(line, "OS Name") {
+					parts := strings.SplitN(line, ":", 2)
+					if len(parts) == 2 {
+						info["os_name"] = strings.TrimSpace(parts[1])
+					}
+				}
+			}
+		}
+	} else {
+		if data, err := os.ReadFile("/proc/meminfo"); err == nil {
+			for _, line := range strings.Split(string(data), "\n") {
+				if strings.HasPrefix(line, "MemTotal:") {
+					info["total_memory"] = strings.TrimSpace(strings.TrimPrefix(line, "MemTotal:"))
+					break
+				}
+			}
+		}
+	}
+	return info
+}
+
+// DiskUsage returns disk usage for the given path.
+func (m *Manager) DiskUsage(path string) (map[string]interface{}, error) {
+	if err := m.validatePath(path); err != nil {
+		return nil, err
+	}
+	info, err := os.Stat(path)
+	if err != nil {
+		return nil, fmt.Errorf("cannot stat path: %w", err)
+	}
+	result := map[string]interface{}{
+		"path":     path,
+		"is_dir":   info.IsDir(),
+		"size":     info.Size(),
+		"mod_time": info.ModTime().Format(time.RFC3339),
+	}
+	return result, nil
+}
+
+func (m *Manager) validatePath(path string) error {
+	absPath, err := filepath.Abs(path)
+	if err != nil {
+		return fmt.Errorf("cannot resolve path: %w", err)
+	}
+	if len(m.allowedDirs) == 0 {
+		return nil
+	}
+	for _, allowed := range m.allowedDirs {
+		absAllowed, err := filepath.Abs(allowed)
+		if err != nil {
+			continue
+		}
+		if strings.HasPrefix(absPath, absAllowed+string(os.PathSeparator)) || absPath == absAllowed {
+			return nil
+		}
+	}
+	return fmt.Errorf("path not in allowed directories: %s", path)
+}
@@ -0,0 +1,219 @@
+package host
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"os"
+	"os/exec"
+	"path/filepath"
+	"strings"
+	"time"
+)
+
+// SandboxConfig configures the sandbox execution environment.
+type SandboxConfig struct {
+	AllowedCommands []string
+	AllowedDirs     []string
+	MaxOutputBytes  int
+	DefaultTimeout  time.Duration
+	MaxTimeout      time.Duration
+}
+
+// DefaultSandboxConfig returns a safe default configuration.
+func DefaultSandboxConfig() SandboxConfig {
+	return SandboxConfig{
+		AllowedCommands: []string{
+			"echo", "cat", "ls", "dir", "pwd", "date", "time",
+			"wc", "head", "tail", "sort", "uniq", "grep", "find",
+			"python", "python3", "node", "go", "rustc", "cargo",
+			"git", "curl", "wget", "ping", "nslookup", "tracert",
+			"dotnet", "java", "javac", "gcc", "g++", "make", "cmake",
+			"npm", "npx", "yarn", "pnpm", "pip", "pip3",
+			"docker", "kubectl", "helm",
+			"ffmpeg", "ffprobe", "imagemagick", "convert",
+			"systeminfo", "tasklist", "taskkill", "netstat",
+		},
+		MaxOutputBytes: 512 * 1024,
+		DefaultTimeout: 30 * time.Second,
+		MaxTimeout:     300 * time.Second,
+	}
+}
+
+// Sandbox provides a safe execution environment for host commands.
+type Sandbox struct {
+	cfg SandboxConfig
+}
+
+// NewSandbox creates a new sandbox.
+func NewSandbox(cfg SandboxConfig) *Sandbox {
+	return &Sandbox{cfg: cfg}
+}
+
+// ExecResult holds the result of a sandboxed command execution.
+type ExecResult struct {
+	Stdout   string `json:"stdout"`
+	Stderr   string `json:"stderr"`
+	ExitCode int    `json:"exit_code"`
+	Duration string `json:"duration"`
+	TimedOut bool   `json:"timed_out"`
+}
+
+// Exec runs a command inside the sandbox. The command string is parsed into
+// the executable name and arguments. Returns the combined output.
+func (s *Sandbox) Exec(ctx context.Context, command string, workDir string, timeout time.Duration) (*ExecResult, error) {
+	if command == "" {
+		return nil, fmt.Errorf("empty command")
+	}
+
+	parts := strings.Fields(command)
+	if len(parts) == 0 {
+		return nil, fmt.Errorf("empty command")
+	}
+
+	cmdName := parts[0]
+	var args []string
+	if len(parts) > 1 {
+		args = parts[1:]
+	}
+
+	if !s.isCommandAllowed(cmdName) {
+		return nil, fmt.Errorf("command not allowed: %s", cmdName)
+	}
+
+	if workDir == "" {
+		workDir = s.defaultWorkDir()
+	}
+	if err := s.validateWorkDir(workDir); err != nil {
+		return nil, err
+	}
+
+	if timeout <= 0 {
+		timeout = s.cfg.DefaultTimeout
+	}
+	if timeout > s.cfg.MaxTimeout {
+		timeout = s.cfg.MaxTimeout
+	}
+
+	execCtx, cancel := context.WithTimeout(ctx, timeout)
+	defer cancel()
+
+	cmd := exec.CommandContext(execCtx, cmdName, args...)
+	cmd.Dir = workDir
+	cmd.Env = s.filteredEnv()
+
+	var stdout, stderr bytes.Buffer
+	cmd.Stdout = &stdout
+	cmd.Stderr = &stderr
+
+	start := time.Now()
+	err := cmd.Run()
+	elapsed := time.Since(start)
+
+	result := &ExecResult{
+		Duration: elapsed.Round(time.Millisecond).String(),
+	}
+
+	if stdout.Len() > s.cfg.MaxOutputBytes {
+		result.Stdout = stdout.String()[:s.cfg.MaxOutputBytes] + "\n... [output truncated]"
+	} else {
+		result.Stdout = stdout.String()
+	}
+	if stderr.Len() > s.cfg.MaxOutputBytes {
+		result.Stderr = stderr.String()[:s.cfg.MaxOutputBytes] + "\n... [output truncated]"
+	} else {
+		result.Stderr = stderr.String()
+	}
+
+	if execCtx.Err() == context.DeadlineExceeded {
+		result.TimedOut = true
+		result.ExitCode = -1
+		return result, fmt.Errorf("command timed out after %s", timeout)
+	}
+
+	if err != nil {
+		if exitErr, ok := err.(*exec.ExitError); ok {
+			result.ExitCode = exitErr.ExitCode()
+		} else {
+			result.ExitCode = -1
+		}
+	} else {
+		result.ExitCode = 0
+	}
+
+	return result, err
+}
+
+func (s *Sandbox) isCommandAllowed(cmd string) bool {
+	if len(s.cfg.AllowedCommands) == 0 {
+		return true
+	}
+	base := filepath.Base(cmd)
+	base = strings.TrimSuffix(base, ".exe")
+	for _, allowed := range s.cfg.AllowedCommands {
+		if strings.EqualFold(base, allowed) {
+			return true
+		}
+	}
+	return false
+}
+
+func (s *Sandbox) validateWorkDir(dir string) error {
+	info, err := os.Stat(dir)
+	if err != nil {
+		return fmt.Errorf("work directory not accessible: %s: %w", dir, err)
+	}
+	if !info.IsDir() {
+		return fmt.Errorf("not a directory: %s", dir)
+	}
+
+	if len(s.cfg.AllowedDirs) == 0 {
+		return nil
+	}
+
+	absDir, err := filepath.Abs(dir)
+	if err != nil {
+		return fmt.Errorf("cannot resolve path: %w", err)
+	}
+
+	for _, allowed := range s.cfg.AllowedDirs {
+		absAllowed, err := filepath.Abs(allowed)
+		if err != nil {
+			continue
+		}
+		if strings.HasPrefix(absDir, absAllowed) {
+			return nil
+		}
+	}
+	return fmt.Errorf("directory not in allowed list: %s", dir)
+}
+
+func (s *Sandbox) defaultWorkDir() string {
+	if len(s.cfg.AllowedDirs) > 0 {
+		return s.cfg.AllowedDirs[0]
+	}
+	wd, _ := os.Getwd()
+	return wd
+}
+
+func (s *Sandbox) filteredEnv() []string {
+	allowed := map[string]bool{
+		"PATH": true, "HOME": true, "USER": true, "USERNAME": true,
+		"TMP": true, "TEMP": true, "TMPDIR": true,
+		"LANG": true, "LC_ALL": true, "SHELL": true,
+		"SYSTEMROOT": true, "WINDIR": true, "ProgramFiles": true,
+		"GOPATH": true, "GOROOT": true, "GOPROXY": true,
+		"NODE_PATH": true, "PYTHONPATH": true,
+		"JAVA_HOME": true, "DOTNET_ROOT": true,
+		"CARGO_HOME": true, "RUSTUP_HOME": true,
+	}
+	var filtered []string
+	for _, e := range os.Environ() {
+		kv := strings.SplitN(e, "=", 2)
+		if len(kv) == 2 && allowed[kv[0]] {
+			filtered = append(filtered, e)
+		}
+	}
+	filtered = append(filtered, "CYRENE_SANDBOX=1")
+	return filtered
+}
@@ -0,0 +1,214 @@
+package tools
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"time"
+
+	"github.com/yourname/cyrene-ai/ai-core/internal/host"
+)
+
+// HostExecTool allows the AI to execute commands in a sandboxed environment.
+type HostExecTool struct {
+	manager *host.Manager
+}
+
+// NewHostExecTool creates a new host exec tool.
+func NewHostExecTool(manager *host.Manager) *HostExecTool {
+	return &HostExecTool{manager: manager}
+}
+
+func (t *HostExecTool) Definition() ToolDefinition {
+	return ToolDefinition{
+		Name:        "host_exec",
+		Description: "在安全沙箱中执行系统命令。支持运行脚本、编译代码、管理文件等操作。超时默认30秒，最大300秒。",
+		Parameters: map[string]interface{}{
+			"type": "object",
+			"properties": map[string]interface{}{
+				"command": map[string]interface{}{
+					"type":        "string",
+					"description": "要执行的命令，例如 'dir C:\\Projects' 或 'python script.py'",
+				},
+				"work_dir": map[string]interface{}{
+					"type":        "string",
+					"description": "工作目录。不指定则使用默认目录。",
+				},
+				"timeout_sec": map[string]interface{}{
+					"type":        "integer",
+					"description": "超时时间（秒），默认30秒，最大300秒。",
+				},
+			},
+			"required": []string{"command"},
+		},
+	}
+}
+
+func (t *HostExecTool) Execute(ctx context.Context, args map[string]interface{}) (*ToolResult, error) {
+	cmd, _ := args["command"].(string)
+	if cmd == "" {
+		return &ToolResult{
+			ToolName: "host_exec",
+			Success:  false,
+			Error:    "command 参数不能为空",
+		}, nil
+	}
+
+	workDir, _ := args["work_dir"].(string)
+	timeoutSec := 30
+	if v, ok := args["timeout_sec"].(float64); ok {
+		timeoutSec = int(v)
+	}
+	timeout := time.Duration(timeoutSec) * time.Second
+
+	result, err := t.manager.Exec(ctx, cmd, workDir, timeout)
+	if err != nil && result == nil {
+		return &ToolResult{
+			ToolName: "host_exec",
+			Success:  false,
+			Error:    err.Error(),
+		}, nil
+	}
+
+	data, _ := json.Marshal(map[string]interface{}{
+		"command":   cmd,
+		"exit_code": result.ExitCode,
+		"duration":  result.Duration,
+		"timed_out": result.TimedOut,
+		"stdout":    result.Stdout,
+		"stderr":    result.Stderr,
+	})
+
+	success := result.ExitCode == 0 && !result.TimedOut
+	return &ToolResult{
+		ToolName: "host_exec",
+		Success:  success,
+		Data:     string(data),
+	}, nil
+}
+
+// HostFileTool provides controlled file system access.
+type HostFileTool struct {
+	manager *host.Manager
+}
+
+// NewHostFileTool creates a new host file tool.
+func NewHostFileTool(manager *host.Manager) *HostFileTool {
+	return &HostFileTool{manager: manager}
+}
+
+func (t *HostFileTool) Definition() ToolDefinition {
+	return ToolDefinition{
+		Name:        "host_file",
+		Description: "在允许的目录中读取、写入或列出文件。支持 read/write/list 三种操作。",
+		Parameters: map[string]interface{}{
+			"type": "object",
+			"properties": map[string]interface{}{
+				"action": map[string]interface{}{
+					"type":        "string",
+					"description": "操作类型: read, write, list",
+					"enum":        []string{"read", "write", "list"},
+				},
+				"path": map[string]interface{}{
+					"type":        "string",
+					"description": "文件或目录路径",
+				},
+				"content": map[string]interface{}{
+					"type":        "string",
+					"description": "写入内容 (仅 write 操作需要)",
+				},
+			},
+			"required": []string{"action", "path"},
+		},
+	}
+}
+
+func (t *HostFileTool) Execute(ctx context.Context, args map[string]interface{}) (*ToolResult, error) {
+	action, _ := args["action"].(string)
+	path, _ := args["path"].(string)
+	if action == "" || path == "" {
+		return &ToolResult{
+			ToolName: "host_file",
+			Success:  false,
+			Error:    "action 和 path 参数不能为空",
+		}, nil
+	}
+
+	switch action {
+	case "read":
+		content, err := t.manager.ReadFile(path, 1024*1024)
+		if err != nil {
+			return &ToolResult{ToolName: "host_file", Success: false, Error: err.Error()}, nil
+		}
+		data, _ := json.Marshal(map[string]interface{}{
+			"path":    path,
+			"content": content,
+			"size":    len(content),
+		})
+		return &ToolResult{ToolName: "host_file", Success: true, Data: string(data)}, nil
+
+	case "write":
+		content, _ := args["content"].(string)
+		if err := t.manager.WriteFile(path, content, 1024*1024); err != nil {
+			return &ToolResult{ToolName: "host_file", Success: false, Error: err.Error()}, nil
+		}
+		data, _ := json.Marshal(map[string]interface{}{
+			"path":    path,
+			"written": len(content),
+			"status":  "ok",
+		})
+		return &ToolResult{ToolName: "host_file", Success: true, Data: string(data)}, nil
+
+	case "list":
+		entries, err := t.manager.ListDir(path)
+		if err != nil {
+			return &ToolResult{ToolName: "host_file", Success: false, Error: err.Error()}, nil
+		}
+		data, _ := json.Marshal(map[string]interface{}{
+			"path":    path,
+			"entries": entries,
+			"count":   len(entries),
+		})
+		return &ToolResult{ToolName: "host_file", Success: true, Data: string(data)}, nil
+
+	default:
+		return &ToolResult{ToolName: "host_file", Success: false, Error: fmt.Sprintf("不支持的操作: %s", action)}, nil
+	}
+}
+
+// HostSystemTool provides system information.
+type HostSystemTool struct {
+	manager *host.Manager
+}
+
+// NewHostSystemTool creates a new system info tool.
+func NewHostSystemTool(manager *host.Manager) *HostSystemTool {
+	return &HostSystemTool{manager: manager}
+}
+
+func (t *HostSystemTool) Definition() ToolDefinition {
+	return ToolDefinition{
+		Name:        "host_system",
+		Description: "获取主机系统信息，包括操作系统、CPU、内存等。",
+		Parameters: map[string]interface{}{
+			"type": "object",
+			"properties": map[string]interface{}{
+				"query": map[string]interface{}{
+					"type":        "string",
+					"description": "查询类型: info(完整信息), memory(内存), cpu(CPU), disk(磁盘)",
+					"enum":        []string{"info", "memory", "cpu", "disk"},
+				},
+			},
+		},
+	}
+}
+
+func (t *HostSystemTool) Execute(ctx context.Context, args map[string]interface{}) (*ToolResult, error) {
+	info := t.manager.SystemInfo()
+	data, _ := json.Marshal(info)
+	return &ToolResult{
+		ToolName: "host_system",
+		Success:  true,
+		Data:     string(data),
+	}, nil
+}