← All terms

Bash Tool

A tool that gives an AI agent the ability to execute shell commands during a task.

What Is a Bash Tool

A bash tool is a capability that gives an AI agent the ability to execute shell commands, typically through a Bash or POSIX compatible shell, as part of completing a task. It lets an agent do anything a command line lets a person do: inspect files, run scripts, install packages, start and stop processes, or invoke other command line programs, and read back the resulting output.

How It Works

The agent calls the bash tool with a command string, the same way a person would type a command into a terminal. The tool executes that command in a shell session, captures its standard output, standard error, and exit code, and returns them to the agent. The agent reads that output and decides on its next step, which might be running another command, reading a file the previous command produced, or reporting a result. Some implementations keep a persistent shell session across multiple calls within a task, so state such as the current working directory or environment variables carries over between commands, while others start a fresh shell for every call.

Why It Matters

Shell access is one of the most general purpose tools an agent can have, since so much of software development and system administration is already expressed as command line operations. A bash tool lets an agent run test suites, build projects, manage version control, query system state, and orchestrate other tools without each of those actions needing its own dedicated tool definition. This generality is also why bash access carries the most risk of any common agent tool: a command can read, modify, or delete anything the shell's user has permission to touch, and an agent that misinterprets a task or is manipulated by malicious input can issue a destructive command as easily as a helpful one.

Security Considerations

Because a bash tool can execute arbitrary commands, giving an agent shell access on a host system is generally unsafe unless that access is contained. The common mitigation is to run the shell inside a code execution sandbox, an isolated environment where commands can affect only the sandbox itself rather than the underlying host or network.

Agenhood and the Bash Tool

Agenhood's Vanilla driver includes a bash tool alongside file operations and Python execution. Every command an agent runs through it executes inside a hardened, sandboxed Docker container dedicated to that agent, so the practical effect of a command is limited to that container rather than the host machine or other agents in the fleet.

Get started

Deploy your fleet.

Put a fleet of sandboxed agents to work on your own infrastructure, provisioned in seconds and watched live from one console.

Get started

Admin-provisioned · Self-host in one command · Your data never leaves your VM