feat: add shell tool and tests

[notowen333]

Issue #, if available:
https://github.com/strands-agents/private-sdk-python-staging/issues/340

Description of changes:

• simple subprocess based shell avoiding full terminal emulation with pty

Distinct from TS:

• persistent shell (i.e. cd and export will persist across tool calls)
• binary encoded output is parsed
• standard error and standard out write to the same pipe to avoid race conditions
• clean garbage collection tied to agent lifecycle
• uses default shell instead of specifying bash

First PR to add pytest tests to the python scripts section of the repo, so needed to add __init__ and requirements.txt

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[zastrowm]

Can we add validation that the tool is being called; I think the easiest way is to validate the messages on the agent?

[notowen333]

added tool call validation on all the tests

[zastrowm]

Use a temp directory and instruct it to write there: https://github.com/strands-agents/sdk-python/blob/2d766c4e6974732590439a79ab10c4f07f2d1806/tests_integ/test_invalid_tool_names.py#L10

Then can we assert the actual directory instead of taking the agent output.

In general I want to verify the actual behavior instead of assuming that the agent output text indicating that it did it

[notowen333]

Makes sense fixed on both counts

[notowen333]

I made similar fixes for the remaining tests to use the temp directory to verify instead of the agent response string.

[zastrowm]

We don't have it written anywhere that I can find) but we just do top level functions for tests; no classes

[notowen333]

sure flattened

[zastrowm]

Can timeout and process be private?

[notowen333]

fixed

[zastrowm]

Should we always have some sort of default timeout? I'm a little concerned about commands taht hang the agent- but maybe that's not our concern?

[zastrowm]

I noticed today that Kiro timedout (though noticed that it was still running) - this reinforces my belief of a default timeout. That might move us to a class-based tool so that we can also allow folks to specify the default timeout

[notowen333]

The default timeout is 30 seconds see above code snippet. Is it not enough to accept timeout arg in the tool call? If this is the only configuration a class based tool seems like overkill for the pattern.

[zastrowm]

Can you add to the PR description how this compares to the TS implementation?

[notowen333]

most of the traits I noted are the differentiators. Separated it out in the description.

[zastrowm]

Do we really need this? Listing specific commands seems odd when we're not providing them

[notowen333]

I removed the specific supported commands but left unsupported

[zastrowm]

What is this doing? Are we modifying the agent's properties?

We should find another way of doing this. (this could indicate a gap in the SDK FWIW)

[notowen333]

This is storing a ShellSession on the agent object itself for persistence.

Something like this would be the main alternative:

_sessions = {}  # Module-level

@tool(context=True)
def shell_tool(command: str, ..., tool_context: ToolContext = None):
    agent_id = id(tool_context.agent)  # Use memory address as key
    
    if agent_id not in _sessions:
        _sessions[agent_id] = ShellSession()
    
    return _sessions[agent_id].run(command)