feat: add Shell Command MCP server with multi-stage validation

[Cristhianzl]

OBJECTIVE: Add a standalone MCP server that exposes a single execute_command tool, gated by a 5-stage validation pipeline (length cap, substitution refusal, subcommand split, per-subcommand destructive/classify/redirect/mode/path checks) so Langflow agents can run shell commands inside a sandboxed working directory on Linux, macOS, and Windows.

CHANGES:

• Add lfx.mcp.shell package (13 modules) with FastMCP server, validation pipeline, async subprocess executor, and config dataclass
• Cross-platform support: POSIX uses setsid+killpg(SIGKILL) and UTF-8 decode; Windows uses CREATE_NEW_PROCESS_GROUP+taskkill /T /F and
  locale.getpreferredencoding() (fixes mojibake in cmd.exe output)
• Multi-stage validators with stable RejectionReason enum: destructive_pattern, mode_violation, path_traversal, unknown_classification,
  input_too_large, shell_substitution_not_allowed
• Block 4 bypass classes: shell substitution $(...)/backticks, write redirects in read_only mode, glob/brace expansion in destructive paths, PowerShell
  Invoke-Expression eval
• Command-line entry point lfx-shell-mcp (registers via python -m lfx.mcp.shell due to Langflow MCP allowlist) plus pyproject.toml console script
• Test suite: 493 tests covering classification, destructive patterns (POSIX + Windows), mode/path validation, redirect detection, substitution detection,
  subprocess executor, and end-to-end pipeline
• Documentation: docs/features/shell-mcp-server.md (DDD-style with C4 diagrams) and QA guide CZL/QA_GUIDE_SHELL_MCP.md with 60+ test scenarios

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f3575977-7d37-4bad-a73f-307e6029a778

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cz/shell-exec

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 94.02262% with 37 lines in your changes missing coverage. Please review.
✅ Project coverage is 53.17%. Comparing base (e68e33e) to head (4225f98).
⚠️ Report is 1 commits behind head on release-1.10.0.

Files with missing lines	Patch %	Lines
src/lfx/src/lfx/mcp/shell/validation_path.py	82.89%	12 Missing and 1 partial ⚠️
src/lfx/src/lfx/mcp/shell/__main__.py	0.00%	6 Missing ⚠️
src/lfx/src/lfx/mcp/shell/audit_context.py	62.50%	6 Missing ⚠️
src/lfx/src/lfx/mcp/shell/shell_server.py	93.75%	4 Missing ⚠️
src/lfx/src/lfx/mcp/shell/classification.py	93.75%	1 Missing and 2 partials ⚠️
src/lfx/src/lfx/mcp/shell/subprocess_executor.py	95.77%	3 Missing ⚠️
src/lfx/src/lfx/mcp/shell/shell_types.py	96.15%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@                 Coverage Diff                 @@
##           release-1.10.0   #12919       +/-   ##
===================================================
+ Coverage           41.71%   53.17%   +11.45%     
===================================================
  Files                1909     2068      +159     
  Lines              175706   188686    +12980     
  Branches            10132    29433    +19301     
===================================================
+ Hits                73297   100332    +27035     
+ Misses             101298    87238    -14060     
- Partials             1111     1116        +5     

Flag	Coverage Δ
backend	55.21% <ø> (+0.04%)	⬆️
frontend	53.28% <ø> (+17.06%)	⬆️
lfx	50.67% <94.02%> (+0.90%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/lfx/src/lfx/mcp/shell/output_truncation.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/redirect_detection.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/shell_config.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/shell_constants.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/subcommand_split.py	100.00% <100.00%> (ø)
...rc/lfx/src/lfx/mcp/shell/substitution_detection.py	100.00% <100.00%> (ø)
...rc/lfx/src/lfx/mcp/shell/validation_destructive.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/validation_mode.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/validation_pipeline.py	100.00% <100.00%> (ø)
...fx/src/lfx/mcp/shell/working_directory_strategy.py	100.00% <100.00%> (ø)
... and 7 more

... and 1097 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	36.22% (42146/116358)	67.83% (5786/8529)	36.26% (970/2675)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
4095	0 💤	0 ❌	0 🔥	7m 19s ⏱️

[github-actions]

Build successful! ✅
Deploying docs draft.
Deploy successful! View draft