Merge branch 'pr/merge-allow-regex-final' into develop

Author: tumf

README.md

@@ -5,11 +5,12 @@
 
 [![MseeP.ai Security Assessment Badge](https://mseep.net/pr/tumf-mcp-shell-server-badge.png)](https://mseep.ai/app/tumf-mcp-shell-server)
 
-
 A secure shell command execution server implementing the Model Context Protocol (MCP). This server allows remote execution of whitelisted shell commands with support for stdin input.
 
 <a href="https://glama.ai/mcp/servers/rt2d4pbn22"><img width="380" height="200" src="https://glama.ai/mcp/servers/rt2d4pbn22/badge" alt="mcp-shell-server MCP server" /></a>
 
+<a href="https://glama.ai/mcp/servers/rt2d4pbn22"><img width="380" height="200" src="https://glama.ai/mcp/servers/rt2d4pbn22/badge" alt="mcp-shell-server MCP server" /></a>
+
 ## Features
 
 * **Secure Command Execution**: Only whitelisted commands can be executed
@@ -80,6 +81,17 @@ npx -y @smithery/cli install mcp-shell-server --client claude
 ```
 
 ### Manual Installation
+
+### Installing via Smithery
+
+To install Shell Server for Claude Desktop automatically via [Smithery](https://smithery.ai/server/mcp-shell-server):
+
+```bash
+npx -y @smithery/cli install mcp-shell-server --client claude
+```
+
+### Manual Installation
+
 ```bash
 pip install mcp-shell-server
 ```

src/mcp_shell_server/command_validator.py

@@ -3,6 +3,7 @@
 """
 
 import os
+import re
 from typing import Dict, List
 
 
@@ -15,7 +16,8 @@ def __init__(self):
         """
         Initialize the validator.
         """
-        pass
+        # No state; environment variables are read on demand
+        return None
 
     def _get_allowed_commands(self) -> set[str]:
         """Get the set of allowed commands from environment variables"""
@@ -24,14 +26,27 @@ def _get_allowed_commands(self) -> set[str]:
         commands = allow_commands + "," + allowed_commands
         return {cmd.strip() for cmd in commands.split(",") if cmd.strip()}
 
+    def _get_allowed_patterns(self) -> List[re.Pattern]:
+        """Get the list of allowed regex patterns from environment variables"""
+        allow_patterns = os.environ.get("ALLOW_PATTERNS", "")
+        patterns = [
+            pattern.strip() for pattern in allow_patterns.split(",") if pattern.strip()
+        ]
+        return [re.compile(pattern) for pattern in patterns]
+
     def get_allowed_commands(self) -> list[str]:
-        """Get the list of allowed commands from environment variables"""
+        """Public API: return list form of allowed commands"""
         return list(self._get_allowed_commands())
 
     def is_command_allowed(self, command: str) -> bool:
-        """Check if a command is in the allowed list"""
+        """Check if a command is in the allowed list or matches an allowed pattern"""
         cmd = command.strip()
-        return cmd in self._get_allowed_commands()
+        if cmd in self._get_allowed_commands():
+            return True
+        for pattern in self._get_allowed_patterns():
+            if pattern.match(cmd):
+                return True
+        return False
 
     def validate_no_shell_operators(self, cmd: str) -> None:
         """
@@ -92,13 +107,12 @@ def validate_command(self, command: List[str]) -> None:
         if not command:
             raise ValueError("Empty command")
 
-        allowed_commands = self._get_allowed_commands()
-        if not allowed_commands:
+        if not self._get_allowed_commands() and not self._get_allowed_patterns():
             raise ValueError(
                 "No commands are allowed. Please set ALLOW_COMMANDS environment variable."
             )
 
         # Clean and check the first command
         cleaned_cmd = command[0].strip()
-        if cleaned_cmd not in allowed_commands:
+        if not self.is_command_allowed(cleaned_cmd):
             raise ValueError(f"Command not allowed: {cleaned_cmd}")

src/mcp_shell_server/server.py

@@ -31,11 +31,21 @@ def get_allowed_commands(self) -> list[str]:
         """Get the allowed commands"""
         return self.executor.validator.get_allowed_commands()
 
+    def get_allowed_patterns(self) -> list[str]:
+        """Get the allowed regex patterns"""
+        return [
+            pattern.pattern
+            for pattern in self.executor.validator._get_allowed_patterns()
+        ]
+
     def get_tool_description(self) -> Tool:
+        """Get the tool description for the execute command"""
+        allowed_commands = ", ".join(self.get_allowed_commands())
+        allowed_patterns = ", ".join(self.get_allowed_patterns())
         """Get the tool description for the execute command"""
         return Tool(
             name=self.name,
-            description=f"{self.description}\nAllowed commands: {', '.join(self.get_allowed_commands())}",
+            description=f"{self.description}\nAllowed commands: {allowed_commands}\nAllowed patterns: {allowed_patterns}",
             inputSchema={
                 "type": "object",
                 "properties": {

tests/test_command_validator.py

@@ -22,7 +22,15 @@ def test_get_allowed_commands(validator, monkeypatch):
     assert set(validator.get_allowed_commands()) == {"cmd1", "cmd2", "cmd3", "cmd4"}
 
 
-def test_is_command_allowed(validator, monkeypatch):
+def test_is_command_allowed_with_patterns(validator, monkeypatch):
+    clear_env(monkeypatch)
+    monkeypatch.setenv("ALLOW_COMMANDS", "allowed_cmd")
+    monkeypatch.setenv("ALLOW_PATTERNS", "^cmd[0-9]+$")
+
+    assert validator.is_command_allowed("allowed_cmd")
+    assert validator.is_command_allowed("cmd123")
+    assert not validator.is_command_allowed("disallowed_cmd")
+    assert not validator.is_command_allowed("cmdabc")
     clear_env(monkeypatch)
     monkeypatch.setenv("ALLOW_COMMANDS", "allowed_cmd")
     assert validator.is_command_allowed("allowed_cmd")