Skip to main content
The Terminal Toolkit provides a secure and powerful way for CAMEL agents to interact with a terminal. It allows agents to execute shell commands, manage files, and even ask for human help, all within a controlled, sandboxed environment.

Secure Sandboxed Execution

All file-writing and execution commands are restricted to a designated working_directory to prevent unintended system modifications. Dangerous commands are blocked by default.

Multi-Session Management

Run multiple, independent terminal sessions concurrently. Each session maintains its own state and history, allowing for complex, parallel workflows.

Virtual Environment Management

Automatically create and manage isolated Python virtual environments, ensuring that package installations and script executions don’t conflict with your system setup.

Human-in-the-Loop

When an agent gets stuck, it can pause its execution and request human assistance. A human can then take over the terminal session to resolve the issue before handing control back.

Initialization

To get started, initialize the TerminalToolkit. You can configure its behavior, such as the working directory and environment settings.

Usage Examples

Executing Commands

The shell_exec function is the primary way to execute commands. Each command is run within a session, identified by a unique id. How it works
  • block=True (default): waits for completion and returns combined stdout/stderr.
  • block=False: starts a background session for interactive/long-running tasks.
  • The id is how you later view output or terminate the session.

Interacting with Processes

You can manage long-running or interactive processes. Tip: shell_view returns only new output since the last call. Call it periodically to stream logs.
You can write to a process’s standard input using shell_write_to_process. Start the process in non-blocking mode, then send input and read output.

Advanced Usage

Non-blocking Sessions and Timeouts

Blocking commands that exceed timeout are converted into background sessions. You can then view output or terminate them. This is useful for long tasks where you still want a quick response, but need to keep the process alive in the background.

Safe Mode Allowlist

When safe_mode=True, you can restrict execution to an explicit allowlist. This is helpful for production deployments where only specific commands should be allowed.

Docker Backend

Run commands inside a pre-existing Docker container for stronger isolation. The container must already exist and be running.

Environment and Dependencies

Clone the current environment or preinstall dependencies into the sandboxed workspace. Use this to ensure tools like python, pip, or uv are available inside the sandboxed workspace.

Write Files Directly

Use shell_write_content_to_file to write large files without shell escaping issues. Relative paths are resolved under working_directory. In safe mode, the path must stay inside that directory.

Safe Mode

When safe_mode is enabled (default), the toolkit blocks commands that could be harmful to your system.

Example of a Blocked Command

Human-in-the-Loop

When an agent gets stuck, it can use shell_ask_user_for_help to request human intervention. This call blocks and waits for a human response in the console, then returns the user’s input or the resulting command output.

Asking for Human Help

References

  • camel/toolkits/terminal_toolkit/terminal_toolkit.py
  • examples/toolkits/terminal_toolkit.py
  • examples/runtimes/shared_runtime_multi_toolkit.py