v0.5.3 — Exec Array Format, Security Hardening

What's New in v0.5.3

exec Array Format for Shell-Free Command Construction

New preferred command invocation form that maps directly to execve — no string splitting, no shell interpretation. Values with spaces or quotes are safe.

[command]
exec = ["curl", "-H", "Authorization: {token}", "{target}"]

The legacy template string form remains fully supported. When both are present, exec takes precedence.

Security Hardening

• Conditionals eval() ban: Spec now explicitly requires closed-vocabulary parser for [command.conditionals]. Implementations MUST NOT use eval(), Function(), or dynamic code execution.
• Evidence envelope: exit_code + stderr: Now mandatory fields. Enables LLM agent self-correction on tool failures.
• Process group kill semantics: Documented requirement to spawn tools in new process groups (PGID) and kill the entire group on timeout. Prevents zombie process accumulation.
• Go quote-aware splitter: Fixed strings.Fields() with a proper quote-aware shellSplit() for template string splitting.

Cross-Language Scope Validation

• Added tests/scope_vectors.json — shared test vectors for IPv4/IPv6 CIDR containment, hostname wildcard matching, and injection rejection.
• Documented centralization path (Wasm/gRPC) for production deployments.

Install / Upgrade

cargo install toolclad        # Rust / crates.io
pip install toolclad==0.5.3   # Python / PyPI
npm install toolclad@0.5.3    # JavaScript / npm

Go: go install github.com/thirdkeyai/toolclad/go/cmd/toolclad@v0.5.3

Test Results

Language	Tests	Result
Rust	67	All pass
Go	executor + validator	All pass
Python	114	All pass
JavaScript	74	All pass

Full Changelog

v0.5.2...v0.5.3

v0.5.2 — Full Feature Parity, 14 Types, Security Hardening

What's New

14 Built-in Types (was 10)

Added 4 extended types across all 4 languages:

• msf_options — Metasploit KEY VALUE pairs with injection checking
• credential_file — Relative path with existence/file verification
• duration — Plain seconds or suffixed (5m, 2h, 1h30m, 500ms)
• regex_match — Value must match mandatory pattern field

Custom Types

Project-level toolclad.toml defines reusable custom types with base type inheritance:

[types.service_protocol]
base = "enum"
allowed = ["ssh", "ftp", "http", "https"]

Security Hardening

• Real timeout enforcement — try_wait polling + killpg process group kill (Rust)
• String type rejects shell metacharacters by default (fail-closed)
• Unknown arg types error instead of falling through
• HTTP body JSON-escaping prevents request injection
• Platform-aware evidence dirs — uses OS temp directory, not hardcoded /tmp

Output Parsers (all 4 languages)

• builtin:json, builtin:jsonl, builtin:csv, builtin:xml, builtin:text
• CSV: auto-delimiter detection, quoted fields, type inference
• XML: real parsing with attributes, text content, nested arrays

Full Feature Parity

All 4 implementations (Rust, Python, JavaScript, Go) now support:

• All 14 types + custom types
• HTTP and MCP backend routing from execute()
• All 5 output parsers
• Executor escape hatch
• Rich MCP schema generation with format, pattern, minimum, maximum
• HTTP error semantics (client_error for 4xx, server_error for 5xx)
• Scope validation aligned across languages
• [command] section optional for HTTP/MCP-only manifests

Test Coverage

• Rust: 63 tests
• Python: 114 tests
• JavaScript: 74 tests
• Go: all passing