feat: add Shell Command MCP server with multi-stage validation

[Cristhianzl]

OBJECTIVE: Add a standalone MCP server that exposes a single execute_command tool, gated by a 5-stage validation pipeline (length cap, substitution refusal, subcommand split, per-subcommand destructive/classify/redirect/mode/path checks) so Langflow agents can run shell commands inside a sandboxed working directory on Linux, macOS, and Windows.

CHANGES:

• Add lfx.mcp.shell package (13 modules) with FastMCP server, validation pipeline, async subprocess executor, and config dataclass
• Cross-platform support: POSIX uses setsid+killpg(SIGKILL) and UTF-8 decode; Windows uses CREATE_NEW_PROCESS_GROUP+taskkill /T /F and
  locale.getpreferredencoding() (fixes mojibake in cmd.exe output)
• Multi-stage validators with stable RejectionReason enum: destructive_pattern, mode_violation, path_traversal, unknown_classification,
  input_too_large, shell_substitution_not_allowed
• Block 4 bypass classes: shell substitution $(...)/backticks, write redirects in read_only mode, glob/brace expansion in destructive paths, PowerShell
  Invoke-Expression eval
• Command-line entry point lfx-shell-mcp (registers via python -m lfx.mcp.shell due to Langflow MCP allowlist) plus pyproject.toml console script
• Test suite: 493 tests covering classification, destructive patterns (POSIX + Windows), mode/path validation, redirect detection, substitution detection,
  subprocess executor, and end-to-end pipeline
• Documentation: docs/features/shell-mcp-server.md (DDD-style with C4 diagrams) and QA guide CZL/QA_GUIDE_SHELL_MCP.md with 60+ test scenarios

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 2327fb66-5dd1-48c8-9ce4-b6b39d250a8e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch cz/shell-exec

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Build successful! ✅
Deploying docs draft.
Deploy successful! View draft

[codecov]

Codecov Report

❌ Patch coverage is 93.64162% with 33 lines in your changes missing coverage. Please review.
✅ Project coverage is 53.71%. Comparing base (1e9a96f) to head (b1e432a).
⚠️ Report is 7 commits behind head on release-1.10.0.

Files with missing lines	Patch %	Lines
src/lfx/src/lfx/mcp/shell/validation_path.py	82.89%	12 Missing and 1 partial ⚠️
src/lfx/src/lfx/mcp/shell/__main__.py	0.00%	6 Missing ⚠️
src/lfx/src/lfx/mcp/shell/subprocess_executor.py	91.80%	5 Missing ⚠️
src/lfx/src/lfx/mcp/shell/shell_server.py	89.47%	4 Missing ⚠️
src/lfx/src/lfx/mcp/shell/classification.py	93.75%	1 Missing and 2 partials ⚠️
src/lfx/src/lfx/mcp/shell/shell_types.py	96.07%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@                Coverage Diff                 @@
##           release-1.10.0   #12919      +/-   ##
==================================================
- Coverage           53.72%   53.71%   -0.01%     
==================================================
  Files                2035     2059      +24     
  Lines              184926   187153    +2227     
  Branches            27922    27663     -259     
==================================================
+ Hits                99350   100532    +1182     
- Misses              84475    85508    +1033     
- Partials             1101     1113      +12     

Flag	Coverage Δ
backend	56.97% <ø> (+0.67%)	⬆️
frontend	53.66% <ø> (-0.37%)	⬇️
lfx	50.70% <93.64%> (+0.84%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
src/lfx/src/lfx/mcp/shell/output_truncation.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/redirect_detection.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/shell_config.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/shell_constants.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/subcommand_split.py	100.00% <100.00%> (ø)
...rc/lfx/src/lfx/mcp/shell/substitution_detection.py	100.00% <100.00%> (ø)
...rc/lfx/src/lfx/mcp/shell/validation_destructive.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/validation_mode.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/validation_pipeline.py	100.00% <100.00%> (ø)
src/lfx/src/lfx/mcp/shell/shell_types.py	96.07% <96.07%> (ø)
... and 5 more

... and 231 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Frontend Unit Test Coverage Report

Coverage Summary

Lines	Statements	Branches	Functions
	36.31% (41893/115368)	67.82% (5754/8483)	36.27% (966/2663)

Unit Test Results

Tests	Skipped	Failures	Errors	Time
4087	0 💤	0 ❌	0 🔥	8m 54s ⏱️