[awayto]

Also if you're doing function calls you can just have the command as one response param, and arguments array as another response param. Then just black/white list commands you either don't want to run or which should require a human to say ok.

[aidenn0]

blacklist is going to be a bad idea since so many commands can be made to run other commands with their arguments.

[awayto]

Yeah I agree. Ultimately I would suggest not having any kind of function call which returns an arbitrary command.

Instead, think of it as if you were enabling capabilities for AppArmor, by making a function call definition for just 1 command. Then over time suss out what commands you need your agent do to and nothing more.