For general information about RCE's Tool Integration concepts and configuration, please refer to the RCE User Guide (available here for the latest 9.x release).

From a security perspective, the service-providing side of Tool Integration consists of a dedicated user (typically an administrator or engineer familiar with the tool) defining a static script that controls the tool's invocation. Typical tasks in this script are custom input pre-processing or conversion, invoking one or more command-line tools, and assembling the final (external) data output.

All inputs and outputs of the service representing the tool is explicitly defined as part of the Tool Integration setup. Inputs and outputs are standardized to data types like Integer, Float, String, File, Directory, Vector, Matrix, or Table.

Beyond input data and (optionally) tool properties, the caller of the tool has no means of influencing the tool's execution.

The tool script is executed by passing it to bash on Linux or cmd on Windows. (To reiterate: This script is static, and always defined by a dedicated user on the providing side, never by the caller.)

The only data that is implicitly published from a tool's execution is the standard and error output of the executing tools, as well as execution time data.

If this is undesired, standard shell/batch features can typically be used to suppress this output

TODO.