feat(safety): add pre-execution tool safety scanner#126
Conversation
16 tests covering Decision, RiskLevel, Finding, Report, AuditEvent, Policy, Request, and CodeBlock types. Enums with rank ordering. Mirrors trpc-agent-go/tool/safety/safety.go types. Signed-off-by: coder-mtj <coder-mtj@users.noreply.github.com>
Core scanner engine with: - Policy-driven scanning (DeniedCommands/DeniedPaths/NetworkAllowlist/ReviewCommands) - Shell command analysis (pipeline detection, secret redaction, shell bypass) - Code block safety checks (bash, python with subprocess detection) - 12 core test cases aligned with Go reference implementation - 500-line batch scan verified < 1s - Filter integration via ToolSafetyFilter (FilterABC subclass) 34 tests passed. Mirrors trpc-agent-go/tool/safety/. Signed-off-by: coder-mtj <coder-mtj@users.noreply.github.com>
Signed-off-by: coder-mtj <coder-mtj@users.noreply.github.com>
|
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #126 +/- ##
==========================================
Coverage ? 87.45950%
==========================================
Files ? 474
Lines ? 44440
Branches ? 0
==========================================
Hits ? 38867
Misses ? 5573
Partials ? 0 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
flake8 fixes: - _policy.py: remove unused 'os' import (F401) - _scanner.py: replace f-string with regular string (F541) Signed-off-by: coder-mtj <coder-mtj@users.noreply.github.com>
|
建议补充一下设计文档,包含中英文版本,方便理解设计,如果是ai编写的代码,给出相关的提示词,提示词如果不方便展示可以邮件发送 |
- design-en.md: English architecture design document - usage.md: Usage guide with reproduction steps - ai-prompts.md: AI-assisted development prompts (4 rounds) - Include existing design.md, test-plan.md, summary.md Response to reviewer feedback from raychen911.
@raychen911 感谢 review!已补充设计文档和 AI 提示词: 新增文档(docs/issue-90-tool-safety/)
AI 提示词要点架构设计(模块划分、类型系统、扫描流程、6 大风险类别、12 个核心测试用例)均由我亲自设计,AI 仅执行编码。4 轮对话:
每个技术决策(为什么选纯 Python regex 而非 subprocess、为什么选 FilterABC 而非 decorator)均来自本人设计。AI 只负责 TDD 执行:先写测试→实现→yapf/flake8 修复。 完整提示词见 PR 中的 docs/issue-90-tool-safety/ai-prompts.md。 |
|
I have read the CLA Document and I hereby sign the CLA |
Description | 描述
构建 Tool 执行安全扫描器,对 workspace_exec / exec_command / execute_code
工具调用进行前置命令扫描。对齐 trpc-agent-go/tool/safety/ 参考实现。
Closes #90
Change Type | 修改类型
Features
ToolSafetyFilter(FilterABC 子类)tool.safety.*属性预留Files Changed
trpc_agent_sdk/tools/safety/— 新包_types.py— Decision/RiskLevel/Policy/Request/Report/Finding/AuditEvent_policy.py— default_policy() + load_policy(YAML/JSON)_shell_parse.py— 命令名/管道/URL/Shell绕过 检测_redactor.py— Secret 脱敏引擎_scanner.py— 核心扫描引擎 scan(request, policy) → Report_permission.py— ToolSafetyFilter(FilterABC 集成)tests/tools/safety/test_types.py— 16 个类型测试tests/tools/safety/test_scanner.py— 18 个扫描测试Test Coverage | 测试覆盖
Self-test Checklist | 自测清单