|
| 1 | +# Tencent is pleased to support the open source community by making tRPC-Agent-Python available. |
| 2 | +# |
| 3 | +# Copyright (C) 2026 Tencent. All rights reserved. |
| 4 | +# |
| 5 | +# tRPC-Agent-Python is licensed under Apache-2.0. |
| 6 | +"""JSONL audit logging for tool safety checks.""" |
| 7 | + |
| 8 | +from __future__ import annotations |
| 9 | + |
| 10 | +import json |
| 11 | +import time |
| 12 | +from datetime import datetime |
| 13 | +from datetime import timezone |
| 14 | +from pathlib import Path |
| 15 | +from typing import Any |
| 16 | +from typing import Optional |
| 17 | + |
| 18 | +from .models import Finding |
| 19 | +from .models import SafetyDecision |
| 20 | +from .models import SafetyResult |
| 21 | +from .models import SafetySeverity |
| 22 | +from .models import ToolExecutionRequest |
| 23 | + |
| 24 | +DEFAULT_AUDIT_LOG_FILE = Path("tool_safety_audit.jsonl") |
| 25 | +_SENSITIVE_KEYS = {"api_key", "authorization", "cookie", "password", "secret", "token"} |
| 26 | +_SCRIPT_KEYS = {"bash_code", "cmd", "code", "command", "python_code", "script"} |
| 27 | +_SEVERITY_RANK = { |
| 28 | + SafetySeverity.INFO: 0, |
| 29 | + SafetySeverity.LOW: 1, |
| 30 | + SafetySeverity.MEDIUM: 2, |
| 31 | + SafetySeverity.HIGH: 3, |
| 32 | + SafetySeverity.CRITICAL: 4, |
| 33 | +} |
| 34 | + |
| 35 | + |
| 36 | +class SafetyAuditLogger: |
| 37 | + """Append tool safety audit events as JSON Lines.""" |
| 38 | + |
| 39 | + def __init__(self, path: str | Path = DEFAULT_AUDIT_LOG_FILE): |
| 40 | + self._path = Path(path) |
| 41 | + |
| 42 | + @property |
| 43 | + def path(self) -> Path: |
| 44 | + """Return the audit log path.""" |
| 45 | + return self._path |
| 46 | + |
| 47 | + def write(self, result: SafetyResult, latency_ms: float) -> None: |
| 48 | + """Write one audit record.""" |
| 49 | + record = build_audit_record(result, latency_ms) |
| 50 | + with self._path.open("a", encoding="utf-8") as fp: |
| 51 | + fp.write(json.dumps(record, ensure_ascii=False, sort_keys=True)) |
| 52 | + fp.write("\n") |
| 53 | + |
| 54 | + |
| 55 | +def build_audit_record(result: SafetyResult, latency_ms: float) -> dict[str, Any]: |
| 56 | + """Build one ELK/Grafana-friendly audit record.""" |
| 57 | + request = result.request or ToolExecutionRequest() |
| 58 | + current_risk_level = risk_level(result.findings) |
| 59 | + rule_ids = [finding.rule_id for finding in result.findings] |
| 60 | + return { |
| 61 | + "timestamp": _utc_now(), |
| 62 | + "tool_name": request.tool_name, |
| 63 | + "decision": result.decision.value, |
| 64 | + "risk_level": current_risk_level.value, |
| 65 | + "rule_id": ",".join(rule_ids), |
| 66 | + "rule_ids": rule_ids, |
| 67 | + "latency": round(latency_ms, 3), |
| 68 | + "latency_ms": round(latency_ms, 3), |
| 69 | + "blocked": result.decision != SafetyDecision.ALLOW, |
| 70 | + "desensitized": True, |
| 71 | + "agent_name": request.agent_name, |
| 72 | + "invocation_id": request.invocation_id, |
| 73 | + "function_call_id": request.function_call_id, |
| 74 | + "language": request.language, |
| 75 | + "finding_count": len(result.findings), |
| 76 | + "findings": [_finding_record(finding) for finding in result.findings], |
| 77 | + "request": _request_record(request), |
| 78 | + } |
| 79 | + |
| 80 | + |
| 81 | +def risk_level(findings: list[Finding]) -> SafetySeverity: |
| 82 | + """Return the highest severity represented by a list of findings.""" |
| 83 | + if not findings: |
| 84 | + return SafetySeverity.LOW |
| 85 | + return max((finding.severity for finding in findings), key=lambda severity: _SEVERITY_RANK[severity]) |
| 86 | + |
| 87 | + |
| 88 | +def _finding_record(finding: Finding) -> dict[str, Any]: |
| 89 | + return { |
| 90 | + "rule_id": finding.rule_id, |
| 91 | + "severity": finding.severity.value, |
| 92 | + "target": _desensitize_value(finding.target), |
| 93 | + "message": finding.message, |
| 94 | + "metadata": _desensitize_value(finding.metadata), |
| 95 | + } |
| 96 | + |
| 97 | + |
| 98 | +def _request_record(request: ToolExecutionRequest) -> dict[str, Any]: |
| 99 | + return { |
| 100 | + "args": _desensitize_args(request.args), |
| 101 | + "metadata": _desensitize_value(request.metadata), |
| 102 | + "script_present": bool(request.script), |
| 103 | + "script_length": len(request.script or ""), |
| 104 | + } |
| 105 | + |
| 106 | + |
| 107 | +def _desensitize_args(args: dict[str, Any]) -> dict[str, Any]: |
| 108 | + return { |
| 109 | + str(key): _desensitize_arg_value(str(key), value) |
| 110 | + for key, value in args.items() |
| 111 | + } |
| 112 | + |
| 113 | + |
| 114 | +def _desensitize_arg_value(key: str, value: Any) -> Any: |
| 115 | + lowered_key = key.lower() |
| 116 | + if lowered_key in _SCRIPT_KEYS: |
| 117 | + return _desensitize_script_value(value) |
| 118 | + if _is_sensitive_key(lowered_key): |
| 119 | + return "***" |
| 120 | + return _desensitize_value(value) |
| 121 | + |
| 122 | + |
| 123 | +def _desensitize_script_value(value: Any) -> dict[str, Any]: |
| 124 | + text = value if isinstance(value, str) else "" |
| 125 | + return { |
| 126 | + "redacted": True, |
| 127 | + "length": len(text), |
| 128 | + } |
| 129 | + |
| 130 | + |
| 131 | +def _desensitize_value(value: Any) -> Any: |
| 132 | + if isinstance(value, dict): |
| 133 | + return { |
| 134 | + str(key): "***" if _is_sensitive_key(str(key)) else _desensitize_value(item) |
| 135 | + for key, item in value.items() |
| 136 | + } |
| 137 | + if isinstance(value, list): |
| 138 | + return [_desensitize_value(item) for item in value] |
| 139 | + if isinstance(value, tuple): |
| 140 | + return [_desensitize_value(item) for item in value] |
| 141 | + if isinstance(value, str): |
| 142 | + return _desensitize_string(value) |
| 143 | + return value |
| 144 | + |
| 145 | + |
| 146 | +def _is_sensitive_key(key: str) -> bool: |
| 147 | + lowered = key.lower() |
| 148 | + return any(sensitive_key in lowered for sensitive_key in _SENSITIVE_KEYS) |
| 149 | + |
| 150 | + |
| 151 | +def _desensitize_string(value: str) -> str: |
| 152 | + if len(value) <= 256: |
| 153 | + return value |
| 154 | + return f"{value[:128]}...<truncated:{len(value)}>" |
| 155 | + |
| 156 | + |
| 157 | +def _utc_now() -> str: |
| 158 | + return datetime.now(timezone.utc).isoformat() |
| 159 | + |
| 160 | + |
| 161 | +def monotonic_ms(start: Optional[float] = None) -> float: |
| 162 | + """Return monotonic milliseconds since start, or current monotonic milliseconds.""" |
| 163 | + now = time.monotonic() * 1000 |
| 164 | + if start is None: |
| 165 | + return now |
| 166 | + return now - start |
0 commit comments