Skip to content

tools: add tool script safety guard#168

Open
shsaihdsaiudh wants to merge 1 commit into
trpc-group:mainfrom
shsaihdsaiudh:fix/issue-90-tool-safety-guard
Open

tools: add tool script safety guard#168
shsaihdsaiudh wants to merge 1 commit into
trpc-group:mainfrom
shsaihdsaiudh:fix/issue-90-tool-safety-guard

Conversation

@shsaihdsaiudh

@shsaihdsaiudh shsaihdsaiudh commented Jul 12, 2026

Copy link
Copy Markdown

Tool, Skill, MCP, and CodeExecutor execution can carry scripts, commands, environment metadata, filesystem access, and network destinations that need a policy decision before execution. This change adds a configurable Tool Script Safety Guard for Python and Bash payloads.

The guard performs AST- and token-based static scanning for dangerous file access, non-allowlisted network calls, process execution, dependency installation, resource abuse, and sensitive-data exposure. It produces allow, deny, or needs_human_review reports with redacted evidence, JSONL audit events, and OpenTelemetry safety attributes.

ToolSafetyFilter runs as the final authorization filter after callbacks and argument transforms. A SafetyGuardedCodeExecutor wrapper covers executor code blocks. StreamingProgressTool, callback, telemetry, workspace timeout/background metadata, and BashTool defaults are integrated so the effective payload and execution limits are checked without leaking scripts or tool responses into traces.

The example includes a strict YAML policy, 12 canonical samples, a CLI scanner, a structured report, an audit log, and design documentation describing sandbox boundaries and extension points.

Validation completed with 368 safety tests at 86.94% safety-package coverage, 371 related filter/telemetry/streaming/executor/Bash/workspace regression tests, YAPF, flake8, compileall, canonical artifact validation, and wheel/sdist builds.

Fixes #90

RELEASE NOTES: Added configurable pre-execution safety checks, audit events, and telemetry redaction for script-capable tools and code executors.

@codecov

codecov Bot commented Jul 12, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 90.06433% with 139 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@e113610). Learn more about missing BASE report.

Files with missing lines Patch % Lines
trpc_agent_sdk/tools/safety/_extractor.py 83.33333% 50 Missing ⚠️
trpc_agent_sdk/tools/safety/_filter.py 89.80583% 21 Missing ⚠️
trpc_agent_sdk/tools/safety/_code_executor.py 86.71875% 17 Missing ⚠️
trpc_agent_sdk/tools/safety/_policy.py 91.60305% 11 Missing ⚠️
trpc_agent_sdk/agents/_callback.py 75.00000% 9 Missing ⚠️
trpc_agent_sdk/tools/safety/_scanner.py 93.84615% 8 Missing ⚠️
trpc_agent_sdk/tools/safety/_guard.py 94.18605% 5 Missing ⚠️
trpc_agent_sdk/tools/safety/_redaction.py 90.19608% 5 Missing ⚠️
trpc_agent_sdk/telemetry/_trace.py 94.44444% 4 Missing ⚠️
trpc_agent_sdk/tools/safety/_telemetry.py 81.81818% 4 Missing ⚠️
... and 3 more
Additional details and impacted files
@@            Coverage Diff             @@
##             main        #168   +/-   ##
==========================================
  Coverage        ?   87.55044%           
==========================================
  Files           ?         479           
  Lines           ?       47335           
  Branches        ?           0           
==========================================
  Hits            ?       41442           
  Misses          ?        5893           
  Partials        ?           0           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

构建 Tool 执行脚本安全扫描、Filter 拦截与监控机制

1 participant