feat: add tool script safety guard#118
Open
Spock12138 wants to merge 5 commits into
Open
Conversation
- Apply yapf formatting to all changed SDK safety files (_scanner, _code_executor, _cli_helpers, _redaction, _rules) - Add logging.disable(NOTSET) to _enable_caplog_logger helper to undo global logging disable from cross-test pollution
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #118 +/- ##
==========================================
Coverage ? 87.25293%
==========================================
Files ? 478
Lines ? 45281
Branches ? 0
==========================================
Hits ? 39509
Misses ? 5772
Partials ? 0 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Related Issue
Resolves #90
Summary
Add Tool Script Safety Guard with static scanning, policy configuration, Tool Filter integration, CodeExecutor wrapper, audit events, examples, CLI, and documentation.
What Changed
trpc_agent_sdk.tools.safetywith policy loading, redaction, rule matching, Python/Bash scanning, audit helpers, Tool Filter integration, and CodeExecutor wrapper.scripts/tool_safety_check.pyfor standalone scanning.examples/tool_safety_guard/with policy, 12 samples, generated report/audit fixtures, runner, and README.Validation
Known Non-Blocking Items
mempalaceande2b_code_interpreteroptional extras are not installed locally, so related full-suite collection failures are environment-related.subprocess_callmay produce an extra same-rule finding; it does not affect final decision or acceptance criteria.