Skip to content

feat(tool-safety): add Tool Script Safety Guard with pluggable filter…#103

Open
Violet2314 wants to merge 5 commits into
trpc-group:mainfrom
Violet2314:feature/tool-safety-guard
Open

feat(tool-safety): add Tool Script Safety Guard with pluggable filter…#103
Violet2314 wants to merge 5 commits into
trpc-group:mainfrom
Violet2314:feature/tool-safety-guard

Conversation

@Violet2314

@Violet2314 Violet2314 commented Jul 1, 2026

Copy link
Copy Markdown

Title: feat: Tool Script Safety Guard

Related Issue: Resolves #90

Summary

为 Tool / Skill / CodeExecutor 新增执行前安全扫描器。通过可插拔 Filter 规则扫描 Python 和 Bash 脚本,输出 allow / deny / needs_human_review 决策,并产出结构化报告、审计日志和 OpenTelemetry span 埋点。

Changes

  • 新增 6 条可插拔规则:危险文件操作、网络外连、进程/系统命令、依赖安装、资源滥用、敏感信息泄漏
  • 新增 ToolSafetyFilter(继承 SDK BaseFilter),执行前拦截 + 写审计
  • 新增 4 种 wrapper 接入方式:
    • wrap_tool:给现有 tool / executor 挂 filter
    • @safety_wrapper 装饰器:包装任意函数(sync/async),DENY 时抛 SafetyDeniedError
    • SafetyReviewedSkillRunner:Skill 执行路径专用 wrapper
    • SafeCodeExecutor:CodeExecutor 委托式包装
  • 新增 register_custom_rule():运行时注册自定义规则,无需改框架源码
  • 新增 CLI tool_safety_check.py,exit code 0/1/2(allow/deny/needs_review),可作 CI gate
  • 新增 tool_safety_policy.yaml(白名单域名、禁止路径、允许命令、决策阈值,热更新无需改代码)
  • 新增 12 条样本(覆盖 issue 12 场景)
  • 新增 tool_safety_report.json、tool_safety_audit.jsonl 示例输出
  • 新增 57 条测试(扫描/规则/策略热更新/Filter 拦截/wrapper 装饰器/Skill runner/规则注册表/审计+OTel/性能)
  • 新增 README(规则体系、5 种接入方式、误报漏报绕过风险、2 种扩展方式、与沙箱/Filter/Telemetry/CodeExecutor 关系)

Testing

python -m pytest tests/tool_safety/ -v
python examples/tool_safety/tool_safety_check.py --samples examples/tool_safety/samples/ --policy examples/tool_safety/tool_safety_policy.yaml --report examples/tool_safety/tool_safety_report.json --audit examples/tool_safety/tool_safety_audit.jsonl --verbose

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

CI environments import the full SDK which sets a global TracerProvider.
OTel silently ignores subsequent set_tracer_provider calls, so the test's
in-memory exporter never received spans. Build the tracer directly from a
local provider instead of relying on the global one.
@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@73655ab). Learn more about missing BASE report.

Additional details and impacted files
@@            Coverage Diff             @@
##             main        #103   +/-   ##
==========================================
  Coverage        ?   87.64107%           
==========================================
  Files           ?         433           
  Lines           ?       41557           
  Branches        ?           0           
==========================================
  Hits            ?       36421           
  Misses          ?        5136           
  Partials        ?           0           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@Violet2314

Copy link
Copy Markdown
Author

I have read the CLA Document and I hereby sign the CLA

Rook1ex added a commit to trpc-group/cla-database that referenced this pull request Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

构建 Tool 执行脚本安全扫描、Filter 拦截与监控机制

1 participant