Skip to content

feat: add Tool Script Safety Guard#105

Open
dongdonglfd wants to merge 6 commits into
trpc-group:mainfrom
dongdonglfd:feat/tool-safety-guard
Open

feat: add Tool Script Safety Guard#105
dongdonglfd wants to merge 6 commits into
trpc-group:mainfrom
dongdonglfd:feat/tool-safety-guard

Conversation

@dongdonglfd

@dongdonglfd dongdonglfd commented Jul 1, 2026

Copy link
Copy Markdown

Summary

This PR adds a Tool Script Safety Guard for reviewing tool execution before execution.

The implementation includes:

  • SafetyReviewer with structured decisions, reports, and audit output
  • YAML-based ToolSafetyPolicy
  • ToolSafetyFilter for tool execution interception
  • Wrapper examples for CodeExecutor and Skill execution
  • OpenTelemetry safety attributes
  • Standalone CLI scanner for Python and Bash scripts
  • Example reports, audit logs, and sample scripts
  • Documentation and unit tests

fix: #90

Key Behaviors

  • Policy changes can alter behavior without modifying code.
  • High-risk tool calls can be blocked by ToolSafetyFilter.
  • CodeExecutor and Skill wrappers reuse the same review logic.
  • CLI supports:
    • --policy
    • --format
    • --output
  • CLI exit codes:
    • 0 — allow
    • 1 — deny
    • 2 — needs human review
  • OpenTelemetry attributes:
    • tool.safety.decision
    • tool.safety.risk_level
    • tool.safety.rule_id

Safety Notes

  • Example dangerous scripts are inert and contain no destructive side effects.
  • The CLI fails fast when an explicitly specified policy file does not exist.
  • This safety guard provides pre-execution review and complements, rather than replaces, sandbox isolation.

Testing

pytest tests/tools/safety tests/server/openclaw/tools/test_safety_review.py
git diff --check

@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

Rook1ex added a commit to trpc-group/cla-database that referenced this pull request Jul 1, 2026
@dongdonglfd

Copy link
Copy Markdown
Author

I have read the CLA Document and I hereby sign the CLA

@dongdonglfd

Copy link
Copy Markdown
Author

recheck

@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 50.39258% with 695 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@73655ab). Learn more about missing BASE report.

Files with missing lines Patch % Lines
trpc_agent_sdk/tools/safety/bash_scanner.py 31.34328% 184 Missing ⚠️
trpc_agent_sdk/tools/safety/python_scanner.py 33.45865% 177 Missing ⚠️
trpc_agent_sdk/tools/safety/policy.py 36.74699% 105 Missing ⚠️
trpc_agent_sdk/tools/safety/filter.py 0.00000% 85 Missing ⚠️
trpc_agent_sdk/tools/safety/audit.py 44.15584% 43 Missing ⚠️
trpc_agent_sdk/tools/safety/checker.py 61.70213% 18 Missing ⚠️
trpc_agent_sdk/tools/safety/report.py 52.94118% 16 Missing ⚠️
trpc_agent_sdk/_tool_safety_policy.py 87.12871% 13 Missing ⚠️
trpc_agent_sdk/tools/safety/telemetry.py 23.52941% 13 Missing ⚠️
trpc_agent_sdk/tools/safety/decision.py 45.00000% 11 Missing ⚠️
... and 6 more
Additional details and impacted files
@@            Coverage Diff             @@
##             main        #105   +/-   ##
==========================================
  Coverage        ?   86.42628%           
==========================================
  Files           ?         452           
  Lines           ?       42958           
  Branches        ?           0           
==========================================
  Hits            ?       37127           
  Misses          ?        5831           
  Partials        ?           0           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@dongdonglfd dongdonglfd changed the title Feat/tool safety guard feat: add Tool Script Safety Guard Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

构建 Tool 执行脚本安全扫描、Filter 拦截与监控机制

1 participant