wooo/awoooi
1
1
Fork 0
Code Issues 2 Pull Requests 1 Actions 3 Packages Projects Releases Wiki Activity

fix(aiops): harden agent tool permission names
All checks were successful
CD Pipeline / tests (push) Successful in 1m32s
Details
Code Review / ai-code-review (push) Successful in 27s
Details
CD Pipeline / build-and-deploy (push) Successful in 8m26s
Details
CD Pipeline / post-deploy-checks (push) Successful in 3m37s
Details

Browse Source
This commit is contained in:
Your Name
2026-05-01 13:52:18 +08:00
parent 1fe75e9f99
commit b6cf616707
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
apps/api/src/services/ai_providers/permissions.py
View File

@@ -29,6 +29,17 @@ _WRITE_TOOL_MARKERS = (
"send",
)
_WRITE_TOOL_NAMES = {
"execute_sql",
"exec_sql",
"run_sql",
"raw_sql",
"ssh_exec",
"ssh_execute",
"shell",
"run_command",
}
_K8S_READ_TOOL_MARKERS = (
"describe",
"events",
@@ -45,6 +56,8 @@ def is_read_only_tool(tool: MCPTool) -> bool:
"""Return whether a tool is considered side-effect free."""
name = tool.name.lower()
if name in _WRITE_TOOL_NAMES:
return False
if any(marker in name for marker in _WRITE_TOOL_MARKERS):
return False
return True

2
apps/api/tests/test_agent_loop_foundation.py
View File

@@ -50,6 +50,8 @@ def test_agent_tool_permissions_are_role_scoped():
assert is_tool_allowed(prom_query, "hermes") is True
assert is_tool_allowed(db_tool, "hermes") is True
assert is_tool_allowed(k8s_restart, "elephant_alpha") is False
assert is_tool_allowed(_tool("database", "execute_sql"), "elephant_alpha") is False
assert is_tool_allowed(_tool("ssh_host", "run_command"), "elephant_alpha") is False
filtered = filter_tools_for_agent([k8s_get, k8s_restart, prom_query], "nemotron")
assert [tool.name for tool in filtered] == ["kubectl_get", "prometheus_query"]