fix(agent): enforce tool security checks and audit logging

2026-03-03 16:01:04 +08:00
parent 6a4c98bb63
commit f7df9d679f
2 changed files with 26 additions and 0 deletions
@@ -6,6 +6,10 @@ from typing import Any
 def validate_tool_spec(spec: dict[str, Any]) -> None:
    name = spec["name"]
    target = spec["execution_target"]
+
+    if not (name.startswith("ui.") or name.startswith("srv.")):
+        raise ValueError("Tool name must be in ui.* or srv.* namespace")
+
    if name.startswith("ui.") and target != "frontend":
        raise ValueError("ui.* must use frontend target")
    if name.startswith("srv.") and target != "backend":