feat(security): Yerin security-agent toolset (read-only)

New securityRegistry (separate from companionRegistry) with two read-only, secret-free tools for the Yerin security agent: - audit_log: query the redacted audit trail by actor_kind/actor_id - agent_inventory: list agents + capabilities/scopes (explicit projection, never SELECT *, no token material) Follows the existing createRegistry() pattern. Design + wiring roadmap in docs/yerin-security-agent.md. Not yet seeded/exposed over MCP (left for review). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-01 23:26:46 +10:00
parent 459a7749c9
commit 6c393d8069
4 changed files with 121 additions and 0 deletions
--- a/lib/ai/agent/tools/security/agent_inventory.js
+++ b/lib/ai/agent/tools/security/agent_inventory.js
@@ -0,0 +1,23 @@
+import * as agents from '../../../../db/repos/agents.js';
+
+// Privilege inventory: which agents exist and what each is allowed to do.
+// Returns an explicit projection (never SELECT *) so token/secret columns can
+// never leak through this view even if the agents schema grows.
+export const agentInventoryTool = {
+  name: 'agent_inventory',
+  description: 'List every agent and its privilege level (capabilities + scopes). Use to audit who can read/suggest/write and to spot over-privileged agents. Never returns token material.',
+  input_schema: { type: 'object', properties: {} },
+  async handler(_args, _ctx) {
+    const rows = await agents.list();
+    const projected = rows.map(a => ({
+      id: a.id,
+      slug: a.slug,
+      name: a.name,
+      kind: a.kind,
+      model: a.model,
+      capabilities: a.capabilities || {},
+      scopes: a.scopes || {}
+    }));
+    return { agents: projected };
+  }
+};