Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): Yerin security-agent toolset (read-only)

Browse Source 
New securityRegistry (separate from companionRegistry) with two read-only,
secret-free tools for the Yerin security agent:
- audit_log: query the redacted audit trail by actor_kind/actor_id
- agent_inventory: list agents + capabilities/scopes (explicit projection,
  never SELECT *, no token material)

Follows the existing createRegistry() pattern. Design + wiring roadmap in
docs/yerin-security-agent.md. Not yet seeded/exposed over MCP (left for review).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
root
2026-06-01 23:26:46 +10:00
parent 459a7749c9
commit 6c393d8069
4 changed files with 121 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/ai/agent/tools/security/index.js Normal file
View File

@@ -0,0 +1,11 @@
import { createRegistry } from '../../registry.js';
import { auditLogTool } from './audit_log.js';
import { agentInventoryTool } from './agent_inventory.js';
// Yerin's security toolset — read-only observability, kept in its own registry
// so the security agent gets security tools (not Dross's propose_change). A
// future MCP server can expose this registry the same way companion-stdio.js
// exposes companionRegistry. Roadmap for further tools: see docs/yerin-security-agent.md
export const securityRegistry = createRegistry();
securityRegistry.registerTool(auditLogTool);
securityRegistry.registerTool(agentInventoryTool);