feat(security): Yerin security-agent toolset (read-only)
New securityRegistry (separate from companionRegistry) with two read-only, secret-free tools for the Yerin security agent: - audit_log: query the redacted audit trail by actor_kind/actor_id - agent_inventory: list agents + capabilities/scopes (explicit projection, never SELECT *, no token material) Follows the existing createRegistry() pattern. Design + wiring roadmap in docs/yerin-security-agent.md. Not yet seeded/exposed over MCP (left for review). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
root
61
tests/ai/security_tools.test.js
Normal file
61
tests/ai/security_tools.test.js
Normal file
@@ -0,0 +1,61 @@
|
||||
import { describe, it, expect, beforeAll } from 'vitest';
|
||||
import { pool } from '../../lib/db/pool.js';
|
||||
import { resetDb } from '../helpers/db.js';
|
||||
import { migrateUp } from '../../lib/db/migrate.js';
|
||||
import { securityRegistry } from '../../lib/ai/agent/tools/security/index.js';
|
||||
import * as agentsRepo from '../../lib/db/repos/agents.js';
|
||||
import { recordAudit } from '../../lib/db/repos/audit.js';
|
||||
|
||||
// Yerin's security toolset: read-only observability over the audit trail and
|
||||
// the agent privilege inventory. No mutations, no secret values.
|
||||
|
||||
const owner = { kind: 'user', id: null };
|
||||
let watchedAgent;
|
||||
|
||||
beforeAll(async () => {
|
||||
await resetDb();
|
||||
await migrateUp();
|
||||
watchedAgent = await agentsRepo.create({
|
||||
slug: `sec-watch-${Date.now()}`, name: 'Watched', kind: 'claude', model: 'sonnet',
|
||||
capabilities: { read: true, suggest: true }, scopes: {}
|
||||
}, owner);
|
||||
});
|
||||
|
||||
describe('securityRegistry', () => {
|
||||
it('registers read-only tools with valid descriptors', () => {
|
||||
const names = securityRegistry.listTools().map(t => t.name).sort();
|
||||
expect(names).toContain('audit_log');
|
||||
expect(names).toContain('agent_inventory');
|
||||
for (const t of securityRegistry.listTools()) {
|
||||
expect(t.name).toBeTruthy();
|
||||
expect(t.description).toBeTruthy();
|
||||
expect(t.input_schema.type).toBe('object');
|
||||
expect(typeof t.handler).toBe('function');
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
describe('audit_log tool', () => {
|
||||
it('returns recent audit entries, newest first, filterable by actor_kind', async () => {
|
||||
await recordAudit({ kind: 'agent', id: watchedAgent.id }, 'create', 'task', null, null, { title: 'x' });
|
||||
const tool = securityRegistry.getTool('audit_log');
|
||||
const { entries } = await tool.handler({ actor_kind: 'agent', limit: 5 }, {});
|
||||
expect(Array.isArray(entries)).toBe(true);
|
||||
expect(entries.length).toBeGreaterThan(0);
|
||||
expect(entries.every(e => e.actor_kind === 'agent')).toBe(true);
|
||||
});
|
||||
});
|
||||
|
||||
describe('agent_inventory tool', () => {
|
||||
it('lists agents with their privilege level and never exposes token material', async () => {
|
||||
const tool = securityRegistry.getTool('agent_inventory');
|
||||
const { agents } = await tool.handler({}, {});
|
||||
const found = agents.find(a => a.id === watchedAgent.id);
|
||||
expect(found).toBeTruthy();
|
||||
expect(found.capabilities).toEqual({ read: true, suggest: true });
|
||||
// defense-in-depth: no secret/token field may leak through this view
|
||||
const blob = JSON.stringify(agents).toLowerCase();
|
||||
expect(blob).not.toContain('token_hash');
|
||||
expect(blob).not.toContain('password');
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user