Hynes/Void-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(security): grow Yerin's toolset (pending_review, resource_exposure, token_audit)

Browse Source 
Three more read-only tools on securityRegistry:
- pending_review: agent-proposed changes awaiting approval (injection surface)
- resource_exposure: host/url/status attack-surface inventory (resources.listExposure,
  scalar cols only — no monitoring/metadata/credentials)
- token_audit: token label/last_used/revoked, never the hash

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
root
2026-06-02 00:17:45 +10:00
parent aa9cf0917e
commit c45246b918
6 changed files with 118 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/ai/agent/tools/security/index.js
View File

@@ -1,6 +1,9 @@
import { createRegistry } from '../../registry.js';
import { auditLogTool } from './audit_log.js';
import { agentInventoryTool } from './agent_inventory.js';
import { pendingReviewTool } from './pending_review.js';
import { resourceExposureTool } from './resource_exposure.js';
import { tokenAuditTool } from './token_audit.js';
// Yerin's security toolset — read-only observability, kept in its own registry
// so the security agent gets security tools (not Dross's propose_change). A
@@ -9,3 +12,6 @@ import { agentInventoryTool } from './agent_inventory.js';
export const securityRegistry = createRegistry();
securityRegistry.registerTool(auditLogTool);
securityRegistry.registerTool(agentInventoryTool);
securityRegistry.registerTool(pendingReviewTool);
securityRegistry.registerTool(resourceExposureTool);
securityRegistry.registerTool(tokenAuditTool);