c45246b918
Three more read-only tools on securityRegistry: - pending_review: agent-proposed changes awaiting approval (injection surface) - resource_exposure: host/url/status attack-surface inventory (resources.listExposure, scalar cols only — no monitoring/metadata/credentials) - token_audit: token label/last_used/revoked, never the hash Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
18 lines
953 B
JavaScript
18 lines
953 B
JavaScript
import { createRegistry } from '../../registry.js';
|
|
import { auditLogTool } from './audit_log.js';
|
|
import { agentInventoryTool } from './agent_inventory.js';
|
|
import { pendingReviewTool } from './pending_review.js';
|
|
import { resourceExposureTool } from './resource_exposure.js';
|
|
import { tokenAuditTool } from './token_audit.js';
|
|
|
|
// Yerin's security toolset — read-only observability, kept in its own registry
|
|
// so the security agent gets security tools (not Dross's propose_change). A
|
|
// future MCP server can expose this registry the same way companion-stdio.js
|
|
// exposes companionRegistry. Roadmap for further tools: see docs/yerin-security-agent.md
|
|
export const securityRegistry = createRegistry();
|
|
securityRegistry.registerTool(auditLogTool);
|
|
securityRegistry.registerTool(agentInventoryTool);
|
|
securityRegistry.registerTool(pendingReviewTool);
|
|
securityRegistry.registerTool(resourceExposureTool);
|
|
securityRegistry.registerTool(tokenAuditTool);
|