c45246b918
Three more read-only tools on securityRegistry: - pending_review: agent-proposed changes awaiting approval (injection surface) - resource_exposure: host/url/status attack-surface inventory (resources.listExposure, scalar cols only — no monitoring/metadata/credentials) - token_audit: token label/last_used/revoked, never the hash Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
21 lines
892 B
JavaScript
21 lines
892 B
JavaScript
import * as pendingChanges from '../../../../db/repos/pending_changes.js';
|
|
|
|
// The queue of agent-proposed mutations awaiting owner approval. This is exactly
|
|
// where a prompt-injected or misbehaving agent's intent surfaces, so it's a
|
|
// primary security-review surface.
|
|
export const pendingReviewTool = {
|
|
name: 'pending_review',
|
|
description: 'List pending (unapproved) agent-proposed changes awaiting owner approval — the queue where a misbehaving or injected agent\'s intent shows up. Review these for anything unexpected.',
|
|
input_schema: {
|
|
type: 'object',
|
|
properties: {
|
|
limit: { type: 'integer', description: 'max rows (default 50, max 200)' }
|
|
}
|
|
},
|
|
async handler({ limit } = {}, _ctx) {
|
|
const capped = Math.min(Math.max(Number(limit) || 50, 1), 200);
|
|
const pending = await pendingChanges.listPending({ limit: capped });
|
|
return { pending };
|
|
}
|
|
};
|