Argenis
0383a82a6f
feat(security): Add Phase 1 security features
...
* test: add comprehensive recovery tests for agent loop
Add recovery test coverage for all edge cases and failure scenarios
in the agentic loop, addressing the missing test coverage for
recovery use cases.
Tool Call Parsing Edge Cases:
- Empty tool_result tags
- Empty tool_calls arrays
- Whitespace-only tool names
- Empty string arguments
History Management:
- Trimming without system prompt
- Role ordering consistency after trim
- Only system prompt edge case
Arguments Parsing:
- Invalid JSON string fallback
- None arguments handling
- Null value handling
JSON Extraction:
- Empty input handling
- Whitespace only input
- Multiple JSON objects
- JSON arrays
Tool Call Value Parsing:
- Missing name field
- Non-OpenAI format
- Empty tool_calls array
- Missing tool_calls field fallback
- Top-level array format
Constants Validation:
- MAX_TOOL_ITERATIONS bounds (prevent runaway loops)
- MAX_HISTORY_MESSAGES bounds (prevent memory bloat)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(security): Add Phase 1 security features - sandboxing, resource limits, audit logging
Phase 1 security enhancements with zero impact on the quick setup wizard:
- ✅ Pluggable sandbox trait system (traits.rs)
- ✅ Landlock sandbox support (Linux kernel 5.13+)
- ✅ Firejail sandbox support (Linux user-space)
- ✅ Bubblewrap sandbox support (Linux/macOS user namespaces)
- ✅ Docker sandbox support (container isolation)
- ✅ No-op fallback (application-layer security only)
- ✅ Auto-detection logic (detect.rs)
- ✅ Audit logging with HMAC signing support (audit.rs)
- ✅ SecurityConfig schema (SandboxConfig, ResourceLimitsConfig, AuditConfig)
- ✅ Feature-gated implementation (sandbox-landlock, sandbox-bubblewrap)
- ✅ 1,265 tests passing
Key design principles:
- Silent auto-detection: no new prompts in wizard
- Graceful degradation: works on all platforms
- Feature flags: zero overhead when disabled
- Pluggable architecture: swap sandbox backends via config
- Backward compatible: existing configs work unchanged
Config usage:
```toml
[security.sandbox]
enabled = false # Explicitly disable
backend = "auto" # auto, landlock, firejail, bubblewrap, docker, none
[security.resources]
max_memory_mb = 512
max_cpu_time_seconds = 60
[security.audit]
enabled = true
log_path = "audit.log"
sign_events = false
```
Security documentation:
- docs/sandboxing.md: Sandbox implementation strategies
- docs/resource-limits.md: Resource limit approaches
- docs/audit-logging.md: Audit logging specification
- docs/security-roadmap.md: 3-phase implementation plan
- docs/frictionless-security.md: Zero-impact wizard design
- docs/agnostic-security.md: Platform/hardware agnostic approach
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 04:14:16 -05:00
