-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtools.py
More file actions
341 lines (304 loc) · 12.6 KB
/
Copy pathtools.py
File metadata and controls
341 lines (304 loc) · 12.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
"""Tool registry, definitions, and dispatch for TeaAgent."""
from __future__ import annotations
import logging
import threading
import time
from collections.abc import Callable
from dataclasses import dataclass
from typing import Any, Optional
from teaagent.errors import ToolExecutionError, ToolValidationError
from teaagent.hooks import HookError, HookRegistry
from teaagent.schema import validate_object_schema
from teaagent.tool_call_context import get_tool_call_context
logger = logging.getLogger(__name__)
ToolHandler = Callable[[dict[str, Any]], dict[str, Any]]
@dataclass(frozen=True)
class ToolAnnotations:
"""Safety and behavioural annotations for a registered tool."""
read_only: bool = False
destructive: bool = False
idempotent: bool = False
stateful: bool = False
security_tier: str = 'Medium' # Low, Medium, High, Critical
@dataclass(frozen=True)
class ToolRateLimit:
"""Per-tool call-rate quota enforced at execution time.
``max_calls`` is the maximum number of calls allowed within ``window_seconds``.
The limiter uses a sliding-window counter protected by a lock so it is safe
to use from multiple threads.
Example::
rate_limit = ToolRateLimit(max_calls=5, window_seconds=60.0)
registry.register(name='my_tool', ..., rate_limit=rate_limit)
"""
max_calls: int
window_seconds: float = 60.0
@dataclass(frozen=True)
class ToolDefinition:
"""Complete definition of a registered tool: schemas, annotations, and handler."""
name: str
description: str
input_schema: dict[str, Any]
output_schema: dict[str, Any]
annotations: ToolAnnotations
handler: ToolHandler
rate_limit: Optional[ToolRateLimit] = None
mcp_server_name: Optional[str] = None
capability_manifest: Optional[dict[str, Any]] = (
None # Declared capabilities for security tier mapping
)
def get_security_tier(self) -> str:
"""Calculate security tier based on capability manifest and annotations."""
if self.capability_manifest:
declared_tier = self.capability_manifest.get('security_tier')
if declared_tier in {'Low', 'Medium', 'High', 'Critical'}:
return declared_tier
# Default tier calculation based on annotations
if self.annotations.destructive:
if self.annotations.read_only:
return 'Critical' # Contradictory state is critical
return 'High'
elif self.annotations.read_only:
return 'Low'
else:
return 'Medium'
class _RateLimiterState:
"""Mutable sliding-window state for one tool's rate limit."""
def __init__(self, limit: ToolRateLimit) -> None:
self.limit = limit
self._lock = threading.Lock()
self._call_times: list[float] = []
def check_and_record(self, tool_name: str) -> None:
"""Raise ``ToolExecutionError`` if the quota is exceeded, otherwise record the call."""
now = time.monotonic()
with self._lock:
cutoff = now - self.limit.window_seconds
self._call_times = [t for t in self._call_times if t >= cutoff]
if len(self._call_times) >= self.limit.max_calls:
raise ToolExecutionError(
f"tool '{tool_name}' rate limit exceeded: "
f'{self.limit.max_calls} calls per {self.limit.window_seconds}s'
)
self._call_times.append(now)
def call_count(self) -> int:
"""Return current call count within the active window (for observability)."""
now = time.monotonic()
cutoff = now - self.limit.window_seconds
with self._lock:
return sum(1 for t in self._call_times if t >= cutoff)
class ToolRegistry:
"""Central registry for all agent tools.
Provides registration, lookup, schema validation, rate-limit enforcement,
and MCP‑compatible metadata export. Use ``build_workspace_tool_registry``
for the standard workspace‑tool set.
"""
def __init__(self, *, hook_registry: Optional[HookRegistry] = None) -> None:
self._tools: dict[str, ToolDefinition] = {}
self._rate_states: dict[str, _RateLimiterState] = {}
self._mcp_trust_hook_roots: set[str] = set()
self.hook_registry = hook_registry
self._lookup_cache: dict[str, ToolDefinition] = {}
def register(
self,
*,
name: str,
description: str,
input_schema: dict[str, Any],
output_schema: dict[str, Any],
annotations: ToolAnnotations,
handler: ToolHandler,
rate_limit: Optional[ToolRateLimit] = None,
mcp_server_name: Optional[str] = None,
allow_override: bool = False,
) -> None:
if not name or ' ' in name:
raise ToolValidationError(
'tool name must be non-empty and contain no spaces',
hint='Provide a valid tool name without whitespace.',
)
if name in self._tools:
if allow_override:
logger.warning(
f"tool '{name}' is being overridden. Previous tool will be replaced."
)
else:
logger.warning(
f"tool '{name}' is already registered. Use allow_override=True to replace it. "
f'Existing tool: {self._tools[name].description}'
)
raise ToolValidationError(
f"tool '{name}' is already registered",
hint='Use allow_override=True to replace the existing registration, or choose a different name.',
)
if not description:
raise ToolValidationError(
'tool description is required',
hint='Provide a non-empty description string for the tool.',
)
self._tools[name] = ToolDefinition(
name=name,
description=description,
input_schema=input_schema,
output_schema=output_schema,
annotations=annotations,
handler=handler,
rate_limit=rate_limit,
mcp_server_name=mcp_server_name,
)
if rate_limit is not None:
self._rate_states[name] = _RateLimiterState(rate_limit)
self._lookup_cache.pop(name, None)
def unregister(self, name: str) -> None:
"""Remove a tool from the registry (used when plugin governance fails)."""
self._tools.pop(name, None)
self._rate_states.pop(name, None)
self._lookup_cache.pop(name, None)
def get(self, name: str) -> ToolDefinition:
cached = self._lookup_cache.get(name)
if cached is not None:
return cached
try:
tool = self._tools[name]
except KeyError as exc:
raise KeyError(f"tool '{name}' is not registered") from exc
if len(self._lookup_cache) < 256:
self._lookup_cache[name] = tool
return tool
def list_tools(self) -> list[str]:
"""Return names of all registered tools."""
return list(self._tools)
def call_count(self, name: str) -> int:
"""Return the current sliding-window call count for a rate-limited tool."""
state = self._rate_states.get(name)
return state.call_count() if state is not None else 0
def invoke(self, name: str, arguments: dict[str, Any]) -> dict[str, Any]:
"""Compatibility alias for ``execute()``.
.. deprecated:: 0.13
Use :meth:`execute` instead.
"""
return self.execute(name, arguments)
def execute(self, name: str, arguments: dict[str, Any]) -> dict[str, Any]:
"""Validate, authorize, and invoke a registered tool handler."""
tool = self.get(name)
validate_object_schema(tool.input_schema, arguments, label=f'tool.{name}.input')
if self.hook_registry is not None:
ctx = get_tool_call_context()
original_args = dict(arguments)
try:
modified_args = self.hook_registry.run_pre_hooks(name, dict(arguments))
except HookError as exc:
if ctx is not None:
ctx.audit.record(
'tool_hook_vetoed',
ctx.run_id,
call_id=ctx.call_id,
tool_name=name,
error=str(exc),
)
raise
if modified_args is not None:
arguments = modified_args
if arguments != original_args and tool.annotations.destructive:
if ctx is not None:
ctx.audit.record(
'tool_hook_pre_mutation_blocked',
ctx.run_id,
call_id=ctx.call_id,
tool_name=name,
)
raise ToolExecutionError(
f"pre-tool hooks may not mutate destructive tool '{name}' arguments"
)
validate_object_schema(
tool.input_schema, arguments, label=f'tool.{name}.input'
)
if ctx is not None and arguments != original_args:
before_keys = set(original_args)
after_keys = set(arguments)
ctx.audit.record(
'tool_hook_pre_mutation',
ctx.run_id,
call_id=ctx.call_id,
tool_name=name,
added_keys=sorted(after_keys - before_keys),
removed_keys=sorted(before_keys - after_keys),
modified_keys=sorted(
k
for k in (before_keys & after_keys)
if original_args.get(k) != arguments.get(k)
),
)
state = self._rate_states.get(name)
if state is not None:
state.check_and_record(name)
t0 = time.monotonic()
try:
result = tool.handler(arguments)
except ToolExecutionError:
raise
except (
Exception
) as exc: # pragma: no cover - preserves original detail in message
raise ToolExecutionError(f"tool '{name}' failed: {exc}") from exc
duration_ms = round((time.monotonic() - t0) * 1000.0, 2)
logger.info(
'%s executed',
name,
extra={
'event': 'tool_executed',
'tool_name': name,
'duration_ms': duration_ms,
},
)
if self.hook_registry is not None:
ctx = get_tool_call_context()
original_result = result
try:
modified_result = self.hook_registry.run_post_hooks(
name, arguments, result
)
except HookError as exc:
if ctx is not None:
ctx.audit.record(
'tool_hook_post_failed',
ctx.run_id,
call_id=ctx.call_id,
tool_name=name,
error=str(exc),
)
raise
if modified_result is not None:
result = modified_result
if ctx is not None and result != original_result:
before_keys = set(original_result)
after_keys = set(result)
ctx.audit.record(
'tool_hook_post_mutation',
ctx.run_id,
call_id=ctx.call_id,
tool_name=name,
added_keys=sorted(after_keys - before_keys),
removed_keys=sorted(before_keys - after_keys),
modified_keys=sorted(
k
for k in (before_keys & after_keys)
if original_result.get(k) != result.get(k)
),
)
validate_object_schema(tool.output_schema, result, label=f'tool.{name}.output')
return result
def mcp_metadata(self) -> list[dict[str, Any]]:
return [
{
'name': tool.name,
'description': tool.description,
'input_schema': tool.input_schema,
'output_schema': tool.output_schema,
'annotations': {
'readOnlyHint': tool.annotations.read_only,
'destructiveHint': tool.annotations.destructive,
'idempotentHint': tool.annotations.idempotent,
'statefulHint': tool.annotations.stateful,
},
}
for tool in self._tools.values()
]