Skip to content

Add agent session allowlist contracts#37

Open
andrei-hasna wants to merge 1 commit into
mainfrom
openloops/open-loops/8b9baf33-fc98-4cd0-9eb2-9ca73feb850b-c3ad6e34
Open

Add agent session allowlist contracts#37
andrei-hasna wants to merge 1 commit into
mainfrom
openloops/open-loops/8b9baf33-fc98-4cd0-9eb2-9ca73feb850b-c3ad6e34

Conversation

@andrei-hasna

Copy link
Copy Markdown
Contributor

Summary

  • add metadata-only provider session allowlist contracts for agent targets, including allowed tools, allowed commands, safety reason, cwd, task/event routing, provider/model, and timeout
  • expose the contract in provider stdin prompts, run environment variables, workflow run events, route/template inputs, and direct loops create agent options
  • require safety reasons for Cursor sandbox=disabled and Codewith/Codex danger-full-access, and document current metadata-only enforcement because provider CLIs do not expose stable native allowlist flags

Validation

  • TMPDIR=/tmp/openloops-test-tmp BUN_INSTALL_CACHE_DIR=/tmp/openloops-bun-cache bun run typecheck
  • git diff --check
  • TMPDIR=/tmp/openloops-test-tmp BUN_INSTALL_CACHE_DIR=/tmp/openloops-bun-cache bun run test:boundary
  • TMPDIR=/tmp/openloops-test-tmp BUN_INSTALL_CACHE_DIR=/tmp/openloops-bun-cache bun test src/lib/agent-adapter.test.ts src/cli/index.test.ts src/lib/workflow-spec.test.ts src/lib/templates.test.ts src/lib/executor.test.ts src/lib/workflow-runner.test.ts src/lib/route/route-event.test.ts src/lib/route/drain.test.ts
  • TMPDIR=/tmp/openloops-test-tmp BUN_INSTALL_CACHE_DIR=/tmp/openloops-bun-cache bun test (625 pass, 0 fail)
  • staged credential-pattern scan passed

Adversarial self-review

  • verified the implementation does not claim strict provider-native enforcement; current adapters expose metadata_only support and stop on unsupported strict values
  • checked direct CLI, workflow spec, route/template generation, executor env, provider stdin prompt, and workflow event persistence paths
  • patched the workflow-runner target handling to preserve prior step-goal prompt behavior while adding contract events
  • residual risk: metadata-only allowlists rely on agent cooperation until provider-native allowlist flags exist

Task: 8b9baf33-fc98-4cd0-9eb2-9ca73feb850b

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant