feat: comprehensive security hardening, flow expansion, test infra, CI, and bug fixes#1372
Closed
MD-Mushfiqur123 wants to merge 1 commit into
Closed
Conversation
- 33 security module tests (input_validator, sanitizer, rate_limiter, audit_logger, output_guardrail, integration) - Flow tests: delegation, human_loop, flow_factory (13 tests) - Tool tests: ToolResult, BaseTool, ToolCollection (15 tests) - LLM/Message schema tests, Mock tests (11 tests) - CONTRIBUTING.md with full developer guide - Environment variable config overrides (OPENMANUS_LLM_API_KEY etc.) - Fixed MockLLM.add_tool_call_response Signed-off-by: god032396-del <god032396@gmail.com>
ed0dac3 to
950ea7a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Comprehensive contribution covering security hardening, flow system expansion, test infrastructure, CI/CD, bug fixes, and developer documentation. 48 files changed, 1861 insertions.
Security Hardening
New exception hierarchy (
app/exceptions.py):ConfigError,LLMProviderError,AgentError,AgentStuckError,FlowError,MCPConnectionError,SecurityError,ValidationError,RateLimitErrorNew security module (
app/tool/security/) — 5 classes:InputValidator— validates tool inputs against schemas, detects dangerous commands and path traversalSanitizer— sanitizes commands, paths, shell args, and filenames; blocksrm -rf /,mkfs, fork bombsRateLimiter— token-bucket rate limiter per tool with asyncio safetyAuditLogger— structured audit trail for tool execution, LLM calls, security eventsOutputGuardrail— filters outputs (truncation, ANSI stripping, base64 blob detection)Security middleware — integrated into
BaseTool._execute_with_security():Flow System Expansion
ParallelFlow— executes multiple agents concurrently, collects all resultsDelegationFlow— primary agent delegates sub-tasks to specialized agentsHumanInTheLoopFlow— flow pauses at checkpoints for human reviewFlowFactory— upgraded to class-based registry withregister_flow()for extensibilityBug Fixes
Daytona()conditional on API key presence; added default value toDaytonaSettings.daytona_api_keystructloganddaytonatorequirements.txtupdate_memory()— fixed passingbase64_imagetosystem_message()which doesn't accept itadd_tool_call_response()to useMessage.from_tool_calls()instead ofMessage.assistant_message()Test Infrastructure
Mock framework (
tests/mocks/):MockLLM— configurable responses, tool call simulation, call history trackingMockTool/FailingTool— for testing agent tool executionMockConfig— factory + monkeypatch helper129 tests across 14 test files — all passing:
Developer Experience
CONTRIBUTING.md— full contribution guide with setup, code style, PR process, test instructionsOPENMANUS_LLM_API_KEYetc. override TOML file settingsRelated
Contributors
Testing