v0.7.2: safe-tool read-only allowlist — TDD
Read-only cognitive tools auto-pass dispatcher-check unconditionally. Added :read-only-p slot to cognitive-tool struct, :read-only-p keyword to def-cognitive-tool macro, tool-read-only-p registry lookup. - core-package: struct + macro + tool-read-only-p function - security-dispatcher: early auto-pass in dispatcher-check, 2 new tests - programming-tools: 7 tools marked :read-only-p t (search-files, find-files, read-file, list-directory, eval-form, run-tests, org-find-headline) - Dispatcher: 38/38
This commit is contained in:
@@ -11,6 +11,7 @@
|
||||
((:name "pattern" :description "The regex pattern to search for." :type "string")
|
||||
(:name "path" :description "Directory to search recursively." :type "string")
|
||||
(:name "include" :description "Optional glob filter for filenames (e.g. \"*.lisp\")." :type "string"))
|
||||
:read-only-p t
|
||||
:guard nil
|
||||
:body (lambda (args)
|
||||
(block nil
|
||||
@@ -43,9 +44,10 @@
|
||||
(format nil "No matches for '~a' in ~a" pattern path)))))))
|
||||
|
||||
(def-cognitive-tool find-files
|
||||
"Find files matching a glob pattern under a directory."
|
||||
((:name "pattern" :description "Glob pattern (e.g. \"*.lisp\", \"core-*\")." :type "string")
|
||||
"Find files matching a glob pattern."
|
||||
((:name "pattern" :description "The glob pattern to match (e.g. \"*.lisp\")." :type "string")
|
||||
(:name "path" :description "Directory to search in." :type "string"))
|
||||
:read-only-p t
|
||||
:guard nil
|
||||
:body (lambda (args)
|
||||
(block nil
|
||||
@@ -67,6 +69,7 @@
|
||||
((:name "filepath" :description "Path to the file to read." :type "string")
|
||||
(:name "start" :description "Optional: line number to start reading from (1-based)." :type "integer")
|
||||
(:name "limit" :description "Optional: maximum number of lines to read." :type "integer"))
|
||||
:read-only-p t
|
||||
:guard (lambda (args) (declare (ignore args)) nil)
|
||||
:body (lambda (args)
|
||||
(block nil
|
||||
@@ -108,8 +111,9 @@
|
||||
(def-cognitive-tool list-directory
|
||||
"List the contents of a directory."
|
||||
((:name "path" :description "Directory path to list." :type "string")
|
||||
(:name "pattern" :description "Optional glob filter (e.g. \"*.org\")." :type "string"))
|
||||
:guard nil
|
||||
(:name "pattern" :description "Optional glob filter (e.g. \"*.org\")." :type "string"))
|
||||
:read-only-p t
|
||||
:guard nil
|
||||
:body (lambda (args)
|
||||
(block nil
|
||||
(let* ((path (getf args :path))
|
||||
@@ -151,6 +155,7 @@
|
||||
(def-cognitive-tool eval-form
|
||||
"Evaluate a Lisp expression in the running image and return the result."
|
||||
((:name "code" :description "The Lisp expression to evaluate as a string." :type "string"))
|
||||
:read-only-p t
|
||||
:guard nil
|
||||
:body (lambda (args)
|
||||
(block nil
|
||||
@@ -167,6 +172,7 @@
|
||||
(def-cognitive-tool run-tests
|
||||
"Run FiveAM tests. With no arguments, runs all test suites."
|
||||
((:name "test-name" :description "Optional: specific test name to run. If nil, runs all tests." :type "string"))
|
||||
:read-only-p t
|
||||
:guard nil
|
||||
:body (lambda (args)
|
||||
(block nil
|
||||
@@ -186,6 +192,7 @@
|
||||
"Find an Org headline by ID or title in the memory store."
|
||||
((:name "id" :description "Optional: Org ID property to search for." :type "string")
|
||||
(:name "title" :description "Optional: headline title to search for (case-insensitive substring)." :type "string"))
|
||||
:read-only-p t
|
||||
:guard nil
|
||||
:body (lambda (args)
|
||||
(block nil
|
||||
|
||||
Reference in New Issue
Block a user