Odysseus v1.0

2026-05-31 23:58:26 +09:00
commit e5c99a5eee
421 changed files with 271349 additions and 0 deletions
--- a/src/tool_security.py
+++ b/src/tool_security.py
@@ -0,0 +1,74 @@
+"""Server-side tool safety policy."""
+
+from __future__ import annotations
+
+import logging
+from typing import Optional, Set
+
+logger = logging.getLogger(__name__)
+
+
+# Tools regular/public users must not execute directly. These either expose
+# server/runtime access, sensitive user data, external messaging, persistent
+# state changes, or generic loopback/integration surfaces.
+NON_ADMIN_BLOCKED_TOOLS = {
+    "bash",
+    "python",
+    "read_file",
+    "write_file",
+    "search_chats",
+    "manage_memory",
+    "manage_skills",
+    "manage_tasks",
+    "manage_endpoints",
+    "manage_mcp",
+    "manage_webhooks",
+    "manage_tokens",
+    "manage_documents",
+    "manage_settings",
+    "api_call",
+    "app_api",
+    "send_email",
+    "reply_to_email",
+    "list_emails",
+    "read_email",
+    "resolve_contact",
+    "manage_contact",
+    "manage_calendar",
+    "vault_search",
+    "vault_get",
+    "vault_unlock",
+    "download_model",
+    "serve_model",
+    "stop_served_model",
+    "cancel_download",
+    "adopt_served_model",
+}
+
+
+def is_public_blocked_tool(tool_name: Optional[str]) -> bool:
+    """Return True when a non-admin/public user must not execute this tool."""
+    if not tool_name:
+        return False
+    return tool_name in NON_ADMIN_BLOCKED_TOOLS or tool_name.startswith("mcp__")
+
+
+def owner_is_admin_or_single_user(owner: Optional[str]) -> bool:
+    """Return True for admins, or when auth is not configured yet."""
+    try:
+        from core.auth import AuthManager
+
+        auth = AuthManager()
+        if not auth.is_configured:
+            return True
+        return bool(owner and auth.is_admin(owner))
+    except Exception as exc:
+        logger.warning("Unable to evaluate owner admin status: %s", exc)
+        return False
+
+
+def blocked_tools_for_owner(owner: Optional[str]) -> Set[str]:
+    """Tools to hide/disable for this owner under public-user policy."""
+    if owner_is_admin_or_single_user(owner):
+        return set()
+    return set(NON_ADMIN_BLOCKED_TOOLS)