Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-29 16:12:06 -04:00
Code Issues Packages Projects Releases Wiki Activity

fix(email): enforce MCP owner boundaries (#4335)

Browse Source 
* fix(email): enforce MCP owner boundaries

* fix(email): fail closed for unowned MCP fallback
This commit is contained in:
RaresKeY
2026-06-16 06:31:24 +03:00
committed by GitHub
parent 2f9ae43a58
commit 260ce8ba59
10 changed files with 475 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_review_regressions.py
+57
View File
@@ -626,6 +626,63 @@ async def test_public_agent_policy_blocks_sensitive_tools(monkeypatch):
assert "restricted to admin users" in result["error"]
@pytest.mark.asyncio
async def test_email_mcp_non_object_args_fail_before_dispatch(monkeypatch):
import src.tool_execution as tool_execution
from src.tool_execution import execute_tool_block
class FakeMcp:
def __init__(self):
self.calls = []
async def call_tool(self, name, args):
self.calls.append((name, args))
return {"output": "called", "exit_code": 0}
fake = FakeMcp()
monkeypatch.setattr(tool_execution, "_owner_is_admin", lambda owner: True)
monkeypatch.setattr(tool_execution, "get_mcp_manager", lambda: fake)
desc, result = await execute_tool_block(
SimpleNamespace(tool_type="mcp__email__list_emails", content='["INBOX"]'),
owner="alice",
)
assert desc == "mcp: mcp__email__list_emails"
assert result["exit_code"] == 1
assert "JSON object" in result["error"]
assert fake.calls == []
@pytest.mark.asyncio
async def test_email_mcp_dispatch_includes_hidden_owner(monkeypatch):
import src.tool_execution as tool_execution
from src.tool_execution import execute_tool_block
class FakeMcp:
def __init__(self):
self.calls = []
async def call_tool(self, name, args):
self.calls.append((name, args))
return {"output": "called", "exit_code": 0}
fake = FakeMcp()
monkeypatch.setattr(tool_execution, "_owner_is_admin", lambda owner: True)
monkeypatch.setattr(tool_execution, "get_mcp_manager", lambda: fake)
desc, result = await execute_tool_block(
SimpleNamespace(tool_type="mcp__email__list_emails", content='{"folder":"INBOX"}'),
owner="alice",
)
assert desc == "mcp: mcp__email__list_emails"
assert result["exit_code"] == 0
assert fake.calls == [
("mcp__email__list_emails", {"folder": "INBOX", "_odysseus_owner": "alice"}),
]
def test_public_agent_policy_hides_sensitive_tools(monkeypatch):
auth_mod = _install_core_auth_stub(monkeypatch)
from src.tool_security import blocked_tools_for_owner