Salastil/odysseus
1
0
Fork 0
mirror of https://github.com/pewdiepie-archdaemon/odysseus.git synced 2026-06-16 17:55:26 -04:00
Code Issues Packages Projects Releases Wiki Activity

Tools: restrict app_api and serve_preset to admins

Browse Source 
Co-authored-by: RefuseOdd <refuseodd@users.noreply.github.com>
This commit is contained in:
Refuse
2026-06-02 23:29:47 +12:00
committed by GitHub
parent 12ba535c7d
commit 4218bfe71e
3 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/tool_execution.py
+2
View File
@@ -168,6 +168,7 @@ async def _run_subprocess_streaming(
) )
_ADMIN_TOOLS = { _ADMIN_TOOLS = {
"app_api",
"manage_endpoints", "manage_endpoints",
"manage_mcp", "manage_mcp",
"manage_webhooks", "manage_webhooks",
@@ -175,6 +176,7 @@ _ADMIN_TOOLS = {
"manage_settings", "manage_settings",
"download_model", "download_model",
"serve_model", "serve_model",
"serve_preset",
"stop_served_model", "stop_served_model",
"cancel_download", "cancel_download",
} }
src/tool_security.py
+1
View File
@@ -40,6 +40,7 @@ NON_ADMIN_BLOCKED_TOOLS = {
"vault_unlock", "vault_unlock",
"download_model", "download_model",
"serve_model", "serve_model",
"serve_preset",
"stop_served_model", "stop_served_model",
"cancel_download", "cancel_download",
"adopt_served_model", "adopt_served_model",
tests/test_review_regressions.py
+10 -8
View File
@@ -399,14 +399,15 @@ async def test_admin_agent_tools_require_admin(monkeypatch):
monkeypatch.setattr(auth_mod, "AuthManager", lambda: FakeAuth()) monkeypatch.setattr(auth_mod, "AuthManager", lambda: FakeAuth())
desc, result = await execute_tool_block( for tool_name in ("manage_tokens", "app_api", "serve_preset"):
SimpleNamespace(tool_type="manage_tokens", content='{"action":"create","name":"bad"}'), desc, result = await execute_tool_block(
owner="regular-user", SimpleNamespace(tool_type=tool_name, content='{"action":"create","name":"bad"}'),
) owner="regular-user",
)
assert desc == "manage_tokens: BLOCKED" assert desc == f"{tool_name}: BLOCKED"
assert result["exit_code"] == 1 assert result["exit_code"] == 1
assert "requires an admin" in result["error"] assert "requires an admin" in result["error"]
@pytest.mark.asyncio @pytest.mark.asyncio
@@ -422,7 +423,7 @@ async def test_public_agent_policy_blocks_sensitive_tools(monkeypatch):
monkeypatch.setattr(auth_mod, "AuthManager", lambda: FakeAuth()) monkeypatch.setattr(auth_mod, "AuthManager", lambda: FakeAuth())
for tool_name in ("send_email", "read_file", "app_api", "mcp__email__send_email"): for tool_name in ("send_email", "read_file", "mcp__email__send_email"):
desc, result = await execute_tool_block( desc, result = await execute_tool_block(
SimpleNamespace(tool_type=tool_name, content="{}"), SimpleNamespace(tool_type=tool_name, content="{}"),
owner="regular-user", owner="regular-user",
@@ -449,6 +450,7 @@ def test_public_agent_policy_hides_sensitive_tools(monkeypatch):
assert "send_email" in blocked assert "send_email" in blocked
assert "read_file" in blocked assert "read_file" in blocked
assert "app_api" in blocked assert "app_api" in blocked
assert "serve_preset" in blocked
assert "manage_tasks" in blocked assert "manage_tasks" in blocked