d0bd3ec3d9
executus CI / test (push) Has been cancelled
All 3 cloud models converged on a real access-control bug; fixed it + the other genuine findings (the false-positives were dropped): Security (HIGH — all 3 models): - create_file_url skipped ValidateScope: a same-skill caller could mint a PUBLIC url for a file scoped to another user/run. Now runs ValidateScope (admin-aware), skipped only for the descendant-grant case — mirroring the read tools. Other real fixes: - ValidateScope hard-coded `false` at every call site (admin branch dead) -> pass inv.CallerIsAdmin (the executor sets it via the host AdminPolicy; still false/fail-closed when no admin). Stale "no admin flag" comment corrected. - create_file_url: ExpiresInSeconds clamped BEFORE the *time.Second multiply (huge values overflowed to a negative duration that slipped under the cap, minting already-expired tokens); swallowed json.Marshal error now returned. - RegisterMeta: build the default budget WITH the configured MaxPerRun (was NewInMemorySearchBudget(nil) -> hardcoded 10, ignoring MetaDeps.MaxPerRun). - classify: all-zero scores no longer return a false-positive top-1 winner; coerceClassifyScore uses strconv.ParseFloat (rejects trailing garbage like "50extra" that fmt.Sscanf silently accepted). - file_delete: honor the descendant grant (parent can clean up a worker's artifacts) — was the lone cross-skill-reject-outright file tool. - meta tools: input caps truncate at a UTF-8 rune boundary (truncateUTF8), not mid-rune. - think: removed the dead `var _ = fmt.Errorf` import-keeper; file_save default aligned to 16 MiB (matched RegisterStore). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
75 lines
2.2 KiB
Go
75 lines
2.2 KiB
Go
// file_list returns metadata for files in a scope. Blob bytes are NOT
|
|
// loaded — listing is a hot path that must stay light, and the LLM
|
|
// would burn tokens for no benefit.
|
|
package tools
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
"gitea.stevedudenhoeffer.com/steve/executus/tool"
|
|
)
|
|
|
|
type fileListArgs struct {
|
|
Scope string `json:"scope" description:"Storage scope: 'skill', 'user:<your_id>', or 'run:<run_id>'."`
|
|
}
|
|
|
|
type fileListEntry struct {
|
|
FileID string `json:"file_id"`
|
|
Name string `json:"name"`
|
|
Mime string `json:"mime"`
|
|
SizeBytes int64 `json:"size_bytes"`
|
|
CreatedAt string `json:"created_at"`
|
|
}
|
|
|
|
// NewFileList constructs the file_list tool. storage nil → "not
|
|
// configured" at execute time.
|
|
func NewFileList(storage FileStorage) tool.Tool {
|
|
return tool.NewGatedTool[fileListArgs](
|
|
"file_list",
|
|
"List files in a scope. Returns a JSON array of {file_id, name, mime, size_bytes, created_at}. Does NOT include bytes — call file_get with a file_id to fetch content.",
|
|
tool.Permission{
|
|
AuthoringRequirement: tool.RequirementAnyone,
|
|
OperatesOn: tool.ScopeCaller,
|
|
SafeForShare: true,
|
|
Categories: []string{"storage", "read"},
|
|
},
|
|
func(ctx context.Context, inv tool.Invocation, args fileListArgs) (string, error) {
|
|
if storage == nil {
|
|
return "", fmt.Errorf("file_list: not configured")
|
|
}
|
|
if err := ValidateScope(inv, args.Scope, inv.CallerIsAdmin); err != nil {
|
|
return "", fmt.Errorf("file_list: %w", err)
|
|
}
|
|
// root_run is a KV-only scope (v1) — see file_save's guard.
|
|
if strings.HasPrefix(args.Scope, "root_run:") {
|
|
return "", fmt.Errorf("file_list: root_run scope is KV-only")
|
|
}
|
|
|
|
rows, err := storage.FileList(ctx, inv.SkillID, args.Scope)
|
|
if err != nil {
|
|
return "", fmt.Errorf("file_list: %w", err)
|
|
}
|
|
|
|
out := make([]fileListEntry, 0, len(rows))
|
|
for _, r := range rows {
|
|
out = append(out, fileListEntry{
|
|
FileID: r.ID,
|
|
Name: r.Name,
|
|
Mime: r.MimeType,
|
|
SizeBytes: r.SizeBytes,
|
|
CreatedAt: r.CreatedAt.UTC().Format(time.RFC3339),
|
|
})
|
|
}
|
|
b, err := json.Marshal(out)
|
|
if err != nil {
|
|
return "", fmt.Errorf("file_list: marshal: %w", err)
|
|
}
|
|
return string(b), nil
|
|
},
|
|
)
|
|
}
|