agentmesh_runtime 3.5.0__tar.gz → 3.7.0__tar.gz

{agentmesh_runtime-3.5.0 → agentmesh_runtime-3.7.0}/.gitignore

@@ -69,6 +69,7 @@ bld/
 
 # Build results on 'Bin' directories
 **/[Bb]in/*
+!agent-governance-copilot-cli/bin/agt-copilot.mjs
 # Uncomment if you have tasks that rely on *.refresh files to move binaries
 # (https://github.com/github/gitignore/pull/3736)
 #!**/[Bb]in/*.refresh
@@ -465,3 +466,4 @@ _site/
 
 # Code Security Assessment artifacts
 .security-assessment/
+*.tgz

{agentmesh_runtime-3.5.0 → agentmesh_runtime-3.7.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentmesh_runtime
-Version: 3.5.0
+Version: 3.7.0
 Summary: Public Preview — AgentMesh Runtime: Execution supervisor for multi-agent sessions with privilege rings, saga orchestration, and audit trails
 Project-URL: Homepage, https://github.com/microsoft/agent-governance-toolkit
 Project-URL: Repository, https://github.com/microsoft/agent-governance-toolkit

{agentmesh_runtime-3.5.0 → agentmesh_runtime-3.7.0}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "agentmesh_runtime"
-version = "3.5.0"
+version = "3.7.0"
 description = "Public Preview — AgentMesh Runtime: Execution supervisor for multi-agent sessions with privilege rings, saga orchestration, and audit trails"
 readme = "README.md"
 license = {text = "MIT"}

{agentmesh_runtime-3.5.0 → agentmesh_runtime-3.7.0}/src/agent_runtime/deploy.py

@@ -11,6 +11,8 @@ from __future__ import annotations
 
 import json
 import logging
+import os
+import re
 import shutil
 import subprocess
 import tempfile
@@ -22,6 +24,47 @@ from typing import Any, Protocol
 logger = logging.getLogger(__name__)
 
 
+# Conservative identifier shape that survives every downstream consumer this
+# module hands `agent_id` to:
+#
+#   - Docker container names accept `[a-zA-Z0-9][a-zA-Z0-9_.-]+`. Combined
+#     with the `agt-` prefix the deployer prepends, a leading dash or dot in
+#     `agent_id` cannot trigger Docker's "invalid name" path, but `agent_id`
+#     is also embedded raw into `--label agt.agent-id=<id>`, where a value
+#     starting with `-` would be reinterpreted as a CLI flag if the order
+#     ever changes.
+#   - Kubernetes pod/label names follow RFC-1123: `[a-z0-9]([-a-z0-9]*[a-z0-9])?`,
+#     63 chars max. We allow uppercase here because the runtime lowercases
+#     when constructing the actual pod name (`agt-<id>`); upstream of that
+#     point the value is just an opaque tag.
+#
+# 63 chars matches Kubernetes' label-value length cap; the `agt-` prefix uses
+# the remaining 4 chars.
+_AGENT_ID_PATTERN = re.compile(r"^[a-zA-Z0-9][a-zA-Z0-9_-]{0,62}$")
+
+
+def _validate_agent_id(agent_id: str) -> str:
+    """Reject ``agent_id`` values that would be unsafe to interpolate into
+    Docker / kubectl command-lines and label values.
+
+    Returns the validated id unchanged so call sites can write
+    ``agent_id = _validate_agent_id(agent_id)`` as a single guard.
+
+    Raises:
+        ValueError: if ``agent_id`` is empty, starts with a dash (would be
+            reparsed as a CLI flag), exceeds 63 characters, or contains any
+            character outside ``[a-zA-Z0-9_-]``.
+    """
+    if not isinstance(agent_id, str) or not _AGENT_ID_PATTERN.match(agent_id):
+        raise ValueError(
+            f"invalid agent_id {agent_id!r}: must match "
+            f"^[a-zA-Z0-9][a-zA-Z0-9_-]{{0,62}}$ "
+            "(alphanumeric start, then alphanumerics/underscores/dashes, "
+            "max 63 chars)"
+        )
+    return agent_id
+
+
 class DeploymentStatus(str, Enum):
     PENDING = "pending"
     DEPLOYING = "deploying"
@@ -91,6 +134,7 @@ class DockerDeployer:
 
     def deploy(self, agent_id: str, image: str, config: GovernanceConfig,
                port: int = 0, env: dict[str, str] | None = None, **kwargs: Any) -> DeploymentResult:
+        agent_id = _validate_agent_id(agent_id)
         container_name = f"agt-{agent_id}"
         cmd = [
             "run", "-d",
@@ -141,6 +185,7 @@ class DockerDeployer:
             )
 
     def stop(self, agent_id: str) -> DeploymentResult:
+        agent_id = _validate_agent_id(agent_id)
         container_name = f"agt-{agent_id}"
         try:
             self._run(["stop", container_name])
@@ -159,6 +204,7 @@ class DockerDeployer:
             )
 
     def status(self, agent_id: str) -> DeploymentResult:
+        agent_id = _validate_agent_id(agent_id)
         container_name = f"agt-{agent_id}"
         try:
             result = self._run(["inspect", container_name, "--format", "{{.State.Status}}"])
@@ -178,6 +224,7 @@ class DockerDeployer:
             )
 
     def logs(self, agent_id: str, tail: int = 100) -> str:
+        agent_id = _validate_agent_id(agent_id)
         try:
             result = self._run(["logs", f"agt-{agent_id}", "--tail", str(tail)])
             return result.stdout
@@ -270,14 +317,16 @@ class KubernetesDeployer:
         }
 
     def deploy(self, agent_id: str, image: str, config: GovernanceConfig, **kwargs: Any) -> DeploymentResult:
+        agent_id = _validate_agent_id(agent_id)
         manifest = self._build_pod_manifest(agent_id, image, config)
         manifest_json = json.dumps(manifest)
         try:
             # Ensure namespace
             self._run(["create", "namespace", self._namespace], check=False)
-            tmp_dir = Path(tempfile.gettempdir())
-            manifest_path = tmp_dir / f"agt-{agent_id}-manifest.json"
+            fd, tmp_path = tempfile.mkstemp(prefix=f"agt-{agent_id}-", suffix=".json")
+            manifest_path = Path(tmp_path)
             try:
+                os.close(fd)
                 manifest_path.write_text(manifest_json, encoding="utf-8")
                 self._run(["apply", "-f", str(manifest_path)])
             finally:
@@ -297,6 +346,7 @@ class KubernetesDeployer:
             )
 
     def stop(self, agent_id: str) -> DeploymentResult:
+        agent_id = _validate_agent_id(agent_id)
         try:
             self._run(["delete", "pod", f"agt-{agent_id}", "-n", self._namespace])
             return DeploymentResult(
@@ -313,6 +363,7 @@ class KubernetesDeployer:
             )
 
     def status(self, agent_id: str) -> DeploymentResult:
+        agent_id = _validate_agent_id(agent_id)
         try:
             result = self._run([
                 "get", "pod", f"agt-{agent_id}",
@@ -339,6 +390,7 @@ class KubernetesDeployer:
             )
 
     def logs(self, agent_id: str, tail: int = 100) -> str:
+        agent_id = _validate_agent_id(agent_id)
         try:
             result = self._run([
                 "logs", f"agt-{agent_id}",

{agentmesh_runtime-3.5.0 → agentmesh_runtime-3.7.0}/tests/test_deploy.py

@@ -14,6 +14,7 @@ from agent_runtime.deploy import (
     DockerDeployer,
     GovernanceConfig,
     KubernetesDeployer,
+    _validate_agent_id,
 )
 
 
@@ -355,3 +356,111 @@ class TestKubernetesDeployer:
         mock_run.return_value = MagicMock(stdout="k8s log line\n", stderr="", returncode=0)
         deployer = KubernetesDeployer()
         assert "k8s log line" in deployer.logs("agent-1")
+
+
+# ---------------------------------------------------------------------------
+# agent_id validation
+# ---------------------------------------------------------------------------
+
+class TestValidateAgentId:
+    """`_validate_agent_id` is the single guard for any string interpolated
+    into a Docker container name, kubectl pod name, or label value. The
+    regex pins the conservative shape that survives every downstream
+    consumer: alphanumeric start, alphanumerics + ``_-`` thereafter,
+    63 chars max.
+    """
+
+    @pytest.mark.parametrize("agent_id", [
+        "a",
+        "analyst-001",
+        "agent_42",
+        "A",
+        "9-already-leading-digit",
+        "x" * 63,  # max length
+    ])
+    def test_accepts_well_formed_ids(self, agent_id: str) -> None:
+        assert _validate_agent_id(agent_id) == agent_id
+
+    @pytest.mark.parametrize("agent_id,reason", [
+        ("", "empty"),
+        ("-rm", "leading dash would reparse as docker CLI flag"),
+        ("--privileged", "leading dash, looks like a flag"),
+        ("a b", "whitespace"),
+        ("a;rm -rf /", "shell metachars"),
+        ("a$(id)", "command substitution"),
+        ("a`id`", "backtick substitution"),
+        ("a.b", "dot — RFC-1123 allows but conservative regex does not"),
+        ("a/b", "path separator"),
+        ("a:b", "colon — would break docker label syntax"),
+        ("agent\nname", "newline injection"),
+        ("agent\x00name", "NUL byte"),
+        ("_leading_underscore", "underscore start — keep alphanumeric-only first char"),
+        ("x" * 64, "one over the 63-char cap"),
+    ])
+    def test_rejects_malformed_ids(self, agent_id: str, reason: str) -> None:
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            _validate_agent_id(agent_id)
+
+    def test_rejects_non_str(self) -> None:
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            _validate_agent_id(None)  # type: ignore[arg-type]
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            _validate_agent_id(42)  # type: ignore[arg-type]
+
+
+class TestDockerDeployerAgentIdValidation:
+    """Every `DockerDeployer` public entry point must validate `agent_id`
+    before interpolating it into a docker command-line. The previous
+    behaviour silently forwarded `agent_id="-rm"` etc., where the leading
+    dash would be reparsed as a CLI flag depending on Docker version.
+    """
+
+    @patch("agent_runtime.deploy.shutil.which", return_value="/usr/bin/docker")
+    def test_deploy_rejects_leading_dash(self, mock_which: MagicMock) -> None:
+        deployer = DockerDeployer()
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            deployer.deploy("-rm", "img:latest", GovernanceConfig())
+
+    @patch("agent_runtime.deploy.shutil.which", return_value="/usr/bin/docker")
+    def test_stop_rejects_leading_dash(self, mock_which: MagicMock) -> None:
+        deployer = DockerDeployer()
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            deployer.stop("-rm")
+
+    @patch("agent_runtime.deploy.shutil.which", return_value="/usr/bin/docker")
+    def test_status_rejects_shell_metachars(self, mock_which: MagicMock) -> None:
+        deployer = DockerDeployer()
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            deployer.status("a;rm -rf /")
+
+    @patch("agent_runtime.deploy.shutil.which", return_value="/usr/bin/docker")
+    def test_logs_rejects_empty(self, mock_which: MagicMock) -> None:
+        deployer = DockerDeployer()
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            deployer.logs("")
+
+
+class TestKubernetesDeployerAgentIdValidation:
+    @patch("agent_runtime.deploy.shutil.which", return_value="/usr/bin/kubectl")
+    def test_deploy_rejects_overlong(self, mock_which: MagicMock) -> None:
+        deployer = KubernetesDeployer()
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            deployer.deploy("x" * 64, "img:latest", GovernanceConfig())
+
+    @patch("agent_runtime.deploy.shutil.which", return_value="/usr/bin/kubectl")
+    def test_stop_rejects_leading_dash(self, mock_which: MagicMock) -> None:
+        deployer = KubernetesDeployer()
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            deployer.stop("-rm")
+
+    @patch("agent_runtime.deploy.shutil.which", return_value="/usr/bin/kubectl")
+    def test_status_rejects_dot(self, mock_which: MagicMock) -> None:
+        deployer = KubernetesDeployer()
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            deployer.status("a.b")
+
+    @patch("agent_runtime.deploy.shutil.which", return_value="/usr/bin/kubectl")
+    def test_logs_rejects_newline(self, mock_which: MagicMock) -> None:
+        deployer = KubernetesDeployer()
+        with pytest.raises(ValueError, match="invalid agent_id"):
+            deployer.logs("agent\nname")