agentnode-sdk 0.12.0__tar.gz → 0.12.1__tar.gz

{agentnode_sdk-0.12.0 → agentnode_sdk-0.12.1}/CHANGELOG.md

@@ -1,5 +1,27 @@
 # Changelog
 
+## 0.12.1 — agent_sandbox config fix
+
+### Fixed
+
+- **`agent_sandbox` config section was stripped during `load_config()`.** The
+  config loader rebuilt the file from defaults and silently dropped a
+  hand-written `agent_sandbox` section, so the documented
+  `agent_sandbox.enabled: true` config path never took effect (only the
+  `AGENTNODE_AGENT_SANDBOX` env var worked), and the host LLM ceiling
+  (`agent_sandbox.llm.*`) never reached policy resolution. Both now survive
+  loading; the nested `llm` ceiling is passed through verbatim.
+- **`agentnode config set agent_sandbox.enabled true|false` now works** (the
+  key was missing from the allowed-keys whitelist) and stores a **real
+  boolean** — previously a stored string `"false"` would have been truthy,
+  i.e. read as enabled.
+
+### Upgrade Notes
+
+- No breaking changes. No behavior change unless you use the `agent_sandbox`
+  config path; the env var `AGENTNODE_AGENT_SANDBOX` behaves exactly as
+  before. The agent sandbox remains **default OFF**.
+
 ## 0.12.0 — Sandboxed community agents (flag-gated)
 
 ### Added

{agentnode_sdk-0.12.0 → agentnode_sdk-0.12.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: agentnode-sdk
-Version: 0.12.0
+Version: 0.12.1
 Summary: Python SDK for AgentNode — the open upgrade and discovery infrastructure for AI agents.
 Project-URL: Homepage, https://agentnode.net
 Project-URL: Repository, https://github.com/agentnode-ai/agentnode

{agentnode_sdk-0.12.0 → agentnode_sdk-0.12.1}/agentnode_sdk/__init__.py

@@ -38,7 +38,7 @@ from agentnode_sdk.runtime import AgentNodeRuntime
 Client = AgentNodeClient
 ToolError = AgentNodeToolError
 
-__version__ = "0.12.0"
+__version__ = "0.12.1"
 __all__ = [
     "AgentNode",
     "AsyncAgentNode",

{agentnode_sdk-0.12.0 → agentnode_sdk-0.12.1}/agentnode_sdk/config.py

@@ -41,6 +41,9 @@ DEFAULTS: dict[str, Any] = {
         "compute": "allow",
         "unknown": "prompt",
     },
+    "agent_sandbox": {
+        "enabled": False,
+    },
 }
 
 VALID_VALUES: dict[str, tuple[str, ...]] = {
@@ -61,6 +64,7 @@ VALID_VALUES: dict[str, tuple[str, ...]] = {
     "guard.read": ("allow", "prompt", "deny"),
     "guard.compute": ("allow", "prompt", "deny"),
     "guard.unknown": ("allow", "prompt", "deny"),
+    "agent_sandbox.enabled": ("true", "false"),
 }
 
 
@@ -82,6 +86,7 @@ CONFIG_DESCRIPTIONS: dict[str, str] = {
     "guard.read": "Guard policy for tools that read data",
     "guard.compute": "Guard policy for tools that perform computation",
     "guard.unknown": "Guard policy for tools with unknown action type",
+    "agent_sandbox.enabled": "Route community (verified/unverified) agents through the container sandbox",
 }
 
 
@@ -138,6 +143,14 @@ def _merge_defaults(data: dict) -> dict[str, Any]:
         for extra_key in ("rate_limits", "agent_overrides", "tool_overrides"):
             if extra_key in data["guard"]:
                 cfg["guard"][extra_key] = data["guard"][extra_key]
+    if isinstance(data.get("agent_sandbox"), dict):
+        if "enabled" in data["agent_sandbox"]:
+            cfg["agent_sandbox"]["enabled"] = data["agent_sandbox"]["enabled"]
+        # The nested llm ceiling (max_calls/max_input_chars/max_output_chars/
+        # allowed_models/enabled) holds ints/lists — pass it through verbatim,
+        # like the guard extra keys above.
+        if isinstance(data["agent_sandbox"].get("llm"), dict):
+            cfg["agent_sandbox"]["llm"] = data["agent_sandbox"]["llm"]
     return cfg
 
 
@@ -201,7 +214,7 @@ def set_value(cfg: dict[str, Any], key: str, value: str) -> dict[str, Any]:
             f"Allowed: {', '.join(allowed)}"
         )
 
-    bool_keys = ("credentials.require_before_auto_install",)
+    bool_keys = ("credentials.require_before_auto_install", "agent_sandbox.enabled")
     actual_value: Any = value.lower() == "true" if key in bool_keys else value.lower()
 
     parts = key.split(".")

{agentnode_sdk-0.12.0 → agentnode_sdk-0.12.1}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "hatchling.build"
 
 [project]
 name = "agentnode-sdk"
-version = "0.12.0"
+version = "0.12.1"
 description = "Python SDK for AgentNode — the open upgrade and discovery infrastructure for AI agents."
 readme = "README.md"
 requires-python = ">=3.10"

{agentnode_sdk-0.12.0 → agentnode_sdk-0.12.1}/tests/test_config.py

@@ -244,3 +244,102 @@ def test_config_path_env_dir_override(tmp_path, monkeypatch):
     custom_dir = tmp_path / "custom_dir"
     monkeypatch.setenv("AGENTNODE_CONFIG", str(custom_dir))
     assert config_path() == custom_dir / "config.json"
+
+
+# --- agent_sandbox section (0.12.1 hotfix: _merge_defaults must not strip it) ---
+
+
+class TestAgentSandboxConfigSection:
+    """Regression tests for the shipped 0.12.0 bug: a hand-written
+    agent_sandbox section was silently stripped by _merge_defaults, so the
+    documented config path (agent_sandbox.enabled) and the C2 host LLM
+    ceiling (agent_sandbox.llm) never reached their consumers."""
+
+    def test_defaults_include_agent_sandbox_disabled(self):
+        cfg = default_config()
+        assert cfg["agent_sandbox"]["enabled"] is False
+
+    def test_handwritten_section_survives_load(self, isolated_config):
+        isolated_config.parent.mkdir(parents=True, exist_ok=True)
+        isolated_config.write_text(
+            json.dumps({"agent_sandbox": {"enabled": True}}), encoding="utf-8")
+        loaded = load_config()
+        assert loaded["agent_sandbox"]["enabled"] is True
+
+    def test_nested_llm_ceiling_survives_load(self, isolated_config):
+        llm = {"enabled": True, "max_calls": 3, "max_input_chars": 1000,
+               "allowed_models": ["gpt-4o-mini"]}
+        isolated_config.parent.mkdir(parents=True, exist_ok=True)
+        isolated_config.write_text(
+            json.dumps({"agent_sandbox": {"enabled": True, "llm": llm}}),
+            encoding="utf-8")
+        loaded = load_config()
+        assert loaded["agent_sandbox"]["llm"] == llm
+
+    def test_save_load_roundtrip_preserves_section(self, isolated_config):
+        cfg = default_config()
+        cfg["agent_sandbox"] = {"enabled": True, "llm": {"max_calls": 5}}
+        save_config(cfg)
+        loaded = load_config()
+        assert loaded["agent_sandbox"]["enabled"] is True
+        assert loaded["agent_sandbox"]["llm"] == {"max_calls": 5}
+
+    def test_set_value_true_stores_real_bool(self):
+        cfg = default_config()
+        set_value(cfg, "agent_sandbox.enabled", "true")
+        assert cfg["agent_sandbox"]["enabled"] is True
+
+    def test_set_value_false_stores_real_bool_not_truthy_string(self):
+        # without the bool_keys entry this stored the string "false",
+        # which bool() would read as ENABLED
+        cfg = default_config()
+        set_value(cfg, "agent_sandbox.enabled", "false")
+        assert cfg["agent_sandbox"]["enabled"] is False
+        assert cfg["agent_sandbox"]["enabled"] is not True
+        assert not isinstance(cfg["agent_sandbox"]["enabled"], str)
+
+    def test_set_value_rejects_garbage(self):
+        cfg = default_config()
+        with pytest.raises(ValueError):
+            set_value(cfg, "agent_sandbox.enabled", "maybe")
+
+    def test_flag_enabled_via_config_file_alone(self, isolated_config, monkeypatch):
+        # the REAL integration: file on disk -> load_config -> flag reader
+        # (the old routing tests mocked load_config, which hid this bug)
+        from agentnode_sdk.runtimes.agent_sandbox import _agent_sandbox_enabled
+        monkeypatch.delenv("AGENTNODE_AGENT_SANDBOX", raising=False)
+        isolated_config.parent.mkdir(parents=True, exist_ok=True)
+        isolated_config.write_text(
+            json.dumps({"agent_sandbox": {"enabled": True}}), encoding="utf-8")
+        assert _agent_sandbox_enabled() is True
+
+    def test_flag_disabled_via_config_file_false(self, isolated_config, monkeypatch):
+        from agentnode_sdk.runtimes.agent_sandbox import _agent_sandbox_enabled
+        monkeypatch.delenv("AGENTNODE_AGENT_SANDBOX", raising=False)
+        isolated_config.parent.mkdir(parents=True, exist_ok=True)
+        isolated_config.write_text(
+            json.dumps({"agent_sandbox": {"enabled": False}}), encoding="utf-8")
+        assert _agent_sandbox_enabled() is False
+
+    def test_llm_ceiling_reaches_policy_resolution(self, isolated_config):
+        # file on disk -> load_config -> resolve_llm_policy: the host ceiling
+        # must clamp a greedy manifest (dead config before this fix)
+        from agentnode_sdk.runtimes.agent_llm_policy import resolve_llm_policy
+        isolated_config.parent.mkdir(parents=True, exist_ok=True)
+        isolated_config.write_text(
+            json.dumps({"agent_sandbox": {"llm": {"max_calls": 2}}}),
+            encoding="utf-8")
+        host_cfg = load_config()
+        pol = resolve_llm_policy(
+            {"llm_access": {"enabled": True, "max_calls": 999}}, host_cfg)
+        assert pol.max_calls == 2
+
+    def test_other_sections_unchanged(self, isolated_config):
+        isolated_config.parent.mkdir(parents=True, exist_ok=True)
+        isolated_config.write_text(
+            json.dumps({"guard": {"delete": "deny"},
+                        "agent_sandbox": {"enabled": True}}), encoding="utf-8")
+        loaded = load_config()
+        assert loaded["guard"]["delete"] == "deny"
+        assert loaded["guard"]["read"] == "allow"          # defaults intact
+        assert loaded["trust"]["minimum_trust_level"] == "verified"