tinyagent-py 0.0.11__py3-none-any.whl → 0.0.12__py3-none-any.whl

tinyagent/code_agent/modal_sandbox.py

@@ -63,6 +63,7 @@ def create_sandbox(
     pip_install: Sequence[str] | None = None,
     image_name: str = "tinyagent-sandbox-image",
     app_name: str = "persistent-code-session",
+    force_build: bool = False,
     **sandbox_kwargs,
 ) -> Tuple[modal.Sandbox, modal.App]:
     """Create (or lookup) a `modal.Sandbox` pre-configured for code execution.
@@ -99,7 +100,7 @@ def create_sandbox(
 
     # Build image -----------------------------------------------------------
     agent_image = (
-        modal.Image.debian_slim(python_version=python_version)
+        modal.Image.debian_slim(python_version=python_version,force_build=force_build)
         .apt_install(*apt_packages)
         .pip_install(*full_pip_list)
     )
@@ -196,6 +197,7 @@ class SandboxSession:
         modal_secrets: modal.Secret,
         *,
         timeout: int = 5 * 60,
+        
         **create_kwargs,
     ) -> None:
         self.modal_secrets = modal_secrets

tinyagent/code_agent/providers/modal_provider.py

@@ -26,6 +26,7 @@ class ModalProvider(CodeExecutionProvider):
         default_packages: Optional[List[str]] = None,
         apt_packages: Optional[List[str]] = None,
         python_version: Optional[str] = None,
+        authorized_imports: list[str] | None = None,
         modal_secrets: Dict[str, Union[str, None]] | None = None,
         lazy_init: bool = True,
         sandbox_name: str = "tinycodeagent-sandbox",
@@ -48,6 +49,7 @@ class ModalProvider(CodeExecutionProvider):
                 (git, curl, …) so you only need to specify the extras.
             python_version: Python version used for the sandbox image. If
                 ``None`` the current interpreter version is used.
+            authorized_imports: Optional allow-list of modules the user code is permitted to import. Supports wildcard patterns (e.g. "pandas.*"). If ``None`` the safety layer blocks only the predefined dangerous modules.
         """
 
         # Resolve default values ------------------------------------------------
@@ -70,6 +72,7 @@ class ModalProvider(CodeExecutionProvider):
         self.default_packages: List[str] = default_packages
         self.apt_packages: List[str] = apt_packages
         self.python_version: str = python_version
+        self.authorized_imports = authorized_imports
 
         # ----------------------------------------------------------------------
         final_packages = list(set(self.default_packages + (pip_packages or [])))
@@ -89,6 +92,7 @@ class ModalProvider(CodeExecutionProvider):
         self.modal_secrets = modal.Secret.from_dict(self.secrets)
         self.app = None
         self._app_run_python = None
+        self.is_trusted_code = kwargs.get("trust_code", False)
         
         self._setup_modal_app()
         
@@ -164,18 +168,30 @@ class ModalProvider(CodeExecutionProvider):
         if self.executed_default_codes:
             print("✔️ default codes already executed")
             full_code = "\n".join(self.code_tools_definitions) +"\n\n"+code
+            # Code tools and default code are trusted, user code is not
         else:
             full_code = "\n".join(self.code_tools_definitions) +"\n\n"+ "\n".join(self.default_python_codes) + "\n\n" + code
             self.executed_default_codes = True
+            # First execution includes framework code which is trusted
         
         # Use Modal's native execution methods
         if self.local_execution:
-            # Use Modal's .local() method for local execution
-            return self._app_run_python.local(full_code, globals_dict or {}, locals_dict or {})
+            return self._app_run_python.local(
+                full_code,
+                globals_dict or {},
+                locals_dict or {},
+                self.authorized_imports,
+                self.is_trusted_code,
+            )
         else:
-            # Use Modal's .remote() method for remote execution
             with self.app.run():
-                return self._app_run_python.remote(full_code, globals_dict or {}, locals_dict or {})
+                return self._app_run_python.remote(
+                    full_code,
+                    globals_dict or {},
+                    locals_dict or {},
+                    self.authorized_imports,
+                    self.is_trusted_code,
+                )
     
     def _log_response(self, response: Dict[str, Any]):
         """Log the response from code execution."""
@@ -184,15 +200,31 @@ class ModalProvider(CodeExecutionProvider):
         print("#########################<printed_output>#########################")
         print(response["printed_output"])
         print("#########################</printed_output>#########################")
-        print("#########################<return_value>#########################")
-        print(response["return_value"])
-        print("#########################</return_value>#########################")
-        print("#########################<stderr>#########################")
-        print(response["stderr"])
-        print("#########################</stderr>#########################")
-        print("#########################<traceback>#########################")
-        print(response["error_traceback"])
-        print("#########################</traceback>#########################")
+        if response.get("return_value",None) not in [None,""]:
+            print("#########################<return_value>#########################")
+            print(response["return_value"])
+            print("#########################</return_value>#########################")
+        if response.get("stderr",None) not in [None,""]:
+            print("#########################<stderr>#########################")
+            print(response["stderr"])
+            print("#########################</stderr>#########################")
+        if response.get("error_traceback",None) not in [None,""]:
+            print("#########################<traceback>#########################")
+            # Check if this is a security exception and highlight it in red if so
+            error_text = response["error_traceback"]
+            if "SECURITY" in error_text:
+                try:
+                    from ..modal_sandbox import COLOR
+                except ImportError:
+                    # Fallback colors if modal_sandbox is not available
+                    COLOR = {
+                        "RED": "\033[91m",
+                        "ENDC": "\033[0m",
+                    }
+                print(f"{COLOR['RED']}{error_text}{COLOR['ENDC']}")
+            else:
+                print(error_text)
+            print("#########################</traceback>#########################")
     
     async def cleanup(self):
         """Clean up Modal resources."""

tinyagent/code_agent/safety.py

@@ -0,0 +1,546 @@
+# TinyAgent code execution safety utilities
+# -----------------------------------------
+#
+# This helper module defines *very* lightweight safeguards that are applied
+# before running any user-supplied Python code inside the Modal sandbox.
+# The goal is **not** to build a full blown secure interpreter (this would
+# require a much more sophisticated setup à la Pyodide or the `python-secure`
+# project).  Instead we implement the following pragmatic defence layers:
+#
+# 1.  Static AST inspection of the submitted code to detect direct `import` or
+#     `from … import …` statements that reference known dangerous modules
+#     (e.g. `os`, `subprocess`, …).  This prevents the *most common* attack
+#     vector where an LLM attempts to read or modify the host file-system or
+#     spawn sub-processes.
+# 2.  Runtime patching of the built-in `__import__` hook so that *dynamic*
+#     imports carried out via `importlib` or `__import__(…)` are blocked at
+#     execution time as well.
+# 3.  Static AST inspection to detect calls to dangerous functions like `exec`,
+#     `eval`, `compile`, etc. that could be used to bypass security measures.
+# 4.  Runtime patching of built-in dangerous functions to prevent their use
+#     at execution time.
+#
+# The chosen approach keeps the TinyAgent runtime *fast* and *lean* while
+# still providing a reasonable first line of defence against obviously
+# malicious code.
+
+from __future__ import annotations
+
+import ast
+import builtins
+import warnings
+from typing import Iterable, List, Set, Sequence, Any, Callable
+import contextlib
+
+__all__ = [
+    "DANGEROUS_MODULES",
+    "DANGEROUS_FUNCTIONS",
+    "RUNTIME_BLOCKED_FUNCTIONS",
+    "validate_code_safety",
+    "install_import_hook",
+    "function_safety_context",
+]
+
+# ---------------------------------------------------------------------------
+# Threat model / deny-list
+# ---------------------------------------------------------------------------
+
+# Non-exhaustive list of modules that grant (direct or indirect) access to the
+# underlying operating system, spawn sub-processes, perform unrestricted I/O,
+# or allow the user to circumvent the static import analysis performed below.
+DANGEROUS_MODULES: Set[str] = {
+    "builtins",  # Gives access to exec/eval etc.
+    "ctypes",
+    "importlib",
+    "io",
+    "multiprocessing",
+    "os",
+    "pathlib",
+    "pty",
+    "shlex",
+    "shutil",
+    "signal",
+    "socket",
+    "subprocess",
+    "sys",
+    "tempfile",
+    "threading",
+    "webbrowser",
+}
+
+# List of dangerous built-in functions that could be used to bypass security
+# measures or execute arbitrary code
+DANGEROUS_FUNCTIONS: Set[str] = {
+    "exec",
+    "eval",
+    "compile",
+    "__import__",
+    "open",
+    "input",
+    "breakpoint",
+}
+
+# Functions that should be blocked at runtime (a subset of DANGEROUS_FUNCTIONS)
+RUNTIME_BLOCKED_FUNCTIONS: Set[str] = {
+    "exec",
+    "eval",
+}
+
+# Essential modules that are always allowed, even in untrusted code
+# These are needed for the framework to function properly
+ESSENTIAL_MODULES: Set[str] = {
+    "cloudpickle",
+    "tinyagent",
+    "json",
+    "time",
+    "datetime",
+    "requests",
+    
+}
+
+
+# ---------------------------------------------------------------------------
+# Utility helpers
+# ---------------------------------------------------------------------------
+
+def _is_allowed(module_root: str, allowed: Sequence[str] | None) -> bool:
+    """Return ``True`` if *module_root* is within *allowed* specification."""
+
+    if allowed is None:
+        # No explicit allow-list means everything that is **not** in the
+        # dangerous list is considered fine.
+        return True
+
+    # Fast path – wildcard allows everything.
+    if "*" in allowed:
+        return True
+
+    for pattern in allowed:
+        if pattern.endswith(".*"):
+            if module_root == pattern[:-2]:
+                return True
+        elif module_root == pattern:
+            return True
+    return False
+
+
+# ---------------------------------------------------------------------------
+# Static analysis helpers
+# ---------------------------------------------------------------------------
+
+def _iter_import_nodes(tree: ast.AST) -> Iterable[ast.AST]:
+    """Yield all *import* related nodes from *tree*."""
+    for node in ast.walk(tree):
+        if isinstance(node, (ast.Import, ast.ImportFrom)):
+            yield node
+
+
+def _extract_module_roots(node: ast.AST) -> List[str]:
+    """Return the *top-level* module names referenced in an import node."""
+    roots: list[str] = []
+    if isinstance(node, ast.Import):
+        for alias in node.names:
+            roots.append(alias.name.split(".")[0])
+    elif isinstance(node, ast.ImportFrom):
+        if node.module is not None:
+            roots.append(node.module.split(".")[0])
+    return roots
+
+
+def _check_for_dangerous_function_calls(tree: ast.AST, authorized_functions: Sequence[str] | None = None) -> Set[str]:
+    """
+    Check for calls to dangerous functions in the AST.
+    
+    Parameters
+    ----------
+    tree
+        The AST to check
+    authorized_functions
+        Optional white-list of dangerous functions that are allowed
+        
+    Returns
+    -------
+    Set[str]
+        Set of dangerous function names found in the code
+    """
+    dangerous_calls = set()
+    
+    # Convert authorized_functions to a set if it's not None and not a boolean
+    authorized_set = set(authorized_functions) if authorized_functions is not None and not isinstance(authorized_functions, bool) else set()
+    
+    for node in ast.walk(tree):
+        # Check for direct function calls: func()
+        if isinstance(node, ast.Call) and isinstance(node.func, ast.Name):
+            func_name = node.func.id
+            # Only flag if it's a known dangerous function
+            if func_name in DANGEROUS_FUNCTIONS and func_name not in authorized_set:
+                dangerous_calls.add(func_name)
+        
+        # Check for calls via string literals in exec/eval: exec("import os")
+        if isinstance(node, ast.Call) and isinstance(node.func, ast.Name) and node.func.id in ["exec", "eval"]:
+            # Only check if the function itself is not authorized
+            if node.func.id not in authorized_set:
+                if node.args and isinstance(node.args[0], ast.Constant) and isinstance(node.args[0].value, str):
+                    dangerous_calls.add(f"{node.func.id} with string literal")
+        
+        # Check for attribute access: builtins.exec()
+        if isinstance(node, ast.Call) and isinstance(node.func, ast.Attribute):
+            if node.func.attr in DANGEROUS_FUNCTIONS:
+                if isinstance(node.func.value, ast.Name):
+                    module_name = node.func.value.id
+                    # Focus on builtins module access
+                    if module_name == "builtins" and node.func.attr not in authorized_set:
+                        func_name = f"{module_name}.{node.func.attr}"
+                        dangerous_calls.add(func_name)
+        
+        # Check for string manipulation that could be used to bypass security
+        # For example: e = "e" + "x" + "e" + "c"; e("import os")
+        if isinstance(node, ast.Assign):
+            for target in node.targets:
+                if isinstance(target, ast.Name) and isinstance(node.value, ast.BinOp):
+                    # Check if we're building a string that could be a dangerous function name
+                    potential_name = _extract_string_from_binop(node.value)
+                    if potential_name in DANGEROUS_FUNCTIONS and potential_name not in authorized_set:
+                        dangerous_calls.add(f"string manipulation to create '{potential_name}'")
+        
+        # Check for getattr(builtins, "exec") pattern
+        if isinstance(node, ast.Call) and isinstance(node.func, ast.Name) and node.func.id == "getattr":
+            if len(node.args) >= 2 and isinstance(node.args[1], ast.Constant) and isinstance(node.args[1].value, str):
+                attr_name = node.args[1].value
+                if attr_name in DANGEROUS_FUNCTIONS and attr_name not in authorized_set:
+                    if isinstance(node.args[0], ast.Name) and node.args[0].id == "builtins":
+                        module_name = node.args[0].id
+                        dangerous_calls.add(f"getattr({module_name}, '{attr_name}')")
+    
+    return dangerous_calls
+
+
+def _extract_string_from_binop(node: ast.BinOp) -> str:
+    """
+    Attempt to extract a string from a binary operation node.
+    This helps detect string concatenation that builds dangerous function names.
+    
+    For example: "e" + "x" + "e" + "c" -> "exec"
+    
+    Parameters
+    ----------
+    node
+        The binary operation node
+        
+    Returns
+    -------
+    str
+        The extracted string, or empty string if not extractable
+    """
+    if isinstance(node, ast.Constant) and isinstance(node.value, str):
+        return node.value
+    
+    if not isinstance(node, ast.BinOp):
+        return ""
+    
+    # Handle string concatenation
+    if isinstance(node.op, ast.Add):
+        left_str = _extract_string_from_binop(node.left)
+        right_str = _extract_string_from_binop(node.right)
+        return left_str + right_str
+    
+    return ""
+
+
+def _detect_string_obfuscation(tree: ast.AST) -> bool:
+    """
+    Detect common string obfuscation techniques that might be used to bypass security.
+    
+    Parameters
+    ----------
+    tree
+        The AST to check
+        
+    Returns
+    -------
+    bool
+        True if suspicious string manipulation is detected
+    """
+    suspicious_patterns = False
+    
+    for node in ast.walk(tree):
+        # Check for chr() usage to build strings
+        if isinstance(node, ast.Call) and isinstance(node.func, ast.Name) and node.func.id == "chr":
+            suspicious_patterns = True
+            break
+            
+        # Check for ord() usage in combination with string operations
+        if isinstance(node, ast.Call) and isinstance(node.func, ast.Name) and node.func.id == "ord":
+            suspicious_patterns = True
+            break
+            
+        # Check for suspicious string joins with list comprehensions
+        if (isinstance(node, ast.Call) and isinstance(node.func, ast.Attribute) and 
+            node.func.attr == "join" and isinstance(node.args[0], ast.ListComp)):
+            suspicious_patterns = True
+            break
+            
+        # Check for base64 decoding
+        if (isinstance(node, ast.Call) and isinstance(node.func, ast.Attribute) and 
+            node.func.attr in ["b64decode", "b64encode", "b32decode", "b32encode", "b16decode", "b16encode"]):
+            suspicious_patterns = True
+            break
+            
+        # Check for string formatting that might be used to build dangerous code
+        if isinstance(node, ast.Call) and isinstance(node.func, ast.Attribute) and node.func.attr == "format":
+            suspicious_patterns = True
+            break
+            
+    return suspicious_patterns
+
+
+def validate_code_safety(code: str, *, authorized_imports: Sequence[str] | None = None, 
+                        authorized_functions: Sequence[str] | None = None, trusted_code: bool = False) -> None:
+    """Static validation of user code.
+
+    Parameters
+    ----------
+    code
+        The user supplied source code (single string or multi-line).
+    authorized_imports
+        Optional white-list restricting which modules may be imported.  If
+        *None* every module that is not in :pydata:`DANGEROUS_MODULES` is
+        allowed.  Wildcards are supported – e.g. ``["numpy.*"]`` allows any
+        sub-package of *numpy*.
+    authorized_functions
+        Optional white-list of dangerous functions that are allowed.
+    trusted_code
+        If True, skip security checks. This should only be used for code that is part of the
+        framework, developer-provided tools, or default executed code.
+    """
+    # Skip security checks for trusted code
+    if trusted_code:
+        return
+
+    try:
+        tree = ast.parse(code, mode="exec")
+    except SyntaxError:
+        # If the code does not even parse we leave the error handling to the
+        # caller (who will attempt to compile / execute the code later on).
+        return
+
+    blocked: set[str] = set()
+    
+    # Convert authorized_imports to a set if it's not None and not a boolean
+    combined_allowed = None
+    if authorized_imports is not None and not isinstance(authorized_imports, bool):
+        combined_allowed = set(list(authorized_imports) + list(ESSENTIAL_MODULES))
+    
+    
+    for node in _iter_import_nodes(tree):
+        for root in _extract_module_roots(node):
+
+            # Check if module is explicitly allowed
+            if combined_allowed is not None:
+                allowed = _is_allowed(root, combined_allowed)
+            else:
+                # If no explicit allow-list, only allow if not in DANGEROUS_MODULES
+                allowed = root not in DANGEROUS_MODULES
+
+            if root in DANGEROUS_MODULES and allowed and combined_allowed is not None:
+                warnings.warn(
+                    f"⚠️  Importing dangerous module '{root}' was allowed due to authorized_imports configuration.",
+                    stacklevel=2,
+                )
+            
+            # Block dangerous modules unless explicitly allowed
+            if root in DANGEROUS_MODULES and not allowed:
+                blocked.add(root)
+            # If there is an explicit allow-list, block everything not on it
+            elif authorized_imports is not None and not isinstance(authorized_imports, bool) and not allowed and root not in ESSENTIAL_MODULES:
+                blocked.add(root)
+
+    # ------------------------------------------------------------------
+    # Detect direct calls to __import__ (e.g.  __import__("os")) in *untrusted* code
+    # ------------------------------------------------------------------
+    for _node in ast.walk(tree):
+        if isinstance(_node, ast.Call):
+            # Pattern: __import__(...)
+            if isinstance(_node.func, ast.Name) and _node.func.id == "__import__":
+                # Check if it's a direct call to the built-in __import__
+                raise ValueError("SECURITY VIOLATION: Usage of __import__ is not allowed in untrusted code.")
+            # Pattern: builtins.__import__(...)
+            if (
+                isinstance(_node.func, ast.Attribute)
+                and isinstance(_node.func.value, ast.Name)
+                and _node.func.attr == "__import__"
+                and _node.func.value.id == "builtins"
+            ):
+                raise ValueError("SECURITY VIOLATION: Usage of builtins.__import__ is not allowed in untrusted code.")
+
+    # ------------------------------------------------------------------
+    # Detect calls to dangerous functions (e.g. exec, eval) in *untrusted* code
+    # ------------------------------------------------------------------
+    dangerous_calls = _check_for_dangerous_function_calls(tree, authorized_functions)
+    if dangerous_calls:
+        offenders = ", ".join(sorted(dangerous_calls))
+        raise ValueError(f"SECURITY VIOLATION: Usage of dangerous function(s) {offenders} is not allowed in untrusted code.")
+
+    # ------------------------------------------------------------------
+    # Detect string obfuscation techniques that might be used to bypass security
+    # ------------------------------------------------------------------
+    if _detect_string_obfuscation(tree):
+        raise ValueError("SECURITY VIOLATION: Suspicious string manipulation detected that could be used to bypass security.")
+
+    if blocked:
+        offenders = ", ".join(sorted(blocked))
+        msg = f"SECURITY VIOLATION: Importing module(s) {offenders} is not allowed."
+        if authorized_imports is not None and not isinstance(authorized_imports, bool):
+            msg += " Allowed imports are: " + ", ".join(sorted(authorized_imports))
+        raise ValueError(msg)
+
+
+# ---------------------------------------------------------------------------
+# Runtime import hook
+# ---------------------------------------------------------------------------
+
+def install_import_hook(
+    *,
+    blocked_modules: Set[str] | None = None,
+    authorized_imports: Sequence[str] | None = None,
+    trusted_code: bool = False,
+) -> None:
+    """Monkey-patch the built-in ``__import__`` to deny run-time imports.
+
+    The hook is *process-wide* but extremely cheap to install.  It simply
+    checks the *root* package name against the provided *blocked_modules*
+    (defaults to :pydata:`DANGEROUS_MODULES`) and raises ``ImportError`` if the
+    import should be denied.
+
+    Calling this function **multiple times** is safe – only the first call
+    installs the wrapper, subsequent calls are ignored.
+    
+    Parameters
+    ----------
+    blocked_modules
+        Set of module names to block. Defaults to DANGEROUS_MODULES.
+    authorized_imports
+        Optional white-list restricting which modules may be imported.
+    trusted_code
+        If True, skip security checks. This should only be used for code that is part of the
+        framework, developer-provided tools, or default executed code.
+    """
+    # Skip security checks for trusted code
+    if trusted_code:
+        return
+
+    blocked_modules = blocked_modules or DANGEROUS_MODULES
+    
+    # Convert authorized_imports to a set if it's not None and not a boolean
+    authorized_set = set(authorized_imports) if authorized_imports is not None and not isinstance(authorized_imports, bool) else None
+    
+    # Create a combined set for allowed modules (essential + authorized)
+    combined_allowed = None
+    if authorized_set is not None:
+        combined_allowed = set(list(authorized_set) + list(ESSENTIAL_MODULES))
+
+    # Check if we have already installed the hook to avoid double-wrapping.
+    if getattr(builtins, "__tinyagent_import_hook_installed", False):
+        return
+
+    original_import = builtins.__import__
+
+    def _safe_import(
+        name: str,
+        globals=None,
+        locals=None,
+        fromlist=(),
+        level: int = 0,
+    ):  # type: ignore[override]
+        root = name.split(".")[0]
+        
+        # Check if module is explicitly allowed
+        if combined_allowed is not None:
+            allowed = _is_allowed(root, combined_allowed)
+        else:
+            # If no explicit allow-list, only allow if not in blocked_modules
+            allowed = root not in blocked_modules
+
+        if root in blocked_modules and allowed and authorized_set is not None:
+            warnings.warn(
+                f"⚠️  Importing dangerous module '{root}' was allowed due to authorized_imports configuration.",
+                stacklevel=2,
+            )
+        elif root in blocked_modules and not allowed:
+            error_msg = f"SECURITY VIOLATION: Import of module '{name}' is blocked by TinyAgent security policy"
+            if authorized_set is not None:
+                error_msg += f". Allowed imports are: {', '.join(sorted(authorized_set))}"
+            raise ImportError(error_msg)
+        elif authorized_set is not None and not allowed and root not in ESSENTIAL_MODULES:
+            error_msg = f"SECURITY VIOLATION: Import of module '{name}' is not in the authorized imports list"
+            if authorized_set:
+                error_msg += f": {', '.join(sorted(authorized_set))}"
+            raise ImportError(error_msg)
+
+        return original_import(name, globals, locals, fromlist, level)
+
+    builtins.__import__ = _safe_import  # type: ignore[assignment]
+    setattr(builtins, "__tinyagent_import_hook_installed", True)
+
+
+# ---------------------------------------------------------------------------
+# Runtime function hook
+# ---------------------------------------------------------------------------
+
+@contextlib.contextmanager
+def function_safety_context(
+    *,
+    blocked_functions: Set[str] | None = None,
+    authorized_functions: Sequence[str] | None = None,
+    trusted_code: bool = False,
+):
+    """
+    Context manager for safely executing code with dangerous functions blocked.
+    
+    Parameters
+    ----------
+    blocked_functions
+        Set of function names to block. Defaults to RUNTIME_BLOCKED_FUNCTIONS.
+    authorized_functions
+        Optional white-list of dangerous functions that are allowed.
+    trusted_code
+        If True, skip security checks. This should only be used for code that is part of the
+        framework, developer-provided tools, or default executed code.
+    """
+    if trusted_code:
+        yield
+        return
+        
+    # Install the function hook
+    blocked_functions = blocked_functions or RUNTIME_BLOCKED_FUNCTIONS
+    
+    # Convert authorized_functions to a set if it's not None and not a boolean
+    authorized_set = set(authorized_functions) if authorized_functions is not None and not isinstance(authorized_functions, bool) else set()
+    
+    # Store original functions
+    original_functions = {}
+    
+    # Replace dangerous functions with safe versions
+    for func_name in blocked_functions:
+        # Only block functions that exist in builtins
+        if hasattr(builtins, func_name) and func_name not in authorized_set:
+            original_functions[func_name] = getattr(builtins, func_name)
+            
+            # Create a closure to capture the function name
+            def make_safe_function(name):
+                def safe_function(*args, **kwargs):
+                    error_msg = f"SECURITY VIOLATION: Function '{name}' is blocked by TinyAgent security policy"
+                    if authorized_functions and not isinstance(authorized_functions, bool) and isinstance(authorized_functions, (list, tuple, set)):
+                        error_msg += f". Allowed functions are: {', '.join(sorted(authorized_set))}"
+                    raise RuntimeError(error_msg)
+                return safe_function
+            
+            # Replace the function
+            setattr(builtins, func_name, make_safe_function(func_name))
+    
+    try:
+        yield
+    finally:
+        # Restore original functions
+        for func_name, original_func in original_functions.items():
+            setattr(builtins, func_name, original_func)

tinyagent/code_agent/tiny_code_agent.py

@@ -62,6 +62,7 @@ class TinyCodeAgent:
         self.user_variables = user_variables or {}
         self.pip_packages = pip_packages or []
         self.local_execution = local_execution
+        self.provider = provider  # Store provider type for reuse
         
         # Create the code execution provider
         self.code_provider = self._create_provider(provider, self.provider_config)
@@ -96,8 +97,13 @@ class TinyCodeAgent:
             config_pip_packages = config.get("pip_packages", [])
             final_pip_packages = list(set(self.pip_packages + config_pip_packages))
             
+            # Merge authorized_imports from both sources (direct parameter and provider_config)
+            config_authorized_imports = config.get("authorized_imports", [])
+            final_authorized_imports = list(set(self.authorized_imports + config_authorized_imports))
+            
             final_config = config.copy()
             final_config["pip_packages"] = final_pip_packages
+            final_config["authorized_imports"] = final_authorized_imports
             
             return ModalProvider(
                 log_manager=self.log_manager,
@@ -258,6 +264,14 @@ class TinyCodeAgent:
                 result = await self.code_provider.execute_python(code_lines, timeout)
                 return str(result)
             except Exception as e:
+                print("!"*100)
+                COLOR = {
+                        "RED": "\033[91m",
+                        "ENDC": "\033[0m",
+                    }
+                print(f"{COLOR['RED']}{str(e)}{COLOR['ENDC']}")
+                print(f"{COLOR['RED']}{traceback.format_exc()}{COLOR['ENDC']}")
+                print("!"*100)
                 return f"Error executing code: {str(e)}"
         
         self.agent.add_tool(run_python)
@@ -441,6 +455,69 @@ class TinyCodeAgent:
         """
         return self.pip_packages.copy()
     
+    def add_authorized_imports(self, imports: List[str]):
+        """
+        Add additional authorized imports to the execution environment.
+        
+        Args:
+            imports: List of import names to authorize
+        """
+        self.authorized_imports.extend(imports)
+        self.authorized_imports = list(set(self.authorized_imports))  # Remove duplicates
+        
+        # Update the provider with the new authorized imports
+        # This requires recreating the provider
+        print("⚠️  Warning: Adding authorized imports after initialization requires recreating the Modal environment.")
+        print("   For better performance, set authorized_imports during TinyCodeAgent initialization.")
+        
+        # Recreate the provider with new authorized imports
+        self.code_provider = self._create_provider(self.provider, self.provider_config)
+        
+        # Re-set user variables if they exist
+        if self.user_variables:
+            self.code_provider.set_user_variables(self.user_variables)
+        
+        # Rebuild system prompt to include new authorized imports
+        self.system_prompt = self._build_system_prompt()
+        # Update the agent's system prompt
+        self.agent.system_prompt = self.system_prompt
+    
+    def get_authorized_imports(self) -> List[str]:
+        """
+        Get a copy of current authorized imports.
+        
+        Returns:
+            List of authorized imports
+        """
+        return self.authorized_imports.copy()
+    
+    def remove_authorized_import(self, import_name: str):
+        """
+        Remove an authorized import.
+        
+        Args:
+            import_name: Import name to remove
+        """
+        if import_name in self.authorized_imports:
+            self.authorized_imports.remove(import_name)
+            
+            # Update the provider with the new authorized imports
+            # This requires recreating the provider
+            print("⚠️  Warning: Removing authorized imports after initialization requires recreating the Modal environment.")
+            print("   For better performance, set authorized_imports during TinyCodeAgent initialization.")
+            
+            # Recreate the provider with updated authorized imports
+            self.code_provider = self._create_provider(self.provider, self.provider_config)
+            
+            # Re-set user variables if they exist
+            if self.user_variables:
+                self.code_provider.set_user_variables(self.user_variables)
+            
+            # Rebuild system prompt to reflect updated authorized imports
+            self.system_prompt = self._build_system_prompt()
+            # Update the agent's system prompt
+            self.agent.system_prompt = self.system_prompt
+    
     async def close(self):
         """Clean up resources."""
         await self.code_provider.cleanup()
@@ -498,6 +575,7 @@ async def run_example():
         user_variables={
             "sample_data": [1, 2, 3, 4, 5, 10, 15, 20]
         },
+        authorized_imports=["tinyagent", "gradio", "requests", "numpy", "pandas"],  # Explicitly specify authorized imports
         local_execution=False  # Remote execution via Modal (default)
     )
     
@@ -524,6 +602,7 @@ async def run_example():
         user_variables={
             "sample_data": [1, 2, 3, 4, 5, 10, 15, 20]
         },
+        authorized_imports=["tinyagent", "gradio", "requests"],  # More restricted imports for local execution
         local_execution=True  # Local execution
     )
     
@@ -550,6 +629,18 @@ async def run_example():
     agent_remote.add_code_tool(validator)
     agent_local.add_code_tool(validator)
     
+    # Demonstrate adding authorized imports dynamically
+    print("\n" + "="*80)
+    print("🔧 Testing with dynamically added authorized imports")
+    agent_remote.add_authorized_imports(["matplotlib", "seaborn"])
+    
+    # Test with visualization libraries
+    viz_prompt = "Create a simple plot of the sample_data and save it as a base64 encoded image string."
+    
+    response_viz = await agent_remote.run(viz_prompt)
+    print("Remote Agent Visualization Response:")
+    print(response_viz)
+    
     print("\n" + "="*80)
     print("🔧 Testing with dynamically added tools")
     

tinyagent/code_agent/utils.py

@@ -1,6 +1,7 @@
 import sys
 import cloudpickle
-from typing import Dict, Any
+from typing import Dict, Any, List
+from .safety import validate_code_safety, function_safety_context
 
 
 def clean_response(resp: Dict[str, Any]) -> Dict[str, Any]:
@@ -40,7 +41,14 @@ def make_session_blob(ns: dict) -> bytes:
     return cloudpickle.dumps(clean)
 
 
-def _run_python(code: str, globals_dict: Dict[str, Any] = None, locals_dict: Dict[str, Any] = None):
+def _run_python(
+    code: str,
+    globals_dict: Dict[str, Any] | None = None,
+    locals_dict: Dict[str, Any] | None = None,
+    authorized_imports: List[str] | None = None,
+    authorized_functions: List[str] | None = None,
+    trusted_code: bool = False,
+):
     """
     Execute Python code in a controlled environment with proper error handling.
     
@@ -48,6 +56,9 @@ def _run_python(code: str, globals_dict: Dict[str, Any] = None, locals_dict: Dic
         code: Python code to execute
         globals_dict: Global variables dictionary
         locals_dict: Local variables dictionary
+        authorized_imports: List of authorized imports that user code may access. Wildcards (e.g. "numpy.*") are supported. A value of None disables the allow-list and only blocks dangerous modules.
+        authorized_functions: List of authorized dangerous functions that user code may access. A value of None disables the allow-list and blocks all dangerous functions.
+        trusted_code: If True, skip security checks. Should only be used for framework code, tools, or default executed code.
         
     Returns:
         Dictionary containing execution results
@@ -56,16 +67,27 @@ def _run_python(code: str, globals_dict: Dict[str, Any] = None, locals_dict: Dic
     import traceback
     import io
     import ast
-    
+    import builtins  # Needed for import hook
+    import sys
+
+    # ------------------------------------------------------------------
+    # 1. Static safety analysis – refuse code containing dangerous imports or functions
+    # ------------------------------------------------------------------
+    validate_code_safety(code, authorized_imports=authorized_imports, 
+                        authorized_functions=authorized_functions, trusted_code=trusted_code)
+
     # Make copies to avoid mutating the original parameters
     globals_dict = globals_dict or {}
     locals_dict = locals_dict or {}
     updated_globals = globals_dict.copy()
     updated_locals = locals_dict.copy()
     
-    # Pre-import essential modules into the global namespace
-    # This ensures they're available for imports inside functions
-    essential_modules = ['requests', 'json', 'os', 'sys', 'time', 'datetime', 're', 'random', 'math']
+    # Only pre-import a **minimal** set of safe modules so that common helper
+    # functions work out of the box without giving user code access to the
+    # full standard library.  Anything outside this list must be imported
+    # explicitly by the user – and will be blocked by the safety layer above
+    # if considered dangerous.
+    essential_modules = ['requests', 'json', 'time', 'datetime', 're', 'random', 'math','cloudpickle']
     
     for module_name in essential_modules:
         try:
@@ -75,12 +97,30 @@ def _run_python(code: str, globals_dict: Dict[str, Any] = None, locals_dict: Dic
         except ImportError:
             print(f"⚠️  Warning: {module_name} module not available")
     
+    # Variable to store print output
+    output_buffer = []
+    
+    # Create a custom print function that captures output
+    def custom_print(*args, **kwargs):
+        # Get the sep and end kwargs, defaulting to ' ' and '\n'
+        sep = kwargs.get('sep', ' ')
+        end = kwargs.get('end', '\n')
+        
+        # Convert all arguments to strings and join them
+        output = sep.join(str(arg) for arg in args) + end
+        
+        # Store the output
+        output_buffer.append(output)
+    
+    # Add the custom print function to the globals
+    #updated_globals['print'] = custom_print
+    
+    # Parse the code
     tree = ast.parse(code, mode="exec")
     compiled = compile(tree, filename="<ast>", mode="exec")
     stdout_buf = io.StringIO()
-    stderr_buf = io.StringIO()
-
-    # Execute with stdout+stderr capture and exception handling
+    stderr_buf = io.StringIO()   
+    # Execute with exception handling
     error_traceback = None
     output = None
 
@@ -92,8 +132,15 @@ def _run_python(code: str, globals_dict: Dict[str, Any] = None, locals_dict: Dic
             merged_globals = updated_globals.copy()
             merged_globals.update(updated_locals)
             
+            # Add 'exec' to authorized_functions for internal use
+            internal_authorized_functions = ['exec','eval']
+            if authorized_functions is not None and not isinstance(authorized_functions, bool):
+                internal_authorized_functions.extend(authorized_functions)
+            
             # Execute with only globals - this fixes generator expression scoping issues
-            output = exec(code, merged_globals)
+            # Use the function_safety_context to block dangerous functions during execution
+            with function_safety_context(authorized_functions=internal_authorized_functions, trusted_code=trusted_code):
+                output = exec(compiled, merged_globals)
             
             # Update both dictionaries with any new variables created during execution
             for key, value in merged_globals.items():
@@ -106,6 +153,8 @@ def _run_python(code: str, globals_dict: Dict[str, Any] = None, locals_dict: Dic
             # Capture the full traceback as a string
             error_traceback = traceback.format_exc()
 
+    # Join all captured output
+    #printed_output = ''.join(output_buffer)  
     printed_output = stdout_buf.getvalue()
     stderr_output = stderr_buf.getvalue()
     error_traceback_output = error_traceback

tinyagent/hooks/gradio_callback.py

@@ -5,6 +5,7 @@ import os
 import re
 import shutil
 import time
+import io
 from pathlib import Path
 from typing import Any, Dict, List, Optional, Set, Union
 
@@ -36,6 +37,7 @@ class GradioCallback:
         show_thinking: bool = True,
         show_tool_calls: bool = True,
         logger: Optional[logging.Logger] = None,
+        log_manager: Optional[Any] = None,
     ):
         """
         Initialize the Gradio callback.
@@ -46,6 +48,7 @@ class GradioCallback:
             show_thinking: Whether to show the thinking process
             show_tool_calls: Whether to show tool calls
             logger: Optional logger to use
+            log_manager: Optional LoggingManager instance to capture logs from
         """
         self.logger = logger or logging.getLogger(__name__)
         self.show_thinking = show_thinking
@@ -81,6 +84,37 @@ class GradioCallback:
         # References to Gradio UI components (will be set in create_app)
         self._chatbot_component = None
         self._token_usage_component = None
+        
+        # Log stream for displaying logs in the UI
+        self.log_stream = io.StringIO()
+        self._log_component = None
+        
+        # Setup logging
+        self.log_manager = log_manager
+        if log_manager:
+            # Create a handler that writes to our StringIO stream
+            self.log_handler = logging.StreamHandler(self.log_stream)
+            self.log_handler.setFormatter(
+                logging.Formatter('%(asctime)s - %(levelname)s - %(name)s - %(message)s')
+            )
+            self.log_handler.setLevel(logging.DEBUG)
+            
+            # Add the handler to the LoggingManager
+            log_manager.configure_handler(
+                self.log_handler,
+                format_string='%(asctime)s - %(levelname)s - %(name)s - %(message)s',
+                level=logging.DEBUG
+            )
+            self.logger.debug("Added log handler to LoggingManager")
+        elif logger:
+            # Fall back to single logger if no LoggingManager is provided
+            self.log_handler = logging.StreamHandler(self.log_stream)
+            self.log_handler.setFormatter(
+                logging.Formatter('%(asctime)s - %(levelname)s - %(name)s - %(message)s')
+            )
+            self.log_handler.setLevel(logging.DEBUG)
+            logger.addHandler(self.log_handler)
+            self.logger.debug("Added log handler to logger")
 
         self.logger.debug("GradioCallback initialized")
     
@@ -525,7 +559,7 @@ class GradioCallback:
         typing_message_index = len(chatbot_history) - 1
  
         # Initial yield to show user message and typing indicator
-        yield chatbot_history, self._get_token_usage_text()
+        yield chatbot_history, self._get_token_usage_text(), self.log_stream.getvalue() if self._log_component else None
  
         # Kick off the agent in the background
         loop = asyncio.get_event_loop()
@@ -632,9 +666,10 @@ class GradioCallback:
                             del in_progress_tool_calls[tid]
                             self.logger.debug(f"Updated tool call to completed: {tname}")
  
-                # yield updated history + token usage
+                # yield updated history + token usage + logs
                 token_text = self._get_token_usage_text()
-                yield chatbot_history, token_text
+                logs = self.log_stream.getvalue() if self._log_component else None
+                yield chatbot_history, token_text, logs
                 self.last_update_yield_time = now
  
             await asyncio.sleep(update_interval)
@@ -657,8 +692,9 @@ class GradioCallback:
             )
             self.logger.debug(f"Added final result: {final_text[:50]}...")
  
-        # final token usage
-        yield chatbot_history, self._get_token_usage_text()
+        # final token usage and logs
+        logs = self.log_stream.getvalue() if self._log_component else None
+        yield chatbot_history, self._get_token_usage_text(), logs
 
     def _format_response(self, response_text):
         """
@@ -839,6 +875,22 @@ class GradioCallback:
                     # Clear button
                     clear_btn = gr.Button("Clear Conversation")
                     
+                    # Log accordion - similar to the example provided
+                    with gr.Accordion("Agent Logs", open=False) as log_accordion:
+                        self._log_component = gr.Code(
+                            label="Live Logs",
+                            lines=15,
+                            interactive=False,
+                            value=self.log_stream.getvalue()
+                        )
+                        refresh_logs_btn = gr.Button("🔄 Refresh Logs")
+                        refresh_logs_btn.click(
+                            fn=lambda: self.log_stream.getvalue(),
+                            inputs=None,
+                            outputs=[self._log_component],
+                            queue=False
+                        )
+                    
                     # Store processed input temporarily between steps
                     processed_input_state = gr.State("")
 
@@ -859,7 +911,7 @@ class GradioCallback:
                         # 3. Run the main interaction loop (this yields updates)
                         fn=self.interact_with_agent,
                         inputs=[processed_input_state, self._chatbot_component],
-                        outputs=[self._chatbot_component, self._token_usage_component], # Update chat and tokens
+                        outputs=[self._chatbot_component, self._token_usage_component, self._log_component], # Update chat, tokens, and logs
                         queue=True # Explicitly enable queue for this async generator
                     ).then(
                         # 4. Re-enable the button after interaction finishes
@@ -885,7 +937,7 @@ class GradioCallback:
                         # 3. Run the main interaction loop (this yields updates)
                         fn=self.interact_with_agent,
                         inputs=[processed_input_state, self._chatbot_component],
-                        outputs=[self._chatbot_component, self._token_usage_component], # Update chat and tokens
+                        outputs=[self._chatbot_component, self._token_usage_component, self._log_component], # Update chat, tokens, and logs
                         queue=True # Explicitly enable queue for this async generator
                     ).then(
                         # 4. Re-enable the button after interaction finishes
@@ -899,8 +951,8 @@ class GradioCallback:
                     clear_btn.click(
                         fn=self.clear_conversation,
                         inputs=None, # No inputs needed
-                        # Outputs: Clear chatbot and reset token text
-                        outputs=[self._chatbot_component, self._token_usage_component],
+                        # Outputs: Clear chatbot, reset token text, and update logs
+                        outputs=[self._chatbot_component, self._token_usage_component, self._log_component],
                         queue=False # Run quickly
                     )
 
@@ -917,6 +969,12 @@ class GradioCallback:
         self.assistant_text_responses = []
         self.token_usage = {"prompt_tokens": 0, "completion_tokens": 0, "total_tokens": 0}
         self.is_running = False
+        
+        # Clear log stream
+        if hasattr(self, 'log_stream'):
+            self.log_stream.seek(0)
+            self.log_stream.truncate(0)
+            self.logger.info("Log stream cleared")
 
         # Completely reset the agent state with a new session
         try:
@@ -965,8 +1023,9 @@ class GradioCallback:
         except Exception as e:
             self.logger.error(f"Failed to reset TinyAgent completely: {e}")
 
-        # Return cleared UI components: empty chat + fresh token usage
-        return [], self._get_token_usage_text()
+        # Return cleared UI components: empty chat + fresh token usage + empty logs
+        logs = self.log_stream.getvalue() if hasattr(self, 'log_stream') else ""
+        return [], self._get_token_usage_text(), logs
 
     def launch(self, agent, title="TinyAgent Chat", description=None, share=False, **kwargs):
         """
@@ -1028,21 +1087,31 @@ async def run_example():
     from tinyagent import TinyAgent  # Assuming TinyAgent is importable
     from tinyagent.hooks.logging_manager import LoggingManager  # Assuming LoggingManager exists
 
-    # --- Logging Setup (Simplified) ---
+    # --- Logging Setup (Similar to the example provided) ---
     log_manager = LoggingManager(default_level=logging.INFO)
     log_manager.set_levels({
         'tinyagent.hooks.gradio_callback': logging.DEBUG,
         'tinyagent.tiny_agent': logging.DEBUG,
         'tinyagent.mcp_client': logging.DEBUG,
+        'tinyagent.code_agent': logging.DEBUG,
     })
+    
+    # Console handler for terminal output
     console_handler = logging.StreamHandler(sys.stdout)
     log_manager.configure_handler(
         console_handler,
         format_string='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
         level=logging.DEBUG
     )
+    
+    # The Gradio UI will automatically set up its own log handler
+    # through the LoggingManager when we pass it to GradioCallback
+    
+    # Get loggers for different components
     ui_logger = log_manager.get_logger('tinyagent.hooks.gradio_callback')
     agent_logger = log_manager.get_logger('tinyagent.tiny_agent')
+    mcp_logger = log_manager.get_logger('tinyagent.mcp_client')
+    
     ui_logger.info("--- Starting GradioCallback Example ---")
     # --- End Logging Setup ---
 
@@ -1064,12 +1133,13 @@ async def run_example():
 
     agent.add_tool(get_weather)
 
-    # Create the Gradio callback
+    # Create the Gradio callback with LoggingManager integration
     gradio_ui = GradioCallback(
         file_upload_folder=upload_folder,
         show_thinking=True,
         show_tool_calls=True,
-        logger=ui_logger # Pass the specific logger
+        logger=ui_logger,
+        log_manager=log_manager  # Pass the LoggingManager for comprehensive logging
     )
     agent.add_callback(gradio_ui)
 
@@ -1084,25 +1154,9 @@ async def run_example():
         ui_logger.error(f"Failed to connect to MCP servers: {e}", exc_info=True)
         # Continue without servers - we still have the local get_weather tool
 
-    # Create the Gradio app but don't launch it yet
-    #app = gradio_ui.create_app(
-    #    agent,
-    #    title="TinyAgent Chat Interface",
-    #    description="Chat with TinyAgent. Try asking: 'Plan a trip to Toronto for 7 days in the next month.'",
-    #)
-    
-    # Configure the queue without extra parameters
-    #app.queue()
-    
-    # Launch the app in a way that doesn't block our event loop
+    # Launch the Gradio interface
     ui_logger.info("Launching Gradio interface...")
     try:
-        # Launch without blocking
-        #app.launch(
-        #    share=False,
-        #    prevent_thread_lock=True,  # Critical to not block our event loop
-        #    show_error=True
-        #)
         gradio_ui.launch(
             agent,
             title="TinyAgent Chat Interface",
@@ -1113,9 +1167,19 @@ async def run_example():
         )
         ui_logger.info("Gradio interface launched (non-blocking).")
         
+        # Generate some log messages to demonstrate the log panel
+        # These will appear in both the terminal and the Gradio UI log panel
+        ui_logger.info("UI component initialized successfully")
+        agent_logger.debug("Agent ready to process requests")
+        mcp_logger.info("MCP connection established")
+        
+        for i in range(3):
+            ui_logger.info(f"Example log message {i+1} from UI logger")
+            agent_logger.debug(f"Example debug message {i+1} from agent logger")
+            mcp_logger.warning(f"Example warning {i+1} from MCP logger")
+            await asyncio.sleep(1)
+        
         # Keep the main event loop running to handle both Gradio and MCP operations
-        # This is the key part - we need to keep our main event loop running
-        # but also allow it to process both Gradio and MCP client operations
         while True:
             await asyncio.sleep(1)  # More efficient than an Event().wait()
             

tinyagent/tiny_agent.py

@@ -725,13 +725,10 @@ class TinyAgent:
                     next_turn_should_call_tools = False
                 else:
                     # No tool calls in this message
-                    if num_turns > 0:
-                    #if next_turn_should_call_tools and num_turns > 0:
-                        # If we expected tool calls but didn't get any, we're done
-                        await self._run_callbacks("agent_end", result=assistant_msg["content"] or "")
-                        return assistant_msg["content"] or ""
-                    
-                    next_turn_should_call_tools = True
+                    # If the model provides a direct answer without tool calls, we should return it
+                    # This handles the case where the LLM gives a direct answer without using tools
+                    await self._run_callbacks("agent_end", result=assistant_msg["content"] or "")
+                    return assistant_msg["content"] or ""
                 
                 num_turns += 1
                 if num_turns >= max_turns:

{tinyagent_py-0.0.11.dist-info → tinyagent_py-0.0.12.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tinyagent-py
-Version: 0.0.11
+Version: 0.0.12
 Summary: TinyAgent with MCP Client, Code Agent (Thinking, Planning, and Executing in Python), and Extendable Hooks, Tiny but powerful
 Author-email: Mahdi Golchin <golchin@askdev.ai>
 Project-URL: Homepage, https://github.com/askbudi/tinyagent

{tinyagent_py-0.0.11.dist-info → tinyagent_py-0.0.12.dist-info}/RECORD

@@ -1,20 +1,21 @@
 tinyagent/__init__.py,sha256=-3ZN8unMZDrA366BET1HKp-fnFCyXCAD1fPVbHkJSsY,172
 tinyagent/mcp_client.py,sha256=9dmLtJ8CTwKWKTH6K9z8CaCQuaicOH9ifAuNyX7Kdo0,6030
 tinyagent/memory_manager.py,sha256=tAaZZdxBJ235wJIyr04n3f2Damok4s2UXunTtur_p-4,44916
-tinyagent/tiny_agent.py,sha256=_qHQc2yroSI1Ihn5Ex3FH_ml7aaSNC9-yR540C16Cxs,41125
+tinyagent/tiny_agent.py,sha256=X-rh8gCxeVSNS4RJ9vdtqTKf8ksDGrXsV1jwprW6Fj8,41049
 tinyagent/code_agent/__init__.py,sha256=YSOblSwRS1QcAYUu--GvF4fKeQX1KRTj9P8CWySY3pY,327
 tinyagent/code_agent/example.py,sha256=qC6i3auUT1YwXS9WK1Ovq-9oDOUgzRxDegYdlVcVcfA,5861
 tinyagent/code_agent/helper.py,sha256=oZnpo-_H3cB12LxNN7Ztd-31EiUcuI2UpWP69xuF8oE,7205
-tinyagent/code_agent/modal_sandbox.py,sha256=3FaTLESkdQmEO9A5dMmMOOkd0w2cnGGpfXngvojQxJ8,16317
-tinyagent/code_agent/tiny_code_agent.py,sha256=D0stvCao0dvrpY2ChxGxf048SEUDW-yHgJ_9Aluw2Ek,23142
-tinyagent/code_agent/utils.py,sha256=rEnrKv9l8knjUroBQhz6Q8q6ehCt9IAsJtM-m3ZMNjY,4231
+tinyagent/code_agent/modal_sandbox.py,sha256=RcQ5a-UFyqV7xSHnttpgAQQ-mNWk-9Z0tb836ua7C0E,16381
+tinyagent/code_agent/safety.py,sha256=WHad2ypzfsdKnXG6FcgXcgGiMC-H4KTmOzhP9S9i3Zw,22209
+tinyagent/code_agent/tiny_code_agent.py,sha256=r3c_irn5RJp9qNewhlOLFaGGTAjLWqHjTwM8QewN54I,27426
+tinyagent/code_agent/utils.py,sha256=CAg8LKc_sxnXmwF0L2nRP13XsftYl3ZiD5qWO5D7QeQ,6842
 tinyagent/code_agent/providers/__init__.py,sha256=myfy9qsBDjNOhcgXJ2E9jO1q5eo6jHp43I2k0k8esLY,136
 tinyagent/code_agent/providers/base.py,sha256=Hm8jrD60QovgQHTwiFE1pKDHPk1cwGbUdzuSwic9Rjc,5832
-tinyagent/code_agent/providers/modal_provider.py,sha256=myq0WKiNi8G0MpUUGo7olbGFVmcZ3iMa8XTmT537PZg,8576
+tinyagent/code_agent/providers/modal_provider.py,sha256=4uhmDA2pLYbbBi3actrBkHD_-pt3gt2incKBj12hab0,10084
 tinyagent/code_agent/tools/__init__.py,sha256=0XtrgYBgBayOffW50KyrlmrXXs9iu6z1DHu7-D8WGqY,94
 tinyagent/code_agent/tools/example_tools.py,sha256=YbXb7PKuvvxh-LV12Y4n_Ez3RyLA95gWOcZrKsa7UHg,1203
 tinyagent/hooks/__init__.py,sha256=RZow2r0XHLJ3-tnmecScdc0_wrEdmOy5dtXqoiRME5Y,254
-tinyagent/hooks/gradio_callback.py,sha256=TS28i4UUIEWsl_e75tRXyVTOKzH7at8nmIl8d3ZTYag,53493
+tinyagent/hooks/gradio_callback.py,sha256=3vKfGknn7XOHtcoF6DkLKDCJmC_oCRhu1-kqWmAAOc4,56821
 tinyagent/hooks/logging_manager.py,sha256=UpdmpQ7HRPyer-jrmQSXcBwi409tV9LnGvXSHjTcYTI,7935
 tinyagent/hooks/rich_code_ui_callback.py,sha256=PLcu5MOSoP4oZR3BtvcV9DquxcIT_d0WzSlkvaDcGOk,19820
 tinyagent/hooks/rich_ui_callback.py,sha256=5iCNOiJmhc1lOL7ZjaOt5Sk3rompko4zu_pAxfTVgJQ,22897
@@ -25,8 +26,8 @@ tinyagent/storage/json_file_storage.py,sha256=SYD8lvTHu2-FEHm1tZmsrcgEOirBrlUsUM
 tinyagent/storage/postgres_storage.py,sha256=IGwan8UXHNnTZFK1F8x4kvMDex3GAAGWUg9ePx_5IF4,9018
 tinyagent/storage/redis_storage.py,sha256=hu3y7wHi49HkpiR-AW7cWVQuTVOUk1WaB8TEPGUKVJ8,1742
 tinyagent/storage/sqlite_storage.py,sha256=ZyOYe0d_oHO1wOIT8FxKIbc67tP_0e_8FnM2Zq8Pwj8,5915
-tinyagent_py-0.0.11.dist-info/licenses/LICENSE,sha256=YIogcVQnknaaE4K-oaQylFWo8JGRBWnwmGb3fWB_Pww,1064
-tinyagent_py-0.0.11.dist-info/METADATA,sha256=2TrsEfdxPBD7rdRXj4Z5pxrTynh1PlsqTGX4evRVKSE,13250
-tinyagent_py-0.0.11.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-tinyagent_py-0.0.11.dist-info/top_level.txt,sha256=Ny8aJNchZpc2Vvhp3306L5vjceJakvFxBk-UjjVeA_I,10
-tinyagent_py-0.0.11.dist-info/RECORD,,
+tinyagent_py-0.0.12.dist-info/licenses/LICENSE,sha256=YIogcVQnknaaE4K-oaQylFWo8JGRBWnwmGb3fWB_Pww,1064
+tinyagent_py-0.0.12.dist-info/METADATA,sha256=Q05U9Z6UJNPoHtmAbpMzxB2HfcnQbGOHHz3W1EfgWt0,13250
+tinyagent_py-0.0.12.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+tinyagent_py-0.0.12.dist-info/top_level.txt,sha256=Ny8aJNchZpc2Vvhp3306L5vjceJakvFxBk-UjjVeA_I,10
+tinyagent_py-0.0.12.dist-info/RECORD,,