tinyagent-py 0.0.11__tar.gz → 0.0.12__tar.gz

{tinyagent_py-0.0.11/tinyagent_py.egg-info → tinyagent_py-0.0.12}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tinyagent-py
-Version: 0.0.11
+Version: 0.0.12
 Summary: TinyAgent with MCP Client, Code Agent (Thinking, Planning, and Executing in Python), and Extendable Hooks, Tiny but powerful
 Author-email: Mahdi Golchin <golchin@askdev.ai>
 Project-URL: Homepage, https://github.com/askbudi/tinyagent

{tinyagent_py-0.0.11 → tinyagent_py-0.0.12}/pyproject.toml

@@ -12,7 +12,7 @@ tinyagent = ["prompts/*.yaml"]
 
 [project]
 name = "tinyagent-py"
-version = "0.0.11"
+version = "0.0.12"
 description = "TinyAgent with MCP Client, Code Agent (Thinking, Planning, and Executing in Python), and Extendable Hooks, Tiny but powerful"
 readme = "README.md"
 authors = [

{tinyagent_py-0.0.11 → tinyagent_py-0.0.12}/tinyagent/code_agent/modal_sandbox.py

@@ -63,6 +63,7 @@ def create_sandbox(
     pip_install: Sequence[str] | None = None,
     image_name: str = "tinyagent-sandbox-image",
     app_name: str = "persistent-code-session",
+    force_build: bool = False,
     **sandbox_kwargs,
 ) -> Tuple[modal.Sandbox, modal.App]:
     """Create (or lookup) a `modal.Sandbox` pre-configured for code execution.
@@ -99,7 +100,7 @@ def create_sandbox(
 
     # Build image -----------------------------------------------------------
     agent_image = (
-        modal.Image.debian_slim(python_version=python_version)
+        modal.Image.debian_slim(python_version=python_version,force_build=force_build)
         .apt_install(*apt_packages)
         .pip_install(*full_pip_list)
     )
@@ -196,6 +197,7 @@ class SandboxSession:
         modal_secrets: modal.Secret,
         *,
         timeout: int = 5 * 60,
+        
         **create_kwargs,
     ) -> None:
         self.modal_secrets = modal_secrets

{tinyagent_py-0.0.11 → tinyagent_py-0.0.12}/tinyagent/code_agent/providers/modal_provider.py

@@ -26,6 +26,7 @@ class ModalProvider(CodeExecutionProvider):
         default_packages: Optional[List[str]] = None,
         apt_packages: Optional[List[str]] = None,
         python_version: Optional[str] = None,
+        authorized_imports: list[str] | None = None,
         modal_secrets: Dict[str, Union[str, None]] | None = None,
         lazy_init: bool = True,
         sandbox_name: str = "tinycodeagent-sandbox",
@@ -48,6 +49,7 @@ class ModalProvider(CodeExecutionProvider):
                 (git, curl, …) so you only need to specify the extras.
             python_version: Python version used for the sandbox image. If
                 ``None`` the current interpreter version is used.
+            authorized_imports: Optional allow-list of modules the user code is permitted to import. Supports wildcard patterns (e.g. "pandas.*"). If ``None`` the safety layer blocks only the predefined dangerous modules.
         """
 
         # Resolve default values ------------------------------------------------
@@ -70,6 +72,7 @@ class ModalProvider(CodeExecutionProvider):
         self.default_packages: List[str] = default_packages
         self.apt_packages: List[str] = apt_packages
         self.python_version: str = python_version
+        self.authorized_imports = authorized_imports
 
         # ----------------------------------------------------------------------
         final_packages = list(set(self.default_packages + (pip_packages or [])))
@@ -89,6 +92,7 @@ class ModalProvider(CodeExecutionProvider):
         self.modal_secrets = modal.Secret.from_dict(self.secrets)
         self.app = None
         self._app_run_python = None
+        self.is_trusted_code = kwargs.get("trust_code", False)
         
         self._setup_modal_app()
         
@@ -164,18 +168,30 @@ class ModalProvider(CodeExecutionProvider):
         if self.executed_default_codes:
             print("✔️ default codes already executed")
             full_code = "\n".join(self.code_tools_definitions) +"\n\n"+code
+            # Code tools and default code are trusted, user code is not
         else:
             full_code = "\n".join(self.code_tools_definitions) +"\n\n"+ "\n".join(self.default_python_codes) + "\n\n" + code
             self.executed_default_codes = True
+            # First execution includes framework code which is trusted
         
         # Use Modal's native execution methods
         if self.local_execution:
-            # Use Modal's .local() method for local execution
-            return self._app_run_python.local(full_code, globals_dict or {}, locals_dict or {})
+            return self._app_run_python.local(
+                full_code,
+                globals_dict or {},
+                locals_dict or {},
+                self.authorized_imports,
+                self.is_trusted_code,
+            )
         else:
-            # Use Modal's .remote() method for remote execution
             with self.app.run():
-                return self._app_run_python.remote(full_code, globals_dict or {}, locals_dict or {})
+                return self._app_run_python.remote(
+                    full_code,
+                    globals_dict or {},
+                    locals_dict or {},
+                    self.authorized_imports,
+                    self.is_trusted_code,
+                )
     
     def _log_response(self, response: Dict[str, Any]):
         """Log the response from code execution."""
@@ -184,15 +200,31 @@ class ModalProvider(CodeExecutionProvider):
         print("#########################<printed_output>#########################")
         print(response["printed_output"])
         print("#########################</printed_output>#########################")
-        print("#########################<return_value>#########################")
-        print(response["return_value"])
-        print("#########################</return_value>#########################")
-        print("#########################<stderr>#########################")
-        print(response["stderr"])
-        print("#########################</stderr>#########################")
-        print("#########################<traceback>#########################")
-        print(response["error_traceback"])
-        print("#########################</traceback>#########################")
+        if response.get("return_value",None) not in [None,""]:
+            print("#########################<return_value>#########################")
+            print(response["return_value"])
+            print("#########################</return_value>#########################")
+        if response.get("stderr",None) not in [None,""]:
+            print("#########################<stderr>#########################")
+            print(response["stderr"])
+            print("#########################</stderr>#########################")
+        if response.get("error_traceback",None) not in [None,""]:
+            print("#########################<traceback>#########################")
+            # Check if this is a security exception and highlight it in red if so
+            error_text = response["error_traceback"]
+            if "SECURITY" in error_text:
+                try:
+                    from ..modal_sandbox import COLOR
+                except ImportError:
+                    # Fallback colors if modal_sandbox is not available
+                    COLOR = {
+                        "RED": "\033[91m",
+                        "ENDC": "\033[0m",
+                    }
+                print(f"{COLOR['RED']}{error_text}{COLOR['ENDC']}")
+            else:
+                print(error_text)
+            print("#########################</traceback>#########################")
     
     async def cleanup(self):
         """Clean up Modal resources."""