Skip to content

fix: verify required vendor SDK options#42

Merged
ebarti merged 1 commit into
mainfrom
agent/stack-02-required-kwargs-security
Jul 10, 2026
Merged

fix: verify required vendor SDK options#42
ebarti merged 1 commit into
mainfrom
agent/stack-02-required-kwargs-security

Conversation

@ebarti

@ebarti ebarti commented Jul 10, 2026

Copy link
Copy Markdown
Owner

What

  • require permission, sandbox, tool-filter, and spend-cap options to be explicit keyword parameters
  • fail closed when SDK callables are uninspectable, positional-only, or accept required options only through opaque **kwargs
  • preserve best-effort forwarding for non-required compatibility options
  • report failures against the correct public task field
  • align adapter fakes with the locked SDK signatures

Why

A callable that accepts **kwargs can silently discard an option while appearing compatible. That is unsafe for permission posture and budget caps.

Root cause

The shared option filter treated variadic and uninspectable signatures as proof that every required option would be honored.

Checks

  • 275 passed, 12 skipped
  • 9 installed-SDK signature contract tests passed
  • ruff check src tests
  • mypy

Stack

Base automatically changed from agent/stack-01-core-correctness to main July 10, 2026 22:39
@ebarti ebarti marked this pull request as ready for review July 10, 2026 22:39
@ebarti ebarti force-pushed the agent/stack-02-required-kwargs-security branch from 36b6a62 to 2750db3 Compare July 10, 2026 22:40
@ebarti ebarti merged commit 659f1d1 into main Jul 10, 2026
11 checks passed
@ebarti ebarti deleted the agent/stack-02-required-kwargs-security branch July 10, 2026 22:41
ebarti added a commit that referenced this pull request Jul 10, 2026
## What

- add JSON Schema as a lightweight core dependency
- reject malformed or non-JSON schemas with OutputSchemaError
- enforce strict Pydantic validation while preserving duck-model
compatibility
- distinguish valid JSON null from absent structured output
- make AgentKit clear both payload and presence state on typed failures
- validate the vendor-independent fake runtime

## Why

The public contract claimed strict typed output, but malformed schemas
were accepted, Pydantic coerced values, and null was indistinguishable
from parse failure.

## Root cause

Schema generation and typed parsing existed, but there was no local
meta-schema layer or explicit parsed-output presence bit.

## Checks

- 284 passed, 12 skipped
- ruff check src tests
- mypy
- uv lock --check
- wheel and sdist build

## Stack

- Base: #42
- Next: provider-wide output-schema enforcement
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant