feat(security): 新增工具沙箱安全机制

为所有工具插件添加沙箱拦截层,防止危险的文件访问、Shell命令和Python代码执行。
包含配置文件、核心校验逻辑及31个单元测试。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-03 12:09:15 +00:00
parent a53ffebe0e
commit 80174acaae
9 changed files with 502 additions and 8 deletions
@@ -29,6 +29,13 @@ async def write_file(file_path: str, content: str) -> str:
Returns:
操作结果描述
"""
from kilostar.utils.sandbox import validate_path, PathViolation
try:
file_path = validate_path(file_path, write=True)
except PathViolation as e:
return f"[Sandbox] {e}"
try:
dir_path = os.path.dirname(file_path)
if dir_path: