Skip to content

feat: Session policy pinning + tool alias registry#96

Merged
imran-siddique merged 1 commit intomainfrom
fix/session-pinning-tool-aliasing
Mar 7, 2026
Merged

feat: Session policy pinning + tool alias registry#96
imran-siddique merged 1 commit intomainfrom
fix/session-pinning-tool-aliasing

Conversation

@imran-siddique
Copy link
Member

@imran-siddique imran-siddique commented Mar 7, 2026

Summary

Two adversarial-durability fixes for the governance layer:

Session Policy Pinning (Closes #92)

  • \create_context()\ now deep-copies the policy so each session gets an immutable snapshot
  • Prevents mid-session policy mutations from leaking into running sessions
  • Documents that \pre_execute()\ still reads the live integration policy (follow-up needed)

Tool Alias Registry (Closes #94)

  • New \ToolAliasRegistry\ class that maps tool name variants to canonical capability identifiers
  • Default mappings for 7 tool families: web_search, file_read/write, shell_execute, code_execute, database_query, http_request
  • Supports exact-match aliases AND regex pattern-based matching
  • \is_allowed()\ / \is_blocked()\ canonicalize both sides before comparison
  • Prevents policy bypass via tool renaming (e.g., \�ing_search\ bypassing a \web_search\ block)

Tests

  • 20 tests covering pinning isolation, alias resolution, bypass prevention, pattern matching, and family coverage

Files Changed

  • \�ase.py: Added \import copy, deep-copy in \create_context()\
  • \ ool_aliases.py: New \ToolAliasRegistry\ class (166 lines)
  • _init_.py: Export \ToolAliasRegistry\
  • \ est_session_pinning_and_aliases.py: 20 tests

@imran-siddique
feat: session policy pinning + tool alias registry
9caf8db 
- Deep-copy policy in create_context() so sessions get pinned snapshots
  that aren't mutated by later policy changes (Closes #92)
- Add ToolAliasRegistry with default canonical mappings for 7 tool
  families (web_search, file_read/write, shell_execute, code_execute,
  database_query, http_request) — prevents policy bypass via tool
  renaming (Closes #94)
- Export ToolAliasRegistry from integrations __init__
- 20 tests covering pinning isolation and alias bypass prevention

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@github-actions github-actions bot added the tests label Mar 7, 2026
@github-actions
Copy link

github-actions bot commented Mar 7, 2026

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@github-actions github-actions bot added the size/L Large PR (< 500 lines) label Mar 7, 2026
@imran-siddique imran-siddique merged commit 6c28ee5 into main Mar 7, 2026
24 of 25 checks passed
@imran-siddique imran-siddique deleted the fix/session-pinning-tool-aliasing branch March 7, 2026 22:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/L Large PR (< 500 lines) tests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

fix: add tool alias registry to prevent capability bypass via renaming fix: snapshot policy at session start to prevent mid-session mutation leaks

1 participant

@imran-siddique