**Trust level corrections**
- `pip_install` (elevated → high): installing arbitrary packages deserves
a WARNING-level audit entry, not INFO.
- `python_exec` (elevated → critical): running arbitrary Python is a
CRITICAL-severity action per the registry's severity mapping.
`elevated` silently mapped to INFO, understating blast radius in the
audit log.
**PII scanner additions**
- Space-separated SSN (`123 45 6789`).
- Contextual bare 9-digit SSN (`ssn: 123456789`).
- Contextual passport numbers (`passport #ABC12345`).
- IBAN — rewritten from the original PR to require the `iban` keyword
and 15+ char total length. The original `\b[A-Z]{2}\d{2}[A-Z0-9]{4,30}\b`
pattern matched arbitrary uppercase strings (ARNs, UUIDs, etc) and
generated too many false positives.
Drops the original PR's `fetch.py` change — `get_directory_keyboard` no
longer exists in dev (the InlineKeyboardMarkup-None guard is obsolete).
Co-Authored-By: Dhruv18052003-web <177319013+Dhruv18052003-web@users.noreply.github.com>
* feat(tools): add run_python, install_package, and edit_file primitives
Three new builtin tools that close the gap between "agent that chats"
and "agent that builds things":
- run_python: sandboxed Python execution via subprocess (trust: elevated).
Writes code to a temp file in the file jail, runs with sys.executable,
Guardian AI reviews before execution, cleanup in finally block.
- install_package: pip install with input validation and Guardian review
(trust: elevated). Whitelist regex blocks shell injection. Subprocess
runs without shell=True for defense-in-depth.
- edit_file: find-and-replace file editing (trust: standard). Closes the
gap where policy.py referenced edit_file in group:fs but no tool existed.
Supports unique match (default) and replace_all modes.
Wiring changes:
- __init__.py: lazy imports for all three tools
- policy.py: run_python added to group:shell, new group:packages with
install_package, coding profile includes group:packages
- tool_bridge.py: EditFileTool excluded for claude_agent_sdk (has native Edit)
31 new tests across 3 test files, all passing.
Closes#581
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat(tools): add deliver_artifact tool for sending files to users
Standalone tool that lets the agent explicitly send any file (image,
video, audio, PDF) to the user through their current channel. Bridges
the gap between _media_result() (tool-internal) and agent-accessible
file delivery.
Uses the existing media pipeline: _media_result() -> AgentLoop extraction
-> OutboundMessage.media -> channel adapter _send_media_file().
9 new tests, all passing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: use get_running_loop, remove whitespace from regex, clean up em dashes
- Replace deprecated asyncio.get_event_loop() with get_running_loop()
in python_exec.py and pip_install.py
- Remove \s from package spec regex (single package at a time, no spaces)
- Replace em dashes with hyphens/commas per project convention
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Rohit Kushwaha <rohitk290106@gmail.com>
Co-authored-by: Rohit Kushwaha <technicalrohit06@gmail.com>
