Skip to content

feat(#2885): agents-kt-detekt module + ToolBodyForbiddenApis rule#119

Merged
Skobeltsyn merged 2 commits into
mainfrom
feat/2885-detekt-tool-body-rule
Jun 1, 2026
Merged

feat(#2885): agents-kt-detekt module + ToolBodyForbiddenApis rule#119
Skobeltsyn merged 2 commits into
mainfrom
feat/2885-detekt-tool-body-rule

Conversation

@Skobeltsyn
Copy link
Copy Markdown
Contributor

@Skobeltsyn Skobeltsyn commented May 31, 2026

Slice 2 of epic #2882 (capability ABI + audit ledger) — Pillar 1 static layer. New :agents-kt-detekt module + the first custom rule. TDD.

ToolBodyForbiddenApis

Flags raw outside-world APIs (java.io.File, java.net.URL/HttpURLConnection, ProcessBuilder/Runtime.exec, Class.forName, Unsafe, Socket) used inside a tool executor { } body — a tool must reach fs/net/env only through the forthcoming closed ToolEnvironment ABI (#2883), so every action is policy-gated and audited. Suppressible with @Suppress("ToolBodyForbiddenApis") + a reviewed reason.

  • AgentsKtRuleSetProvider + META-INF/services registration (ruleset id agents-kt).
  • Dogfooded: wired via detektPlugins(project(":agents-kt-detekt")) + detekt.yml, scoped to main source (test fixtures legitimately exercise tools). Main source is clean — the framework's tools don't touch raw I/O in executors.
  • Honest limit: syntactic (callee-name match, no FQN resolution); reflection/aliasing/transitive state are Pillar-3 residual (documented).

Setup

New detekt-api/detekt-test deps trusted in gradle/verification-metadata.xml; the updateVerificationMetadata task was extended to exercise the new module's classpaths. Added all 14 transitive artifacts (detekt-test pulls junit 5.10.2 + kotlin-scripting + coroutines).

Tests (4)

flags File-in-executor · flags ProcessBuilder+URL (exactly 2) · ignores the same APIs outside an executor · honors @Suppress. Wired into testAll.

Verified: full ./gradlew build green (suite + detekt with the rule live). #2884 capability extractor builds on this module next.

🤖 Generated with Claude Code

Skobeltsyn added 2 commits June 1, 2026 00:55
@Skobeltsyn
feat(#2885): agents-kt-detekt module + ToolBodyForbiddenApis rule
9796a7a 
Epic #2882 (Pillar 1, static layer). New :agents-kt-detekt module ships custom
detekt rules that gate tool executor bodies.

- ToolBodyForbiddenApis: flags raw outside-world APIs (java.io.File, java.net.URL/
  HttpURLConnection, ProcessBuilder/Runtime.exec, Class.forName, Unsafe, Socket)
  used INSIDE a tool `executor { }` lambda — a tool must reach fs/net/env only
  through the forthcoming closed ToolEnvironment ABI (#2883), so every action is
  policy-gated and audited. Suppressible with @Suppress + reviewed reason.
- AgentsKtRuleSetProvider + META-INF/services registration (ruleset id `agents-kt`).
- Wired into the project's own detekt via detektPlugins(project(":agents-kt-detekt"))
  + detekt.yml; scoped to MAIN source (test fixtures legitimately exercise tools).
  Main source is clean — the framework's tools don't touch raw I/O in executors.
- Honest limit (documented): syntactic (callee-name match, no FQN resolution);
  reflection/aliasing/transitive state are Pillar-3 residual.

new detekt-api/detekt-test deps trusted in gradle/verification-metadata.xml
(updateVerificationMetadata task extended to exercise the module's classpaths).

4 detekt-test cases (flags File-in-executor, flags ProcessBuilder+URL, ignores the
same APIs outside an executor, honors @Suppress). Wired into testAll. CHANGELOG.
Full ./gradlew build green (suite + detekt with the rule live).
@Skobeltsyn
Merge remote-tracking branch 'origin/main' into feat/2885-detekt-tool…
fe69b8d 
…-body-rule

# Conflicts:
#	CHANGELOG.md
@Skobeltsyn Skobeltsyn merged commit 94878e3 into main Jun 1, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Skobeltsyn