Spaces:

InnerI
/

agent-studio

Sleeping

App Files Files Community

InnerI commited on Feb 17

Commit

43b8c47

verified ·

1 Parent(s): bc86ffa

Update app.py

Browse files

Files changed (1) hide show

app.py +42 -19

app.py CHANGED Viewed

@@ -403,31 +403,54 @@ for tc, tm in zip(tools, tools_meta):
         # Plan gating: block tools above tier max risk
     if risk_rank.get(tm["risk"], 3) > tier_max_rank:
-        outputs.append({"tool_id": tm["tool_id"], "blocked": True, "reason": "plan_blocks_{tm['risk']}_risk"})
         continue
     if mode == "sandbox" and tm["risk"] != "low":
-        outputs.append({"tool_id": tm["tool_id"], "blocked": True, "reason": "sandbox_mode"})
         continue
     try:
-        outputs.append({"tool_id": tm["tool_id"], "output": run_tool(tm["tool_id"], tc.get("args", {}))})
     except Exception as e:
-        outputs.append({"tool_id": tm["tool_id"], "error": str(e)})
-    # receipts + audit chain
-    receipt = {
-        "ts_unix": now_unix(),
-        "agent_id": agent_id,
-        "user_id": user["user_id"],
-        "intent": intent,
-        "mode": mode,
-        "decision": decision,
-        "outputs_hash": sha256_hex(canonical_json(outputs)),
-    }
-    receipt["signature"] = sign_hmac(receipt, RECEIPT_SIGNING_KEY)
-    audit = audit_append(agent_id, user["user_id"], "secure_call.run", {"intent": intent, "tools": tools}, {"outputs": outputs, "receipt": receipt})
-    conn.close()
-    return {"outputs": outputs, "receipt": receipt, "audit": audit}
 # ---------------- Admin actions ----------------
 def create_agent_admin(session_token: str, agent_id: str, display_name: str, risk_tier: str, verification_level: str):

         # Plan gating: block tools above tier max risk
     if risk_rank.get(tm["risk"], 3) > tier_max_rank:
+        outputs.append({
+            "tool_id": tm["tool_id"],
+            "blocked": True,
+            "reason": f"plan_blocks_{tm['risk']}_risk"
+        })
         continue
+    # Sandbox gating (policy-based)
     if mode == "sandbox" and tm["risk"] != "low":
+        outputs.append({
+            "tool_id": tm["tool_id"],
+            "blocked": True,
+            "reason": "sandbox_mode"
+        })
         continue
     try:
+        outputs.append({
+            "tool_id": tm["tool_id"],
+            "output": run_tool(tm["tool_id"], tc.get("args", {}))
+        })
     except Exception as e:
+        outputs.append({
+            "tool_id": tm["tool_id"],
+            "error": str(e)
+        })
+# receipts + audit chain (MUST be after the loop)
+receipt = {
+    "ts_unix": now_unix(),
+    "agent_id": agent_id,
+    "user_id": user["user_id"],
+    "intent": intent,
+    "mode": mode,
+    "decision": decision,
+    "outputs_hash": sha256_hex(canonical_json(outputs)),
+}
+receipt["signature"] = sign_hmac(receipt, RECEIPT_SIGNING_KEY)
+audit = audit_append(
+    agent_id,
+    user["user_id"],
+    "secure_call.run",
+    {"intent": intent, "tools": tools},
+    {"outputs": outputs, "receipt": receipt},
+)
+conn.close()
+return {"outputs": outputs, "receipt": receipt, "audit": audit}
 # ---------------- Admin actions ----------------
 def create_agent_admin(session_token: str, agent_id: str, display_name: str, risk_tier: str, verification_level: str):