Skip to content

Feat/rai guardrails#21

Merged
abhi-bhat-lyzr merged 2 commits into
deployfrom
feat/rai-guardrails
Jun 5, 2026
Merged

Feat/rai guardrails#21
abhi-bhat-lyzr merged 2 commits into
deployfrom
feat/rai-guardrails

Conversation

@patel-lyzr
Copy link
Copy Markdown
Collaborator

@patel-lyzr patel-lyzr commented Jun 4, 2026

Summary

Type of change

  • Bug fix (no API change)
  • New feature (additive — opt-in or new export, no existing-behavior change)
  • Breaking change (requires major version bump on affected packages)
  • Docs / CI / tooling only

Verification

  • pnpm -r build clean
  • pnpm -r typecheck clean
  • pnpm -r test clean (note any flaky tests in the comment)
  • If a plug-in: runConformanceSuite() passes (paste report below)

Versioning

  • pnpm changeset was run for any change to a published package
  • N/A — internal-only change

Notes for the reviewer

patel-lyzr and others added 2 commits June 5, 2026 01:57
@patel-lyzr @claude
feat(guardrails): SRS-backed OPA/Cedar per-tool-call enforcement (RAI…
a65ab8d 
… policies)

End-to-end policy enforcement through Lyzr SRS, working under bypassPermissions:

- engine-claude-agent-sdk: register a PreToolUse hook when a policy is active
  so enforcement fires even under --dangerously-skip-permissions (canUseTool
  is skipped there); the hook routes to onPermissionRequest -> SrsPolicyDecider.
- protocol: add EngineContext.policyActive.
- harness-server: set policyActive = !!session.policyDecider.
- sdk: forward `policy` in the createSession body + ComputerAgentOptions.policy
  (was silently dropped).
- computeragent-server: forward `policy` on /run (previously only /sandboxes).
- agentos-server: real SRS reverse-proxy for /policies + /opa-policies (was a
  503 stub), Mongo-backed per-agent policy binding (agent_policies), and
  srsPolicyForAgent attaching the bound policy to sandbox/run bodies.
- docker-compose: SRS_BASE_URL/SRS_API_KEY for agentos (reaches SRS over
  host.docker.internal), otel-collector env.

Verified live: OPA (Rego; regex 169.254.0.0/16 + IMDS/SSRF block) and Cedar
both deny tool calls; selective allow/deny; toggle; non-policy agents
unaffected; metadata-service access blocked.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@patel-lyzr
Merge branch 'deploy' into feat/rai-guardrails
d4b78df 
# Conflicts:
#	packages/agentos-server/src/routes/chat.ts
@abhi-bhat-lyzr abhi-bhat-lyzr merged commit 221c3c5 into deploy Jun 5, 2026
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@patel-lyzr @abhi-bhat-lyzr