[#526] Implement Green/Red action classification#552
Merged
Conversation
- Create action classifier in orchestrator/src/approval/classifier.rs - Classify tool calls as Green (autonomous) or Red (requires approval) - Green: read-only operations (read_file, list_files, search, web fetch, etc.) - Red: destructive operations (write_file, delete_file, send_email, transfer_crypto, etc.) - Add comprehensive tests for classification logic (42 test cases) - Follow approval cliff requirements with conservative defaults (unknown tools = RED) - Support batch classification for multiple tool calls - Include parameter-based classification for enhanced security Key features: - Pattern-based classification using tool name matching - Risk level assignment (None, Low, Medium, High, Critical) - Word boundary checks to avoid false positives - Read-only external call detection - Server-specific tool support (GitHub, Slack, etc.) All acceptance criteria from #526 met: - [x] Create orchestrator/src/approval/ module - [x] Implement action classifier - [x] Green actions: read_file, list_files, search, read-only operations - [x] Red actions: write_file, delete_file, send_email, transfer_crypto, destructive operations - [x] Add classification logic based on tool name and parameters - [x] Add tests for classification accuracy - [x] Document the classification rules Closes #526 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Fixes formatting issues detected by cargo fmt: - Reformat long match arm for list directory tools - Reformat test function calls with long parameters - Remove trailing whitespace in metrics.rs These formatting issues were causing CI failures on both ubuntu-latest and macos-latest. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements Green/Red action classification feature for LuminaGuard approval cliff. This determines whether MCP tool calls require human approval based on security risk.
Changes
Created
orchestrator/src/approval/classifier.rswith comprehensive action classification logic:ToolClassifier
Classifies tool calls as Green (autonomous) or Red (requires approval):
Green Actions (No Approval):
read_file,read,read_resource,read_promptlist_files,list_directory,list_resources,list_promptssearch,grep,find,locateview,view_file,get_file_info,stat,info,statuscheck_file,monitorRed Actions (Require Approval):
delete_file,remove_file,transfer_crypto,transfer_assetwrite_file,edit_file,modify_system,execute_command,run_scriptcreate_file,send_email,deploy,publish,external_callinstall,commit,pushClassificationResult
Returns detailed classification information:
requires_approval: Whether approval is neededaction_type: Inferred action typerisk_level: None, Low, Medium, High, Criticalreason: Human-readable explanationAdvanced Features
Testing
42 comprehensive test cases covering:
All 42 tests pass successfully.
Integration
The classifier is integrated into the approval module and can be used by
ApprovalManagerto automatically determine whether a tool call requires human approval. This provides the foundation for the complete approval cliff workflow.Acceptance Criteria
Closes #526