Skip to content

[#526] Implement Green/Red action classification#552

Merged
anchapin merged 2 commits into
mainfrom
feature/issue-526
Feb 20, 2026
Merged

[#526] Implement Green/Red action classification#552
anchapin merged 2 commits into
mainfrom
feature/issue-526

Conversation

@anchapin

Copy link
Copy Markdown
Owner

Summary

Implements Green/Red action classification feature for LuminaGuard approval cliff. This determines whether MCP tool calls require human approval based on security risk.

Changes

Created orchestrator/src/approval/classifier.rs with comprehensive action classification logic:

ToolClassifier

Classifies tool calls as Green (autonomous) or Red (requires approval):

Green Actions (No Approval):

  • Read operations: read_file, read, read_resource, read_prompt
  • List operations: list_files, list_directory, list_resources, list_prompts
  • Search operations: search, grep, find, locate
  • View operations: view, view_file, get_file_info, stat, info, status
  • Monitor operations: check_file, monitor

Red Actions (Require Approval):

  • Critical Risk: delete_file, remove_file, transfer_crypto, transfer_asset
  • High Risk: write_file, edit_file, modify_system, execute_command, run_script
  • Medium Risk: create_file, send_email, deploy, publish, external_call
  • Low Risk: install, commit, push

ClassificationResult

Returns detailed classification information:

  • requires_approval: Whether approval is needed
  • action_type: Inferred action type
  • risk_level: None, Low, Medium, High, Critical
  • reason: Human-readable explanation

Advanced Features

  • Batch Classification: Classify multiple tools at once
  • Pattern Matching: Word boundary checks to avoid false positives
  • Parameter Analysis: Detects dangerous operations in parameters
  • Read-Only External Calls: Identifies safe API calls (GET, LIST, FETCH)
  • Server-Specific Support: Handles GitHub, Slack, and other MCP server conventions
  • Conservative Default: Unknown tools default to RED (fail-secure)

Testing

42 comprehensive test cases covering:

  • Green action classification (read_file, list_directory, search, etc.)
  • Red action classification (write_file, delete_file, send_email, etc.)
  • Case insensitivity
  • Batch classification
  • GitHub-specific tools (github_list_issues, github_create_issue)
  • Slack-specific tools (slack_send_message)
  • Parameter-based classification
  • Risk level assignment
  • Unknown tools (conservative default)

All 42 tests pass successfully.

Integration

The classifier is integrated into the approval module and can be used by ApprovalManager to automatically determine whether a tool call requires human approval. This provides the foundation for the complete approval cliff workflow.

Acceptance Criteria

  • Create orchestrator/src/approval/ module
  • Implement action classifier with ToolClassifier
  • Green actions: read_file, list_files, search, read-only operations
  • Red actions: write_file, delete_file, send_email, transfer_crypto, destructive operations
  • Add classification logic based on tool name and parameters
  • Add tests for classification accuracy (42 tests)
  • Document classification rules

Closes #526

- Create action classifier in orchestrator/src/approval/classifier.rs
- Classify tool calls as Green (autonomous) or Red (requires approval)
- Green: read-only operations (read_file, list_files, search, web fetch, etc.)
- Red: destructive operations (write_file, delete_file, send_email, transfer_crypto, etc.)
- Add comprehensive tests for classification logic (42 test cases)
- Follow approval cliff requirements with conservative defaults (unknown tools = RED)
- Support batch classification for multiple tool calls
- Include parameter-based classification for enhanced security

Key features:
- Pattern-based classification using tool name matching
- Risk level assignment (None, Low, Medium, High, Critical)
- Word boundary checks to avoid false positives
- Read-only external call detection
- Server-specific tool support (GitHub, Slack, etc.)

All acceptance criteria from #526 met:
- [x] Create orchestrator/src/approval/ module
- [x] Implement action classifier
- [x] Green actions: read_file, list_files, search, read-only operations
- [x] Red actions: write_file, delete_file, send_email, transfer_crypto, destructive operations
- [x] Add classification logic based on tool name and parameters
- [x] Add tests for classification accuracy
- [x] Document the classification rules

Closes #526

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry @anchapin, you have reached your weekly rate limit of 500000 diff characters.

Please try again later or upgrade to continue using Sourcery

Fixes formatting issues detected by cargo fmt:
- Reformat long match arm for list directory tools
- Reformat test function calls with long parameters
- Remove trailing whitespace in metrics.rs

These formatting issues were causing CI failures on both
ubuntu-latest and macos-latest.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@anchapin anchapin merged commit 34a228f into main Feb 20, 2026
32 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Phase 1.8] Implement Green/Red action classification

1 participant