Skip to content

feat: v0.13.0 — auto-generate .agent-scope.json from observed traces#29

Merged
Siddhant-K-code merged 2 commits into
mainfrom
feat/v0.13.0-policy-suggestion
Apr 11, 2026
Merged

feat: v0.13.0 — auto-generate .agent-scope.json from observed traces#29
Siddhant-K-code merged 2 commits into
mainfrom
feat/v0.13.0-policy-suggestion

Conversation

@Siddhant-K-code
Copy link
Copy Markdown
Owner

@Siddhant-K-code Siddhant-K-code commented Apr 11, 2026

Closes #19

What

Adds policy.py with suggest_policy() that analyses one or more sessions and produces a minimal allow-list .agent-scope.json covering exactly the files read/written, commands run, and network hosts observed.

How it works

  • Scans tool_call events for read/write/bash operations
  • Collapses file paths to glob patterns (src/**) when 3+ files share a directory
  • Collapses commands to base-executable patterns (pytest *)
  • Extracts hostnames from URLs in bash commands

CLI

agent-strace policy                          # analyse all sessions
agent-strace policy <session-id>...          # specific sessions
agent-strace policy --dry-run                # print without writing
agent-strace policy --output custom.json     # custom output path

Tests

tests/test_policy.py — 12 tests covering path collapsing, command collapsing, observation, and policy rendering.

@ona-agent
feat: auto-generate .agent-scope.json from observed traces
d4a060e 
Adds policy.py with suggest_policy() that analyses one or more sessions
and produces a minimal allow-list covering files read/written, commands
run, and network hosts observed. Paths are collapsed to glob patterns
(e.g. src/**) when 3+ files share a directory. Commands are collapsed
to base-executable patterns (e.g. pytest *).

CLI: agent-strace policy [session-ids...] [--output] [--dry-run]

Closes #19

Co-authored-by: Ona <no-reply@ona.com>
@Siddhant-K-code Siddhant-K-code mentioned this pull request Apr 11, 2026
Merged
@ona-agent
fix: default to dry-run when --output not specified
9a61aca 
Without --output, cmd_policy now prints the suggested policy instead of
silently writing to .agent-scope.json. This prevents accidental overwrites
when the user just wants to inspect the suggestion.

Co-authored-by: Ona <no-reply@ona.com>
@Siddhant-K-code Siddhant-K-code merged commit 5e07ff2 into main Apr 11, 2026
4 checks passed
@Siddhant-K-code Siddhant-K-code deleted the feat/v0.13.0-policy-suggestion branch April 11, 2026 17:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

v0.13.0: Policy suggestion - auto-generate .agent-scope.json from observed traces

1 participant

@Siddhant-K-code