Problem Description
AgentScope Runtime's sandboxing strategy isolates tool execution (good for containment) but doesn't address authorization (what the agent is allowed to do). A sandboxed malicious tool call still exfiltrates data.
Proposed Solution
The framework needs deterministic pre-action authorization - checking the tool call against policy BEFORE it enters the sandbox. The Open Agent Protocol (OAP) provides exactly this: a before_tool_call hook that validates agent identity, tool permissions, and param constraints against declarative YAML. Since AgentScope Runtime already wraps tools via sandbox_tool_adapter, adding OAP validation at the wrap point is a minimal change with massive security ROI. DOI: 10.5281/zenodo.18901596
Re: https://www.npmjs.com/package/@aporthq/aport-agent-guardrails
Affected Component(s)
Alternatives Considered
Considered input/output guardrails but that is not deterministic and Guardrails in the LLM level can be bypassed.
Additional Context
Audit Trail of All tools calls
Problem Description
AgentScope Runtime's sandboxing strategy isolates tool execution (good for containment) but doesn't address authorization (what the agent is allowed to do). A sandboxed malicious tool call still exfiltrates data.
Proposed Solution
The framework needs deterministic pre-action authorization - checking the tool call against policy BEFORE it enters the sandbox. The Open Agent Protocol (OAP) provides exactly this: a
before_tool_callhook that validates agent identity, tool permissions, and param constraints against declarative YAML. Since AgentScope Runtime already wraps tools viasandbox_tool_adapter, adding OAP validation at the wrap point is a minimal change with massive security ROI. DOI: 10.5281/zenodo.18901596Re: https://www.npmjs.com/package/@aporthq/aport-agent-guardrails
Affected Component(s)
Alternatives Considered
Considered input/output guardrails but that is not deterministic and Guardrails in the LLM level can be bypassed.
Additional Context
Audit Trail of All tools calls