Secure Tool Execution and Development

Secure Tool Execution and Development is a framework designed to mitigate security risks such as credential exposure and data leakage by running user-defined tools in isolated environments instead of in a shared runtime.

Agent Studio supports more complex, user-defined tools that require secure and controlled tool execution. The previous execution model ran all platform and user-authored tools in a shared runtime environment, posed significant security risks. This environment had access to host-level paths, temporary directories, and inherited environment variables. Although simple to implement, this approach created vulnerabilities that could result in credential exposure, data leakage, and unauthorized system access.

Tool sandboxing is a critical security measure that addresses potential risks by isolating the execution environment for every tool. This isolation prevents tools from accessing unauthorized resources or interfering with the system or other processes. Tool sandboxing includes the following key aspects:

• System Integrity Protection – System directories and configurations are made read-only, preventing tools from making modifications.
• Controlled Resource Access – Tools are restricted to reading only from designated project directories and writing only to their specific artifact file directory during workflow execution.
• Environmental and Process Isolation – Each tool operates within its own isolated environment, utilizing sanitized environment variables and preventing interference with the processes of other tools.
• Directory Escapement Prevention – Measures are in place to prevent path traversal, ensuring tools remain within their designated directories.