Skip to content

🛂 fix: Re-Check execute_code Authorization on Event-Driven Tool Loads#13912

Merged
danny-avila merged 1 commit into
devfrom
codex/sec-4284-tool-execution-gate
Jun 23, 2026
Merged

🛂 fix: Re-Check execute_code Authorization on Event-Driven Tool Loads#13912
danny-avila merged 1 commit into
devfrom
codex/sec-4284-tool-execution-gate

Conversation

@danny-avila

Copy link
Copy Markdown
Owner

Summary

  • Gate event-driven bash_tool loading on the same per-agent execute_code authorization used by initial tool definition loading.
  • Require direct code execution tool requests to be present in the run toolRegistry before loading them.
  • Add a regression test for an agent without execute_code attempting to load code execution tools through ON_TOOL_EXECUTE.

Root Cause

loadToolDefinitionsWrapper filtered initial tool definitions against the agent's configured tools, but loadToolsForExecution trusted runtime tool names from ON_TOOL_EXECUTE too much. A model/tool-call path could request bash_tool even when the agent did not have execute_code registered.

Validation

  • cd api && npx jest server/services/__tests__/ToolService.spec.js --runInBand --silent
  • cd api && npx jest server/services/Endpoints/agents/initialize.spec.js --runInBand --silent
  • git diff --check -- api/server/services/ToolService.js api/server/services/__tests__/ToolService.spec.js

Copy link
Copy Markdown
Owner Author

@codex review

@chatgpt-codex-connector

Copy link
Copy Markdown

Codex Review: Didn't find any major issues. Delightful!

Reviewed commit: db25798a00

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

@danny-avila danny-avila changed the title [codex] fix agent execution tool gate fix agent execution tool gate Jun 23, 2026
@danny-avila danny-avila changed the title fix agent execution tool gate fix: agent execution tool gate Jun 23, 2026
@danny-avila
danny-avila changed the base branch from main to dev June 23, 2026 12:12
@danny-avila
danny-avila marked this pull request as ready for review June 23, 2026 12:13
@danny-avila danny-avila changed the title fix: agent execution tool gate 🛂 fix: Re-Check execute_code Authorization on Event-Driven Tool Loads Jun 23, 2026
@danny-avila danny-avila changed the title 🛂 fix: Re-Check execute_code Authorization on Event-Driven Tool Loads 🛂 fix: Re-Check execute_code Authorization on Event-Driven Tool Loads Jun 23, 2026
@danny-avila
danny-avila merged commit edc0aeb into dev Jun 23, 2026
18 checks passed
@danny-avila
danny-avila deleted the codex/sec-4284-tool-execution-gate branch June 23, 2026 12:30
fuuuzzy pushed a commit to fuuuzzy/LibreChat that referenced this pull request Jul 7, 2026
ThomasVuNguyen pushed a commit to ThomasVuNguyen/LibreChat that referenced this pull request Jul 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant