[FEATURE][PLUGIN]: Create Schema Guard plugin #1003
Description
Overview
Create a Schema Guard Plugin that validates tool arguments and results against JSONSchema definitions to ensure data integrity and security.
Plugin Requirements
Plugin Details
- Name: SchemaGuardPlugin
- Type: Self-contained (native) plugin
- File Location:
plugins/schema_guard/ - Complexity: Medium-High
Functionality
- Validate tool arguments before invocation
- Validate tool results after execution
- Support for JSONSchema subset validation
- Configurable validation policies per tool
- Detailed validation error reporting
Hook Integration
- Primary Hooks:
tool_pre_invoke,tool_post_invoke - Purpose: Ensure data integrity and prevent invalid tool usage
- Behavior: Block tool calls with invalid arguments or results
Configuration Schema
plugins:
- name: "SchemaGuard"
kind: "plugins.schema_guard.validator.SchemaGuardPlugin"
description: "Validate tool args/results against a simple JSONSchema subset"
version: "0.1.0"
hooks: ["tool_pre_invoke", "tool_post_invoke"]
mode: "enforce"
priority: 18
config:
# Tool argument schemas
arg_schemas:
web_scraper:
type: "object"
required: ["url"]
properties:
url:
type: "string"
format: "uri"
pattern: "^https?://"
timeout:
type: "number"
minimum: 1
maximum: 300
headers:
type: "object"
additionalProperties:
type: "string"
database_query:
type: "object"
required: ["sql"]
properties:
sql:
type: "string"
minLength: 1
maxLength: 10000
parameters:
type: "array"
maxItems: 100
timeout:
type: "number"
minimum: 1
maximum: 600
# Tool result schemas
result_schemas:
web_scraper:
type: "object"
required: ["content", "status_code"]
properties:
content:
type: "string"
maxLength: 1000000
status_code:
type: "integer"
minimum: 100
maximum: 599
headers:
type: "object"
metadata:
type: "object"
database_query:
type: "object"
required: ["rows"]
properties:
rows:
type: "array"
maxItems: 10000
columns:
type: "array"
items:
type: "string"
row_count:
type: "integer"
minimum: 0
# Validation behavior
validation:
block_on_violation: true
strict_mode: true
additional_properties: false
validate_formats: true
coerce_types: false
# Error handling
error_handling:
include_schema_path: true
include_invalid_value: true
max_error_details: 10
sanitize_sensitive_data: true
# Schema management
schema_management:
allow_dynamic_schemas: false
cache_compiled_schemas: true
validate_schema_definitions: true
# Custom validation rules
custom_validators:
safe_sql:
pattern: "^(SELECT|WITH)\\s+"
flags: ["IGNORECASE"]
error_message: "Only SELECT queries are allowed"
trusted_domains:
domains: ["api.example.com", "data.company.com"]
error_message: "URL must be from trusted domain"
# Exemptions
exemptions:
user_roles: ["admin", "schema_manager"]
bypass_validation: false
allow_schema_override: true
tools: ["debug_tool", "admin_query"]Acceptance Criteria
- Plugin implements SchemaGuardPlugin class
- JSONSchema validation for tool arguments and results
- Configurable schemas per tool
- Strict and permissive validation modes
- Custom validation rules support
- Detailed error reporting with schema paths
- Schema caching for performance
- Type coercion and format validation
- Plugin manifest and documentation created
- Unit tests with >95% coverage
- Performance tests with large schemas and data
Priority
High - Data integrity and security feature