Skip to content

feat: upgrade to Aguara v0.9.1 with context-aware scanning#70

Merged
garagon merged 2 commits intomainfrom
feat/aguara-v0.9-context-aware-scanning
Mar 20, 2026
Merged

feat: upgrade to Aguara v0.9.1 with context-aware scanning#70
garagon merged 2 commits intomainfrom
feat/aguara-v0.9-context-aware-scanning

Conversation

@garagon
Copy link
Copy Markdown
Contributor

@garagon garagon commented Mar 20, 2026

Summary

  • Upgrade Aguara v0.3.1 -> v0.9.1 (context-aware scanning, Aho-Corasick optimization)
  • Delegate NFKC normalization and built-in tool exemptions to Aguara core
  • Add ScanContentWithTool() for hooks and gateway tool calls
  • Add ApplyToolScopedOverridesPostAguara() to avoid double-filtering
  • Fix flaky TestRunChecks_SecureConfig (was scanning real host OpenClaw config)
  • Code quality: merge redundant loops, slices.Reverse, simplify NewGateway signature

What changes

Engine: oktsec no longer does manual NFKC normalization or passes pre-normalized content to Aguara. Two new methods (ScanContentWithTool, ScanContentAsWithTool) pass tool name via WithToolName() so Aguara applies its built-in exemption table (TC-005 on Edit, MCPCFG_004 on WebFetch, etc.).

Verdict: ApplyToolScopedOverrides split into two variants. The PostAguara variant skips the BuiltinToolExemptions check since Aguara already filtered those findings. ContentTools filtering, DevWorkflowTools/NLP_ exemption, and user overrides still run.

Pipeline: Hooks handler and gateway (tool call + response scan) now pass tool name to Aguara and use the PostAguara verdict path. Message scanning (proxy handler, stdio, forward) unchanged - no tool context available.

What oktsec keeps: VerdictQuarantine, BlockedContent per-agent, intent validation, escalation history, ContentTools/DevWorkflowTools filtering.

Files changed (12)

File Change
go.mod, go.sum aguara v0.3.1 -> v0.9.1
internal/engine/scanner.go Remove NFKC, add ScanContentWithTool methods
internal/verdict/verdict.go Add ApplyToolScopedOverridesPostAguara
internal/hooks/handler.go Use ScanContentWithTool + PostAguara
internal/gateway/gateway.go Use ScanContentWithTool + PostAguara + plain *audit.Store
internal/audit/trace.go Merge agent loop, slices.Reverse
internal/auditcheck/checks_openclaw.go Add openClawScanFunc hook
internal/auditcheck/auditcheck_test.go Mock OpenClaw scan in SecureConfig test
internal/dashboard/avatar_test.go slices.Reverse
cmd/oktsec/commands/gateway.go NewGateway(cfg, logger, nil)
internal/gateway/coverage_test.go NewGateway(cfg, logger, nil)

Test plan

  • go test ./... all green (0 FAIL)
  • go build ./... clean
  • Proxy race condition from Aguara v0.9.0 fixed in v0.9.1
  • Flaky TestRunChecks_SecureConfig fixed with openClawScanFunc mock
  • CI passes (lint, vet, test, integration)

garagon added 2 commits March 20, 2026 06:41
@garagon
feat: upgrade to Aguara v0.9.1 with context-aware scanning
a275c40 
Aguara v0.9.0+ moves NFKC normalization, tool exemptions, and scan
profiles into the core engine. This delegates those responsibilities
from oktsec to Aguara and simplifies the security pipeline.

Changes:

Engine (internal/engine/scanner.go):
- Remove manual NFKC normalization (Aguara handles internally)
- Remove golang.org/x/text/unicode/norm dependency
- Add ScanContentWithTool() and ScanContentAsWithTool() methods
  that pass tool name to Aguara via WithToolName option, enabling
  built-in tool exemptions (TC-005 on Edit, MCPCFG_004 on WebFetch)

Verdict (internal/verdict/verdict.go):
- Refactor ApplyToolScopedOverrides into shared internal function
- Add ApplyToolScopedOverridesPostAguara() that skips built-in
  exemptions (already applied by Aguara) while preserving
  ContentTools filtering, NLP_ exemption, and user overrides

Pipeline (hooks + gateway):
- Hooks handler: ScanContent -> ScanContentWithTool(ctx, content, ev.ToolName)
- Gateway tool calls: ScanContent -> ScanContentWithTool(ctx, content, m.OriginalName)
- Gateway response scan: same migration
- All three switch to PostAguara variant for tool-scoped overrides

Gateway API (internal/gateway/gateway.go):
- NewGateway signature: variadic ...* audit.Store -> plain *audit.Store

Code quality (/simplify):
- Merge redundant agent collection loop in trace.go
- Replace manual slice reverse with slices.Reverse
- Replace manual byte reverse in avatar_test.go with slices.Reverse

Fix: auditcheck OpenClaw host scanning
- TestRunChecks_SecureConfig was flaky because it scanned real
  ~/.openclaw/openclaw.json from the host
- Add openClawScanFunc hook (same pattern as mcpScanFunc) for
  test isolation
@garagon
fix: increase integration test timeout for Aguara v0.9 Aho-Corasick init
85e6bef 
Aguara v0.9.0+ uses Aho-Corasick for pattern matching, which has a
one-time automaton build on first scan. On CI runners this can push
the integration test suite past the 120s timeout. Increase to 300s.
@garagon garagon merged commit 1264bc8 into main Mar 20, 2026
1 check passed
@garagon garagon deleted the feat/aguara-v0.9-context-aware-scanning branch March 20, 2026 10:04
@garagon garagon mentioned this pull request Mar 20, 2026
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@garagon