Skip to content

[Bug]: Incomplete Agent Trust Validation in ConfigValidator #382

New issue
New issue
Open
#399
Open
[Bug]: Incomplete Agent Trust Validation in ConfigValidator#382
#399
Labels
bugSomething isn't working
@Aditya8369

Description

@Aditya8369
Aditya8369
opened on Mar 21, 2026

Description:

In bindu/penguin/config_validator.py, agent_trust processing has a TODO marked "IN DEVELOPMENT PHASE" with no validation implemented. The config accepts arbitrary dicts without schema enforcement or security checks, risking misconfigurations or security vulnerabilities in agent deployments (e.g., unverified trust policies).

Steps to Fix:

  1. Define AgentTrustConfig TypedDict or Pydantic model in bindu/common/protocol/types.py with fields like required_verification_level, allowed_origins, max_agent_hierarchy_depth.
  2. Update ConfigValidator._process_complex_fields(): Replace TODO with AgentTrustConfig(**config["agent_trust"]) validation, raise ValueError on failure.
  3. Add comprehensive type validation in _validate_field_types() for nested trust config.
  4. Write unit tests in tests/unit/test_config_validator.py (create if missing) testing valid/invalid trust configs.
  5. Update docs/SKILLS.md or add section on agent trust configuration.
  6. Run pytest tests/unit/ and validate with sample configs from examples/.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    Bindu Roadmap

    Status

    In progress

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions