Feat(agent-vulnerability): OpenAI Agents Improvements

* add: initial commit

* feat: change template layout

* fix: remove Tool Vulnerabilities section if no vulnerabilities are mapped

* fix: ruff and mypy

* add: initial commit

* feat: change template layout

* fix: remove Tool Vulnerabilities section if no vulnerabilities are mapped

* fix: ruff and mypy

* fix: openai client definition

* fix: template changes

* feat: add explanation column

* fix: ruff

* fix: stop analysis if there is no OpenAI key

* fix: ruff

* fix: ruff2

* feat: add agent vulnerability explanation table

* feat: add mitigations and align to top

Author: DJurincic

agentic_radar/analysis/openai_agents/analyze.py

@@ -4,8 +4,10 @@
 from agentic_radar.analysis.openai_agents.graph import create_graph_definition
 from agentic_radar.analysis.openai_agents.parsing import (
     collect_agent_assignments,
+    collect_guardrails,
     collect_mcp_servers,
     collect_tool_assignments,
+    get_agent_vulnerabilities,
     load_predefined_tools,
 )
 from agentic_radar.analysis.openai_agents.tool_categorizer.categorizer import (
@@ -28,10 +30,13 @@ def analyze(self, root_directory: str) -> GraphDefinition:
             predefined_tools=predefined_tools,
             mcp_servers=mcp_servers,
         )
+        guardrails = collect_guardrails(root_directory, agent_assignments)
+        get_agent_vulnerabilities(agent_assignments, guardrails)
         tool_categories = load_tool_categories()
         graph_definition = create_graph_definition(
             graph_name=Path(root_directory).name,
             agent_assignments=agent_assignments,
             tool_categories=tool_categories,
+            guardrails=guardrails
         )
         return graph_definition

agentic_radar/analysis/openai_agents/graph.py

@@ -1,10 +1,11 @@
 import json
 
-from agentic_radar.analysis.openai_agents.models import Agent, Tool
+from agentic_radar.analysis.openai_agents.models import Agent, Guardrail, Tool
 from agentic_radar.graph import (
     Agent as ReportAgent,
 )
 from agentic_radar.graph import (
+    AgentVulnerabilityDefinition,
     EdgeDefinition,
     GraphDefinition,
     NodeDefinition,
@@ -17,6 +18,7 @@ def create_graph_definition(
     graph_name: str,
     agent_assignments: dict[str, Agent],
     tool_categories: dict[str, ToolType],
+    guardrails: dict[str, Guardrail]
 ) -> GraphDefinition:
     nodes = []
     edges = []
@@ -69,6 +71,12 @@ def create_graph_definition(
                 graph_mcp_server_nodes.add(name)
 
             edges.append(EdgeDefinition(start=agent.name, end=name, condition="mcp"))
+        
+        for guardrail_name, guardrail in guardrails.items():
+            if guardrail.uses_agent:
+                if guardrail_name in agent.guardrails["input"] or guardrail_name in agent.guardrails["output"]:
+                    if guardrail.agent_name and (guardrail_agent:=agent_assignments.get(guardrail.agent_name)):
+                        edges.append(EdgeDefinition(start=agent.name, end=guardrail_agent.name))
 
     nodes, edges = _add_start_end_nodes(nodes=nodes, edges=edges)
 
@@ -77,6 +85,14 @@ def create_graph_definition(
             name=agent.name,
             llm=agent.model or "gpt-4o",
             system_prompt=agent.instructions or "",
+            is_guardrail=agent.is_guardrail,
+            vulnerabilities=[
+                AgentVulnerabilityDefinition(
+                    name=vulnerability.name,
+                    mitigation_level=vulnerability.mitigation_level,
+                    guardrail_explanation=vulnerability.guardrail_explanation,
+                    instruction_explanation=vulnerability.instruction_explanation
+                ) for vulnerability in agent.vulnerabilities]
         )
         for agent in agent_assignments.values()
     ]

agentic_radar/analysis/openai_agents/models.py

@@ -1,7 +1,8 @@
+import ast
 from enum import Enum
-from typing import Optional
+from typing import Literal, Optional, Union
 
-from pydantic import BaseModel
+from pydantic import BaseModel, Field, PrivateAttr
 
 
 class Tool(BaseModel):
@@ -22,10 +23,30 @@ class MCPServerInfo(BaseModel):
     params: dict[str, str] = {}
 
 
+class Guardrail(BaseModel):
+    name: str
+    placement: Literal['input', 'output']
+    uses_agent: bool
+    guardrail_function_name: str
+    _guardrail_function_def: Optional[Union[ast.FunctionDef, ast.AsyncFunctionDef]] = PrivateAttr(default=None)
+    agent_instructions: Optional[str] = None
+    agent_name: Optional[str] = None
+
+
+class AgentVulnerability(BaseModel):
+    name: str
+    mitigation_level: Literal["None", "Partial", "Full"]
+    guardrail_explanation: str
+    instruction_explanation: str
+
+
 class Agent(BaseModel):
     name: str
     tools: list[Tool]
     handoffs: list[str]
     instructions: Optional[str] = None
     model: Optional[str] = None
     mcp_servers: list[MCPServerInfo] = []
+    is_guardrail: bool = False
+    guardrails: dict[str, list[str]] = Field(default_factory=dict)
+    vulnerabilities: list[AgentVulnerability] = Field(default_factory=list)

agentic_radar/analysis/openai_agents/parsing/__init__.py

@@ -1,11 +1,15 @@
 from .agents import collect_agent_assignments
+from .guardrails import collect_guardrails
 from .mcp import collect_mcp_servers
 from .predefined_tools import load_predefined_tools
 from .tools import collect_tool_assignments
+from .vulnerabilities import get_agent_vulnerabilities
 
 __all__ = [
     "collect_agent_assignments",
     "collect_tool_assignments",
     "load_predefined_tools",
     "collect_mcp_servers",
+    "collect_guardrails",
+    "get_agent_vulnerabilities"
 ]

agentic_radar/analysis/openai_agents/parsing/agents.py

@@ -1,4 +1,5 @@
 import ast
+from typing import Union
 
 from pydantic import ValidationError
 
@@ -84,13 +85,16 @@ def _extract_agent(self, agent_node: ast.Call) -> Agent:
             model = get_string_keyword_arg(agent_node, "model")
             mcp_servers = self._extract_agent_mcp_servers(agent_node)
 
+            guardrails = self._extract_agent_guardrails(agent_node)
+
             return Agent(
                 name=name,
                 tools=tools,
                 handoffs=handoffs,
                 instructions=instructions,
                 model=model,
                 mcp_servers=mcp_servers,
+                guardrails=guardrails
             )
         except (ValueError, ValidationError, ValueError) as e:
             raise InvalidAgentConstructorError from e
@@ -127,6 +131,26 @@ def _extract_agent_tools(self, agent_node: ast.Call) -> list[Tool]:
                 )
 
         return tools
+    
+    def _extract_agent_guardrails(self, agent_node: ast.Call) -> dict[str,list[str]]:
+        def extract_guardrail_names(node: Union[ast.AST, None]) -> list[str]:
+            if node is None:
+                return []
+            elif isinstance(node, ast.List):
+                return [
+                    elt.id if isinstance(elt, ast.Name) else elt.attr if isinstance(elt, ast.Attribute) else None
+                    for elt in node.elts
+                    if isinstance(elt, (ast.Name, ast.Attribute))
+                ]
+            return []
+
+        input_guardrails_node = get_keyword_arg_value(agent_node, "input_guardrails")
+        output_guardrails_node = get_keyword_arg_value(agent_node, "output_guardrails")
+
+        return {
+            "input": extract_guardrail_names(input_guardrails_node),
+            "output": extract_guardrail_names(output_guardrails_node),
+        }
 
     def _extract_agent_handoffs(self, agent_node: ast.Call) -> list[str]:
         handoffs_node = get_keyword_arg_value(agent_node, "handoffs")

agentic_radar/analysis/openai_agents/parsing/guardrails.py

@@ -0,0 +1,141 @@
+import ast
+from typing import Union
+
+from ...utils import walk_python_files
+from ..models import Agent, Guardrail
+from .ast_utils import (
+    find_decorator_by_name,
+)
+
+
+class GuardrailsVisitor(ast.NodeVisitor):
+    GUARDRAIL_DECORATOR_NAMES = ["input_guardrail", "output_guardrail"]
+    GUARDRAIL_CLASS_NAMES = ["InputGuardrail", "OutputGuardrail"]
+
+    def __init__(self) -> None:
+        super().__init__()
+        self.guardrails: dict[str, Guardrail] = {}
+        self.functions: dict[str, Union[ast.FunctionDef, ast.AsyncFunctionDef]] = {}
+
+    def visit_FunctionDef(self, node):
+        self.functions[node.name] = node
+        self._visit_any_function_def(node)
+
+    def visit_AsyncFunctionDef(self, node):
+        self.functions[node.name] = node
+        self._visit_any_function_def(node)
+
+    def visit_Assign(self, node):
+        """Tracks cases like:
+        guardrail = InputGuardrail(guardrail_function=function, name=guardrail_name)
+        """
+        if isinstance(node.value, ast.Call):
+            call = node.value
+
+            if isinstance(call.func, ast.Name) and call.func.id in self.GUARDRAIL_CLASS_NAMES:
+                class_name = call.func.id
+
+                guardrail_function_name = None
+                for kw in call.keywords:
+                    if kw.arg == "guardrail_function":
+                        if isinstance(kw.value, ast.Name):
+                            guardrail_function_name = kw.value.id
+                        elif isinstance(kw.value, ast.Attribute):
+                            guardrail_function_name = kw.value.attr  # for something like module.guardrail_fn BUT SEE IF WE WANT THIS EVEN
+
+                if len(node.targets) > 0 and isinstance(node.targets[0], ast.Name):
+                    guardrail_variable_name = node.targets[0].id
+                    self.guardrails[guardrail_variable_name] = Guardrail(
+                        name=guardrail_variable_name,
+                        placement="input" if class_name==self.GUARDRAIL_CLASS_NAMES[0] else "output",
+                        uses_agent=False,
+                        guardrail_function_name=guardrail_function_name,
+                        _guardrail_function_def=None,
+                        agent_instructions=None
+                    )
+
+
+    def _visit_any_function_def(
+        self, node: Union[ast.FunctionDef, ast.AsyncFunctionDef]
+    ):
+        input_guardrail_decorator = find_decorator_by_name(node, self.GUARDRAIL_DECORATOR_NAMES[0])
+        output_guardrail_decorator = find_decorator_by_name(node, self.GUARDRAIL_DECORATOR_NAMES[1])
+
+        if input_guardrail_decorator is None and output_guardrail_decorator is None:
+            return
+
+        guardrail_name = node.name
+
+        guardrail = Guardrail(
+            name=guardrail_name,
+            placement="input" if input_guardrail_decorator is not None else "output",
+            uses_agent=False,
+            guardrail_function_name=guardrail_name,
+            agent_instructions=None
+        )
+
+        guardrail._guardrail_function_def = node
+        self.guardrails[guardrail_name] = guardrail
+
+def analyze_guardrail(guardrail_name: str, guardrail: Guardrail, functions: dict[str, Union[ast.FunctionDef, ast.AsyncFunctionDef]], agent_assignments: dict[str, Agent]) -> None:
+    # Check if the guardrail function has Runner.run in it, as this indicates that an agent is used
+    class RunnerCallVisitor(ast.NodeVisitor):
+        def __init__(self):
+            self.found = False
+            self.starting_agent = None
+
+        def check_call(self, call: ast.Call):
+            if isinstance(call.func, ast.Attribute):
+                if (isinstance(call.func.value, ast.Name) and 
+                    call.func.value.id == "Runner" and 
+                    call.func.attr == "run"):
+                    if call.args:
+                        self.found = True
+                        first_arg = call.args[0]
+                        if isinstance(first_arg, ast.Name):
+                            self.starting_agent = first_arg.id
+
+        def visit_Assign(self, node: ast.Assign):
+            if isinstance(node.value, ast.Await) and isinstance(node.value.value, ast.Call):
+                self.check_call(node.value.value)
+            self.generic_visit(node)
+
+        def visit_Expr(self, node: ast.Expr):
+            if isinstance(node.value, ast.Await) and isinstance(node.value.value, ast.Call):
+                self.check_call(node.value.value)
+            self.generic_visit(node)
+
+    if guardrail._guardrail_function_def is None:
+        guardrail._guardrail_function_def = functions[guardrail.guardrail_function_name]
+
+    visitor = RunnerCallVisitor()
+    visitor.visit(guardrail._guardrail_function_def)
+
+    if visitor.found:
+        guardrail.uses_agent = True
+        if visitor.starting_agent in agent_assignments.keys():
+            guardrail.agent_instructions = agent_assignments[visitor.starting_agent].instructions
+            guardrail.agent_name = visitor.starting_agent
+            agent_assignments[visitor.starting_agent].is_guardrail = True
+        else:
+            print("Oops, failed to find agent")
+    
+
+
+
+def collect_guardrails(root_dir: str, agent_assignments: dict[str, Agent]) -> dict[str, Guardrail]:
+    all_guardrails: dict[str, Guardrail] = {}
+    for file in walk_python_files(root_dir):
+        with open(file, "r") as f:
+            try:
+                tree = ast.parse(f.read())
+            except Exception as e:
+                print(f"Cannot parse Python module: {file}. Error: {e}")
+                continue
+            guardrails_visitor = GuardrailsVisitor()
+            guardrails_visitor.visit(tree)
+            for guardrail_name, guardrail in guardrails_visitor.guardrails.items():
+                analyze_guardrail(guardrail_name, guardrail, guardrails_visitor.functions, agent_assignments)
+            all_guardrails |= guardrails_visitor.guardrails
+
+    return all_guardrails