[AAASM-4137] 🔒 (node-sdk): Fail-closed adapters and reconcile postinstall resolution#235
Conversation
The ai-sdk and openai-agents adapters wrapped the pre-execution gateway
check and approval wait in try { … } catch { return executeOriginal() },
so a caller-supplied gatewayClient that throws on a transport error was
silently treated as ALLOW. The with-assembly / wrap-tool wrappers have no
such catch: an un-caught check() rejects and blocks the tool. Drop the
swallowing catches so all wrappers share one fail-closed posture; faults
now propagate (reject) under enforce. Existing tests updated to assert the
fault propagates and the original tool does not run.
refs AAASM-4137
postinstall resolved @agent-assembly/<platformKey> binary packages that were never declared nor published (the declared @agent-assembly/runtime-* optionalDeps ship the aasm CLI, not a .node), so runPostinstall always threw, got caught, warned, and no-opped — masking a real binary-provisioning regression. The napi .node binaries actually ship in-package under native/aa-ffi-node/ and are resolved by index.cjs at load time. Verify that bundled binding is present for the current platform (mirroring index.cjs resolution) so a missing binary fails loudly at install rather than only at first native load. All names stay under the org-owned @agent-assembly scope. refs AAASM-4137
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
|
Review — AAASM-4137 fail-closed adapters + postinstall reconcileVerdict: Approve-ready (comment only, no approval per review protocol). All four dimensions green. 1. CI — 25/25 checks passing, 0 failed. No fix needed. 2. Scope vs ticket — Matches AAASM-4137 exactly (both sub-items of the LOW hardening batch under sweep AAASM-4120): (a) remove the fail-open 3. Side effects — Verified:
4. FE — N/A. Local validation (worktree, Touches — Claude Code |



Target
Close a LOW-severity hardening batch (sweep AAASM-4120): make the ai-sdk / openai-agents framework adapters fail closed on governance faults like the other wrappers, and stop the postinstall script resolving native package names that were never published.
Task summary:
Two independent node-sdk gaps, both verified in source at HEAD:
src/hooks/ai-sdk.tsandsrc/hooks/openai-agents.tswrapped the pre-execution gatewaycheckand approval wait intry { … } catch { return executeOriginal() }. A caller-suppliedconfig.gatewayClient(honored ininit-assembly.ts) that throws on a transport error was therefore silently treated as ALLOW, whilewith-assembly.ts/wrap-tool-with-assembly.ts(no catch → propagate) would DENY — an inconsistent posture. Removed the swallowing catches so faults propagate (reject/deny under enforce), matching the other wrappers andenforceGovernance.scripts/postinstall.mjsresolved@agent-assembly/<platformKey>binary packages that are neither declared nor published (the declared@agent-assembly/runtime-*optionalDeps ship theaasmCLI, not a.node), sorunPostinstallalways threw → caught → warned → no-opped, masking a real binary-provisioning regression. The napi.nodebinaries actually ship in-package undernative/aa-ffi-node/and are resolved byindex.cjsat load time. Reconciled the script to verify that bundled binding is present for the current platform, so a missing binary fails loudly at install rather than only at first native load. No dependency-confusion introduced — all names stay under the org-owned@agent-assemblyscope.Task tickets:
Key point change:
ai-sdk/openai-agentsadapter faults now fail closed (propagate/deny) instead of executing the original tool.Effecting Scope
Fail-open removal is only observable with a caller-supplied gatewayClient that throws; the built-in native client catches internally and never throws, so no behavior change for the default path. Under enforce this is a hardening, not a breaking change.
Description
🔒 (hooks): Remove the swallowingtry/catcharoundcheck/ approval in the ai-sdk and openai-agents adapters; update the four contradicted tests to assert the fault propagates and the original tool does not run.🐛 (postinstall): Verify the bundlednative/aa-ffi-node/binding for the current platform (mirroringindex.cjsresolution) instead of resolving unpublished@agent-assembly/<platformKey>packages; update the.d.mtsand tests.How to verify:
pnpm typecheck && pnpm lint && pnpm test— full suite green (358 passed, 2 skipped). New/updated tests: a throwinggatewayClientunder enforce now blocks the tool in both adapters; postinstall confirms/loud-fails on the in-package binding.Closes AAASM-4137
🤖 Generated with Claude Code