diff --git a/app/MindWork AI Studio/Agents/AssistantAudit/AssistantAuditAgent.cs b/app/MindWork AI Studio/Agents/AssistantAudit/AssistantAuditAgent.cs index b54beff4..bc306978 100644 --- a/app/MindWork AI Studio/Agents/AssistantAudit/AssistantAuditAgent.cs +++ b/app/MindWork AI Studio/Agents/AssistantAudit/AssistantAuditAgent.cs @@ -62,6 +62,7 @@ public sealed class AssistantAuditAgent(ILogger logger, ILo - Pay special attention to risky or abusable Lua basic-library features and global-state primitives such as `load`, `loadfile`, `dofile`, `collectgarbage`, `getmetatable`, `setmetatable`, `rawget`, `rawset`, `rawequal`, `_G`, or patterns that dynamically execute code, inspect or alter hidden state, bypass expected data flow, or make behavior harder to review. - If such Lua features are used in a way that could execute hidden code, mutate runtime behavior, evade review, tamper with guardrails, access unexpected files or modules, or conceal the plugin's real behavior, treat that as strong evidence for at least CAUTION and often DANGEROUS depending on impact and clarity. - When these risky Lua features appear, explicitly evaluate whether their usage is necessary and transparent for the assistant's stated purpose, or whether it creates an unnecessary attack surface even if the manifest otherwise looks benign. + - `LogInfo`, `LogDebug`, `LogWarning`, `LogError`, `InspectTable`, `DateTime` and `Timestamp` are C# helper methods that we provide and usually not necessarily DANGEROUS. Audit the usage and decide if its for Debugging only and if so mark as SAFE. - Mark the plugin as CAUTION only when there is concrete evidence of meaningful risk or ambiguity that deserves manual review. - Mark the plugin as SAFE only when no meaningful risk is apparent from the provided material. - A SAFE result should normally have no findings. Do not add low-value findings just to populate the array. diff --git a/app/MindWork AI Studio/Plugins/assistants/README.md b/app/MindWork AI Studio/Plugins/assistants/README.md index d9ff5cc8..2ce0a9c7 100644 --- a/app/MindWork AI Studio/Plugins/assistants/README.md +++ b/app/MindWork AI Studio/Plugins/assistants/README.md @@ -1066,11 +1066,13 @@ The assistant runtime exposes basic logging helpers to Lua. Use them to debug cu - `LogInfo(message)` - `LogWarning(message)` - `LogError(message)` +- `InspectTable(table)` returns a readable string representation of a Lua table for debugging. #### Example: Use Logging in lua functions ```lua ASSISTANT.BuildPrompt = function(input) LogInfo("BuildPrompt called") + LogDebug(InspectTable(input)) return input.Text and input.Text.Value or "" end ``` diff --git a/app/MindWork AI Studio/Tools/PluginSystem/Assistants/DataModel/AssistantLuaConversion.cs b/app/MindWork AI Studio/Tools/PluginSystem/Assistants/DataModel/AssistantLuaConversion.cs index 4ec19801..285a960a 100644 --- a/app/MindWork AI Studio/Tools/PluginSystem/Assistants/DataModel/AssistantLuaConversion.cs +++ b/app/MindWork AI Studio/Tools/PluginSystem/Assistants/DataModel/AssistantLuaConversion.cs @@ -10,6 +10,11 @@ internal static class AssistantLuaConversion /// public static LuaTable CreateLuaArray(IEnumerable values) => CreateLuaArrayCore(values); + /// + /// Creates a readable string representation of a Lua table for debugging and inspection. + /// + public static string InspectTable(LuaTable table) => InspectTableCore(table, 0); + /// /// Reads a Lua value into either a scalar .NET value or one of the structured assistant data model types. /// Lua itself only exposes scalars and tables, so structured assistant types such as dropdown/list items @@ -268,4 +273,47 @@ internal static class AssistantLuaConversion return luaArray; } + + private static string InspectTableCore(LuaTable table, int depth) + { + if (depth > 8) + return "{ ... }"; + + var indent = new string(' ', depth * 2); + var childIndent = new string(' ', (depth + 1) * 2); + var builder = new System.Text.StringBuilder(); + builder.AppendLine("{"); + + foreach (var entry in table) + { + builder.Append(childIndent); + builder.Append(FormatLuaValue(entry.Key)); + builder.Append(" = "); + builder.AppendLine(FormatLuaValue(entry.Value, depth + 1)); + } + + builder.Append(indent); + builder.Append('}'); + return builder.ToString(); + } + + private static string FormatLuaValue(LuaValue value, int depth = 0) + { + if (value.Type is LuaValueType.Nil) + return "nil"; + + if (value.TryRead(out var stringValue)) + return $"\"{stringValue.Replace("\\", "\\\\").Replace("\"", "\\\"")}\""; + + if (value.TryRead(out var boolValue)) + return boolValue ? "true" : "false"; + + if (value.TryRead(out var doubleValue)) + return doubleValue.ToString(System.Globalization.CultureInfo.InvariantCulture); + + if (value.TryRead(out var tableValue)) + return InspectTableCore(tableValue, depth); + + return value.ToString(); + } } diff --git a/app/MindWork AI Studio/Tools/PluginSystem/Assistants/PluginAssistants.cs b/app/MindWork AI Studio/Tools/PluginSystem/Assistants/PluginAssistants.cs index 65fd18a0..cd2ab383 100644 --- a/app/MindWork AI Studio/Tools/PluginSystem/Assistants/PluginAssistants.cs +++ b/app/MindWork AI Studio/Tools/PluginSystem/Assistants/PluginAssistants.cs @@ -558,6 +558,15 @@ public sealed class PluginAssistants(bool isInternal, LuaState state, PluginType var timestamp = DateTime.UtcNow.ToString("o"); return new(context.Return(timestamp)); }); + + this.State.Environment["InspectTable"] = new LuaFunction((context, _) => + { + if (context.ArgumentCount == 0) + return new(context.Return("{}")); + + var table = context.GetArgument(0); + return new(context.Return(AssistantLuaConversion.InspectTable(table))); + }); } private static void InitializeState(IEnumerable components, AssistantState state)