feat(scan): add application data-boundary diagnostic mode#621
Conversation
feat(scan): add application data-boundary diagnostic mode
Drop the one-off apply patch helper, dedupe security user-guide copy, and add a CLI integration test ensuring scan --data-boundaries skips update checks.
Add integration test for scan --data-boundaries update-check suppression and replace duplicated three-layer section with a short link.
chore: data-boundary scan PR cleanup
feat(scan): add application data-boundary diagnostic mode
|
Pushed a small test-formatting cleanup and re-ran the targeted local checks. |
|
Follow-up: hardened _low_noise_config()\ in both data-boundary test modules so JarvisConfig defaults (absolute store paths under the real OPENJARVIS_HOME, MCP enabled, etc.) no longer leak warn findings into info-only scenarios. Targeted suite re-run: 54 passed, 2 skipped. Pushed to \origin/main\ as \37a4f692. |
|
The latest push includes the test cleanup and the _low_noise_config()\ hardening noted above. The targeted local suite is green: 54 passed, 2 skipped. |
|
Follow-up: preserved configured store paths for POSIX symlink detection while keeping resolved-path deduplication. Linux-targeted local-store permission tests pass, including |
|
Hey @fraware, thank you for the PR! I have a few fixes for you:
Verification Passed: OPENJARVIS_HOME=/tmp/openjarvis-test-home-621 PYTHONPATH=src python3 -m pytest tests/security/test_data_boundary_audit.py tests/cli/test_scan_data_boundaries.py -q
# 56 passed
python3 -m ruff check src/openjarvis/security/data_boundary_audit.py src/openjarvis/cli/scan_cmd.py src/openjarvis/cli/__init__.py tests/security/test_data_boundary_audit.py tests/cli/test_scan_data_boundaries.py
python3 -m compileall -q src/openjarvis/security/data_boundary_audit.py src/openjarvis/cli/scan_cmd.py src/openjarvis/cli/__init__.pyFailed: python3 -m ruff format --check ...
# 3 files would be reformatted |
Summary
This PR extends
jarvis scanwith a new application data-boundary mode:The new mode reports configured OpenJarvis data surfaces such as cloud-capable
inference settings, memory-to-cloud composition, traces, learning/training,
web search, MCP, browser/local tools, server/A2A exposure, messaging channels,
connector credential files, local runtime stores, and API-key environment
variables.
The scanner inspects configuration values, environment-variable presence, and file existence.
It does not read connector-token contents, memory databases, trace databases, prompts,
logs, OAuth scopes, browser localStorage, Tauri storage, or provider policies.
Why
OpenJarvis is local-first while also supporting optional cloud engines,
connectors, tools, channels, traces, memory, learning, and optimization. Users
need a simple way to verify whether a configuration is local-only, cloud-capable,
or a mixed setup where local memory may be injected into cloud-bound prompts.
The existing
jarvis scancommand audits host/environment posture. This PR addsan application-level counterpart without creating a competing top-level command.
What changed
openjarvis.security.data_boundary_auditwith structured findings andredacted JSON output.
jarvis scan --data-boundarieswith table and JSON output.--show-pathsfor local debugging while keeping paths redacted bydefault.
--strictto fail on eitherfailorwarnfindings.OPENJARVIS_CONFIGso the scan audits the same explicit config fileused by the runtime.
crashing.
jarvis scan --data-boundaries, sothis diagnostic mode does not trigger the normal update-check thread.
messaging credential-directory checks.
stores on POSIX systems.
tools, MCP, channels, env credentials, strict mode, config/root-load failures, and
normal
jarvis scanregression coverage.Non-goals
provider retention policies, or live network traffic.
Test plan
uv run ruff checkon the five data-boundary files (viaruff checkafteruv syncfailed with TLS UnknownIssuer)pytest tests/security/test_data_boundary_audit.py tests/cli/test_scan_data_boundaries.py -v(54 passed, 2 skipped on clean re-run)python -m compileallondata_boundary_audit.py,scan_cmd.py,cli/__init__.pyjarvis scan --json(exit 0)jarvis scan --quick --json(exit 0)jarvis scan --data-boundaries(exit 0 with UTF-8 no-BOMconfig.toml)jarvis scan --data-boundaries --json(exit 0)jarvis scan --data-boundaries --json --show-paths(exit 0)jarvis scan --data-boundaries --strictexits 1 when fail findings presentLocal verification
Because the local Windows environment had a PyPI TLS
UnknownIssuerissue withuv sync, I verified using an editable install plus trusted-host pip fallback. The CI workflows are currently waiting for maintainer approval on this fork PR.python -m compileallon changed source modulesjarvis scan --jsonjarvis scan --quick --jsonjarvis scan --data-boundariesjarvis scan --data-boundaries --jsonjarvis scan --data-boundaries --json --show-pathsjarvis scan --data-boundaries --strictOPENJARVIS_CONFIGcustom TOML smoke testconfig_loaded: trueFollow-up validation
tests/cli/test_scan_data_boundaries.py.ruff checkon changed Python files._low_noise_config()in both data-boundary test modules against JarvisConfig default store paths and optional warn sources (37a4f692onorigin/main); targeted pytest: 54 passed, 2 skipped.