A comprehensive security platform for managing and monitoring AI agent tool calls with fine-grained access control, policy enforcement, and audit logging.
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ AI Agent โ โ TCMS โ โ External โ
โ โโโโโถโ Proxy Server โโโโโถโ Tools/APIs โ
โ (with API key) โ โ (Auth+Policy) โ โ โ
โโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโโ โโโโโโโโโโโโโโโโโโโ
โ
โผ
โโโโโโโโโโโโโโโโ
โ Dashboard โ
โ Frontend โ
โโโโโโโโโโโโโโโโ
- Python 3.8+
- Node.js 18+
- npm or yarn
-
Clone the repository
git clone https://github.com/your-username/toolshack.git cd toolshack -
Install dependencies
npm run install:all
This installs:
- Python backend dependencies via pip
- Frontend React dependencies via npm
-
Set up environment variables
# Backend environment is already configured with defaults # Edit backend/.env if you need custom settings
-
Initialize the database and create sample data
npm run setup
-
Start the development servers
npm run dev
This starts:
- Backend API server on http://localhost:3001
- Frontend dashboard on http://localhost:3000
- Admin: username:
admin, password:admin123 - Operator: username:
operator, password:operator123
- Authentication & Authorization: JWT-based user authentication with role-based access control
- Agent API Key Management: Secure API key generation and rotation for AI agents
- Policy Engine: Dynamic policy evaluation with conditions and actions
- Human-in-the-Loop (HITL): Approval workflows for high-risk operations
- Audit Logging: Comprehensive logging of all agent activities
- Rate Limiting: Configurable rate limits to prevent abuse
The system comes with example configurations for common secure tools:
- secure_database_query: Read-only database queries with SQL injection protection
- access_customer_info: Customer data access with automatic PII masking
- cloud_resource_manager: Cloud operations with approval requirements for destructive actions
- internal_api_gateway: Internal API access with context-based policies
- Real-time Monitoring: System health, success rates, and activity metrics
- Tool Management: Register, configure, and monitor tools
- Agent Management: Create agents, manage permissions, and monitor activity
- Policy Configuration: Create and manage security policies
- Audit Trail: View and analyze all system activities
toolshack/
โโโ backend/ # Python FastAPI server
โ โโโ app/
โ โ โโโ routers/ # API route handlers
โ โ โโโ database.py # Database models (SQLAlchemy)
โ โ โโโ utils/ # Authentication, logging utilities
โ โโโ main.py # FastAPI application entry point
โ โโโ setup.py # Database setup and sample data
โ โโโ requirements.txt # Python dependencies
โโโ frontend/ # React.js dashboard
โ โโโ src/
โ โ โโโ components/ # Reusable components
โ โ โโโ contexts/ # React contexts
โ โ โโโ pages/ # Page components
โ โ โโโ services/ # API services
โ โ โโโ types/ # TypeScript types
โ โโโ package.json # Node.js dependencies
โโโ docs/ # Documentation
- FastAPI: Modern, fast web framework for building APIs
- SQLAlchemy: SQL toolkit and ORM
- SQLite: Database (easily configurable to PostgreSQL/MySQL)
- Pydantic: Data validation using Python type hints
- PyJWT: JSON Web Token implementation
- Passlib: Password hashing library
- Uvicorn: ASGI web server
- React 18: User interface library
- TypeScript: Type-safe JavaScript
- Tailwind CSS: Utility-first CSS framework
- React Query: Data fetching and caching
- React Router: Client-side routing
- React Hook Form: Form management
- Recharts: Data visualization
POST /api/auth/login- User loginPOST /api/auth/register- Create new user (Admin only)GET /api/auth/me- Get current user
POST /api/tools/execute- Execute tool call (Agent API key required)GET /api/tools/calls/:id- Get tool call status
GET /api/tools- List toolsPOST /api/tools- Create toolPUT /api/tools/:id- Update toolDELETE /api/tools/:id- Delete tool
GET /api/agents- List agentsPOST /api/agents- Create agentPUT /api/agents/:id- Update agentDELETE /api/agents/:id- Delete agentPOST /api/agents/:id/regenerate-key- Regenerate API key
GET /api/audit/logs- Get audit logsGET /api/audit/metrics- Get audit metricsGET /api/audit/health- System health status
# Frontend tests
npm run test# Build frontend
npm run build
# Start production server
npm start# Server
PORT=3001
HOST=0.0.0.0
DEBUG=True
# Database
DATABASE_URL=sqlite:///./tcms.db
# JWT Configuration
JWT_SECRET=your-super-secure-jwt-secret
JWT_ALGORITHM=HS256
JWT_ACCESS_TOKEN_EXPIRE_MINUTES=1440
# Security
CORS_ORIGINS=["http://localhost:3000"]
# Logging
LOG_LEVEL=INFO
# Tool Configuration
TOOL_TIMEOUT_SECONDS=30
MAX_CONCURRENT_TOOL_CALLS=10
# Human-in-the-Loop
HITL_APPROVAL_TIMEOUT_MINUTES=5{
"name": "Business Hours Security",
"conditions": [
{
"field": "hour",
"operator": "lt",
"value": 9,
"logical_operator": "OR"
},
{
"field": "hour",
"operator": "gt",
"value": 17
}
],
"actions": [
{
"type": "REQUIRE_APPROVAL",
"parameters": {
"reason": "High-risk operations require approval outside business hours"
}
}
],
"priority": 10
}{
"name": "PII Masking",
"conditions": [
{
"field": "tool.name",
"operator": "equals",
"value": "access_customer_info"
}
],
"actions": [
{
"type": "MASK_DATA",
"parameters": {
"fields": ["ssn", "credit_card", "email"]
}
}
],
"priority": 5
}# Build and start with Docker Compose
docker-compose up -d-
Set up Python environment
python -m venv venv source venv/bin/activate # On Windows: venv\Scripts\activate pip install -r backend/requirements.txt
-
Configure environment variables
cp backend/.env.example backend/.env # Edit backend/.env with production settings -
Initialize database
cd backend python setup.py -
Build frontend
cd frontend npm run build -
Start the production server
cd backend python main.py
GET /health
- System metrics available at
/api/audit/metrics - Agent-specific activity tracking
- Real-time dashboard monitoring
- Application logs:
backend/logs/tcms-YYYY-MM-DD.log - Console output with structured logging
# Get the agent API key from setup output, then:
# Execute a tool call
curl -X POST http://localhost:3001/api/tools/execute \
-H "X-API-Key: YOUR_AGENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"tool_id": "TOOL_ID_FROM_SETUP",
"input": {"query": "SELECT * FROM users LIMIT 5"},
"metadata": {"source": "test"}
}'
# Check tool call status
curl -X GET http://localhost:3001/api/tools/calls/CALL_ID \
-H "X-API-Key: YOUR_AGENT_API_KEY"- Open http://localhost:3000
- Login with admin credentials
- Navigate to Tools to see available tools
- Navigate to Agents to see the demo agent
- Use the dashboard to monitor system activity
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Make your changes and add tests
- Commit your changes:
git commit -m 'Add amazing feature' - Push to the branch:
git push origin feature/amazing-feature - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
For support and questions:
- Check the documentation
- Search existing issues
- Create a new issue
- WebSocket support for real-time monitoring
- Advanced policy conditions (IP-based, time-based)
- Integration with external identity providers (LDAP, SAML)
- Tool call replay and debugging features
- Advanced analytics and reporting
- Multi-tenant support
- Docker deployment configuration
- Kubernetes deployment manifests