""" BulkToolCaller Safety Guide and Best Practices Comprehensive guide for safely using BulkToolCaller with Enhanced MCP Tools. Demonstrates SACRED TRUST safety framework integration and best practices. """ import asyncio import sys from pathlib import Path # Add src to path for imports sys.path.insert(0, str(Path(__file__).parent.parent / "src")) from enhanced_mcp.bulk_operations import BulkToolCaller, BulkOperationMode from enhanced_mcp.security_manager import SecurityManager from enhanced_mcp.base import SecurityLevel class SafetyGuide: """Comprehensive safety guide for BulkToolCaller usage""" @staticmethod def print_safety_principles(): """Print the core safety principles for bulk operations""" print("šŸ›”ļø SACRED TRUST Safety Principles for Bulk Operations") print("=" * 60) print() print("1. šŸ§Ŗ ALWAYS DRY RUN FIRST") print(" ā€¢ Every workflow must be validated with dry_run_bulk_workflow") print(" ā€¢ Review dry run results before live execution") print(" ā€¢ Understand what each operation will do") print() print("2. šŸ”’ PROGRESSIVE CONFIRMATION") print(" ā€¢ Safe operations: No confirmation needed") print(" ā€¢ Caution operations: Standard confirmation") print(" ā€¢ Destructive operations: Explicit confirmation required") print() print("3. šŸ”„ BACKUP BEFORE MODIFICATION") print(" ā€¢ Create backups for any destructive operations") print(" ā€¢ Use versioned backup names") print(" ā€¢ Test backup restoration procedures") print() print("4. šŸ“Š MONITOR AND VALIDATE") print(" ā€¢ Watch execution progress in real-time") print(" ā€¢ Validate results after completion") print(" ā€¢ Check for unexpected side effects") print() print("5. šŸšØ FAIL FAST AND SAFE") print(" ā€¢ Stop execution on first critical error") print(" ā€¢ Preserve system state when possible") print(" ā€¢ Provide clear error messages and recovery steps") @staticmethod def demonstrate_security_levels(): """Demonstrate the three security levels and their implications""" print("\nšŸ” Security Levels in Bulk Operations") print("=" * 45) print() print("šŸŸ¢ SAFE LEVEL (Always Available)") print(" ā€¢ Read-only operations") print(" ā€¢ Information gathering") print(" ā€¢ Status checks and monitoring") print(" ā€¢ No risk of data loss or system changes") print(" Examples:") print(" - git_status") print(" - file analysis") print(" - security scans") print(" - dependency analysis") print() print("šŸŸ” CAUTION LEVEL (Normal Mode)") print(" ā€¢ Create/modify operations that are reversible") print(" ā€¢ Operations with built-in safeguards") print(" ā€¢ Require standard confirmation") print(" Examples:") print(" - file backups") print(" - code formatting") print(" - test execution") print(" - log analysis") print() print("šŸ”“ DESTRUCTIVE LEVEL (Requires Explicit Enablement)") print(" ā€¢ Operations that can cause data loss") print(" ā€¢ Irreversible system changes") print(" ā€¢ Require explicit confirmation") print(" Examples:") print(" - file deletion") print(" - database modifications") print(" - system configuration changes") print(" - bulk file modifications") @staticmethod async def demonstrate_safety_workflow(): """Demonstrate a complete safety workflow""" print("\nšŸŽÆ Complete Safety Workflow Demonstration") print("=" * 50) # Create instances security_manager = SecurityManager() bulk_operations = BulkToolCaller() bulk_operations.set_security_manager(security_manager) print("\n1. šŸ” Initial Security Assessment") # Check initial security status security_status = await security_manager.security_status() print(f" Initial protection level: {security_status.get('safety_summary', {}).get('protection_level', 'UNKNOWN')}") # List tools by security level tools_by_security = await security_manager.list_tools_by_security() safe_tools = len(tools_by_security.get('security_levels', {}).get('safe', {}).get('tools', [])) print(f" Safe tools available: {safe_tools}") print("\n2. šŸ“‹ Creating Safe Workflow") # Create a workflow with only safe operations safe_operations = [ { "id": "check_status", "tool_name": "git_status", "arguments": {"path": "/example/project"}, "description": "Check project status", "security_level": SecurityLevel.SAFE }, { "id": "analyze_files", "tool_name": "file_ops_analyze_file_complexity", "arguments": {"path": "/example/project"}, "description": "Analyze code complexity", "security_level": SecurityLevel.SAFE, "depends_on": ["check_status"] } ] create_result = await bulk_operations.create_bulk_workflow( name="Safe Analysis Workflow", description="Read-only analysis workflow", operations=safe_operations, mode="staged" ) if create_result.get("success"): workflow_id = create_result["workflow_id"] print(f" āœ… Safe workflow created: {workflow_id}") print("\n3. šŸ§Ŗ Mandatory Dry Run") dry_run_result = await bulk_operations.dry_run_bulk_workflow(workflow_id) if dry_run_result.get("ready_for_execution"): print(" āœ… Dry run passed - workflow is safe to execute") print("\n4. šŸš€ Safe Execution") execution_result = await bulk_operations.execute_bulk_workflow( workflow_id=workflow_id, dry_run=False, # This is safe because all operations are SAFE level confirm_destructive=False ) if execution_result.get("success"): print(" āœ… Safe workflow executed successfully") else: print(f" āŒ Execution failed: {execution_result.get('error')}") else: print(" āŒ Dry run failed - workflow has safety issues") else: print(f" āŒ Workflow creation failed: {create_result.get('error')}") @staticmethod async def demonstrate_destructive_workflow_safety(): """Demonstrate handling destructive operations safely""" print("\nāš ļø Destructive Operations Safety Demonstration") print("=" * 55) security_manager = SecurityManager() bulk_operations = BulkToolCaller() bulk_operations.set_security_manager(security_manager) print("\n1. šŸš« Attempting Destructive Operation (Should Fail)") # Create workflow with destructive operations destructive_operations = [ { "id": "backup_first", "tool_name": "archive_create_backup", "arguments": {"source_paths": ["/example/file.txt"]}, "description": "Create backup before deletion", "security_level": SecurityLevel.CAUTION }, { "id": "delete_file", "tool_name": "file_ops_delete_file", "arguments": {"file_path": "/example/file.txt"}, "description": "Delete the file", "security_level": SecurityLevel.DESTRUCTIVE, "depends_on": ["backup_first"] } ] create_result = await bulk_operations.create_bulk_workflow( name="Destructive Workflow", description="Workflow with destructive operations", operations=destructive_operations, mode="staged" ) if create_result.get("success"): workflow_id = create_result["workflow_id"] print(f" āš ļø Destructive workflow created: {workflow_id}") # Try to execute without enabling destructive tools print("\n2. āŒ Execution Without Proper Enablement") execution_result = await bulk_operations.execute_bulk_workflow( workflow_id=workflow_id, dry_run=False, confirm_destructive=True # Even with confirmation, should fail ) if "error" in execution_result: print(f" āœ… Properly blocked: {execution_result['error']}") print("\n3. šŸ”“ Enabling Destructive Tools (Requires Confirmation)") enable_result = await security_manager.enable_destructive_tools( enabled=True, confirm_destructive=True ) if enable_result.get("success"): print(" āš ļø Destructive tools now enabled") print("\n4. šŸ§Ŗ Mandatory Dry Run for Destructive Operations") dry_run_result = await bulk_operations.dry_run_bulk_workflow(workflow_id) if dry_run_result.get("ready_for_execution"): print(" āœ… Dry run validation passed") print(" šŸ›”ļø In real scenario, would proceed with extreme caution") print(" šŸ“‹ Would execute with:") print(" ā€¢ Full confirmation") print(" ā€¢ Real-time monitoring") print(" ā€¢ Rollback plan ready") else: print(" āŒ Dry run failed - unsafe to proceed") print("\n5. šŸ”’ Re-securing System") disable_result = await security_manager.enable_destructive_tools( enabled=False, confirm_destructive=False ) print(" šŸ›”ļø Destructive tools disabled for safety") @staticmethod def print_error_handling_guide(): """Print comprehensive error handling guide""" print("\nšŸšØ Error Handling and Recovery Guide") print("=" * 42) print() print("Common Error Scenarios and Solutions:") print() print("1. šŸ”§ Tool Not Found Error") print(" Error: 'Tool not found in registry'") print(" Solution:") print(" ā€¢ Check tool name spelling") print(" ā€¢ Verify tool is registered with BulkToolCaller") print(" ā€¢ Use list_tools to see available tools") print() print("2. šŸ”’ Security Validation Failed") print(" Error: 'Destructive tools are not enabled'") print(" Solution:") print(" ā€¢ Use security_manager_enable_destructive_tools") print(" ā€¢ Set confirm_destructive=True") print(" ā€¢ Review security implications carefully") print() print("3. šŸ”„ Dependency Resolution Failed") print(" Error: 'Cannot resolve dependencies'") print(" Solution:") print(" ā€¢ Check for circular dependencies") print(" ā€¢ Verify all dependency IDs exist") print(" ā€¢ Use sequential mode if dependencies are complex") print() print("4. ā° Operation Timeout") print(" Error: 'Operation timed out'") print(" Solution:") print(" ā€¢ Break large operations into smaller chunks") print(" ā€¢ Use parallel mode for independent operations") print(" ā€¢ Increase timeout values if needed") print() print("5. šŸ”„ Rollback Required") print(" Error: 'Operation completed but results unexpected'") print(" Solution:") print(" ā€¢ Use rollback_workflow if available") print(" ā€¢ Restore from backups") print(" ā€¢ Manually reverse changes if necessary") @staticmethod def print_best_practices(): """Print comprehensive best practices""" print("\nšŸ’” Best Practices for Bulk Operations") print("=" * 40) print() print("šŸ“‹ Planning Phase:") print(" ā€¢ Start with small, safe operations") print(" ā€¢ Test workflows on non-critical data first") print(" ā€¢ Document dependencies clearly") print(" ā€¢ Plan rollback strategies") print() print("šŸ§Ŗ Testing Phase:") print(" ā€¢ Always run dry_run_bulk_workflow first") print(" ā€¢ Validate all operation arguments") print(" ā€¢ Check for sufficient permissions") print(" ā€¢ Verify backup creation works") print() print("šŸš€ Execution Phase:") print(" ā€¢ Monitor progress in real-time") print(" ā€¢ Be ready to cancel if needed") print(" ā€¢ Validate results after completion") print(" ā€¢ Document any issues encountered") print() print("šŸ”„ Post-Execution:") print(" ā€¢ Verify all operations completed successfully") print(" ā€¢ Check for any side effects") print(" ā€¢ Update documentation") print(" ā€¢ Share lessons learned") print() print("šŸ›”ļø Security Considerations:") print(" ā€¢ Use least privilege principle") print(" ā€¢ Enable destructive tools only when necessary") print(" ā€¢ Disable destructive tools after use") print(" ā€¢ Audit bulk operations regularly") async def demonstrate_complete_safety_workflow(): """Demonstrate a complete end-to-end safety workflow""" print("\nšŸŽÆ Complete End-to-End Safety Demonstration") print("=" * 55) guide = SafetyGuide() # Print all safety information guide.print_safety_principles() guide.demonstrate_security_levels() # Demonstrate safe workflow await guide.demonstrate_safety_workflow() # Demonstrate destructive operation safety await guide.demonstrate_destructive_workflow_safety() # Print guides guide.print_error_handling_guide() guide.print_best_practices() print("\nāœ… Safety Demonstration Complete!") print("\nšŸ›”ļø Remember: SACRED TRUST means:") print(" ā€¢ Security first, always") print(" ā€¢ Always validate before execution") print(" ā€¢ Create backups for destructive operations") print(" ā€¢ Review and understand every operation") print(" ā€¢ Emergency stops and rollbacks ready") print(" ā€¢ Document and learn from every workflow") print(" ā€¢ Trust is earned through consistent safety practices") def main(): """Main safety guide demonstration""" print("šŸ›”ļø BulkToolCaller Safety Guide") print("=" * 35) print() print("This guide demonstrates safe usage of BulkToolCaller") print("with Enhanced MCP Tools security framework.") print() # Run the complete demonstration asyncio.run(demonstrate_complete_safety_workflow()) if __name__ == "__main__": main()