Agent: Tools & API Integration
·
第五章:Tools & API Integration
摘要: 本章全面解析 AI Agent 的工具集成与 API 交互机制,涵盖 Tool Definition Schema 详解、常见工具类型对比分析、安全考虑与沙箱执行环境设计、错误处理最佳实践等核心内容。通过深入的技术剖析和实战建议,帮助开发者构建健壮可靠的 Agent 工具体系。
5.1 Tool Definition Schema 详解
工具定义的结构化原则:OpenAPI-like JSON Schema
在现代 AI Agent 系统中,工具定义(Tool Definition) 是连接 LLM 推理能力与外部世界交互的桥梁。一个设计良好的工具定义 Schema 能够让 LLM 准确理解每个工具的用途、参数要求和返回结构。
OpenAPI Specification 的核心要素
主流 LLM 平台(OpenAI、Anthropic、Google Vertex AI)都采用了类似 OpenAPI 的 JSON Schema格式来定义工具。这种设计选择有以下几个优势:
- 行业标准兼容性:与现有的 API 文档标准对齐,降低学习成本
- 结构清晰性:层次分明的定义结构便于 LLM 理解和解析
- 类型安全性:严格的类型声明减少参数传递错误
- 验证友好性:支持 Schema Validator 进行参数合法性检查
Tool Definition 的完整结构说明
一个完整的工具定义包含以下核心组件:
┌─────────────────────────────────────────────────┐
│ Tool Definition (JSON Format) │
├─────────────────────────────────────────────────┤
│ │
│ {
│ /* Core Identity Fields */ │
│ "name": string, // 🔹 唯一标识符 │
│ "description": string, // 🔹 功能描述 │
│ "version": string, // 🔹 工具版本号 │
│ │
│ /* Input Schema */ │
│ "parameters": {
│ "type": "object",
│ "properties": { // 🔹 参数定义对象 │
│ "param_name": {
│ "type": "string" | "integer" | "boolean", // 🔹 类型
│ "description": "...", // 🔹 说明
│ "enum": ["option1", "option2"], // 🔹 枚举值(可选)
│ "minimum": 0, // 🔹 数值约束
│ "maximum": 100, // 🔹 数值约束
│ "format": "date-time" | "email",// 🔹 格式约束
│ "default": "value" // 🔹 默认值
│ },
│ ... // 🔹 更多参数定义
│ },
│ "required": ["param1", "param2"], // 🔹 必需参数列表
│ "additionalProperties": false // 🔹 是否允许额外字段
│ },
│ │
│ /* Output Schema */ │
│ "returns": {
│ "type": "object",
│ "properties": {
│ "status": string, // 🔹 返回状态
│ "result": object, // 🔹 主要结果
│ "error_code": string, // 🔹 错误码(失败时)
│ "message": string // 🔹 错误消息
│ }
│ },
│ │
│ /* Metadata Fields */ │
│ "auth_required": boolean, // 🔹 是否需要认证
│ "rate_limit": { // 🔹 速率限制信息
│ "requests_per_minute": 60,
│ "burst_size": 10
│ },
│ "cost_estimation": {
│ "cost_per_call": 0.01, // 🔹 单次调用成本(美元)
│ "currency": "USD"
│ }
│ }
│ │
└─────────────────────────────────────────────────┘
各字段的详细设计原则与实践技巧
1. name - 工具的唯一标识符
设计原则:
- 使用camelCase命名规范,如
search_knowledge_base - 名称应具有描述性,避免通用名如
fn1 - 在整个 Agent 系统中必须全局唯一
最佳实践:
{
"name": "get_weather_forecast",
// ❌ 不建议:too generic
"name": "execute_command"
}
2. description - LLM 理解工具用途的关键
这是最重要的字段,因为它直接影响LLM 何时决定调用该工具。描述质量决定了工具发现(Tool Discovery)的准确性。
结构建议:
【核心功能】+ 【适用场景】+ 【输入输出特征】+ 【与其他工具的差异】
优秀示例:
{
"description": """
Query real-time weather information for any location worldwide.
This tool provides current conditions, hourly forecast, and 7-day
predictions including temperature, humidity, precipitation probability,
wind speed, and weather conditions (sunny, cloudy, rainy, etc.).
Use this tool when:
- User asks about weather conditions
- Need location-based meteorological data
- Comparison with similar tools is needed: This provides more detailed
forecasts than basic search tools, includes hourly granularity.
"""
}
关键要点:
- 清晰描述功能边界:什么能做,什么不能做
- 说明触发场景:帮助用户(LLM)理解何时调用
- 差异化定位:与其他工具的区别在哪里
3. parameters - 参数定义的严谨性
properties 的结构化设计
"parameters": {
"type": "object",
"properties": {
"location": {
"type": "string",
"description": "City name and country/region code (e.g., 'Beijing,CN')",
"minLength": 2,
"maxLength": 100
},
"units": {
"type": "string",
"enum": ["metric", "imperial"],
"default": "metric",
"description": "Temperature measurement units: metric (°C) or imperial (°F)"
},
"forecast_days": {
"type": "integer",
"minimum": 1,
"maximum": 7,
"default": 3,
"description": "Number of days for forecast (1-7 available)"
}
},
"required": ["location"],
"additionalProperties": false
}
参数设计准则:
- 类型明确性:所有参数必须声明具体类型(string/integer/boolean/array/object)
- 约束完整性:使用 minLength、maxLength、minimum、maximum 等限制
- 枚举值约束:对于有限取值范围的参数,使用 enum 字段
- 默认值友好性:为可选参数提供合理的默认值
- 格式规范:日期、邮箱等使用 format 字段明确格式
required 字段的策略选择
# 必需参数的判定逻辑
def determine_required_params(tool_definition, context):
"""
Determine which parameters are truly required based on tool semantics and context
"""
required = []
optional_with_defaults = {}
for param_name, param_def in tool_definition["properties"].items():
# Check if parameter has no default value
if "default" not in param_def:
# Context-based inference: can we infer this from conversation history?
inferred_value = infer_from_context(param_name)
if inferred_value is None:
required.append(param_name)
else:
optional_with_defaults[param_name] = inferred_value
else:
optional_with_defaults[param_name] = param_def["default"]
return {"required": required, "optional_defaults": optional_with_defaults}
4. returns - 输出结构的可预测性
虽然许多平台不强制要求定义返回结构,但提供返回类型定义有诸多好处:
好处:
- LLM 理解预期结果:知道调用后能得到什么
- 后续处理逻辑:为下游的代码逻辑提供类型提示
- 错误处理设计:预先定义失败场景的返回格式
示例:
"returns": {
"type": "object",
"properties": {
"temperature": {
"type": "number",
"description": "Current temperature in specified units"
},
"humidity": {
"type": "integer",
"description": "Relative humidity percentage (0-100)"
},
"weather_condition": {
"type": "string",
"enum": ["sunny", "cloudy", "rainy", "stormy", "snowy"]
},
"forecast_7day": {
"type": "array",
"items": {
"type": "object",
"properties": {
"date": {"type": "string", "format": "date"},
"temp_high": {"type": "integer"},
"temp_low": {"type": "integer"}
}
}
},
"metadata": {
"type": "object",
"properties": {
"query_location": {"type": "string"},
"timestamp": {"type": "string", "format": "date-time"}
}
}
},
"required": ["temperature", "weather_condition"]
}
参数验证与类型转换机制
Schema Validator 的核心功能
from jsonschema import validate, ValidationError
class ToolParameterValidator:
def __init__(self, tool_schema):
self.schema = tool_schema["parameters"]
def validate_and_convert(self, raw_params):
"""
Validate incoming parameters against schema and perform type conversions
"""
# Step 1: Check required fields presence
missing_required = [p for p in self.schema["required"] if p not in raw_params]
if missing_required:
return {
"valid": False,
"error": f"Missing required parameters: {missing_required}"
}
# Step 2: Type conversion and validation
converted_params = {}
for param_name, param_value in raw_params.items():
try:
converted_value = self._convert_and_validate(param_name, param_value)
converted_params[param_name] = converted_value
except ValidationError as e:
return {
"valid": False,
"error": f"Validation failed for {param_name}: {str(e)}"
}
# Step 3: Check for unexpected additional properties
if self.schema.get("additionalProperties") == False:
allowed_fields = set(self.schema["properties"].keys())
unexpected = set(raw_params.keys()) - allowed_fields
if unexpected:
return {
"valid": False,
"error": f"Unexpected parameters: {unexpected}"
}
return {
"valid": True,
"converted_params": converted_params
}
def _convert_and_validate(self, param_name, value):
"""Perform type-specific conversions and validation"""
param_def = self.schema["properties"][param_name]
param_type = param_def["type"]
# Type conversion based on schema
if param_type == "integer":
converted = int(value)
# Check min/max constraints
if "minimum" in param_def and converted < param_def["minimum"]:
raise ValidationError(f"Value {converted} below minimum {param_def['minimum']}")
if "maximum" in param_def and converted > param_def["maximum"]:
raise ValidationError(f"Value {converted} above maximum {param_def['maximum']}")
elif param_type == "boolean":
if isinstance(value, str):
converted = value.lower() in ["true", "1", "yes", "on"]
else:
converted = bool(value)
elif param_type == "array":
if isinstance(value, str):
# Parse comma-separated or JSON array
try:
import json
converted = json.loads(value) if value.startswith("[") else value.split(",")
except json.JSONDecodeError:
converted = [item.strip() for item in value.split(",")]
else:
converted = list(value)
elif param_type == "object":
# Recursively validate nested objects
if isinstance(value, str):
try:
import json
converted = json.loads(value)
except json.JSONDecodeError:
raise ValidationError("Invalid JSON object string")
else:
converted = value
else:
converted = value
return converted
安全校验层设计:输入净化与输出脱敏
输入净化(Input Sanitization)
LLM 生成的参数可能存在注入攻击或恶意数据。必须在传递给真实 API 之前进行严格净化。
from html import escape
import re
class InputSanitizer:
def __init__(self):
self.sanitizer_patterns = {
"command_injection": [r";|\||`|\$|&", ";", "|", "`", "$", "&"],
"sql_injection": [r"'--", r"'OR', r"UNION SELECT", r"1=1"],
"path_traversal": [r"\.\./", r"\.\.\\"]
}
def sanitize_string_input(self, raw_value, param_type="string"):
"""
Sanitize string inputs from LLM-generated parameters
"""
# Convert to string and strip whitespace
value = str(raw_value).strip()
# Remove potential command injection characters
for pattern in self.sanitizer_patterns["command_injection"]:
value = value.replace(pattern, "")
# HTML escaping for user-facing content
if param_type == "html_content":
value = escape(value)
# SQL injection prevention (parameterized queries would handle most cases)
value = re.sub(r"'--", "'", value)
# Path traversal prevention
value = re.sub(r"\.\./|\.\.\\", "", value)
return value[:1000] # Length limit to prevent DoS
def sanitize_numeric_input(self, raw_value, min_val=0, max_val=10000):
"""
Validate and sanitize numeric inputs
"""
try:
numeric = float(raw_value)
# Clamp to valid range
return max(min_val, min(max_val, int(numeric)))
except (ValueError, TypeError):
raise ValueError(f"Invalid numeric value: {raw_value}")
输出脱敏(Output Masking)
工具执行结果可能包含敏感信息,需要对用户不可见的部分进行脱敏处理。
class OutputMasker:
SENSITIVE_FIELDS = [
"password", "token", "api_key", "secret",
"credit_card", "ssn", "private_key"
]
def mask_sensitive_data(self, output_dict):
"""
Mask sensitive fields in tool response before returning to LLM
"""
masked_output = {}
for key, value in output_dict.items():
if self._is_sensitive_field(key) or self._contains_sensitive_data(value):
masked_output[key] = self._mask_value(value)
else:
masked_output[key] = value
return masked_output
def _is_sensitive_field(self, field_name):
"""
Check if field name contains sensitive keywords
"""
field_lower = field_name.lower()
return any(keyword in field_lower for keyword in self.SENSITIVE_FIELDS)
def _contains_sensitive_data(self, value):
"""
Check if string value contains patterns of sensitive data
"""
if not isinstance(value, str):
return False
# Credit card pattern (simple regex)
credit_card_pattern = r"\b[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}\b"
if re.search(credit_card_pattern, value):
return True
# API key pattern (common prefixes)
api_key_prefixes = ["sk_live_", "pk_live_", "ghp_", "xoxp-"]
if any(value.startswith(prefix) for prefix in api_key_prefixes):
return True
return False
def _mask_value(self, value):
"""
Return masked version of sensitive value
"""
if isinstance(value, str):
if len(value) > 4:
return "*" * (len(value) - 4) + value[-4:]
else:
return "****"
elif isinstance(value, dict):
return {k: self._mask_value(v) for k, v in value.items()}
else:
return "[REDACTED]"
5.2 常见工具类型对比分析
Search Tools:信息检索与知识获取
Web Search Tools(网页搜索)
典型实现:
{
"name": "web_search",
"description": "Search the web for current information on any topic.",
"parameters": {
"query": {
"type": "string",
"description": "Search query with keywords"
},
"max_results": {
"type": "integer",
"default": 5,
"minimum": 1,
"maximum": 20
}
}
}
适用场景:
- 实时新闻查询
- 最新产品信息获取
- 动态数据收集
Semantic Search Tools(语义搜索)
{
"name": "semantic_search",
"description": "Search knowledge base using natural language understanding.",
"parameters": {
"query": {
"type": "string",
"description": "Natural language query for semantic matching"
},
"collection_id": {
"type": "string",
"description": "Knowledge base collection identifier"
}
}
}
核心优势:
- 语义理解:能理解用户查询的意图,不仅仅是关键词匹配
- 模糊匹配:即使关键词不完全匹配也能找到相关内容
- 上下文感知:结合会话历史提高搜索结果相关性
Search Tools 性能对比:
| 类型 | 响应速度 | 准确性 | 实时性 | 适用场景 |
|------|-----|------|-----|-----||
| Web Search | Fast (0.5-1s) | Medium (~70%) | High | 通用搜索 |
| Semantic Search | Medium (1-2s) | High (~85%) | Low-Medium | 内部知识库 |
| Hybrid Search | Medium (1-3s) | Very High (~90%) | Varies | 混合需求 |
Calculator Tools:数值计算与数据处理
Code Execution Tools(代码执行)
# Python code execution for complex calculations
def execute_code_calculation(expression):
"""
Safely evaluate mathematical expressions with code execution
"""
# Security checks before execution
if contains_injection_patterns(expression):
raise SecurityError("Potential injection detected")
safe_globals = {
'__builtins__': None,
'math': math,
'numpy': numpy # Limited subset
}
try:
result = eval(expression, safe_globals, {})
return {"result": float(result), "status": "success"}
except Exception as e:
return {"error": str(e), "status": "failed"}
安全考虑:
- 沙箱隔离:代码在受限环境中执行,无法访问系统资源
- 功能限制:只暴露必要的库和函数
- 超时控制:防止无限循环或耗计算
Symbolic Math Tools(符号数学)
from sympy import symbols, solve, diff, integrate
class SymbolicMathEngine:
def __init__(self):
self.symbols_dict = {}
def define_variable(self, name: str) -> symbols.Symbol:
"""
Define a symbolic variable for algebraic operations
"""
if name not in self.symbols_dict:
sym = symbols(name)
self.symbols_dict[name] = sym
return self.symbols_dict[name]
def solve_equation(self, equation: str) -> list:
"""
Solve algebraic equations symbolically
"""
x = self.define_variable("x")
parsed_eq = sympify(equation)
solutions = solve(parsed_eq, x)
return [str(s) for s in solutions]
适用场景:
- 代数方程求解
- 微积分运算(求导、积分)
- 符号化简与变换
Custom APIs:RESTful / GraphQL 集成模式
RESTful API Integration Pattern
import requests
from typing import Optional, Dict
class RestfulAPIClient:
"""
Standard RESTful API integration for custom tools
"""
def __init__(self, base_url: str, api_key: str = None):
self.base_url = base_url.rstrip("/")
self.headers = {
"Authorization": f"Bearer {api_key}" if api_key else "",
"Content-Type": "application/json"
}
def execute_tool_request(self, tool_name: str, params: Dict) -> dict:
"""
Map tool calls to HTTP requests
"""
# Route mapping: tool name → HTTP method + endpoint
route_mapping = {
"get_user_profile": {"method": "GET", "endpoint": "/users/{user_id}"},
"update_order_status": {"method": "PUT", "endpoint": "/orders/{order_id}/status"},
"create_customer_record": {"method": "POST", "endpoint": "/customers"}
}
route = route_mapping.get(tool_name)
if not route:
raise ValueError(f"Unknown tool: {tool_name}")
# Construct HTTP request
endpoint = self.base_url + route["endpoint"]
method = getattr(requests, route["method"].lower())
# Prepare request parameters
if route["method"].upper() == "GET":
response = method(endpoint, params=params, headers=self.headers)
else:
response = method(endpoint, json=params, headers=self.headers)
# Handle HTTP errors
response.raise_for_status()
return response.json()
GraphQL Integration Pattern
import graphene
from graphql import build_schema, execute
class GraphQLAPIClient:
"""
GraphQL-based API integration for flexible data queries
"""
def __init__(self, schema_string: str, endpoint_url: str):
self.schema = build_schema(schema_string)
self.endpoint = endpoint_url + "/graphql"
def execute_query(self, query_string: str, variables: dict) -> dict:
"""
Execute GraphQL queries dynamically
"""
# Validate and execute query
try:
result = execute(
self.schema,
query=query_string,
variable_values=variables
)
if result.errors:
return {"error": str(result.errors[0])}
return {
"data": result.data,
"status": "success"
}
except Exception as e:
return {"error": str(e), "status": "failed"}
def generate_tool_query(self, tool_name: str, params: dict) -> tuple:
"""
Generate GraphQL query string from tool call
"""
query_templates = {
"fetch_user_orders": "query {{ userOrders(userId: \${user_id}) { id items total } }}",
"search_products": "query {{ searchProducts(query: \"\${query}\", category: \"\${category}\") { name price availability }}"
}
template = query_templates.get(tool_name)
if not template:
raise ValueError(f"Unknown tool: {tool_name}")
# Inject parameters
query_string = template.format(**params)
return query_string, params
RESTful vs GraphQL 对比:
| 维度 | RESTful API | GraphQL |
|------|-- --------|-------||
| 数据获取灵活性 | Fixed endpoints | Flexible queries |
| 请求次数优化 | Multiple requests needed | Single request possible |
| 版本管理 | URL versioning | Schema evolution |
| 学习曲线 | 简单直接 | 需要理解查询语言 |
| 实时性 | 快速响应 | 略慢(复杂查询) |
File System Access:安全约束下的文件操作
import os
from pathlib import Path
class SafeFileManager:
"""
Restricted file system access with security constraints
"""
ALLOWED_OPERATIONS = ["read", "write_text", "append"]
BASE_DIRECTORY = "/safe_workspace"
MAX_FILE_SIZE = 10 * 1024 * 1024 # 10MB limit
def __init__(self, operation: str, file_path: str):
self.operation = operation
self.file_path = Path(file_path).resolve()
self._validate_path()
def _validate_path(self):
"""
Ensure file path is within allowed directory (prevent path traversal)
"""
base = Path(self.BASE_DIRECTORY).resolve()
if not str(self.file_path).startswith(str(base)):
raise SecurityError(f"Access denied: {self.file_path} outside allowed area")
if not self.operation in self.ALLOWED_OPERATIONS:
raise PermissionError(f"Operation '{self.operation}' not permitted")
def read(self) -> str:
"""
Read file content with size limit check
"""
if not self.file_path.exists():
raise FileNotFoundError(f"File not found: {self.file_path}")
if self.file_path.stat().st_size > self.MAX_FILE_SIZE:
raise ValueError("File too large")
with open(self.file_path, 'r', encoding='utf-8') as f:
return f.read()
def write_text(self, content: str):
"""
Write text to file (creates parent directories if needed)
"""
self._ensure_directory_exists()
with open(self.file_path, 'w', encoding='utf-8') as f:
f.write(content[:50000]) # Limit content size
def append(self, content: str):
"""
Append text to existing file
"""
self._ensure_directory_exists()
with open(self.file_path, 'a', encoding='utf-8') as f:
f.write(content)
安全约束要点:
- 路径隔离:防止目录遍历攻击
- 大小限制:避免磁盘耗尽攻击
- 操作白名单:只允许必要的文件操作类型
- 编码检查:确保 UTF-8 编码,防止乱码注入
5.3 Security Considerations
权限控制机制设计
Role-based Access Control (RBAC) for Tools
from enum import Enum
from typing import Set
class UserRole(Enum):
GUEST = "guest"
USER = "user"
ADMIN = "admin"
SERVICE_ACCOUNT = "service"
class ToolPermission:
def __init__(self, role: UserRole):
self.role = role
self.accessible_tools = self._get_accessible_tools()
def _get_accessible_tools(self) -> Set[str]:
"""
Define which tools each user role can access
"""
permission_matrix = {
UserRole.GUEST: {"search_web", "get_weather", "basic_help"},
UserRole.USER: {"search_web", "get_weather", "basic_help",
"analyze_data", "generate_reports", "file_operations"},
UserRole.ADMIN: {"user_management", "system_config", "audit_logs",
"backup_restore", "all_user_tools"},
UserRole.SERVICE_ACCOUNT: {"automated_tasks", "scheduled_reports",
"data_pipeline_operations"}
}
return permission_matrix[self.role]
def can_access_tool(self, tool_name: str) -> bool:
"""
Check if user has permission to access a specific tool
"""
# Handle wildcard permission
if "all_user_tools" in self.accessible_tools:
return True
return tool_name in self.accessible_tools
Permission Escalation Handling(权限提升处理)
class PermissionEscalator:
def __init__(self):
self.escalation_triggers = {
"execute_sensitive_operation": ["admin_approval_required", "audit_logging_enabled"],
"bulk_data_export": ["temporary_elevated_privileges", "time_limited_access"],
"system_configuration": ["multi_factor_authentication", "written_approval"]
}
def handle_escalation_request(self, user_id: str, target_permission: str):
"""
Manage permission escalation requests with appropriate controls
"""
required_controls = self.escalation_triggers.get(target_permission)
if not required_controls:
return {"status": "denied", "reason": "No escalation path available"}
# Check MFA requirement
if "multi_factor_authentication" in required_controls:
if not self.verify_mfa(user_id):
return {"status": "pending", "action_required": "complete_mfa_auth"}
# Handle approval workflow
if "admin_approval_required" in required_controls:
approval_request = self.create_approval_ticket(
user_id=user_id,
target_permission=target_permission
)
return {"status": "pending_admin_approval", "ticket_id": approval_request["id"]}
# Temporary escalation for automated operations
if "temporary_elevated_privileges" in required_controls:
granted_for_minutes = self.issue_temporary_credentials(
user_id=user_id,
target_permission=target_permission,
duration_minutes=30
)
return {"status": "granted", "expires_in_minutes": granted_for_minutes}
沙箱执行环境设计
Code Execution Sandbox 核心架构
import subprocess
import tempfile
import os
from contextlib import contextmanager
class CodeExecutionSandbox:
"""
Isolated environment for executing LLM-generated code safely
"""
def __init__(self):
self.sandbox_dir = tempfile.mkdtemp(prefix="sandbox_")
self.timeout_seconds = 10
self.memory_limit_mb = 256
self.cpu_quota_percent = 100 # Single core equivalent
@contextmanager
def execute_isolated(self, code: str, language: str = "python"):
"""
Execute code in a fully isolated container with resource limits
"""
script_path = os.path.join(self.sandbox_dir, "execution.py")
# Write code to file
with open(script_path, 'w') as f:
f.write(code)
# Define execution boundaries
process_timeout = self.timeout_seconds
memory_limit_bytes = self.memory_limit_mb * 1024 * 1024
try:
# Execute with resource limits using subprocess
result = subprocess.run(
["python", script_path],
cwd=self.sandbox_dir,
timeout=process_timeout,
capture_output=True,
text=True,
env={**os.environ, "SANDBOX_MODE": "true"},
preexec_fn=self._set_resource_limits # Apply resource constraints
)
return {
"status": "success" if result.returncode == 0 else "failed",
"stdout": result.stdout,
"stderr": result.stderr,
"exit_code": result.returncode,
"execution_time": min(result.returncode, process_timeout)
}
except subprocess.TimeoutExpired:
return {
"status": "timeout",
"error": f"Execution exceeded {process_timeout} seconds limit"
}
finally:
# Cleanup sandbox files
self._cleanup_sandbox()
def _set_resource_limits(self):
"""
Set system resource limits for the subprocess
"""
import resource
# Memory limit in bytes
resource.setrlimit(resource.RLIMIT_AS, (self.memory_limit_bytes, self.memory_limit_bytes))
# CPU time limit (seconds)
resource.setrlimit(resource.RLIMIT_CPU, (self.timeout_seconds, self.timeout_seconds))
def _cleanup_sandbox(self):
"""
Remove sandbox directory and contents after execution
"""
import shutil
if os.path.exists(self.sandbox_dir):
shutil.rmtree(self.sandbox_dir)
Sandbox 安全隔离层级:
┌─────────────────────────────────────┐
│ Code Execution Sandbox │
├─────────────────────────────────────┤
│ │
│ L1: File System Isolation │
│ • Base directory restriction │
│ • No network access │
│ • Limited file operations │
│ │
│ L2: Resource Constraints │
│ • CPU: Single core (100%) │
│ • Memory: 256MB max │
│ • Timeout: 10 seconds │
│ │
│ L3: Environment Sanitization │
│ • Clean environment variables │
│ • Restricted imports │
│ • No system calls │
│ │
│ L4: Runtime Monitoring │
│ • Real-time resource tracking │
│ • Anomaly detection │
│ • Automatic termination on breach │
│ │
└─────────────────────────────────────┘
速率限制与防滥用:Token Bucket Algorithm
Token Bucket Rate Limiter 实现
import time
from collections import defaultdict
from threading import Lock
class TokenBucketRateLimiter:
"""
Rate limiting implementation using token bucket algorithm
Prevents API abuse and manages quota consumption
"""
def __init__(self, max_requests: int, window_seconds: int):
"""
Initialize rate limiter with bucket capacity and refill rate
Args:
max_requests: Maximum requests allowed per time window
window_seconds: Time window duration in seconds
"""
self.max_requests = max_requests
self.window_seconds = window_seconds
self.refill_rate = max_requests / window_seconds
# Per-user tracking
self.user_buckets = defaultdict(lambda: {
"tokens": max_requests,
"last_refill": time.time()
})
self.lock = Lock()
def try_consume(self, user_id: str) -> bool:
"""
Attempt to consume a token for the given user
Returns True if successful, False if rate limit exceeded
"""
with self.lock:
bucket = self.user_buckets[user_id]
now = time.time()
# Refill tokens based on elapsed time
elapsed = now - bucket["last_refill"]
refill_amount = elapsed * self.refill_rate
bucket["tokens"] = min(self.max_requests, bucket["tokens"] + refill_amount)
bucket["last_refill"] = now
# Try to consume one token
if bucket["tokens"] >= 1:
bucket["tokens"] -= 1
return True
else:
return False
def get_remaining_tokens(self, user_id: str) -> int:
"""
Get remaining tokens for a user (for monitoring/feedback)
"""
with self.lock:
bucket = self.user_buckets[user_id]
now = time.time()
# Calculate current token count
elapsed = now - bucket["last_refill"]
current_tokens = min(self.max_requests,
bucket["tokens"] + elapsed * self.refill_rate)
return int(current_tokens)
def get_retry_after(self, user_id: str) -> float:
"""
Calculate how long the user needs to wait before retrying
"""
with self.lock:
bucket = self.user_buckets[user_id]
now = time.time()
# Time until bucket has at least one token
tokens_needed = 1 - bucket["tokens"]
if tokens_needed >= 0:
return 0.0
wait_time = tokens_needed / self.refill_rate
return max(0, wait_time)
防滥用策略:
class AbuseDetectionSystem:
"""
Detect and prevent malicious usage patterns
"""
SUSPICIOUS_PATTERNS = {
"rapid_fire_requests": {"window_seconds": 1, "max_requests": 5},
"unusual_timing": {"description": "Non-human request patterns"},
"parameter_injection_attempts": {"patterns": [";", "|", "$", ",""]},
"recursive_loop_detection": {"max_iterations": 100, "timeout_seconds": 60}
}
def __init__(self):
self.request_history = defaultdict(list)
self.flagged_users = set()
def detect_abuse(self, user_id: str, request_payload: dict) -> dict:
"""
Analyze current request for signs of abuse or malicious intent
"""
issues = []
# Check 1: Rapid fire detection
recent_requests = self.get_recent_requests(user_id, window_seconds=1)
if len(recent_requests) > self.SUSPICIOUS_PATTERNS["rapid_fire_requests"]["max_requests"]:
issues.append({"type": "rapid_fire", "severity": "high"})
# Check 2: Parameter injection attempts
for key, value in request_payload.items():
if isinstance(value, str):
suspicious_chars = self.SUSPICIOUS_PATTERNS["parameter_injection_attempts"]["patterns"]
if any(char in value for char in suspicious_chars):
issues.append({"type": "injection_attempt", "severity": "critical"})
# Check 3: Recursive loops
loop_detection_id = self.get_execution_trace_id(request_payload)
if self.is_looped_execution(loop_detection_id):
issues.append({"type": "recursive_loop", "severity": "high"})
return {
"abuse_detected": len(issues) > 0,
"issues": issues,
"action_required": self.determine_response(issues)
}
def get_recent_requests(self, user_id: str, window_seconds: int = 1):
"""
Retrieve request timestamps within the given time window
"""
now = time.time()
cutoff = now - window_seconds
# Filter recent requests from history
recent = [ts for ts in self.request_history[user_id] if ts > cutoff]
return recent
5.4 错误处理最佳实践
API Rate Limiting Handling(速率限制处理策略)
Exponential Backoff with Jitter 实现
import random
from functools import wraps
import time
def rate_limit_handler(max_retries=3, base_delay=1.0, max_delay=60):
"""
Decorator for handling API rate limiting with exponential backoff and jitter
"""
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
last_error = None
for attempt in range(max_retries + 1):
try:
return func(*args, **kwargs)
except Exception as e:
last_error = e
# Check if error is rate-limit related
if not self.is_rate_limit_error(e):
raise # Not a rate limit error, re-raise immediately
if attempt >= max_retries:
break # Exhausted retries
# Calculate backoff delay with jitter
base_time = base_delay * (2 ** attempt)
jitter = random.uniform(0, base_time * 0.1) # 10% jitter
delay = min(base_time + jitter, max_delay)
# Check Retry-After header if available
retry_after = self.extract_retry_after_header(e)
if retry_after and retry_after > delay:
delay = retry_after
logger.warning(f"Rate limited on attempt {attempt + 1}, retrying in {delay:.2f}s")
time.sleep(delay)
raise last_error # Raise after exhausting retries
return wrapper
return decorator
Circuit Breaker Pattern(断路器模式)
from enum import Enum
import time
class CircuitState(Enum):
CLOSED = "closed" # Normal operation
OPEN = "open" # Failing, stop calling
HALF_OPEN = "half_open" # Testing if service recovered
class CircuitBreaker:
"""
Implements the circuit breaker pattern to handle cascading failures
"""
def __init__(self, failure_threshold=5, recovery_timeout=30):
self.failure_threshold = failure_threshold
self.recovery_timeout = recovery_timeout
self.failures = 0
self.last_failure_time = None
self.state = CircuitState.CLOSED
def record_success(self):
"""
Record a successful operation, reset failure count
"""
self.failures = 0
if self.state == CircuitState.HALF_OPEN:
self.state = CircuitState.CLOSED
logger.info("Circuit closed - service recovered")
def record_failure(self):
"""
Record a failed operation, potentially tripping the circuit
"""
self.failures += 1
self.last_failure_time = time.time()
if self.failures >= self.failure_threshold:
self.state = CircuitState.OPEN
logger.warning(f"Circuit opened after {self.failures} failures")
def can_execute(self) -> bool:
"""
Check if the circuit allows execution of an operation
"""
if self.state == CircuitState.CLOSED:
return True
elif self.state == CircuitState.OPEN:
# Check if enough time has passed to try recovery
elapsed = time.time() - (self.last_failure_time or 0)
if elapsed >= self.recovery_timeout:
self.state = CircuitState.HALF_OPEN
return True
return False
elif self.state == CircuitState.HALF_OPEN:
# Allow one test request
return True
def get_status(self) -> dict:
"""
Return current circuit breaker status for monitoring
"""
return {
"state": self.state.value,
"failure_count": self.failures,
"time_until_half_open": max(0,
self.recovery_timeout - (time.time() - (self.last_failure_time or 0)))
}
Partial Success Scenarios(部分成功处理)
def handle_partial_success(operation_results: list) -> dict:
"""
Handle scenarios where some sub-operations succeed and others fail
"""
success_count = sum(1 for r in operation_results if r.get("status") == "success")
total_count = len(operation_results)
failures = [r for r in operation_results if r.get("status") != "success"]
# Determine overall outcome based on partial success criteria
success_rate = success_count / total_count if total_count > 0 else 0
if success_rate >= 0.8: # Threshold for considering "partial success" acceptable
return {
"overall_status": "partial_success",
"acceptable_outcome": True,
"summary": f"{success_count}/{total_count} operations successful",
"failed_operations": failures
}
elif success_rate >= 0.5:
return {
"overall_status": "partial_success_critical",
"acceptable_outcome": False,
"summary": f"{success_count}/{total_count} operations successful",
"failed_operations": failures,
"requires_manual_review": True
}
else:
return {
"overall_status": "majority_failure",
"acceptable_outcome": False,
"summary": f"{success_count}/{total_count} operations successful",
"failed_operations": failures,
"requires_manual_review": True
}
User Notification Strategies(用户通知策略)
Smart Error Messaging(智能错误消息)
class ErrorMessagingSystem:
"""
Generate user-friendly error messages with appropriate action guidance
"""
ERROR_TEMPLATES = {
"rate_limit_exceeded": {
"user_message": "抱歉,我遇到了一些暂时的限制。请稍后重试或在短时间内减少请求数量。",
"action_required": "Wait and retry",
"support_info": f"Current status: {error_status.get('retry_after', 30)} seconds remaining"
},
"tool_unavailable": {
"user_message": "我暂时无法连接到所需的服务,正在尝试备用方案。如果问题持续,请稍后重试。",
"action_required": "Try fallback mechanism",
"support_info": f"Fallback active: {error_status.get('fallback_available', False)}"
},
"permission_denied": {
"user_message": "抱歉,这个操作需要更高的权限才能执行。请联系管理员或尝试其他功能。",
"action_required": "Contact admin or use alternative",
"support_info": f"Permission required: {error_status.get('required_permission')}",
},
"timeout": {
"user_message": "这个任务需要更长时间处理,我已经为您启动后台处理流程。稍后会收到完成通知。",
"action_required": "Asynchronous execution initiated",
"support_info": f"Task ID for tracking: {error_status.get('async_task_id')}"
}
}
def generate_user_friendly_error(self, error_code: str, context: dict) -> dict:
"""
Generate user-friendly error message with actionable guidance
"""
template = self.ERROR_TEMPLATES.get(error_code)
if not template:
# Generic fallback for unknown errors
template = {
"user_message": "抱歉,操作过程中遇到了问题。请稍后重试或联系支持团队。",
"action_required": "Retry or contact support"
}
# Log detailed error for debugging (not shown to user)
self._log_detailed_error(error_code, context)
return {
"user_message": template["user_message"],
"action_required": template["action_required"],
"support_info": template.get("support_info", "None"),
"error_code": error_code,
"retry_available": self._can_retry_error(error_code)
}
def _can_retry_error(self, error_code: str) -> bool:
"""
Determine if automatic retry is appropriate for this error type
"""
retriable_errors = ["rate_limit_exceeded", "timeout", "temporary_failure"]
return error_code in retriable_errors
Progress Notification(进度通知)
class ProgressNotificationSystem:
"""
Provide real-time progress updates for long-running operations
"""
def __init__(self, notification_channel="websocket"):
self.notification_channel = notification_channel
self.active_tasks = {}
def start_notification_stream(self, task_id: str, total_steps: int):
"""
Start progress notifications for a long-running task
"""
self.active_tasks[task_id] = {
"total_steps": total_steps,
"current_step": 0,
"status": "running",
"notifications_sent": []
}
# Send initial status update
self.send_progress_update(task_id, 0, total_steps)
def send_step_notification(self, task_id: str, step_description: str, is_error: bool = False):
"""
Send notification for each processing step
"""
if task_id not in self.active_tasks:
return # Task doesn't exist
task_info = self.active_tasks[task_id]
task_info["current_step"] += 1
progress_percent = (task_info["current_step"] / task_info["total_steps"]) * 100
notification = {
"type": "step_complete",
"step_description": step_description,
"progress_percent": progress_percent,
"is_error": is_error,
"task_id": task_id
}
self._send_notification(notification)
def send_progress_update(self, task_id: str, current_step: int, total_steps: int):
"""
Send comprehensive progress update
"""
if task_id not in self.active_tasks:
return
task_info = self.active_tasks[task_id]
task_info["status"] = "running"
update_message = {
"type": "progress_update",
"current_step": current_step,
"total_steps": total_steps,
"progress_percent": (current_step / total_steps) * 100,
"estimated_time_remaining": self.estimate_remaining_time(task_id),
"task_id": task_id
}
self._send_notification(update_message)
📚 参考文献与延伸阅读
- OpenAPI Specification Documentation - Official Reference [openapis.org]
- Security Best Practices for API Integration - OWASP API Security Top 10 [owasp.org]
- Circuit Breaker Pattern Implementation Guide - Martin Fowler’s Blog [martinfowler.com]
- Rate Limiting Strategies for Microservices - Cloud Native Computing Foundation [CNCF]
- Sandboxing and Security in Language Models - MIT Technology Review (2023) [MIT Tech Review]
AtomGit 是由开放原子开源基金会联合 CSDN 等生态伙伴共同推出的新一代开源与人工智能协作平台。平台坚持“开放、中立、公益”的理念,把代码托管、模型共享、数据集托管、智能体开发体验和算力服务整合在一起,为开发者提供从开发、训练到部署的一站式体验。
更多推荐
8
0- 0
已为社区贡献10条内容
所有评论(0)