Skip to content

docs: add security warnings to http_request and file_editor vended tools#2391

Open
zastrowm wants to merge 2 commits into
strands-agents:mainfrom
zastrowm:tool-doc-updates
Open

docs: add security warnings to http_request and file_editor vended tools#2391
zastrowm wants to merge 2 commits into
strands-agents:mainfrom
zastrowm:tool-doc-updates

Conversation

@zastrowm
Copy link
Copy Markdown
Member

@zastrowm zastrowm commented May 29, 2026

Motivation

The Bash vended tool includes an explicit security warning in both its README and the vended-tools documentation page, but the http_request and file_editor tools lack equivalent guidance despite also crossing important security boundaries (arbitrary network access and arbitrary filesystem writes, respectively). This adds comparable warnings so users understand the risks when exposing these tools to agents.

Public API Changes

No public API changes. Documentation only.

@github-actions github-actions Bot added size/s and removed size/s labels May 29, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 29, 2026
edited
Loading

Documentation Preview Ready

Your documentation preview has been successfully deployed!

Preview URL: https://d3ehv1nix5p99z.cloudfront.net/pr-cms-2391/docs/user-guide/quickstart/overview/

Updated at: 2026-05-29T23:24:03.347Z

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 29, 2026

Assessment: Approve

Clean documentation-only PR that adds important security guidance to the http_request and file_editor vended tools, bringing them in line with the existing bash tool warnings. The warnings are consistent in structure and tone across all three locations (READMEs and the MDX docs page), and the changes are minimal and well-focused. No issues found.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 29, 2026

Assessment: Approve

Clean, well-structured documentation addition. The security warnings are consistent with the existing bash tool pattern, factually accurate, and appropriately scoped for each tool's risk profile. No issues found.

zastrowm added 2 commits May 29, 2026 19:13
@zastrowm
docs: add security warnings to http_request and file_editor vended tools
94a54af 
The Bash vended tool has an explicit security warning, but the
http_request and file_editor tools were missing equivalent guidance
despite also crossing important security boundaries. Add comparable
warnings to their READMEs and the vended-tools documentation page.
@zastrowm
docs: simplify security warnings to recommend sandboxing only
e4a37fa 
Remove references to allowlists, URL filtering, and path restrictions
since the SDK does not provide those capabilities. Keep the guidance
focused on sandboxing (containers, VMs) as the mitigation path.
@zastrowm zastrowm enabled auto-merge (squash) May 29, 2026 23:16
@zastrowm zastrowm force-pushed the tool-doc-updates branch from 1df2ecc to e4a37fa Compare May 29, 2026 23:18
@github-actions github-actions Bot added size/s and removed size/s labels May 29, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 29, 2026

Assessment: Approve

Well-scoped documentation PR that adds security warnings to http_request and file_editor vended tools, establishing parity with the existing bash tool warnings. The warnings are accurate, consistently structured across all locations (MDX page + READMEs), and appropriately omit the notebook tool which doesn't cross security boundaries. No issues found.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@zastrowm