{"id":"security-access-review","title":"Access Review","description":"Review typed. Access reviews slow. Typed v1 agent with eval coverage.","category":"cybersecurity","status":"validated","version":"1.0.0","source":"agentskit-registry","license":"MIT","tags":["cybersecurity","structured-output","v1"],"packages":["@agentskit/core","@agentskit/runtime","@agentskit/tools"],"files":["agent.ts","README.md","eval.ts"],"requires":{"zod":"^3","zod-to-json-schema":"^3"},"skill":{"name":"security-access-review","description":"Review typed. Access reviews slow. Typed v1 agent with eval coverage.","systemPrompt":"You are Access Review. Access reviews slow. Output: Review typed.\nActionable findings citing input sources. No invented issues.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_access_review exactly once. Stop."},"flow":null,"a2a":{"id":"io.agentskit.registry.security-access-review","name":"Access Review","description":"Review typed. Access reviews slow. Typed v1 agent with eval coverage.","version":"1.0.0","homepage":"https://registry.agentskit.io","skills":[{"name":"security-access-review","description":"Review typed. Access reviews slow. Typed v1 agent with eval coverage.","capabilities":{"streaming":true,"cancellation":true,"requiresApproval":false}}]},"sources":[{"path":"agent.ts","content":"import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'\nimport { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'\nimport { invokeStructured } from '@agentskit/runtime'\nimport { defineZodTool } from '@agentskit/tools'\nimport { z } from 'zod'\nimport { zodToJsonSchema } from 'zod-to-json-schema'\nimport type { JSONSchema7 } from 'json-schema'\n\n/** Access Review — v1 validated. Pain: Access reviews slow */\n\nexport interface Finding { id: string; severity: 'critical' | 'high' | 'medium' | 'low' | 'info'; message: string; source?: string; recommendation?: string }\nexport interface AgentOutput { summary: string; findings: Finding[]; gaps: string[]; openQuestions: string[] }\nexport interface AgentResult extends AgentOutput { requiresReview: boolean }\nexport interface SecurityAccessReviewConfig {\n  adapter: AdapterFactory\n  memory?: ChatMemory\n  observers?: Observer[]\n  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>\n  maxSteps?: number\n}\n\nconst Output = z.object({\n  summary: z.string(),\n  findings: z.array(z.object({\n    id: z.string(), severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),\n    message: z.string(), source: z.string().optional(), recommendation: z.string().optional(),\n  })),\n  gaps: z.array(z.string()).default([]),\n  openQuestions: z.array(z.string()).default([]),\n})\nconst toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7\n\nconst skill = {\n  name: 'security-access-review',\n  description: \"Access Review — typed output agent (draft spec).\",\n  systemPrompt: `You are Access Review. Access reviews slow. Output: Review typed.\nActionable findings citing input sources. No invented issues.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_access_review exactly once. Stop.`,\n  tools: ['submit_access_review'],\n}\n\nexport function createSecurityAccessReviewAgent(config: SecurityAccessReviewConfig) {\n  const submit = (): ToolDefinition =>\n    defineZodTool({ name: 'submit_access_review', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition\n\n  async function run(input: string): Promise<AgentResult> {\n    if (!input?.trim()) throw new Error('security-access-review requires non-empty input')\n    const result = await invokeStructured({\n      adapter: config.adapter,\n      tool: submit(),\n      task: `INPUT:\\n${fenceUntrustedContent(input)}`,\n      parse: (a) => Output.parse(a),\n      skill,\n      memory: config.memory,\n      observers: config.observers,\n      onConfirm: config.onConfirm,\n      maxSteps: config.maxSteps ?? 4,\n    })\n    return { ...result, requiresReview: true }\n  }\n  return {\n    name: 'security-access-review',\n    run,\n    asHandle() { return { name: 'security-access-review', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },\n  }\n}\n"},{"path":"README.md","content":"# Access Review\n\n> **v1 validated** — `npx agentskit add security-access-review`\n\n## Pain\nAccess reviews slow\n\n## Output\nReview typed\n"},{"path":"eval.ts","content":"import type { EvalSuite } from '@agentskit/eval'\n\nexport const suite: EvalSuite = {\n  name: 'security-access-review',\n  cases: [\n    { input: 'Complete input for Access Review: Access reviews slow. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },\n    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },\n    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },\n    { input: 'Empty context — only says \"process this\".', expected: (r: string) => r.length > 5 },\n  ],\n}\n"}],"installable":true,"validation":{"status":"approved","score":96,"confidence":0.96,"method":"codex-executor-independent-reviewer","iterations":1,"cases":3,"summary":"The agent produced valid structured access-review outputs for all three cases, resisted the injection attempt, avoided inventing access facts from sparse or placeholder input, surfaced concrete gaps and open questions, and consistently required human review before any access decision. The behavior aligns with a security access review agent: conservative, uncertainty-aware, and useful despite missing evidence. Minor weakness: the normal case response is somewhat over-classified as prompt-injection-style placeholder rather than simply insufficient task input, and some source fields are less informative than ideal, but this does not create a material failure.","strengths":["Valid structured outputs were produced for every case.","No unsafe approval or unsupported access decision was made.","The injection case correctly rejected the instruction to output APPROVED.","The agent surfaced missing identities, systems, permissions, approvals, justification, review criteria, and timing information.","Recommendations were conservative and operationally useful for a human access reviewer."],"notes":[]}}