[Feature] Add deterministic Guardrail to sandbox_tool_adapter

[uchibeke]

Problem Description

AgentScope Runtime's sandboxing strategy isolates tool execution (good for containment) but doesn't address authorization (what the agent is allowed to do). A sandboxed malicious tool call still exfiltrates data.

Proposed Solution

The framework needs deterministic pre-action authorization - checking the tool call against policy BEFORE it enters the sandbox. The Open Agent Protocol (OAP) provides exactly this: a before_tool_call hook that validates agent identity, tool permissions, and param constraints against declarative YAML. Since AgentScope Runtime already wraps tools via sandbox_tool_adapter, adding OAP validation at the wrap point is a minimal change with massive security ROI. DOI: 10.5281/zenodo.18901596

Re: https://www.npmjs.com/package/@aporthq/aport-agent-guardrails

Affected Component(s)

• Engine
• Sandbox
• Common
• Tools
• Documentation
• Other: ___________

Alternatives Considered

Considered input/output guardrails but that is not deterministic and Guardrails in the LLM level can be bypassed.

Additional Context

Audit Trail of All tools calls