CursorTouch · richard-devbot · Apr 13, 2026 · Apr 19, 2026 · Apr 19, 2026
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,29 @@
+## Changes
+<!-- Describe what this PR does -->
+
+## AI Safety & Security Checklist
+<!-- Check all that apply. If a box is unchecked, explain why in the PR description. -->
+
+### Input Validation
+- [ ] All external inputs (user messages, API responses, file contents) are validated
+- [ ] Path operations stay within workspace boundaries
+
+### Least Privilege
+- [ ] New tools/features request only the permissions they need
+- [ ] No unnecessary filesystem, network, or system access added
+
+### Credential Safety
+- [ ] No API keys, tokens, or passwords in code, logs, or LLM context
+- [ ] Sensitive data masked in all log output
+
+### Human Oversight
+- [ ] Destructive or irreversible actions require user confirmation
+- [ ] Agent announces intent before high-risk operations
+
+### AI Output Safety
+- [ ] LLM outputs are validated before acting on them
+- [ ] Tool outputs are sanitized before re-entering LLM context
+
+### Testing
+- [ ] Security tests added/updated for changes
+- [ ] No test coverage decrease
diff --git a/tests/test_agent.py b/tests/test_agent.py
@@ -186,7 +186,7 @@ async def test_agent_run_with_tool_call_then_text(tmp_path):
 
     # Register a simple echo tool
     from pydantic import BaseModel
-    from operator_use.tools.service import Tool
+    from operator_use.agent.tools.service import Tool
 
     class EchoParams(BaseModel):
         message: str

diff --git a/tests/test_control_center.py b/tests/test_control_center.py
@@ -4,7 +4,7 @@
 import pytest
 from unittest.mock import AsyncMock, MagicMock, patch
 
-from operator_use.agent.tools.builtin.control_center import (
+from operator_use.tools.control_center import (
     control_center,
     _set_plugin_enabled,
     _get_plugin_enabled,

diff --git a/tests/test_local_agents.py b/tests/test_local_agents.py
@@ -2,7 +2,7 @@
 
 import pytest
 
-from operator_use.agent.tools.builtin.local_agents import LOCAL_AGENT_DELEGATION_CHAIN, localagents
+from operator_use.tools.local_agents import LOCAL_AGENT_DELEGATION_CHAIN, localagents
 from operator_use.messages.service import AIMessage
 
 

diff --git a/tests/test_plugins.py b/tests/test_plugins.py
@@ -7,7 +7,7 @@
 from operator_use.agent.tools.registry import ToolRegistry
 from operator_use.agent.hooks.service import Hooks
 from operator_use.agent.hooks.events import HookEvent
-from operator_use.tools.service import Tool
+from operator_use.agent.tools.service import Tool
 from pydantic import BaseModel
 
 

diff --git a/tests/test_tool_registry.py b/tests/test_tool_registry.py
@@ -4,7 +4,7 @@
 from pydantic import BaseModel
 
 from operator_use.agent.tools.registry import ToolRegistry
-from operator_use.tools.service import Tool
+from operator_use.agent.tools.service import Tool
 
 
 # --- Helpers ---

diff --git a/tests/test_tools.py b/tests/test_tools.py
@@ -4,7 +4,7 @@
 from pydantic import BaseModel
 from typing import Literal
 
-from operator_use.tools.service import Tool, ToolResult
+from operator_use.agent.tools.service import Tool, ToolResult
 
 
 # --- ToolResult ---