prototype_chameleon

The server uses `exec()` to dynamically run code from the database, which is an inherent high-risk operation allowing arbitrary code execution. This risk is extensively mitigated by: AST-based validation for Python code to block dangerous imports/functions (e.g., `subprocess`, `eval`, `os.system`); `sqlglot` AST parsing for mathematically verified read-only SQL queries and single-statement validation; SHA-256 hash integrity checks for all code; and a database-driven, configurable security policy system. Advanced data tools (e.g., `general_merge_tool` for upserts, `execute_ddl_tool` for schema changes) are provided but include robust input validation, require explicit confirmation for DDL, and leverage SQLAlchemy's secure parameter binding. The project's documentation transparently acknowledges these security implications and strongly advises additional OS-level sandboxing (e.g., Docker, VMs) for production environments with untrusted code. Hardcoded API keys are avoided, relying on environment variables or configuration files.