Skip to content

feat: add script safety guard#149

Open
ha0924 wants to merge 4 commits into
trpc-group:mainfrom
ha0924:feature/Script_Safety_Guard
Open

feat: add script safety guard#149
ha0924 wants to merge 4 commits into
trpc-group:mainfrom
ha0924:feature/Script_Safety_Guard

Conversation

@ha0924

@ha0924 ha0924 commented Jul 9, 2026

Copy link
Copy Markdown

概述

新增 Script Safety Guard 模块,对 LLM 生成的 Python/Bash 脚本在执行前进行静态安全分析,输出三级决策(ALLOW/WARN/DENY)。
Closes #90

实现说明

接入方式

两种模式可选:

# 方式一:Filter 模式(在 tool 执行前拦截)
from trpc_agent_sdk.tools.safety import ScriptSafetyFilter
filter = ScriptSafetyFilter()

# 方式二:Wrapper 模式(包装代码执行器)
from trpc_agent_sdk.tools.safety import SafeCodeExecutor
executor = SafeCodeExecutor(inner_executor)

静态扫描机制

  • Python:基于 AST 解析,提取 import、函数调用、属性访问等节点进行模式匹配
  • Bash:逐行正则扫描命令名、参数、管道、重定向等特征

不执行代码,纯静态分析。

规则扩展

继承 BaseRule,实现 check() 方法,通过 @RuleRegistry.register 装饰器自动注册:

from trpc_agent_sdk.tools.safety.rules._base import BaseRule, RuleRegistry

@RuleRegistry.register
class MyCustomRule(BaseRule):
    rule_id = "CUSTOM_001"
    def check(self, context: ScanContext) -> list[Finding]:
        ...

策略文件配置

默认零配置即可使用。如需自定义,创建 YAML 文件并通过环境变量指定:

export TOOL_SAFETY_POLICY_PATH=./tool_safety_policy.yaml

策略文件支持配置网络白名单、文件路径白名单、禁止进程列表、资源限制阈值等,示例见 examples/safety/tool_safety_policy.yaml

文档与复现提示词

文件 说明
docs/mkdocs/zh/script_safety_guard.md 中文使用文档
docs/mkdocs/en/script_safety_guard.md 英文使用文档
trpc_agent_sdk/tools/safety/script_safety_guard_reproduction_prompt.md 实现复现提示词(可交给 AI 从零复现整个模块)

影响范围

纯新增模块,无 breaking change,不影响现有代码。

ha0924 added 2 commits July 9, 2026 15:57
新增 Script Safety Guard 模块,对 LLM 生成的 Python/Bash 脚本在执行前
进行静态安全分析,提供三级决策机制(ALLOW/WARN/DENY)。

主要内容:
- 核心引擎 ScriptSafetyGuard,10 步扫描管道
- 数据模型:Decision, Finding, SafetyCheckInput/Result, ScanContext
- 策略系统:YAML 配置 + 环境变量覆盖 + 自动发现 + 合理默认值
- 语言扫描器:Python AST 解析器 + Bash 行扫描器
- 6 类内置规则:网络访问、文件操作、进程执行、密钥泄露、资源限制、依赖安全
- 2 种框架适配器:ScriptSafetyFilter(过滤器)、SafeCodeExecutor(包装器)
- OpenTelemetry 指标埋点
- 结构化 JSON 审计日志(原子写入)
- 单元测试 + 集成测试
- 中英文文档
- 示例策略与样本脚本
- 实现复现提示词文档
新增 Script Safety Guard 模块,对 LLM 生成的 Python/Bash 脚本在执行前
进行静态安全分析,提供三级决策机制(ALLOW/WARN/DENY)。

主要内容:
- 核心引擎 ScriptSafetyGuard,10 步扫描管道
- 数据模型:Decision, Finding, SafetyCheckInput/Result, ScanContext
- 策略系统:YAML 配置 + 环境变量覆盖 + 自动发现 + 合理默认值
- 语言扫描器:Python AST 解析器 + Bash 行扫描器
- 6 类内置规则:网络访问、文件操作、进程执行、密钥泄露、资源限制、依赖安全
- 2 种框架适配器:ScriptSafetyFilter(过滤器)、SafeCodeExecutor(包装器)
- OpenTelemetry 指标埋点
- 结构化 JSON 审计日志(原子写入)
- 单元测试 + 集成测试
- 中英文文档
- 示例策略与样本脚本
- 实现复现提示词文档
@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown

CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅

@codecov

codecov Bot commented Jul 9, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 97.02970% with 39 lines in your changes missing coverage. Please review.
⚠️ Please upload report for BASE (main@73655ab). Learn more about missing BASE report.

Files with missing lines Patch % Lines
trpc_agent_sdk/tools/safety/guard.py 93.98496% 8 Missing ⚠️
trpc_agent_sdk/tools/safety/_metrics.py 81.25000% 6 Missing ⚠️
...agent_sdk/tools/safety/adapters/wrapper_adapter.py 92.00000% 6 Missing ⚠️
trpc_agent_sdk/tools/safety/policy.py 94.59459% 6 Missing ⚠️
..._agent_sdk/tools/safety/adapters/filter_adapter.py 94.04762% 5 Missing ⚠️
trpc_agent_sdk/tools/safety/rules/resource.py 96.59091% 3 Missing ⚠️
trpc_agent_sdk/tools/safety/rules/file_ops.py 97.93814% 2 Missing ⚠️
trpc_agent_sdk/tools/safety/rules/network.py 98.09524% 2 Missing ⚠️
trpc_agent_sdk/tools/safety/models.py 98.78049% 1 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##             main        #149   +/-   ##
==========================================
  Coverage        ?   87.79422%           
==========================================
  Files           ?         486           
  Lines           ?       45331           
  Branches        ?           0           
==========================================
  Hits            ?       39798           
  Misses          ?        5533           
  Partials        ?           0           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

- 对 safety 模块及测试共 28 个 Python 文件执行 yapf 格式化
- 新增 5 个测试文件,共 334 个测试用例:
  - test_guard_extended.py:报告写入、审计JSONL、OTel span、证据脱敏
  - test_rules_network.py:域名白名单、URL解析、bash/python分支
  - test_rules_secrets.py:token模式、占位符检测、变量名匹配
  - test_rules_process.py:命令提取、shell=True/False、eval/exec
  - test_rules_file_ops_resource_dep.py:FS/RES/DEP规则
- safety 模块覆盖率从 39.65% 提升至 97%
@ha0924

ha0924 commented Jul 9, 2026

Copy link
Copy Markdown
Author

I have read the CLA Document and I hereby sign the CLA

Rook1ex added a commit to trpc-group/cla-database that referenced this pull request Jul 9, 2026
@ha0924 ha0924 changed the title Feature/script safety guard feat: add script safety guard Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

构建 Tool 执行脚本安全扫描、Filter 拦截与监控机制

1 participant