feat: add script safety guard#149
Open
ha0924 wants to merge 4 commits into
Open
Conversation
新增 Script Safety Guard 模块,对 LLM 生成的 Python/Bash 脚本在执行前 进行静态安全分析,提供三级决策机制(ALLOW/WARN/DENY)。 主要内容: - 核心引擎 ScriptSafetyGuard,10 步扫描管道 - 数据模型:Decision, Finding, SafetyCheckInput/Result, ScanContext - 策略系统:YAML 配置 + 环境变量覆盖 + 自动发现 + 合理默认值 - 语言扫描器:Python AST 解析器 + Bash 行扫描器 - 6 类内置规则:网络访问、文件操作、进程执行、密钥泄露、资源限制、依赖安全 - 2 种框架适配器:ScriptSafetyFilter(过滤器)、SafeCodeExecutor(包装器) - OpenTelemetry 指标埋点 - 结构化 JSON 审计日志(原子写入) - 单元测试 + 集成测试 - 中英文文档 - 示例策略与样本脚本 - 实现复现提示词文档
新增 Script Safety Guard 模块,对 LLM 生成的 Python/Bash 脚本在执行前 进行静态安全分析,提供三级决策机制(ALLOW/WARN/DENY)。 主要内容: - 核心引擎 ScriptSafetyGuard,10 步扫描管道 - 数据模型:Decision, Finding, SafetyCheckInput/Result, ScanContext - 策略系统:YAML 配置 + 环境变量覆盖 + 自动发现 + 合理默认值 - 语言扫描器:Python AST 解析器 + Bash 行扫描器 - 6 类内置规则:网络访问、文件操作、进程执行、密钥泄露、资源限制、依赖安全 - 2 种框架适配器:ScriptSafetyFilter(过滤器)、SafeCodeExecutor(包装器) - OpenTelemetry 指标埋点 - 结构化 JSON 审计日志(原子写入) - 单元测试 + 集成测试 - 中英文文档 - 示例策略与样本脚本 - 实现复现提示词文档
|
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #149 +/- ##
==========================================
Coverage ? 87.79422%
==========================================
Files ? 486
Lines ? 45331
Branches ? 0
==========================================
Hits ? 39798
Misses ? 5533
Partials ? 0 ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
- 对 safety 模块及测试共 28 个 Python 文件执行 yapf 格式化 - 新增 5 个测试文件,共 334 个测试用例: - test_guard_extended.py:报告写入、审计JSONL、OTel span、证据脱敏 - test_rules_network.py:域名白名单、URL解析、bash/python分支 - test_rules_secrets.py:token模式、占位符检测、变量名匹配 - test_rules_process.py:命令提取、shell=True/False、eval/exec - test_rules_file_ops_resource_dep.py:FS/RES/DEP规则 - safety 模块覆盖率从 39.65% 提升至 97%
Author
|
I have read the CLA Document and I hereby sign the CLA |
Rook1ex
added a commit
to trpc-group/cla-database
that referenced
this pull request
Jul 9, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概述
新增 Script Safety Guard 模块,对 LLM 生成的 Python/Bash 脚本在执行前进行静态安全分析,输出三级决策(ALLOW/WARN/DENY)。
Closes #90
实现说明
接入方式
两种模式可选:
静态扫描机制
import、函数调用、属性访问等节点进行模式匹配不执行代码,纯静态分析。
规则扩展
继承
BaseRule,实现check()方法,通过@RuleRegistry.register装饰器自动注册:策略文件配置
默认零配置即可使用。如需自定义,创建 YAML 文件并通过环境变量指定:
export TOOL_SAFETY_POLICY_PATH=./tool_safety_policy.yaml策略文件支持配置网络白名单、文件路径白名单、禁止进程列表、资源限制阈值等,示例见
examples/safety/tool_safety_policy.yaml。文档与复现提示词
docs/mkdocs/zh/script_safety_guard.mddocs/mkdocs/en/script_safety_guard.mdtrpc_agent_sdk/tools/safety/script_safety_guard_reproduction_prompt.md影响范围
纯新增模块,无 breaking change,不影响现有代码。