@det-acp/core 0.2.1 → 0.3.0

package/examples/coding-agent.policy.yaml

@@ -16,6 +16,30 @@ capabilities:
       paths:
         - "./src/**"
         - "./tests/**"
+  - tool: "file:delete"
+    scope:
+      paths:
+        - "./src/**"
+        - "./tests/**"
+  - tool: "file:move"
+    scope:
+      paths:
+        - "./src/**"
+        - "./tests/**"
+  - tool: "file:copy"
+    scope:
+      paths:
+        - "./src/**"
+        - "./tests/**"
+  - tool: "directory:list"
+    scope:
+      paths:
+        - "./**"
+  - tool: "directory:create"
+    scope:
+      paths:
+        - "./src/**"
+        - "./tests/**"
   - tool: "command:run"
     scope:
       binaries:
@@ -33,6 +57,14 @@ capabilities:
   - tool: "git:apply"
     scope:
       repos: ["."]
+  - tool: "git:status"
+    scope:
+      repos: ["."]
+  - tool: "git:commit"
+    scope:
+      repos: ["."]
+  - tool: "env:read"
+    scope: {}
 
 limits:
   max_runtime_ms: 1800000    # 30 minutes
@@ -41,6 +73,18 @@ limits:
   max_cost_usd: 5.0
 
 gates:
+  - action: "file:delete"
+    approval: "human"
+    risk_level: "high"
+
+  - action: "file:move"
+    approval: "auto"
+    risk_level: "medium"
+
+  - action: "git:commit"
+    approval: "auto"
+    risk_level: "medium"
+
   - action: "command:run"
     approval: "human"
     risk_level: "high"

package/examples/data-analyst.policy.yaml

@@ -0,0 +1,160 @@
+# Data Analyst Agent Policy
+# Constrains a data analysis agent operating on datasets, generating reports,
+# and querying external APIs — while preventing data exfiltration and
+# unauthorized modifications to source data.
+
+version: "1.0"
+name: "data-analyst"
+description: "Policy for a data analysis agent that reads datasets, runs analysis scripts, generates reports, and queries external data APIs."
+
+capabilities:
+  - tool: "file:read"
+    scope:
+      paths:
+        - "./data/**"
+        - "./config/**"
+        - "./scripts/**"
+        - "./templates/**"
+
+  - tool: "file:write"
+    scope:
+      paths:
+        - "./output/**"
+        - "./reports/**"
+        - "./tmp/**"
+
+  - tool: "file:copy"
+    scope:
+      paths:
+        - "./data/**"
+        - "./output/**"
+
+  - tool: "file:delete"
+    scope:
+      paths:
+        - "./tmp/**"
+        - "./output/**"
+
+  - tool: "directory:list"
+    scope:
+      paths:
+        - "./data/**"
+        - "./output/**"
+        - "./reports/**"
+        - "./scripts/**"
+
+  - tool: "directory:create"
+    scope:
+      paths:
+        - "./output/**"
+        - "./reports/**"
+        - "./tmp/**"
+
+  - tool: "command:run"
+    scope:
+      binaries:
+        - "python"
+        - "python3"
+        - "pip"
+        - "Rscript"
+        - "node"
+        - "npx"
+        - "cat"
+        - "wc"
+        - "head"
+        - "tail"
+        - "sort"
+
+  - tool: "http:request"
+    scope:
+      domains:
+        - "api.census.gov"
+        - "api.worldbank.org"
+        - "data.gov"
+        - "api.data.yourcompany.com"
+      methods:
+        - "GET"
+
+  - tool: "env:read"
+    scope: {}
+
+  - tool: "archive:extract"
+    scope:
+      paths:
+        - "./data/**"
+        - "./tmp/**"
+
+  - tool: "network:dns"
+    scope:
+      domains:
+        - "api.census.gov"
+        - "api.worldbank.org"
+        - "data.gov"
+
+limits:
+  max_runtime_ms: 3600000       # 60 minutes (analysis can be long)
+  max_output_bytes: 536870912   # 512 MB
+  max_files_changed: 100
+  max_retries: 3
+  max_cost_usd: 10.0
+
+gates:
+  - action: "file:delete"
+    approval: "human"
+    risk_level: "medium"
+
+  - action: "http:request"
+    approval: "auto"
+    risk_level: "low"
+
+  - action: "command:run"
+    approval: "auto"
+    risk_level: "medium"
+    condition: "outside_scope"
+
+evidence:
+  require:
+    - "checksums"
+    - "diffs"
+    - "exit_codes"
+    - "logs"
+  format: "jsonl"
+
+forbidden:
+  - pattern: "**/.env"
+  - pattern: "**/.env.*"
+  - pattern: "**/credentials*"
+  - pattern: "**/secrets*"
+  - pattern: "**/passwords*"
+  - pattern: "curl | sh"
+  - pattern: "wget | sh"
+  - pattern: "rm -rf /"
+  - pattern: "pip install --user"
+  - pattern: "POST"
+  - pattern: "PUT"
+  - pattern: "DELETE"
+
+session:
+  max_actions: 500
+  max_denials: 30
+  rate_limit:
+    max_per_minute: 60
+  escalation:
+    - after_actions: 200
+      require: human_checkin
+    - after_minutes: 30
+      require: human_checkin
+
+remediation:
+  rules:
+    - match: "FileNotFoundError"
+      action: "retry"
+    - match: "MemoryError"
+      action: "abort"
+    - match: "ECONNREFUSED"
+      action: "retry"
+    - match: "disk full"
+      action: "abort"
+    - match: "permission denied"
+      action: "abort"
+  fallback_chain: ["retry", "skip", "abort"]

package/examples/devops-deploy.policy.yaml

@@ -18,6 +18,37 @@ capabilities:
         - "/app/dist/**"
         - "/tmp/deploy-work/**"
 
+  - tool: "file:delete"
+    scope:
+      paths:
+        - "/app/dist/**"
+        - "/tmp/deploy-work/**"
+
+  - tool: "file:copy"
+    scope:
+      paths:
+        - "/app/**"
+        - "/config/**"
+        - "/tmp/deploy-work/**"
+
+  - tool: "file:move"
+    scope:
+      paths:
+        - "/app/dist/**"
+        - "/tmp/deploy-work/**"
+
+  - tool: "directory:list"
+    scope:
+      paths:
+        - "/app/**"
+        - "/config/**"
+
+  - tool: "directory:create"
+    scope:
+      paths:
+        - "/app/dist/**"
+        - "/tmp/deploy-work/**"
+
   - tool: "command:run"
     scope:
       binaries:
@@ -38,6 +69,16 @@ capabilities:
       repos:
         - "/app"
 
+  - tool: "git:status"
+    scope:
+      repos:
+        - "/app"
+
+  - tool: "git:commit"
+    scope:
+      repos:
+        - "/app"
+
   - tool: "http:request"
     scope:
       domains:
@@ -48,6 +89,21 @@ capabilities:
         - "GET"
         - "POST"
 
+  - tool: "env:read"
+    scope: {}
+
+  - tool: "network:dns"
+    scope:
+      domains:
+        - "registry.npmjs.org"
+        - "api.github.com"
+        - "k8s.internal.yourcompany.com"
+
+  - tool: "archive:extract"
+    scope:
+      paths:
+        - "/tmp/deploy-work/**"
+
 limits:
   max_runtime_ms: 600000       # 10 minutes
   max_output_bytes: 1073741824 # 1 GB
@@ -69,6 +125,18 @@ gates:
     approval: "human"
     risk_level: "critical"
 
+  - action: "file:move"
+    approval: "human"
+    risk_level: "high"
+
+  - action: "git:commit"
+    approval: "human"
+    risk_level: "high"
+
+  - action: "archive:extract"
+    approval: "auto"
+    risk_level: "medium"
+
 evidence:
   require:
     - "diffs"

package/examples/infrastructure-manager.policy.yaml

@@ -0,0 +1,209 @@
+# Infrastructure Manager Agent Policy
+# Constrains an infrastructure management agent that handles server
+# configurations, manages deployments, monitors services, and maintains
+# infrastructure-as-code files. Strict human gates on all destructive operations.
+
+version: "1.0"
+name: "infrastructure-manager"
+description: "Policy for an infrastructure management agent that handles configs, deployments, monitoring, and IaC with strict human approval on destructive operations."
+
+capabilities:
+  - tool: "file:read"
+    scope:
+      paths:
+        - "./infrastructure/**"
+        - "./config/**"
+        - "./terraform/**"
+        - "./ansible/**"
+        - "./k8s/**"
+        - "./docker/**"
+        - "./monitoring/**"
+
+  - tool: "file:write"
+    scope:
+      paths:
+        - "./infrastructure/**"
+        - "./config/**"
+        - "./terraform/**"
+        - "./ansible/**"
+        - "./k8s/**"
+        - "./docker/**"
+        - "./monitoring/**"
+        - "./tmp/infra/**"
+
+  - tool: "file:copy"
+    scope:
+      paths:
+        - "./infrastructure/**"
+        - "./config/**"
+        - "./tmp/infra/**"
+
+  - tool: "file:move"
+    scope:
+      paths:
+        - "./infrastructure/**"
+        - "./config/**"
+        - "./tmp/infra/**"
+
+  - tool: "file:delete"
+    scope:
+      paths:
+        - "./tmp/infra/**"
+
+  - tool: "directory:list"
+    scope:
+      paths:
+        - "./**"
+
+  - tool: "directory:create"
+    scope:
+      paths:
+        - "./infrastructure/**"
+        - "./config/**"
+        - "./tmp/infra/**"
+
+  - tool: "command:run"
+    scope:
+      binaries:
+        - "terraform"
+        - "ansible"
+        - "ansible-playbook"
+        - "kubectl"
+        - "docker"
+        - "docker-compose"
+        - "helm"
+        - "git"
+        - "ssh"
+        - "scp"
+        - "curl"
+        - "jq"
+        - "yq"
+        - "cat"
+        - "ls"
+
+  - tool: "git:diff"
+    scope:
+      repos: ["."]
+
+  - tool: "git:status"
+    scope:
+      repos: ["."]
+
+  - tool: "git:commit"
+    scope:
+      repos: ["."]
+
+  - tool: "git:apply"
+    scope:
+      repos: ["."]
+
+  - tool: "http:request"
+    scope:
+      domains:
+        - "api.github.com"
+        - "registry.terraform.io"
+        - "k8s.internal.yourcompany.com"
+        - "monitoring.internal.yourcompany.com"
+        - "vault.internal.yourcompany.com"
+      methods:
+        - "GET"
+        - "POST"
+        - "PUT"
+
+  - tool: "env:read"
+    scope: {}
+
+  - tool: "network:dns"
+    scope:
+      domains:
+        - "api.github.com"
+        - "registry.terraform.io"
+        - "k8s.internal.yourcompany.com"
+
+  - tool: "archive:extract"
+    scope:
+      paths:
+        - "./tmp/infra/**"
+
+limits:
+  max_runtime_ms: 1800000       # 30 minutes
+  max_output_bytes: 536870912   # 512 MB
+  max_files_changed: 100
+  max_retries: 2
+  max_cost_usd: 10.0
+
+gates:
+  - action: "file:delete"
+    approval: "human"
+    risk_level: "critical"
+
+  - action: "file:move"
+    approval: "human"
+    risk_level: "high"
+
+  - action: "git:commit"
+    approval: "human"
+    risk_level: "high"
+
+  - action: "command:run"
+    approval: "human"
+    risk_level: "high"
+    condition: "outside_scope"
+
+  - action: "http:request"
+    approval: "human"
+    risk_level: "high"
+    condition: "POST|PUT"
+
+evidence:
+  require:
+    - "checksums"
+    - "diffs"
+    - "exit_codes"
+    - "logs"
+  format: "jsonl"
+
+forbidden:
+  - pattern: "**/.env"
+  - pattern: "**/.env.*"
+  - pattern: "**/credentials*"
+  - pattern: "**/secrets*"
+  - pattern: "**/private_key*"
+  - pattern: "**/*.pem"
+  - pattern: "**/*.key"
+  - pattern: "rm -rf /"
+  - pattern: "terraform destroy"
+  - pattern: "kubectl delete namespace"
+  - pattern: "kubectl delete --all"
+  - pattern: "docker system prune"
+  - pattern: "ansible-playbook --extra-vars"
+  - pattern: "curl | sh"
+  - pattern: "wget | sh"
+  - pattern: "git push --force"
+
+session:
+  max_actions: 200
+  max_denials: 15
+  rate_limit:
+    max_per_minute: 30
+  escalation:
+    - after_actions: 50
+      require: human_checkin
+    - after_minutes: 10
+      require: human_checkin
+
+remediation:
+  rules:
+    - match: "terraform error"
+      action: "abort"
+    - match: "ansible fatal"
+      action: "abort"
+    - match: "kubectl error"
+      action: "retry"
+    - match: "ECONNREFUSED"
+      action: "retry"
+    - match: "permission denied"
+      action: "abort"
+    - match: "timeout"
+      action: "retry"
+  fallback_chain: ["retry", "abort"]

package/examples/security-audit.policy.yaml

@@ -0,0 +1,152 @@
+# Security Audit Agent Policy
+# Constrains a security auditing agent to read-only operations with
+# tightly controlled write access for reports. The agent can scan
+# code, check for vulnerabilities, inspect configurations, and generate
+# audit reports — but NEVER modify source code or deploy anything.
+
+version: "1.0"
+name: "security-audit"
+description: "Policy for a security audit agent that scans code, checks dependencies, inspects configurations, validates secrets management, and generates audit reports."
+
+capabilities:
+  - tool: "file:read"
+    scope:
+      paths:
+        - "./**"
+
+  - tool: "file:write"
+    scope:
+      paths:
+        - "./audit-reports/**"
+        - "./tmp/audit/**"
+
+  - tool: "file:copy"
+    scope:
+      paths:
+        - "./**"
+
+  - tool: "directory:list"
+    scope:
+      paths:
+        - "./**"
+
+  - tool: "directory:create"
+    scope:
+      paths:
+        - "./audit-reports/**"
+        - "./tmp/audit/**"
+
+  - tool: "command:run"
+    scope:
+      binaries:
+        - "npm"
+        - "npx"
+        - "node"
+        - "git"
+        - "grep"
+        - "find"
+        - "wc"
+        - "cat"
+        - "ls"
+        - "sha256sum"
+        - "openssl"
+        - "semgrep"
+        - "trivy"
+        - "snyk"
+
+  - tool: "git:diff"
+    scope:
+      repos: ["."]
+
+  - tool: "git:status"
+    scope:
+      repos: ["."]
+
+  - tool: "http:request"
+    scope:
+      domains:
+        - "api.github.com"
+        - "registry.npmjs.org"
+        - "osv.dev"
+        - "cve.circl.lu"
+        - "nvd.nist.gov"
+      methods:
+        - "GET"
+
+  - tool: "env:read"
+    scope: {}
+
+  - tool: "network:dns"
+    scope:
+      domains:
+        - "api.github.com"
+        - "registry.npmjs.org"
+        - "osv.dev"
+
+limits:
+  max_runtime_ms: 1800000       # 30 minutes
+  max_output_bytes: 104857600   # 100 MB
+  max_files_changed: 20         # Only report files
+  max_retries: 2
+  max_cost_usd: 5.0
+
+gates:
+  - action: "command:run"
+    approval: "human"
+    risk_level: "high"
+    condition: "outside_scope"
+
+  - action: "http:request"
+    approval: "auto"
+    risk_level: "low"
+
+evidence:
+  require:
+    - "checksums"
+    - "diffs"
+    - "exit_codes"
+    - "logs"
+  format: "jsonl"
+
+forbidden:
+  - pattern: "**/.env"
+  - pattern: "**/.env.*"
+  - pattern: "**/credentials*"
+  - pattern: "**/secrets*"
+  - pattern: "**/private_key*"
+  - pattern: "**/*.pem"
+  - pattern: "**/*.key"
+  - pattern: "rm -rf"
+  - pattern: "curl | sh"
+  - pattern: "wget | sh"
+  - pattern: "npm publish"
+  - pattern: "npm install"
+  - pattern: "git push"
+  - pattern: "git commit"
+  - pattern: "docker run"
+  - pattern: "kubectl"
+  - pattern: "eval("
+  - pattern: "exec("
+
+session:
+  max_actions: 300
+  max_denials: 30
+  rate_limit:
+    max_per_minute: 60
+  escalation:
+    - after_actions: 100
+      require: human_checkin
+    - after_minutes: 15
+      require: human_checkin
+
+remediation:
+  rules:
+    - match: "ENOENT"
+      action: "skip"
+    - match: "EACCES"
+      action: "skip"
+    - match: "ECONNREFUSED"
+      action: "retry"
+    - match: "timeout"
+      action: "retry"
+  fallback_chain: ["retry", "skip", "abort"]