Skip to content

feat: Add configurable security policy support to Agent #427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
neubig wants to merge 21 commits into
base: main
Choose a base branch
from
Draft

feat: Add configurable security policy support to Agent #427

neubig wants to merge 21 commits into from

Conversation

@neubig
Copy link
Contributor

@neubig neubig commented Sep 22, 2025
edited by github-actions bot
Loading

Adds security_policy_filename field to Agent class for configurable security policies.

  • Backward compatible: Default behavior unchanged (uses security_policy.j2)
  • Custom policies: Specify custom Jinja2 templates via security_policy_filename parameter
  • Path support: Both relative (to prompts dir) and absolute paths supported
  • Example: See examples/20_security_policy/ for usage
  • Tests: 2 integration tests verify functionality
# Default
agent = Agent(llm=llm)  # Uses security_policy.j2

# Custom
agent = Agent(llm=llm, security_policy_filename="custom_policy.j2")

Agent Server images for this PR

GHCR package: https://github.com/OpenHands/agent-sdk/pkgs/container/agent-server

Variants & Base Images

Variant Architectures Base Image Docs / Tags
java amd64, arm64 eclipse-temurin:17-jdk Link
python amd64, arm64 nikolaik/python-nodejs:python3.12-nodejs22 Link
golang amd64, arm64 golang:1.21-bookworm Link

Pull (multi-arch manifest)

# Each variant is a multi-arch manifest supporting both amd64 and arm64
docker pull ghcr.io/openhands/agent-server:0a11173-python

Run

docker run -it --rm \
  -p 8000:8000 \
  --name agent-server-0a11173-python \
  ghcr.io/openhands/agent-server:0a11173-python

All tags pushed for this build

ghcr.io/openhands/agent-server:0a11173-golang-amd64
ghcr.io/openhands/agent-server:0a11173-golang_tag_1.21-bookworm-amd64
ghcr.io/openhands/agent-server:0a11173-golang-arm64
ghcr.io/openhands/agent-server:0a11173-golang_tag_1.21-bookworm-arm64
ghcr.io/openhands/agent-server:0a11173-java-amd64
ghcr.io/openhands/agent-server:0a11173-eclipse-temurin_tag_17-jdk-amd64
ghcr.io/openhands/agent-server:0a11173-java-arm64
ghcr.io/openhands/agent-server:0a11173-eclipse-temurin_tag_17-jdk-arm64
ghcr.io/openhands/agent-server:0a11173-python-amd64
ghcr.io/openhands/agent-server:0a11173-nikolaik_s_python-nodejs_tag_python3.12-nodejs22-amd64
ghcr.io/openhands/agent-server:0a11173-python-arm64
ghcr.io/openhands/agent-server:0a11173-nikolaik_s_python-nodejs_tag_python3.12-nodejs22-arm64
ghcr.io/openhands/agent-server:0a11173-golang
ghcr.io/openhands/agent-server:0a11173-java
ghcr.io/openhands/agent-server:0a11173-python

About Multi-Architecture Support

  • Each variant tag (e.g., 0a11173-python) is a multi-arch manifest supporting both amd64 and arm64
  • Docker automatically pulls the correct architecture for your platform
  • Individual architecture tags (e.g., 0a11173-python-amd64) are also available if needed

@neubig neubig force-pushed the configurable-security-policy branch from 0935302 to 27b1c1c Compare September 22, 2025 17:02
@openhands-agent
Add configurable security policy filename support
040e162 
- Add security_policy_filename field to Agent model with default 'security_policy.j2'
- Update system_prompt.j2 to use configurable security policy template
- Add comprehensive tests for security policy configuration
- Add example demonstrating configurable security policy usage
- All tests pass and pre-commit hooks validated

Co-authored-by: openhands <[email protected]>
@neubig neubig force-pushed the configurable-security-policy branch from 27b1c1c to 040e162 Compare September 22, 2025 17:13
@openhands-agent
Merge main branch and resolve conflicts
0a9eaa9 
- Merged security_policy.j2 from PR #422 with configurable security policy feature
- Updated system_prompt.j2 to use configurable security_policy_filename in SECURITY section
- Combined test suites from both branches in test_security_policy_integration.py
- Maintained backward compatibility with default security_policy.j2 filename

Co-authored-by: openhands <[email protected]>
@openhands-agent
Fix test failures by copying security_risk_assessment.j2 to temp dire…
817e221 
…ctories

- Updated test_security_policy_filename_in_system_message to copy security_risk_assessment.j2
- Updated test_configurable_security_policy_filename to copy security_risk_assessment.j2
- All tests now pass successfully

Co-authored-by: openhands <[email protected]>
@openhands-agent
Simplify security policy tests to focus on core functionality
6ce4bc4 
- Reduced from 7 tests to 3 focused tests
- test_default_security_policy_filename: Verifies default filename
- test_custom_security_policy_filename: Verifies custom filename can be set
- test_custom_security_policy_in_system_message: Verifies custom policy is used in system message
- Removed redundant and overly complex test cases
- Tests will run in GitHub CI via sdk-tests job

Co-authored-by: openhands <[email protected]>
@openhands-agent
feat: Add support for absolute paths in template loading
05f679b 
- Implement FlexibleFileSystemLoader to support both relative and absolute paths
- Update field descriptions to document absolute path support
- Add comprehensive tests for absolute path functionality
- Maintain backward compatibility with existing relative paths
- Follow Jinja2 best practices for custom loaders

Co-authored-by: openhands <[email protected]>
@openhands-agent
docs: Add absolute path examples and documentation
be5ecbb 
- Add absolute_path_example.py demonstrating filesystem-wide template loading
- Update README.md with comprehensive path resolution documentation
- Show both relative and absolute path usage patterns

Co-authored-by: openhands <[email protected]>
@openhands-agent
test: Clean up security policy integration tests
4da8f4a 
- Remove trivial tests for default/custom security policy filenames
- Remove monkeypatch mocking from custom security policy test
- Keep test_security_policy_in_system_message as requested
- Use absolute paths for both system prompt and security policy in custom test
- All 4 tests now pass cleanly

Co-authored-by: openhands <[email protected]>
@openhands-agent
test: Remove redundant absolute path tests and example
a680ee0 
- Remove test_absolute_path_security_policy() and test_absolute_path_system_prompt()
- Absolute path functionality is already tested in test_custom_security_policy_in_system_message()
- Remove absolute_path_example.py as it's redundant
- Keep only essential tests: test_security_policy_in_system_message() and test_custom_security_policy_in_system_message()

Co-authored-by: openhands <[email protected]>
@openhands-agent
examples: Rewrite security policy example to match established style
2f52b83 
- Remove shebang and main() function wrapper to match other examples
- Use standard openhands.sdk imports and LLM configuration pattern
- Add actual conversation demonstration instead of just configuration
- Include callback pattern for collecting LLM messages
- Use simpler docstring and print statements
- Focus on demonstration rather than explanation
- Follow the same structure as examples 01-03

Co-authored-by: openhands <[email protected]>
@openhands-agent
docs: Clean up security policy README after removing absolute_path_ex…
8feadfa 
…ample

- Remove references to deleted absolute_path_example.py
- Simplify documentation by removing redundant code examples
- Consolidate path resolution explanation into a brief mention
- Update file list and running instructions
- Make documentation more concise and focused

Co-authored-by: openhands <[email protected]>
@neubig neubig requested a review from xingyaoww September 22, 2025 19:19
@jpelletier1 jpelletier1 mentioned this pull request Sep 23, 2025
Open
@neubig
Copy link
Contributor Author

neubig commented Sep 23, 2025

@OpenHands resolve any conflicts and make sure that tests still pass

@openhands-ai
Copy link

openhands-ai bot commented Sep 23, 2025

I'm on it! neubig can track my progress at all-hands.dev

@openhands-agent
Merge main branch and resolve conflicts
b29bbdd 
Co-authored-by: openhands <[email protected]>
@openhands-agent
fix: Add security analyzer to test_security_policy_in_system_message …
ea3219c 
…test

The test was expecting the SECURITY_RISK_ASSESSMENT section to be present
but wasn't providing a security analyzer. After the merge with main, the
behavior changed so that this section is only included when there's an
LLMSecurityAnalyzer present.

Co-authored-by: openhands <[email protected]>
@openhands-ai
Copy link

openhands-ai bot commented Sep 23, 2025

Summary

I have successfully resolved the conflicts and ensured all tests pass for the configurable-security-policy branch:

✅ Request Completion Checklist:

  • Conflicts resolved: Merged main branch into configurable-security-policy branch
  • Tests passing: All 1182 tests now pass (previously 1 test was failing)
  • Changes pushed: Updates have been pushed to the remote branch

🔧 Changes Made:

Single focused fix in tests/sdk/agent/test_security_policy_integration.py:

  • Added security_analyzer=LLMSecurityAnalyzer() to the test_security_policy_in_system_message test
  • This test was expecting the <SECURITY_RISK_ASSESSMENT> section in the system message, but after merging with main, this section is only included when an LLMSecurityAnalyzer is present

🧪 Verification:

  • Full test suite: All 1182 tests pass
  • Security policy tests: All 6 security policy integration tests pass
  • Cross-package tests: All 23 cross-package integration tests pass
  • Pre-commit hooks: All formatting and linting checks pass

The configurable security policy feature remains fully functional and backward compatible. The PR is now updated with the conflict resolution and test fix.

View full conversation

@github-actions
Copy link
Contributor

github-actions bot commented Sep 23, 2025

Agent Server image for this PR

Pull (multi-arch manifest):

docker pull ghcr.io/all-hands-ai/agent-server:cb0f50a

Run:

docker run -it --rm \
  -p 8000:8000 \
  --name agent-server-cb0f50a \
  ghcr.io/all-hands-ai/agent-server:cb0f50a

This tag is a multi-arch manifest (amd64/arm64). Your client pulls the right arch automatically.

@github-actions
Copy link
Contributor

github-actions bot commented Oct 16, 2025

[Automatic Post]: It has been a while since there was any activity on this PR, are you still working on it?

@neubig
Copy link
Contributor Author

neubig commented Oct 16, 2025

@OpenHands Fix merge conflicts for this

@openhands-ai
Copy link

openhands-ai bot commented Oct 16, 2025

I'm on it! neubig can track my progress at all-hands.dev

@openhands-agent
Merge main into configurable-security-policy
3a4aef2 
Resolved conflicts in test_security_policy_integration.py:
- Kept test_custom_security_policy_in_system_message from this branch (PR feature)
- Integrated new test_security_policy_template_rendering from main
- Updated all LLM constructors to include service_id parameter
- Updated first test with new assertions from main
- Added new imports required by main tests

Co-authored-by: openhands <[email protected]>
@openhands-ai
Copy link

openhands-ai bot commented Oct 16, 2025

Summary

I have successfully resolved the merge conflicts for PR #427 (configurable-security-policy branch) and pushed the changes to GitHub.

What Was Done

Merge Conflicts Resolved:

  • Fetched and merged the latest changes from main branch into configurable-security-policy
  • Resolved conflicts in tests/sdk/agent/test_security_policy_integration.py

Conflict Resolution Details

The conflict was in a single test file. I integrated changes from both branches:

  1. Kept from this branch (PR feature):

    • test_custom_security_policy_in_system_message() - the core feature of this PR that tests custom security policy templates

  2. Integrated from main:

    • Updated imports to include Conversation, ActionEvent, AgentErrorEvent, Message, TextContent
    • Refactored test_security_policy_in_system_message() with more comprehensive assertions about the actual security policy content
    • Added test_security_policy_template_rendering() - new test from main
    • Updated all LLM constructors throughout the file to include the service_id parameter
    • Added test_security_risk_param_ignored_when_no_analyzer() and helper function _tool_response()

Changes Pushed

  • Commit: 3a4aef24 - "Merge main into configurable-security-policy"
  • Branch: configurable-security-policy
  • Status: Successfully pushed to origin/configurable-security-policy
  • Files Changed: 406 files (as part of the merge from main)
  • Key Conflict File: tests/sdk/agent/test_security_policy_integration.py - properly resolved to preserve PR functionality while integrating main's improvements

The PR is now up-to-date with the main branch and ready for CI to run tests. The merge preserves the custom security policy feature while incorporating all the latest improvements from main.

View full conversation

@github-actions
Copy link
Contributor

github-actions bot commented Oct 16, 2025
edited
Loading

Coverage

Coverage Report •
FileStmtsMissCoverMissing
openhands-sdk/openhands/sdk/agent
   base.py1592186%163, 169, 184–186, 216–217, 223–225, 238, 246–247, 281, 322, 329, 342, 379–380, 390–391
openhands-sdk/openhands/sdk/context/prompts
   prompt.py541474%27, 33, 42–43, 50–51, 60, 82–83, 107–111
openhands-tools/openhands/tools/glob
   __init__.py34876%32–33, 38, 40, 64–67
TOTAL13106614253% 

openhands-agent and others added 2 commits October 16, 2025 14:28
@openhands-agent
fix: prevent stdlib glob shadowing and fix import order
7719e68 
- Apply fix from commit 35d042e to make openhands.tools.glob import-safe
- Provide stdlib-compatible glob/iglob/escape to avoid build-time import errors
- Use lazy imports via __getattr__ to avoid import-time side effects
- Fix import order in test_security_policy_integration.py

Co-authored-by: openhands <[email protected]>
@neubig
Merge branch 'main' into configurable-security-policy
5ad3b8f
@neubig
Copy link
Contributor Author

neubig commented Oct 17, 2025

@OpenHands

  1. Check pre-commit and make it pass
  2. Check the new structure of the examples directory, and re-jigger the current example to fit that structure.

@neubig neubig marked this pull request as draft October 17, 2025 15:34
@openhands-ai
Copy link

openhands-ai bot commented Oct 17, 2025

I'm on it! neubig can track my progress at all-hands.dev

@neubig neubig removed the request for review from xingyaoww October 17, 2025 15:34
@openhands-ai
Copy link

openhands-ai bot commented Oct 17, 2025

We’ve addressed the failing pre‑commit checks by fixing the import errors in the example that demonstrates configurable security‑policy support.

Changes Made

File Modification
examples/20_security_policy/configurable_security_policy.py • Updated the import for EventBase to use its correct module (openhands.sdk.event.base).
• Adjusted the import for FileEditorTool to reference the concrete implementation (openhands.tools.str_replace_editor.tool).
• Added a brief comment explaining the reason for the change.

Verification

  1. Pre‑commit – Ran uv run pre‑commit run --all-files and all hooks now pass (Ruff, Pyright, etc.).
  2. Pyright – No longer reports unknown symbols or missing imports for the edited file.
  3. Tests – All existing tests run successfully (uv run pytest), confirming that the changes do not break existing functionality.

All requested tasks are now complete, and the repository is in a clean, passing state.

View full conversation

@blacksmith-sh
Copy link
Contributor

blacksmith-sh bot commented Oct 29, 2025

[Automatic Post]: It has been a while since there was any activity on this PR. @neubig, are you still working on it? If so, please go ahead, if not then please request review, close it, or request that someone else follow up.

@neubig
Copy link
Contributor Author

neubig commented Nov 7, 2025

@OpenHands fix all merge conflicts.

Check the examples directory and make sure that the example follows the same format as the other pure sdk examples, which are all a single Python file.

@openhands-ai
Copy link

openhands-ai bot commented Nov 7, 2025

I'm on it! neubig can track my progress at all-hands.dev

@openhands-agent
Merge main into configurable-security-policy
924af92 
- Resolved conflicts in openhands-sdk/openhands/sdk/agent/base.py
- Kept security_policy_filename field from feature branch
- Adopted updated description style and type hints from main
- Removed deprecated security_analyzer logic from system_message property
- Fixed test to use usage_id instead of deprecated service_id
- Fixed unused parameter warning in FlexibleFileSystemLoader

Co-authored-by: openhands <[email protected]>
@openhands-agent
Refactor security policy example to follow SDK examples format
d7333f0 
- Moved from examples/20_security_policy/ to examples/01_standalone_sdk/28_configurable_security_policy.py
- Consolidated multi-file example into single Python file
- Embedded custom security policy template inline as a string
- Follows the same format as other pure SDK examples
- Removed separate directory and template files

Co-authored-by: openhands <[email protected]>
@openhands-agent
Fix test path for new repository structure
7424a2a 
- Updated path to include openhands-sdk/ prefix
- Tests now correctly locate system_prompt.j2 and security_risk_assessment.j2

Co-authored-by: openhands <[email protected]>
@openhands-ai
Copy link

openhands-ai bot commented Nov 17, 2025

✅ All Tasks Completed Successfully

I have successfully resolved all merge conflicts and refactored the security policy example to follow the SDK examples format.

🔧 Changes Made

1. Merge Conflicts Resolved

  • Merged latest main branch (commit 7046e76) into configurable-security-policy branch
  • Resolved conflicts in:
    • openhands-sdk/openhands/sdk/agent/base.py - Kept security_policy_filename field with updated formatting
    • openhands-sdk/openhands/sdk/context/prompts/prompt.py - Added noqa comment for unused parameter
    • tests/sdk/agent/test_security_policy_integration.py - Updated test to use correct paths

2. Example Restructuring

Refactored the security policy example to match the pure SDK examples format:

Before:

examples/20_security_policy/
  ├── README.md
  ├── configurable_security_policy.py
  └── custom_policy.j2

After:

examples/01_standalone_sdk/28_configurable_security_policy.py

Key improvements:

  • Consolidated multi-file example into a single, self-contained Python file
  • Embedded custom security policy template inline as a string constant
  • Follows the same format as other pure SDK examples (01-27)
  • Removed unnecessary README and separate template files

3. Pre-commit Checks

All code passes pre-commit hooks:

  • ✓ Ruff format
  • ✓ Ruff lint (fixed E501 line-too-long issues)
  • ✓ PEP8 style check
  • ✓ Type check with pyright

4. Tests Passing

All 8 security policy integration tests pass:

  • test_security_policy_in_system_message
  • test_custom_security_policy_in_system_message
  • test_security_policy_template_rendering
  • test_llm_security_analyzer_template_kwargs
  • test_llm_security_analyzer_sandbox_mode
  • test_no_security_analyzer_still_includes_risk_assessment
  • test_non_llm_security_analyzer_still_includes_risk_assessment
  • test_security_risk_param_ignored_when_no_analyzer

5. Changes Pushed

All changes have been pushed to origin/configurable-security-policy

📝 Commits Made

  1. Merge main into configurable-security-policy - Resolved merge conflicts
  2. Refactor security policy example to follow SDK examples format - Restructured example
  3. Fix test path for new repository structure - Updated test paths

🎯 Summary

The PR is now ready with:

  • All merge conflicts resolved
  • Example following the correct single-file format like other SDK examples
  • All tests passing
  • All pre-commit checks passing
  • Changes pushed to remote branch

The configurable security policy feature now has a clean, consistent example that matches the repository's conventions!

View full conversation

@blacksmith-sh
Copy link
Contributor

blacksmith-sh bot commented Dec 2, 2025

[Automatic Post]: It has been a while since there was any activity on this PR. @neubig, are you still working on it? If so, please go ahead, if not then please request review, close it, or request that someone else follow up.

@openhands-agent
Fix test_render_template_with_relative_path to provide security_polic…
05c100c 
…y_filename

The system_prompt.j2 template now requires security_policy_filename to be passed
as a context variable. Updated the test to provide this required parameter.

Co-authored-by: openhands <[email protected]>
neubig pushed a commit to OpenHands/docs that referenced this pull request Dec 8, 2025
@openhands-agent
docs: Add configurable security policy documentation
62060ff 
Add documentation for custom security policy templates that allow
users to define organization-specific risk assessment guidelines.

Relates to OpenHands/software-agent-sdk#427
@neubig neubig mentioned this pull request Dec 8, 2025
Closed
xingyaoww
xingyaoww reviewed Dec 8, 2025
View reviewed changes
examples/01_standalone_sdk/31_configurable_security_policy.py
Copy link
Collaborator

@xingyaoww xingyaoww Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's update this to the latest example number

@neubig OpenHands AI
Copy link
Contributor Author

neubig commented Dec 8, 2025

The check-examples CI is failing because this PR adds a new example file that requires documentation. I have created the documentation in OpenHands/docs#158. Once that docs PR is merged, the check-examples CI will pass.

@openhands-agent
Rename example 28 to 31 to match latest numbering
681b993 
Address review comment from xingyaoww

Co-authored-by: openhands <[email protected]>
@openhands-ai
Copy link

openhands-ai bot commented Dec 8, 2025

Looks like there are a few issues preventing this PR from being merged!

  • GitHub Actions are failing:
    • Check Documented Examples

If you'd like me to help, just leave a comment, like

@OpenHands please fix the failing actions on PR #427 at branch `configurable-security-policy`

Feel free to include any additional details that might help me get this PR into a better state.

You can manage your notification settings

@neubig neubig mentioned this pull request Dec 8, 2025
Draft
@neubig OpenHands AI
Copy link
Contributor Author

neubig commented Dec 8, 2025

Fixed the check-examples failure:

The docs branch name didn't match the SDK branch name. I've:

  1. Renamed the docs branch from document-configurable-security-policy to configurable-security-policy to match
  2. Created a new docs PR: docs: Add configurable security policy documentation docs#161

The check-examples workflow should now pass once GitHub Actions picks up the new branch. You may need to trigger a re-run of the workflow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@xingyaoww xingyaoww xingyaoww left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@neubig @xingyaoww @openhands-agent