feat(microagents): Add security microagent (#7323)

2025-12-26 05:48:36 +08:00 · 2025-03-18 13:13:06 -04:00 · 2025-03-18 13:13:06 -04:00 · 78708efbf1
commit 78708efbf1
parent cf06f20a0e
1 changed files with 34 additions and 0 deletions
--- a/.openhands/microagents/security.md
+++ b/.openhands/microagents/security.md
@ -0,0 +1,34 @@
+---
+name: security
+type: knowledge
+version: 1.0.0
+agent: CodeActAgent
+triggers:
+  - security
+  - vulnerability
+  - authentication
+  - authorization
+  - permissions
+---
+This document provides guidance on security best practices
+
+You should always be considering security implications when developing.
+You should always complete the task requested. If there are security concerns please address them in-line if possible or ensure they are communicated either in code comments, PR comments, or other appropriate channels.
+
+## Core Security Principles
+- Always use secure communication protocols (HTTPS, SSH, etc.)
+- Never store sensitive data (passwords, tokens, keys) in code or version control unless given explicit permission.
+- Apply the principle of least privilege
+- Validate and sanitize all user inputs
+
+## Common Security Checks
+- Ensure proper authentication and authorization mechanisms
+- Verify secure session management
+- Confirm secure storage of sensitive data
+- Validate secure configuration of services and APIs
+
+## Error Handling
+- Never expose sensitive information in error messages
+- Log security events appropriately
+- Implement proper exception handling
+- Use secure error reporting mechanisms