mirror of
https://github.com/OpenHands/OpenHands.git
synced 2025-12-26 05:48:36 +08:00
ca424ec15d
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: openhands <openhands@all-hands.dev> Co-authored-by: Graham Neubig <neubig@gmail.com> Co-authored-by: llamantino <213239228+llamantino@users.noreply.github.com> Co-authored-by: mamoodi <mamoodiha@gmail.com> Co-authored-by: Tim O'Farrell <tofarr@gmail.com> Co-authored-by: Hiep Le <69354317+hieptl@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Ryan H. Tran <descience.thh10@gmail.com> Co-authored-by: Neeraj Panwar <49247372+npneeraj@users.noreply.github.com> Co-authored-by: sp.wack <83104063+amanape@users.noreply.github.com> Co-authored-by: Insop <1240382+insop@users.noreply.github.com> Co-authored-by: test <test@test.com> Co-authored-by: Engel Nyst <enyst@users.noreply.github.com> Co-authored-by: Zhonghao Jiang <zhonghao.J@outlook.com> Co-authored-by: Ray Myers <ray.myers@gmail.com>
53 lines
2.5 KiB
Plaintext
53 lines
2.5 KiB
Plaintext
# Confirmation Mode and Security Analyzers
|
|
|
|
OpenHands provides a security framework to help protect users from potentially risky actions through **Confirmation Mode** and **Security Analyzers**. This system analyzes agent actions and prompts users for confirmation when high-risk operations are detected.
|
|
|
|
## Overview
|
|
|
|
The security system consists of two main components:
|
|
|
|
1. **Confirmation Mode**: When enabled, the agent will pause and ask for user confirmation before executing actions that are flagged as high-risk by the security analyzer.
|
|
|
|
2. **Security Analyzers**: These are modules that evaluate the risk level of agent actions and determine whether user confirmation is required.
|
|
|
|
## Configuration
|
|
|
|
### CLI
|
|
In CLI mode, confirmation is enabled by default. You will have an option to uses the LLM Analyzer and will automatically confirm LOW and MEDIUM risk actions, only prompting for HIGH risk actions.
|
|
|
|
## Security Analyzers
|
|
|
|
OpenHands includes multiple analyzers:
|
|
|
|
- **No Analyzer**: Do not use any security analyzer. The agent will prompt you to confirm *EVERY* action.
|
|
- **LLM Risk Analyzer** (default): Uses the same LLM as the agent to assess action risk levels
|
|
- **Invariant Analyzer**: Uses Invariant Labs' policy engine to evaluate action traces against security policies
|
|
|
|
### LLM Risk Analyzer
|
|
The default analyzer that leverages the agent's LLM to evaluate the security risk of each action. It considers the action type, parameters, and context to assign risk levels.
|
|
|
|
### Invariant Analyzer
|
|
An advanced analyzer that:
|
|
- Collects conversation events and parses them into a trace
|
|
- Checks the trace against an Invariant policy to classify risk (low, medium, high)
|
|
- Manages an Invariant server container automatically if needed
|
|
- Supports optional browsing-alignment and harmful-content checks
|
|
|
|
## How It Works
|
|
|
|
1. **Action Analysis**: When the agent wants to perform an action, the selected security analyzer evaluates its risk level.
|
|
|
|
2. **Risk Assessment**: The analyzer returns one of three risk levels:
|
|
- **LOW**: Action proceeds without confirmation
|
|
- **MEDIUM**: Action proceeds without confirmation (may be configurable in future)
|
|
- **HIGH**: Action is paused, and user confirmation is requested
|
|
|
|
3. **User Confirmation**: For high-risk actions, a confirmation dialog appears with:
|
|
- Description of the action
|
|
- Risk assessment explanation
|
|
- Options to approve or deny action
|
|
|
|
4. **Action Execution**: Based on user response:
|
|
- **Approve**: Action proceeds as planned
|
|
- **Deny**: Action is cancelled
|