alibaba · edonyzpc · Apr 14, 2026 · Apr 7, 2026 · Apr 14, 2026 · Apr 14, 2026
@@ -198,7 +198,7 @@ build_agent_sec_core() {
     local tmp_dir
     tmp_dir=$(mktemp -d)
     local pkg_dir="${tmp_dir}/${pkg_name}-${pkg_version}"
-    mkdir -p "$pkg_dir"/{skill,linux-sandbox,tools}
+    mkdir -p "$pkg_dir"/{skill,linux-sandbox,tools,agent-sec-cli}
 
     cp -rp "${SEC_DIR}/skill/"* "$pkg_dir/skill/"
     cp -rp "${SEC_DIR}/linux-sandbox/"* "$pkg_dir/linux-sandbox/"
@@ -207,6 +207,17 @@ build_agent_sec_core() {
     cp "${SEC_DIR}/Makefile" "$pkg_dir/"
     [ -f "${SEC_DIR}/README.md" ] && cp "${SEC_DIR}/README.md" "$pkg_dir/"
 
+    # Include agent-sec-cli source for maturin wheel build
+    # Exclude development artifacts (.venv, target, __pycache__, .egg-info, dist)
+    tar -cf - -C "${SEC_DIR}" \
+        --exclude='.venv' \
+        --exclude='target' \
+        --exclude='__pycache__' \
+        --exclude='*.egg-info' \
+        --exclude='dist' \
+        --exclude='.pytest_cache' \
+        agent-sec-cli/ | tar -xf - -C "$pkg_dir/"
+
     tar -czf "${BUILD_DIR}/SOURCES/${tarball_name}" -C "$tmp_dir" "${pkg_name}-${pkg_version}"
     rm -rf "$tmp_dir"
 

@@ -1,13 +1,89 @@
-.DS_Store
+# Rust build artifacts
+target/
 
-# Python
+# Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]
+*$py.class
 *.pyo
 *.pyd
-.Python
+
+# C extensions
 *.so
 
+# Distribution / packaging
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+pip-wheel-metadata/
+share/python-wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# PyInstaller
+*.manifest
+*.spec
+
+# Installer logs
+pip-log.txt
+pip-delete-this-directory.txt
+
+# Unit test / coverage reports
+htmlcov/
+.tox/
+.nox/
+.coverage
+.coverage.*
+.cache
+nosetests.xml
+coverage.xml
+*.cover
+*.py,cover
+.hypothesis/
+.pytest_cache/
+
+# Translations
+*.mo
+*.pot
+
+# Django stuff
+*.log
+local_settings.py
+db.sqlite3
+db.sqlite3-journal
+
+# Environments
+.env
+.venv
+env/
+venv/
+ENV/
+env.bak/
+venv.bak/
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
 # LLM tools
 .claude/
 .qoder/

@@ -16,6 +16,11 @@ python-code-pretty: ## Format Python code using black and isort
 build-sandbox: ## Build linux-sandbox binary
 	cd linux-sandbox && cargo build --release
 
+.PHONY: build-cli
+build-cli: ## Build agent-sec-cli wheel with maturin (Rust + Python)
+	pip3 install maturin
+	cd agent-sec-cli && maturin build --release
+
 # =============================================================================
 # INSTALL
 # =============================================================================
@@ -33,9 +38,10 @@ install: ## Install linux-sandbox binary, sign-skill.sh and skill files
 	install -d -m 0755 $(DESTDIR)$(PREFIX)/bin
 	install -p -m 0755 linux-sandbox/target/release/linux-sandbox $(DESTDIR)$(PREFIX)/bin/
 	install -p -m 0755 tools/sign-skill.sh $(DESTDIR)$(PREFIX)/bin/
+	pip3 install --root=$(DESTDIR) --no-deps --no-cache-dir --prefix=/usr \
+		agent-sec-cli/target/wheels/agent_sec_cli-*.whl
 	install -d -m 0755 $(DESTDIR)$(SKILL_DIR)/scripts
 	install -d -m 0755 $(DESTDIR)$(SKILL_DIR)/references
-	cp -rp skill/scripts/* $(DESTDIR)$(SKILL_DIR)/scripts/
 	cp -rp skill/references/* $(DESTDIR)$(SKILL_DIR)/references/
 	cp skill/SKILL.md $(DESTDIR)$(SKILL_DIR)/
 	find $(DESTDIR)$(SKILL_DIR) -type f -name '*.sh' -exec chmod 0755 {} +

@@ -112,18 +112,17 @@ agent-sec-core/
 │   ├── src/                   # Rust source (cli, policy, seccomp, proxy, …)
 │   ├── tests/                 # Rust integration tests + Python e2e
 │   └── docs/                  # dev-guide, user-guide
+├── agent-sec-cli/             # Unified CLI + security middleware (Python)
+│   ├── src/agent_sec_cli/     # Main Python package
+│   │   ├── cli.py             # CLI entry point (Typer)
+│   │   ├── asset_verify/      # Skill signature + hash verification
+│   │   ├── sandbox/           # Sandbox policy generation
+│   │   ├── security_events/   # JSONL event logging
+│   │   └── security_middleware/ # Middleware layer + backends
+│   ├── dev-tools/             # Developer guides for extending backends
+│   └── pyproject.toml         # Build configuration
 ├── skill/
 │   ├── SKILL.md               # Executable security protocol (check workflow + decision)
-│   ├── scripts/
-│   │   ├── sandbox/
-│   │   │   ├── sandbox_policy.py     # Sandbox policy generator
-│   │   │   ├── classify_command.py   # Command classifier
-│   │   │   └── rules.py              # Classification rules
-│   │   └── asset-verify/
-│   │       ├── verifier.py         # Skill signature + hash verification
-│   │       ├── errors.py           # Error code definitions
-│   │       ├── config.conf         # Skills directory config
-│   │       └── trusted-keys/       # Trusted public key directory
 │   └── references/
 │       ├── agent-sec-seharden.md       # Phase 1 sub-skill (loongshield hardening)
 │       ├── agent-sec-sandbox.md        # Sandbox policy configuration guide
@@ -165,15 +164,15 @@ sudo loongshield seharden --reinforce --config agentos_baseline
 
 # ===== Phase 2: Asset Protection =====
 # Verify all skills
-python3 skill/scripts/asset-verify/verifier.py
+agent-sec-cli verify
 
 # Verify a single skill (optional)
-python3 skill/scripts/asset-verify/verifier.py --skill /path/to/skill_name
+agent-sec-cli verify --skill /path/to/skill_name
 
 # ===== Phase 3: Final Confirmation =====
 # Re-scan to confirm compliance
 sudo loongshield seharden --scan --config agentos_baseline
-python3 skill/scripts/asset-verify/verifier.py
+agent-sec-cli verify
 ```
 
 ### Build Sandbox from Source
@@ -195,7 +194,7 @@ sudo yum install agent-sec-core
 Classify a command and generate a `linux-sandbox` execution policy:
 
 ```bash
-python3 skill/scripts/sandbox/sandbox_policy.py --cwd "$PWD" "git status"
+python3 agent-sec-cli/src/agent_sec_cli/sandbox/sandbox_policy.py --cwd "$PWD" "git status"
 ```
 
 Output example:
@@ -212,7 +211,7 @@ Output example:
 
 ### Verification Flow
 
-1. Load trusted public keys from `skill/scripts/asset-verify/trusted-keys/*.asc`
+1. Load trusted public keys from `agent-sec-cli/asset-verify/trusted-keys/*.asc`
 2. Verify the GPG signature (`.skill-meta/.skill.sig`) of `.skill-meta/Manifest.json` in each skill directory
 3. Validate SHA-256 hashes of all files listed in the Manifest
 
@@ -238,22 +237,17 @@ tools/sign-skill.sh --init
 tools/sign-skill.sh --batch /usr/share/anolisa/skills --force
 
 # 3. Verify
-python3 skill/scripts/asset-verify/verifier.py
+agent-sec-cli verify
 ```
 
 For the complete guide (manual key management, custom skills, CI/CD, troubleshooting), see **[Skill Signing Guide](tools/SIGNING_GUIDE.md)**.
 
 ## Audit Log
 
-All security events are logged to `/var/log/agent-sec/violations.log`:
+All security events are logged as JSONL to `/var/log/agent-sec/security-events.jsonl` (falls back to `~/.agent-sec-core/security-events.jsonl`):
 
-```
-[TIMESTAMP] [RISK_LEVEL] [CATEGORY]
-skill: <skill_name>
-action: <requested_action>
-target: <target_resource>
-decision: ALLOWED | BLOCKED | PENDING_CONFIRM
-reason: <reason>
+```json
+{"event_id": "uuid", "event_type": "harden", "category": "hardening", "timestamp": "ISO-8601", "trace_id": "uuid", "pid": 1234, "uid": 0, "details": {"request": {...}, "result": {...}}}
 ```
 
 ## Development

@@ -112,18 +112,17 @@ agent-sec-core/
 │   ├── src/                   # Rust 源码（cli, policy, seccomp, proxy, …）
 │   ├── tests/                 # Rust 集成测试 + Python e2e
 │   └── docs/                  # dev-guide, user-guide
+├── agent-sec-cli/             # 统一 CLI + 安全中间层（Python）
+│   ├── src/agent_sec_cli/     # 主 Python 包
+│   │   ├── cli.py             # CLI 入口点（Typer）
+│   │   ├── asset_verify/      # Skill 签名 + 哈希校验
+│   │   ├── sandbox/           # 沙箱策略生成
+│   │   ├── security_events/   # JSONL 事件日志
+│   │   └── security_middleware/ # 中间层 + 后端实现
+│   ├── dev-tools/             # 后端扩展开发指南
+│   └── pyproject.toml         # 构建配置
 ├── skill/
 │   ├── SKILL.md               # 可执行安全协议（检查工作流 + 安全决策）
-│   ├── scripts/
-│   │   ├── sandbox/
-│   │   │   ├── sandbox_policy.py     # 沙箱策略生成器
-│   │   │   ├── classify_command.py   # 命令分类器
-│   │   │   └── rules.py              # 分类规则定义
-│   │   └── asset-verify/
-│   │       ├── verifier.py         # Skill 签名 + 哈希校验
-│   │       ├── errors.py           # 错误码定义
-│   │       ├── config.conf         # skills 目录配置
-│   │       └── trusted-keys/       # 受信公钥目录
 │   └── references/
 │       ├── agent-sec-seharden.md       # Phase 1 子 skill（loongshield 安全加固）
 │       ├── agent-sec-sandbox.md        # 沙箱策略配置指南
@@ -165,15 +164,15 @@ sudo loongshield seharden --reinforce --config agentos_baseline
 
 # ===== Phase 2: 关键资产保护 =====
 # 校验全部 skill 完整性
-python3 skill/scripts/asset-verify/verifier.py
+agent-sec-cli verify
 
 # 校验单个 skill（可选）
-python3 skill/scripts/asset-verify/verifier.py --skill /path/to/skill_name
+agent-sec-cli verify --skill /path/to/skill_name
 
 # ===== Phase 3: 最终安全确认 =====
 # 复检确认合规
 sudo loongshield seharden --scan --config agentos_baseline
-python3 skill/scripts/asset-verify/verifier.py
+agent-sec-cli verify
 ```
 
 ### 从源码构建沙箱
@@ -195,7 +194,7 @@ sudo yum install agent-sec-core
 对命令进行安全分类，生成 `linux-sandbox` 执行策略：
 
 ```bash
-python3 skill/scripts/sandbox/sandbox_policy.py --cwd "$PWD" "git status"
+python3 agent-sec-cli/src/agent_sec_cli/sandbox/sandbox_policy.py --cwd "$PWD" "git status"
 ```
 
 输出示例：
@@ -212,7 +211,7 @@ python3 skill/scripts/sandbox/sandbox_policy.py --cwd "$PWD" "git status"
 
 ### 校验流程
 
-1. 加载受信公钥（`skill/scripts/asset-verify/trusted-keys/*.asc`）
+1. 加载受信公钥（`agent-sec-cli/asset-verify/trusted-keys/*.asc`）
 2. 验证 Skill 目录中 `.skill-meta/Manifest.json` 的 GPG 签名（`.skill-meta/.skill.sig`）
 3. 校验 Manifest 中所有文件的 SHA-256 哈希
 
@@ -238,22 +237,17 @@ tools/sign-skill.sh --init
 tools/sign-skill.sh --batch /usr/share/anolisa/skills --force
 
 # 3. 验证
-python3 skill/scripts/asset-verify/verifier.py
+agent-sec-cli verify
 ```
 
 完整指南（手动密钥管理、自定义 skill、CI/CD、问题排查）请参见 **[Skill 签名指南](tools/SIGNING_GUIDE_CN.md)**。
 
 ## 审计日志
 
-所有安全事件记录至 `/var/log/agent-sec/violations.log`：
+所有安全事件以 JSONL 格式记录至 `/var/log/agent-sec/security-events.jsonl`（回退路径：`~/.agent-sec-core/security-events.jsonl`）：
 
-```
-[TIMESTAMP] [RISK_LEVEL] [CATEGORY]
-skill: <skill_name>
-action: <requested_action>
-target: <target_resource>
-decision: ALLOWED | BLOCKED | PENDING_CONFIRM
-reason: <reason>
+```json
+{"event_id": "uuid", "event_type": "harden", "category": "hardening", "timestamp": "ISO-8601", "trace_id": "uuid", "pid": 1234, "uid": 0, "details": {"request": {...}, "result": {...}}}
 ```
 
 ## 开发