Skip to content

fix(agent-sec-core): Refactor SKILL.md to executable protocol and align sub-skills#130

Merged
kid9 merged 3 commits intoalibaba:mainfrom
edonyzpc:fix/agent-sec-core/skill-refact
Apr 9, 2026
Merged

fix(agent-sec-core): Refactor SKILL.md to executable protocol and align sub-skills#130
kid9 merged 3 commits intoalibaba:mainfrom
edonyzpc:fix/agent-sec-core/skill-refact

Conversation

@edonyzpc
Copy link
Copy Markdown
Collaborator

@edonyzpc edonyzpc commented Apr 8, 2026

Description

Related Issue

closes #

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactoring (no functional change)
  • Performance improvement
  • CI/CD or build changes

Scope

  • cosh (copilot-shell)
  • sec-core (agent-sec-core)
  • skill (os-skills)
  • sight (agentsight)
  • Multiple / Project-wide

Checklist

  • I have read the Contributing Guide
  • My code follows the project's code style
  • I have added tests that prove my fix is effective or that my feature works
  • I have updated the documentation accordingly
  • For cosh: Lint passes, type check passes, and tests pass
  • For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
  • For sec-core (Python): Ruff format and pytest pass
  • For skill: Skill directory structure is valid and shell scripts pass syntax check
  • For sight: cargo clippy -- -D warnings and cargo fmt --check pass
  • Lock files are up to date (package-lock.json / Cargo.lock)

Testing

Additional Notes

edonyzpc added 3 commits April 8, 2026 15:38
@edonyzpc
refactor(agent-sec-core): rewrite SKILL.md from policy manual to exec…
cd29a9d 
…utable protocol

- Reorganize by LLM execution order: priority declaration, hard block
  rule definitions, Phase 1-3 workflow, security decision, self-protection
- Add output anchoring: forced first-step status table, fixed output
  format per Phase (PASS/FAIL/NOT_RUN), self-terminating block template
- Replace declarative constraints with imperative instructions to prevent
  Phase skipping and non-execution after trigger
- Eliminate rule conflicts: split into absolute prohibition and
  high-risk-confirmation tiers with no overlap
- Hard block rules defined in Section 2, applied in Section 4 security
  decision judgment chain step 2
- Add Decision UNLOCKED state in Phase 3 PASS output for state machine
  symmetry
- Remove threat model table, audit log format (moved to README),
  exception handling table, Gate A/B/C naming, broken
  hardening-checklist.md reference

BREAKING CHANGE: SKILL.md structure completely rewritten from 5-principle
policy manual to 5-section executable protocol
@edonyzpc
refactor(agent-sec-core): align sub-skills with executable protocol
5d65597 
agent-sec-seharden.md (Phase 1):
- Add phase: 1 to frontmatter
- Add Status Line Output section: [Phase 1] PASS/FAIL/NOT_RUN

agent-sec-skill-verify.md (Phase 2):
- Add phase: 2 to frontmatter
- Add prerequisites section (gpg/gnupg2 and verifier.py checks)
- Add Status Line Output section: [Phase 2] PASS/FAIL/NOT_RUN
@edonyzpc
docs(agent-sec-core): sync READMEs with refactored SKILL.md
083f420 
- Update architecture diagram: show security check workflow and sandbox
  policy as separate channels
- Add PASS condition column to Phase 1-3 workflow table
- Add Audit Log section (format moved from SKILL.md)
- Update SKILL.md description to executable security protocol
- Sync README_CN.md with English version
@edonyzpc edonyzpc requested a review from kid9 as a code owner April 8, 2026 07:47
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented Apr 8, 2026
edited
Loading

CLA assistant check
All committers have signed the CLA.

@edonyzpc edonyzpc requested a review from 1570005763 April 8, 2026 07:53
@edonyzpc edonyzpc changed the title Refactor SKILL.md to executable protocol and align sub-skills fix(agent-sec-core): Refactor SKILL.md to executable protocol and align sub-skills Apr 8, 2026
1570005763
1570005763 approved these changes Apr 8, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@1570005763 1570005763 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Heads up — agent-sec-core is also blocking legitimate skill changes, which is kind of expected for now since we're being conservative on the security side. But going forward, we'll probably need to think about finer-grained risk management around skill signing — like, being able to tell apart a normal incremental update from something actually suspicious, instead of flagging everything the same way.

@casparant casparant added the component:sec-core src/agent-sec-core/ label Apr 8, 2026
@kid9
Copy link
Copy Markdown
Collaborator

kid9 commented Apr 9, 2026

LGTM.

@kid9 kid9 merged commit b0ed1b8 into alibaba:main Apr 9, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@1570005763 1570005763 1570005763 approved these changes

@kid9 kid9 Awaiting requested review from kid9 kid9 is a code owner

Assignees

No one assigned

Labels

component:sec-core src/agent-sec-core/

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@edonyzpc @CLAassistant @kid9 @1570005763 @casparant