-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathlangchain-safe.json
More file actions
34 lines (34 loc) · 993 Bytes
/
langchain-safe.json
File metadata and controls
34 lines (34 loc) · 993 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{
"$schema": "https://schema.supra-wall.com/v1/policy.schema.json",
"name": "LangChain Safe Baseline",
"version": "1.0.0",
"description": "Deterministic blocks for dangerous LangChain tool calls (bash, env reads, unwhitelisted HTTP)",
"rules": [
{
"name": "Block Destructive Bash",
"tool": "bash",
"action": "DENY",
"condition": {
"type": "regex",
"pattern": "rm -rf|mkfs|dd if|shutdown|reboot|:>|truncate"
},
"message": "Destructive shell commands are not permitted."
},
{
"name": "Block Environment Access",
"tool": "read_file",
"action": "DENY",
"condition": {
"type": "regex",
"pattern": "\\.env|config/secrets"
},
"message": "Access to environment and secret files is restricted."
},
{
"name": "Block Unprotected SSH",
"tool": "ssh:*",
"action": "REQUIRE_APPROVAL",
"message": "SSH tool calls require human approval."
}
]
}