feat: add SecOps agent with security operations tooling#2453
Open
chenchunrun wants to merge 2 commits intocharmbracelet:mainfrom
Open
feat: add SecOps agent with security operations tooling#2453chenchunrun wants to merge 2 commits intocharmbracelet:mainfrom
chenchunrun wants to merge 2 commits intocharmbracelet:mainfrom
Conversation
Implement a comprehensive security operations (SecOps) agent framework with the following components: Security Core: - RBAC capability manager with role-based access control (viewer/operator/admin/analyst/responder roles) - Risk assessment engine for command and tool call evaluation (scoring, classification, and action recommendations) - Sandbox executor with resource limits, filesystem isolation, and timeout enforcement Audit System: - Tamper-evident audit logger with HMAC chain verification - SIEM export integrations (Syslog, Splunk HEC, Elasticsearch) - JSON file export for offline analysis SecOps Tools (6 new agent tools): - log_analyze: Log search and analysis with regex, time-range, severity filtering, and aggregation - compliance_check: Automated compliance checking against CIS Linux/Docker, PCI-DSS, SOC2, HIPAA, ISO27001 - security_scan: Vulnerability scanning via Trivy, Grype, Lynis, chkrootkit, rkhunter, and source code secret detection - monitoring_query: System metrics, disk usage, process analysis, Docker stats, and Prometheus/node-exporter queries - network_diagnostics: Network diagnostics including ping, traceroute, DNS, port checks, connections, routing, bandwidth - certificate_audit: TLS/SSL certificate inspection, expiry checking, chain verification, directory scanning, remote host checks Integration: - SecOps tools registered in coordinator build pipeline - New "secops" agent type in config with appropriate tool filtering - System prompt templates for ops and security expert personas https://claude.ai/code/session_01GCTv3f1MDMZpsdCv6idM37
chenchunrun
requested review from
andreynering and
aymanbagabas
and removed request for
a team
Contributor
|
Thank you for your submission. We really appreciate it! Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request comment same as the below format. I have read the Contributor License Agreement (CLA) and hereby sign the CLA. You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot. |
- sandbox: replace naive string-contains path check with normalised token scan (filepath.Clean + EvalSymlinks) to block path-traversal bypasses - security: add ShellQuote/ShellQuoteSlice/ValidateNoShellMeta utilities; apply to all tool command builders to prevent shell injection - security: add reverse-shell (11 patterns) and env-dump (6 patterns) detections wired into AssessCommand() - audit: fix goroutine context leak — SIEM exporters now use context.WithTimeout(context.Background(), 30s) instead of caller ctx - audit_viewer: new tool (query/verify/summary) backed by the audit logger with ISO 8601 and relative duration (1h/7d) time filter support - config: register audit_viewer in allToolNames() and resolveSecOpsTools() - tests: comprehensive table-driven tests for shellquote, risk assessor (reverse shell, env dump, tool calls, score cap), audit log (chain integrity, tamper detection, exporter, query filters, file output), and sandbox (path traversal, custom deny paths, output truncation) https://claude.ai/code/session_01GCTv3f1MDMZpsdCv6idM37
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implement a comprehensive security operations (SecOps) agent framework with the following components:
Security Core:
Audit System:
SecOps Tools (6 new agent tools):
Integration:
https://claude.ai/code/session_01GCTv3f1MDMZpsdCv6idM37
CONTRIBUTING.md.