""" Security Classifier - 安全分级判定 低风险任务直接执行,高风险任务沙盒执行 """ from enum import Enum class RiskLevel(Enum): LOW = "low" # 直接执行 HIGH = "high" # 沙盒执行 class SecurityClassifier: """安全分级器""" HIGH_RISK_KEYWORDS = [ # 路径/项目操作 "修改", "编辑", "删除", "移动", "重命名", "Jarvis", "backend", "frontend", "git", "config", ".env", "生产环境", # 文件操作 "写入", "创建文件在", "移动到", "提交", "push", "pull", "merge", # 系统操作 "sudo", "rm ", "chmod", "chown", ] LOW_RISK_KEYWORDS = [ # demo/示例类 "demo", "示例", "贪食蛇", "俄罗斯方块", "小游戏", "独立项目", "新项目", "创建一个", "写一个", "帮我写一个", # 明确无害的请求 "生成代码", "代码示例", "练习项目", ] def classify(self, task_description: str, target_path: str | None = None) -> RiskLevel: """ 判断任务风险等级 Args: task_description: 任务描述 target_path: 目标路径(如果有) Returns: RiskLevel: LOW 或 HIGH """ # 1. 检查高风险关键词 task_lower = task_description.lower() if any(kw.lower() in task_lower for kw in self.HIGH_RISK_KEYWORDS): return RiskLevel.HIGH # 2. 检查目标路径 if target_path and self._is_project_path(target_path): return RiskLevel.HIGH # 3. 检查低风险关键词 if any(kw.lower() in task_lower for kw in self.LOW_RISK_KEYWORDS): return RiskLevel.LOW # 4. 默认高风险(保守策略) return RiskLevel.HIGH def _is_project_path(self, path: str) -> bool: """ 检查路径是否指向项目目录 Args: path: 文件路径 Returns: bool: 如果是项目路径返回 True """ path_lower = path.lower() project_indicators = [ "jarvis", "backend/app", "frontend/src", ".git", "package.json", "pyproject.toml", "requirements.txt", ] return any(indicator in path_lower for indicator in project_indicators) def get_risk_factors( self, task_description: str, target_path: str | None = None ) -> dict[str, bool]: """ 获取详细的风险因素分析 Returns: dict: 各风险因素及其状态 """ task_lower = task_description.lower() return { "has_high_risk_keywords": any( kw.lower() in task_lower for kw in self.HIGH_RISK_KEYWORDS ), "has_low_risk_keywords": any(kw.lower() in task_lower for kw in self.LOW_RISK_KEYWORDS), "is_project_path": bool(target_path and self._is_project_path(target_path)), }