cfdaily
74 lines
2.6 KiB
YAML
74 lines
2.6 KiB
YAML
# guardrails.yaml — 安全红线配置(PRD §10.1)
|
|
# 六条红线:任何触发都必须暂停并通知人工
|
|
|
|
rules:
|
|
- id: live_trading
|
|
name: 实盘交易拦截
|
|
description: 任何涉及真实资金的操作必须人工确认
|
|
severity: critical
|
|
triggers:
|
|
- pattern: "实盘|live|真实资金|real.money|真金白银"
|
|
in: [task_title, task_description, must_haves]
|
|
- task_type: live_trade
|
|
action: block_and_notify
|
|
message: "⚠️ 安全红线:检测到实盘交易操作,需要人工确认后才能执行"
|
|
|
|
- id: data_deletion
|
|
name: 数据删除拦截
|
|
description: 删除历史数据、回测结果必须人工确认
|
|
severity: critical
|
|
triggers:
|
|
- pattern: "删除|delete|remove|drop|清空|truncate"
|
|
in: [task_title, task_description]
|
|
- task_type: data_delete
|
|
action: block_and_notify
|
|
message: "⚠️ 安全红线:检测到数据删除操作,需要人工确认后才能执行"
|
|
|
|
- id: config_change
|
|
name: 系统配置变更拦截
|
|
description: 修改 daemon/API/Agent 配置必须人工确认
|
|
severity: critical
|
|
triggers:
|
|
- pattern: "修改配置|change.config|daemon.*config|api.*config|agent.*config"
|
|
in: [task_title, task_description]
|
|
- task_type: config_change
|
|
action: block_and_notify
|
|
message: "⚠️ 安全红线:检测到系统配置变更,需要人工确认后才能执行"
|
|
|
|
- id: high_token_usage
|
|
name: 大额Token消耗
|
|
description: 单步超过阈值时自动暂停并通知
|
|
severity: warning
|
|
triggers:
|
|
- token_threshold: 100000
|
|
action: pause_and_notify
|
|
message: "⚠️ 安全红线:单步Token消耗超过100K,已自动暂停"
|
|
|
|
- id: agent_uncontrolled
|
|
name: Agent不受控行为
|
|
description: Agent执行超出步骤范围时自动终止并升级
|
|
severity: critical
|
|
triggers:
|
|
- step_exceeded: true
|
|
action: terminate_and_escalate
|
|
message: "⚠️ 安全红线:Agent行为超出步骤范围,已自动终止"
|
|
# TODO: 需在 Spawner/Ticker monitor 中集成 step 超限检查后调用
|
|
|
|
- id: consecutive_failure
|
|
name: 连续失败
|
|
description: 同一任务连续3个步骤失败时暂停并人工介入
|
|
severity: warning
|
|
triggers:
|
|
- consecutive_failures: 3
|
|
action: pause_and_escalate
|
|
message: "⚠️ 安全红线:任务连续失败3次,需要人工介入"
|
|
|
|
# 全局设置
|
|
settings:
|
|
# 是否启用安全红线(生产环境必须为 true)
|
|
enabled: true
|
|
# 通知方式(当前仅记录日志+黑板事件,mail通知待后续集成)
|
|
notify_via: log
|
|
# 通知目标(发给谁)
|
|
notify_to: main
|