cfdaily
73 lines
2.5 KiB
YAML
73 lines
2.5 KiB
YAML
# guardrails.yaml — 安全红线配置(PRD §10.1)
|
||
# 六条红线:任何触发都必须暂停并通知人工
|
||
|
||
rules:
|
||
- id: live_trading
|
||
name: 实盘交易拦截
|
||
description: 任何涉及真实资金的操作必须人工确认
|
||
severity: critical
|
||
triggers:
|
||
- pattern: "实盘|live|真实资金|real.money|真金白银"
|
||
in: [task_title, task_description, must_haves]
|
||
- task_type: live_trade
|
||
action: block_and_notify
|
||
message: "⚠️ 安全红线:检测到实盘交易操作,需要人工确认后才能执行"
|
||
|
||
- id: data_deletion
|
||
name: 数据删除拦截
|
||
description: 删除历史数据、回测结果必须人工确认
|
||
severity: critical
|
||
triggers:
|
||
- pattern: "删除|delete|remove|drop|清空|truncate"
|
||
in: [task_title, task_description]
|
||
- task_type: data_delete
|
||
action: block_and_notify
|
||
message: "⚠️ 安全红线:检测到数据删除操作,需要人工确认后才能执行"
|
||
|
||
- id: config_change
|
||
name: 系统配置变更拦截
|
||
description: 修改 daemon/API/Agent 配置必须人工确认
|
||
severity: critical
|
||
triggers:
|
||
- pattern: "修改配置|change.config|daemon.*config|api.*config|agent.*config"
|
||
in: [task_title, task_description]
|
||
- task_type: config_change
|
||
action: block_and_notify
|
||
message: "⚠️ 安全红线:检测到系统配置变更,需要人工确认后才能执行"
|
||
|
||
- id: high_token_usage
|
||
name: 大额Token消耗
|
||
description: 单步超过阈值时自动暂停并通知
|
||
severity: warning
|
||
triggers:
|
||
- token_threshold: 100000
|
||
action: pause_and_notify
|
||
message: "⚠️ 安全红线:单步Token消耗超过100K,已自动暂停"
|
||
|
||
- id: agent_uncontrolled
|
||
name: Agent不受控行为
|
||
description: Agent执行超出步骤范围时自动终止并升级
|
||
severity: critical
|
||
triggers:
|
||
- step_exceeded: true
|
||
action: terminate_and_escalate
|
||
message: "⚠️ 安全红线:Agent行为超出步骤范围,已自动终止"
|
||
|
||
- id: consecutive_failure
|
||
name: 连续失败
|
||
description: 同一任务连续3个步骤失败时暂停并人工介入
|
||
severity: warning
|
||
triggers:
|
||
- consecutive_failures: 3
|
||
action: pause_and_escalate
|
||
message: "⚠️ 安全红线:任务连续失败3次,需要人工介入"
|
||
|
||
# 全局设置
|
||
settings:
|
||
# 是否启用安全红线(生产环境必须为 true)
|
||
enabled: true
|
||
# 通知方式(当前只支持 mail)
|
||
notify_via: mail
|
||
# 通知目标(发给谁)
|
||
notify_to: main
|