From 2fb55f93e1e9a462c743e9675a0b6dd1cbae3bbb Mon Sep 17 00:00:00 2001 From: openhands Date: Mon, 8 Dec 2025 15:58:53 +0000 Subject: [PATCH 1/3] docs: Add configurable security policy documentation Add documentation for custom security policy templates that allow users to define organization-specific risk assessment guidelines. Relates to OpenHands/software-agent-sdk#427 --- sdk/guides/security.mdx | 49 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/sdk/guides/security.mdx b/sdk/guides/security.mdx index e895fc2f..4e1b4455 100644 --- a/sdk/guides/security.mdx +++ b/sdk/guides/security.mdx @@ -442,6 +442,55 @@ agent = Agent(llm=llm, tools=tools, security_analyzer=security_analyzer) For more details on the base class implementation, see the [source code](https://github.com/OpenHands/software-agent-sdk/blob/main/openhands-sdk/openhands/sdk/security/analyzer.py). +--- + +## Configurable Security Policy + +Agents use security policies to guide their risk assessment of actions. The SDK provides a default security policy template, but you can customize it to match your specific security requirements and guidelines. + + +Full configurable security policy example: [examples/01_standalone_sdk/28_configurable_security_policy.py](https://github.com/OpenHands/software-agent-sdk/blob/main/examples/01_standalone_sdk/28_configurable_security_policy.py) + + +### Security Policy Example + +Define custom security risk guidelines for your agent: + +```python icon="python" expandable examples/01_standalone_sdk/28_configurable_security_policy.py +``` + +```bash Running the Example +export LLM_API_KEY="your-api-key" +cd agent-sdk +uv run python examples/01_standalone_sdk/28_configurable_security_policy.py +``` + +### Using Custom Security Policies + +You can provide a custom security policy template when creating an agent: + +```python highlight={10-11} +from openhands.sdk import Agent, LLM +from pathlib import Path + +llm = LLM( + usage_id="agent", + model="anthropic/claude-sonnet-4-5-20250929", + api_key=SecretStr(api_key), +) + +# Provide a custom security policy template file +agent = Agent(llm=llm, tools=tools, security_policy_filename="my_security_policy.j2") +``` + +Custom security policies allow you to: +- Define organization-specific risk assessment guidelines +- Set custom thresholds for security risk levels +- Add domain-specific security rules +- Tailor risk evaluation to your use case + +The security policy is provided as a Jinja2 template that gets rendered into the agent's system prompt, guiding how it evaluates the security risk of its actions. + ## Next Steps - **[Custom Tools](/sdk/guides/custom-tools)** - Build secure custom tools From 9b31f309708ef3a12176a520aa378cc8c41cb7aa Mon Sep 17 00:00:00 2001 From: openhands Date: Mon, 8 Dec 2025 17:13:27 +0000 Subject: [PATCH 2/3] Update security policy example number from 28 to 31 Address review comment from xingyaoww Co-authored-by: openhands --- sdk/guides/security.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk/guides/security.mdx b/sdk/guides/security.mdx index 4e1b4455..5495facf 100644 --- a/sdk/guides/security.mdx +++ b/sdk/guides/security.mdx @@ -449,14 +449,14 @@ For more details on the base class implementation, see the [source code](https:/ Agents use security policies to guide their risk assessment of actions. The SDK provides a default security policy template, but you can customize it to match your specific security requirements and guidelines. -Full configurable security policy example: [examples/01_standalone_sdk/28_configurable_security_policy.py](https://github.com/OpenHands/software-agent-sdk/blob/main/examples/01_standalone_sdk/28_configurable_security_policy.py) +Full configurable security policy example: [examples/01_standalone_sdk/31_configurable_security_policy.py](https://github.com/OpenHands/software-agent-sdk/blob/main/examples/01_standalone_sdk/31_configurable_security_policy.py) ### Security Policy Example Define custom security risk guidelines for your agent: -```python icon="python" expandable examples/01_standalone_sdk/28_configurable_security_policy.py +```python icon="python" expandable examples/01_standalone_sdk/31_configurable_security_policy.py ``` ```bash Running the Example From 3da2fe30ba70db7f550612a1092cf2141e4cae41 Mon Sep 17 00:00:00 2001 From: openhands Date: Thu, 18 Dec 2025 20:42:14 +0000 Subject: [PATCH 3/3] Update security policy example number from 31 to 32 The example was renamed to 32 to avoid conflict with 31_iterative_refinement.py Co-authored-by: openhands --- sdk/guides/security.mdx | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sdk/guides/security.mdx b/sdk/guides/security.mdx index 5495facf..43ed55fc 100644 --- a/sdk/guides/security.mdx +++ b/sdk/guides/security.mdx @@ -449,20 +449,20 @@ For more details on the base class implementation, see the [source code](https:/ Agents use security policies to guide their risk assessment of actions. The SDK provides a default security policy template, but you can customize it to match your specific security requirements and guidelines. -Full configurable security policy example: [examples/01_standalone_sdk/31_configurable_security_policy.py](https://github.com/OpenHands/software-agent-sdk/blob/main/examples/01_standalone_sdk/31_configurable_security_policy.py) +Full configurable security policy example: [examples/01_standalone_sdk/32_configurable_security_policy.py](https://github.com/OpenHands/software-agent-sdk/blob/main/examples/01_standalone_sdk/32_configurable_security_policy.py) ### Security Policy Example Define custom security risk guidelines for your agent: -```python icon="python" expandable examples/01_standalone_sdk/31_configurable_security_policy.py +```python icon="python" expandable examples/01_standalone_sdk/32_configurable_security_policy.py ``` ```bash Running the Example export LLM_API_KEY="your-api-key" cd agent-sdk -uv run python examples/01_standalone_sdk/28_configurable_security_policy.py +uv run python examples/01_standalone_sdk/32_configurable_security_policy.py ``` ### Using Custom Security Policies