Add configurable security policy filename support

openhands-agent · openhands-agent · commit 040e162c6dac · 2025-09-22T17:13:07.000Z
- Add security_policy_filename field to Agent model with default 'security_policy.j2'
- Update system_prompt.j2 to use configurable security policy template
- Add comprehensive tests for security policy configuration
- Add example demonstrating configurable security policy usage
- All tests pass and pre-commit hooks validated

Co-authored-by: openhands &lt;openhands@all-hands.dev&gt;
diff --git a/examples/20_security_policy/configurable_security_policy.py b/examples/20_security_policy/configurable_security_policy.py
@@ -0,0 +1,79 @@
+#!/usr/bin/env python3
+"""
+Example demonstrating configurable security policy support in OpenHands Agent.
+
+This example shows how to:
+1. Use the default security policy
+2. Configure a custom security policy template
+3. Verify the security policy is included in the system message
+"""
+
+import os
+from pathlib import Path
+
+from pydantic import SecretStr
+
+from openhands.sdk.agent import Agent
+from openhands.sdk.llm import LLM
+
+
+def main():
+    """Demonstrate configurable security policy functionality."""
+    print("=== OpenHands Agent: Configurable Security Policy Example ===\n")
+
+    # Example 1: Default security policy
+    print("1. Creating agent with default security policy...")
+    llm = LLM(
+        model="gpt-4o-mini",
+        api_key=SecretStr(os.getenv("OPENAI_API_KEY", "your-api-key-here")),
+    )
+    default_agent = Agent(llm=llm)
+    print(
+        f"   Default security policy filename: {default_agent.security_policy_filename}"
+    )
+
+    # Example 2: Custom security policy
+    print("\n2. Creating agent with custom security policy...")
+
+    # Get the path to our custom policy template
+    example_dir = Path(__file__).parent
+    custom_policy_path = example_dir / "custom_policy.j2"
+
+    if not custom_policy_path.exists():
+        print(f"   Error: Custom policy template not found at {custom_policy_path}")
+        return
+
+    custom_agent = Agent(
+        llm=llm,
+        security_policy_filename="custom_policy.j2",
+    )
+    print(
+        f"   Custom security policy filename: {custom_agent.security_policy_filename}"
+    )
+
+    # Example 3: Demonstrate configuration
+    print("\n3. Configuration summary...")
+    print(f"   Default agent security policy: {default_agent.security_policy_filename}")
+    print(f"   Custom agent security policy: {custom_agent.security_policy_filename}")
+    print("   ✅ Security policy filename successfully configured!")
+
+    # Note: The security policy template is automatically included in the agent's
+    # system message when the agent processes conversations. The template is
+    # rendered using Jinja2 and included in the SECURITY_RISK_ASSESSMENT section.
+
+    print("\n=== Example completed successfully! ===")
+    print("\nKey takeaways:")
+    print("• Agents use 'security_policy.j2' as the default security policy template")
+    print(
+        "• You can specify a custom security policy using the "
+        "security_policy_filename parameter"
+    )
+    print("• The security policy template is included in the agent's system message")
+    print(
+        "• Custom policies allow you to define organization-specific "
+        "security guidelines"
+    )
+
+
+if __name__ == "__main__":
+    main()
diff --git a/examples/20_security_policy/custom_policy.j2 b/examples/20_security_policy/custom_policy.j2
@@ -0,0 +1,13 @@
+# 🔐 Custom Security Risk Policy
+When using tools that support the security_risk parameter, assess the safety risk of your actions:
+
+- **LOW**: Safe read-only actions.
+  - Viewing files, calculations, documentation.
+- **MEDIUM**: Moderate container-scoped actions.
+  - File modifications, package installations.
+- **HIGH**: Potentially dangerous actions.
+  - Network access, system modifications, data exfiltration.
+
+**Custom Rules**
+- Always prioritize user data safety.
+- Escalate to **HIGH** for any external data transmission.
diff --git a/openhands/sdk/agent/base.py b/openhands/sdk/agent/base.py
@@ -104,6 +104,13 @@ class AgentBase(DiscriminatedUnionMixin, ABC):
         ],
     )
     system_prompt_filename: str = Field(default="system_prompt.j2")
+    security_policy_filename: str = Field(
+        default="security_policy.j2",
+        description=(
+            "Filename of the security policy template to include in the system prompt."
+        ),
+        examples=["security_policy.j2", "custom_security_policy.j2"],
+    )
     system_prompt_kwargs: dict = Field(
         default_factory=dict,
         description="Optional kwargs to pass to the system prompt Jinja2 template.",
@@ -156,6 +163,9 @@ def system_message(self) -> str:
         if hasattr(self, "cli_mode"):
             template_kwargs["cli_mode"] = getattr(self, "cli_mode")
 
+        # Add security_policy_filename to template kwargs
+        template_kwargs["security_policy_filename"] = self.security_policy_filename
+
         system_message = render_template(
             prompt_dir=self.prompt_dir,
             template_name=self.system_prompt_filename,
diff --git a/openhands/sdk/agent/prompts/system_prompt.j2 b/openhands/sdk/agent/prompts/system_prompt.j2
@@ -67,7 +67,7 @@ Your primary role is to assist users by executing commands, modifying code, and
 </SECURITY>
 
 <SECURITY_RISK_ASSESSMENT>
-{% include 'security_risk_assessment.j2' %}
+{% include security_policy_filename %}
 </SECURITY_RISK_ASSESSMENT>
 
 <EXTERNAL_SERVICES>
diff --git a/tests/sdk/agent/test_security_policy_integration.py b/tests/sdk/agent/test_security_policy_integration.py
@@ -0,0 +1,171 @@
+"""Integration tests for configurable security policy functionality."""
+
+import shutil
+import tempfile
+from pathlib import Path
+
+import pytest
+from pydantic import SecretStr
+
+from openhands.sdk.agent import Agent
+from openhands.sdk.llm import LLM
+
+
+@pytest.fixture
+def temp_dir():
+    """Create a temporary directory for test files."""
+    temp_dir = tempfile.mkdtemp()
+    yield temp_dir
+    shutil.rmtree(temp_dir)
+
+
+@pytest.fixture
+def test_llm():
+    """Create a test LLM instance."""
+    return LLM(
+        model="gpt-4o-mini",
+        api_key=SecretStr("test-key"),
+        base_url="http://test",
+    )
+
+
+@pytest.fixture
+def custom_policy_content():
+    """Sample custom security policy content."""
+    return (
+        "# 🔐 Custom Security Risk Policy\n"
+        "When using tools that support the security_risk parameter, "
+        "assess the safety risk of your actions:\n"
+        "\n"
+        "- **LOW**: Safe read-only actions.\n"
+        "  - Viewing files, calculations, documentation.\n"
+        "- **MEDIUM**: Moderate container-scoped actions.\n"
+        "  - File modifications, package installations.\n"
+        "- **HIGH**: Potentially dangerous actions.\n"
+        "  - Network access, system modifications, data exfiltration.\n"
+        "\n"
+        "**Custom Rules**\n"
+        "- Always prioritize user data safety.\n"
+        "- Escalate to **HIGH** for any external data transmission."
+    )
+
+
+def test_default_security_policy_filename(test_llm):
+    """Test that Agent uses default security policy filename."""
+    agent = Agent(llm=test_llm)
+    assert agent.security_policy_filename == "security_policy.j2"
+
+
+def test_custom_security_policy_filename(test_llm):
+    """Test that Agent accepts custom security policy filename."""
+    agent = Agent(
+        llm=test_llm,
+        security_policy_filename="custom_policy.j2",
+    )
+    assert agent.security_policy_filename == "custom_policy.j2"
+
+
+def test_security_policy_filename_in_system_message(
+    temp_dir, custom_policy_content, test_llm, monkeypatch
+):
+    """Test that custom security policy filename is passed to system message template."""  # noqa: E501
+    # Create a custom policy file
+    custom_policy_path = Path(temp_dir) / "custom_policy.j2"
+    custom_policy_path.write_text(custom_policy_content)
+
+    # Create agent with custom security policy
+    agent = Agent(
+        llm=test_llm,
+        security_policy_filename="custom_policy.j2",
+    )
+
+    # Mock the prompt_dir property to point to our temp directory
+    original_prompt_dir = agent.prompt_dir
+
+    def mock_prompt_dir(self):
+        return temp_dir
+
+    monkeypatch.setattr(Agent, "prompt_dir", property(mock_prompt_dir))
+
+    # Copy the system_prompt.j2 to temp directory
+    system_prompt_path = Path(temp_dir) / "system_prompt.j2"
+    original_system_prompt = Path(original_prompt_dir) / "system_prompt.j2"
+    if original_system_prompt.exists():
+        shutil.copy2(original_system_prompt, system_prompt_path)
+    else:
+        # Create a minimal system prompt for testing
+        system_prompt_path.write_text(
+            "Test system prompt\n<SECURITY_RISK_ASSESSMENT>\n"
+            "{% include security_policy_filename %}\n</SECURITY_RISK_ASSESSMENT>"
+        )
+
+    # Get system message - this should include our custom policy
+    system_message = agent.system_message
+
+    # Verify that custom policy content appears in system message
+    assert "Custom Security Risk Policy" in system_message
+    assert "Always prioritize user data safety" in system_message
+
+
+def test_configurable_security_policy_filename(test_llm, monkeypatch):
+    """Test that security_policy_filename can be configured and is used in template rendering."""  # noqa: E501
+    # Copy example custom policy to test directory for this test
+    example_dir = (
+        Path(__file__).parent.parent.parent.parent / "examples" / "20_security_policy"
+    )
+    if not example_dir.exists():
+        pytest.skip("Example directory not found")
+
+    example_policy = example_dir / "custom_policy.j2"
+    if not example_policy.exists():
+        pytest.skip("Example custom policy not found")
+
+    with tempfile.TemporaryDirectory() as temp_dir:
+        # Copy the example policy to our test directory
+        test_policy_path = Path(temp_dir) / "custom_policy.j2"
+        shutil.copy2(example_policy, test_policy_path)
+
+        # Create agent with custom security policy
+        agent = Agent(
+            llm=test_llm,
+            security_policy_filename="custom_policy.j2",
+        )
+
+        # Mock the prompt_dir property to point to our temp directory
+        original_prompt_dir = agent.prompt_dir
+
+        def mock_prompt_dir(self):
+            return temp_dir
+
+        monkeypatch.setattr(Agent, "prompt_dir", property(mock_prompt_dir))
+
+        # Copy the system_prompt.j2 to temp directory
+        system_prompt_path = Path(temp_dir) / "system_prompt.j2"
+        original_system_prompt = Path(original_prompt_dir) / "system_prompt.j2"
+        if original_system_prompt.exists():
+            shutil.copy2(original_system_prompt, system_prompt_path)
+
+        # Get system message - this should include our custom policy
+        system_message = agent.system_message
+
+        # Verify that the custom policy content is included
+        # The exact content will depend on what's in the example custom_policy.j2
+        assert "SECURITY_RISK_ASSESSMENT" in system_message
+
+
+def test_security_policy_filename_validation(test_llm):
+    """Test that security_policy_filename field accepts valid string values."""
+    # Test with various valid filenames
+    valid_filenames = [
+        "security_policy.j2",
+        "custom_security_policy.j2",
+        "my_policy.j2",
+        "policy_v2.j2",
+    ]
+
+    for filename in valid_filenames:
+        agent = Agent(
+            llm=test_llm,
+            security_policy_filename=filename,
+        )
+        assert agent.security_policy_filename == filename
