mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-17 23:09:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
342bcf8ea5
system-prompts-and-models-o.../dealix/docs/AGENT_SECURITY_CURATOR.md
Dealix Builder bcf545c22e feat(self-improving): Hermes-inspired Agent Platform — 6 layers + 30 endpoints + 76 tests + Private Beta launch 
Security Curator (4 modules) — جدار الحماية الأول
- secret_redactor: 11 patterns (GitHub PAT, OpenAI/Anthropic/Supabase/WhatsApp/Moyasar/Sentry/Google/AWS/private keys); never returns raw secret
- patch_firewall: blocks .env / credentials.json / RSA keys; scans added lines for secret patterns
- trace_redactor: masks phones (+966...) and emails for PII safety
- tool_output_sanitizer: cleans tool outputs before they hit ledger/Proof Pack/UI/observability

Growth Curator (5 modules) — التحسين الذاتي
- message_curator: grades Arabic messages (0..100), detects 8 risky phrases, suggests Saudi-tone skeleton
- playbook_curator: scores playbooks by outcome (accept/reply/meeting/deal); winner/promising/needs_work/archive
- mission_curator: scores completed missions; ship_it_widely/iterate/rework_or_retire
- skill_inventory: deterministic 23-skill catalog across 5 layers
- curator_report: weekly Arabic summary "ماذا تعلمنا هذا الأسبوع"

Meeting Intelligence (5 modules) — ذكاء الاجتماعات
- transcript_parser: accepts Google Meet entries OR plain "Speaker: text" format
- meeting_brief: 6-section pre-meeting brief in Arabic (objective/questions/objections/offer/next-step)
- objection_extractor: 8 categories (price/timing/authority/trust/integration/competitor/results/complexity)
- followup_builder: email + WhatsApp drafts; live_send_allowed=False always
- deal_risk: 0..100 score from objections + missing next-step + decision-maker absence + days-since-touch

Model Router (5 modules) — موجّه النماذج
- provider_registry: 7 providers (Claude Sonnet/Haiku, GPT-4-class, GPT-4o-mini, Gemini Pro, Azure OAI KSA-region, Local Qwen Arabic-tuned)
- task_router: 10 task types × routing decisions with reasons_ar
- cost_policy: bulk → low; output > 1500 tokens → high
- fallback_policy: high-sensitivity workloads prefer KSA-region/self-hosted FIRST
- usage_dashboard: deterministic demo of all task routes

Connector Catalog (3 modules) — كتالوج التكاملات
- 14 connectors (WhatsApp Cloud, Gmail, Calendar, Google Meet, Moyasar, LinkedIn Lead Forms, Google Business Profile, X API, Instagram, Sheets, CRM, Website Forms, Composio, MCP Gateway)
- Each has launch_phase (1-4), risk_level, allowed_actions, blocked_actions, Arabic risk dossier
- WhatsApp blocks cold_send_without_consent; Moyasar blocks store_card_number; MCP requires allowlist

Agent Observability (5 modules) — مراقبة الوكلاء + التقييمات
- trace_events: SHA256-hashes user/company IDs; sanitizes payload/output before logging
- safety_eval: 7 rules (guarantee, scarcity_fake, medical_claim, financial, regulatory, personal_data, urgency); 0..100 → safe/needs_review/blocked
- saudi_tone_eval: positive markers (هلا, لاحظت, يناسبك) vs negative (تحية طيبة وبعد, synergy, leverage); arabic_ratio bonus
- eval_pack: 5 curated cases with expected verdicts
- cost_tracker: per workflow/provider/task_type aggregation

Routers (6 new) — 30 endpoints
- /api/v1/security-curator/{demo, redact, inspect-diff, sanitize-output}
- /api/v1/growth-curator/{skills/inventory, messages/grade, messages/improve, messages/duplicates, missions/next, report/weekly, report/demo}
- /api/v1/meeting-intelligence/{brief, brief/demo, transcript/summarize, followup/draft, deal-risk}
- /api/v1/model-router/{providers, tasks, route, cost-class, usage/demo}
- /api/v1/connector-catalog/{catalog, summary, status, risks, {key}}
- /api/v1/agent-observability/{trace/build, safety/eval, tone/eval, evals/run}

Tests (6 new files, 76 tests)
- test_security_curator: 16 tests (PAT detect, key redact, env diff block, payload scan, trace mask)
- test_growth_curator: 16 tests (Arabic grade, risky phrases, dup detect, playbook scoring, mission recommend, weekly report)
- test_meeting_intelligence: 13 tests (transcript parse, brief sections, objection extract, followup drafts, deal risk)
- test_dealix_model_router: 11 tests (every task → ≥1 provider, KSA-region for high sensitivity, cost class, primary override)
- test_agent_observability: 12 tests (trace hashing, safety verdicts, tone scoring, eval pack)
- test_connector_catalog: 11 tests (≥12 connectors, every has risk/blocked actions, WA cold-send blocked, Moyasar card-storage blocked)

Docs (8 new + 1 updated)
- AGENT_SECURITY_CURATOR.md (Arabic)
- GROWTH_CURATOR_STRATEGY.md (Arabic)
- MEETING_INTELLIGENCE.md (Arabic)
- MODEL_PROVIDER_ROUTER.md (Arabic)
- CONNECTOR_CATALOG.md (Arabic)
- AGENT_OBSERVABILITY_EVALS.md (Arabic)
- PRIVATE_BETA_LAUNCH_TODAY.md (Arabic) — go-checklist + offer + risks
- DEMO_SCRIPT_12_MINUTES.md (Arabic) — minute-by-minute demo flow
- FIRST_20_OUTREACH_MESSAGES.md (Arabic) — 7 personas + 3 follow-ups, all under safety/tone evals
- DEALIX_100_PERCENT_LAUNCH_PLAN.md — added §34 Self-Improving Agent Platform + §35 Private Beta Launch

Landing
- landing/private-beta.html — Arabic RTL, dark theme, pricing, 11 demo endpoints, safety banner

Test results
- 76/76 new tests pass
- Full suite: 663 passed, 2 skipped (missing API keys, unrelated)
- 0 existing tests broken

Safety
- All 6 layers honor approval-first, draft-only, no-live-send
- Hash user/company IDs before any trace
- No secrets in logs/embeddings/traces (3-layer defense: redactor + sanitizer + firewall)
- Saudi tone eval rejects "تحية طيبة وبعد" + "synergy" auto-corporate language
- Safety eval blocks "ضمان 100%" + medical claims + fake urgency
- Connector Catalog: WhatsApp blocks cold-send, Moyasar blocks card storage, MCP requires allowlist

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 16:30:18 +03:00

4.2 KiB
Raw Blame History

Security Curator — منظومة حماية وكلاء Dealix

القاعدة الأولى: لا سرّ يخرج من Dealix إلى log/trace/embedding/patch. الـ Security Curator هو الجدار الأول، يعمل قبل أي اتصال بأي قناة خارجية.

1. لماذا هذه الطبقة قبل أي tool live؟

Dealix يربط أدوات حساسة: WhatsApp Cloud, Gmail, Calendar, Moyasar, Google Meet, CRM. كل أداة فيها token، كل token خطر إذا تسرب. سابقاً تعرضنا لـPAT مكشوف، لذا قبل أي ربط حي:

  • يجب أن يمر كل log/trace من redactor.
  • يجب أن يمر كل diff من patch firewall.
  • يجب أن يمر كل tool output من sanitizer.
  • يجب ألا تخزّن أي assets مع secrets في الـembedding store.

2. الوحدات

الوحدة الدور
secret_redactor كشف وإزالة 11 نمط سر (GitHub PAT، OpenAI/Anthropic keys، Supabase JWT، WhatsApp/Moyasar/Sentry/Google API keys، AWS، private keys).
patch_firewall يفحص الـunified diff قبل commit ويرفض الـ.env و service-account JSON و RSA keys.
trace_redactor بالإضافة للأسرار، يخفي phones وemails داخل القيم النصية.
tool_output_sanitizer يعقّم مخرجات الأدوات قبل إظهارها للمستخدم أو حفظها في الـledger.

3. أنماط الأسرار المكشوفة

github_pat              ghp_***
github_pat_legacy       github_pat_***
openai_key              sk-***
anthropic_key           sk-ant-***
supabase_service_role   eyJ.***.***
whatsapp_token          EAA***
moyasar_secret          sk_***_***
langfuse_secret         lf_sk_***
sentry_dsn              https://***@***/***
aws_access_key          AKIA***
google_api_key          AIza***
private_key_block       BEGIN PRIVATE KEY *** REDACTED ***

ومفاتيح JSON الحساسة تُستبدل بـ*** بناءً على substring match (case-insensitive) لـ: api_key, apikey, secret, token, password, authorization, access_token, refresh_token, client_secret, private_key, ssn, credit_card, card_number, cvv, iban, moyasar_secret.

4. Patch Firewall

أي PR قبل ما يدخل الريبو:

  1. ملفات محظورة: .env, .env.local, .env.staging, .env.production, credentials.json, service-account*.json, id_rsa, *.pem, *.p12, *.pfx.
  2. أسرار في الأسطر المضافة: أي line يبدأ بـ+ يُمرر من detect_secret_patterns.
  3. الناتج: PatchFirewallResult{safe, reasons_ar, blocked_files, secret_findings}.

GitHub Push Protection يقبض الأسرار قبل push، لكن لا تعتمد عليه وحده — Patch Firewall يعمل في طبقة التطوير المحلية + CI.

5. Tool Output Sanitizer

قبل أن يصل أي مخرج إلى:

  • الـAction Ledger
  • الـProof Pack
  • الواجهة (UI / WhatsApp / Email)
  • Langfuse / Sentry

يمر عبر sanitize_tool_output(output) الذي يُرجع:

  • safe: bool
  • redacted: <نفس الشكل، مُعقّم>
  • notes_ar: ["تمت إزالة قيم حساسة من المخرج: ..."]

6. Endpoints

GET  /api/v1/security-curator/demo
POST /api/v1/security-curator/redact
POST /api/v1/security-curator/inspect-diff
POST /api/v1/security-curator/sanitize-output

7. اختبارات الأمان (16 test)

  • detect_github_pat لا يُرجع السر الخام أبداً.
  • redact_openai_key يستبدل بالـmask.
  • scan_payload يخفي api_key وtoken.
  • inspect_diff يحظر .env.
  • inspect_diff يحظر سراً مكتوباً داخل سطر مضاف.
  • redact_trace يخفي phones/emails مع الحفاظ على الـdomain للسياق.
  • sanitize_trace_event يحفظ event_type/agent_name/latency_ms ويعقّم payload.

8. ما لا تفعله هذه الطبقة

  • لا تكشف السر الخام في الـlogs أبداً.
  • لا تُرجع payload فيه token.
  • لا توقع على diff فيه secret.
  • لا تستبدل أو تعطّل GitHub Push Protection — هذه الطبقة إضافة، لا بديل.