5.2c 权限与安全
💡 一句话总结:配置 Agent 的权限控制,确保 AI 安全可控。
学完你能做什么
- 理解 Agent 权限控制的重要性
- 能配置 Agent 的工具权限
- 能设置访问控制策略
- 能防止安全风险
🎒 开始前的准备
确保你已经完成以下事项:
- [ ] 完成了 5.2a Agent 快速入门
- [ ] 了解 Agent 的基本配置
核心思路
为什么需要权限控制
权限控制可以:
- 防止 Agent 执行危险操作
- 限制敏感数据的访问
- 确保操作可追溯
- 满足合规要求
权限配置
工具权限
yaml
agents:
safe-agent:
name: "安全助手"
description: "受限操作的助手"
permissions:
tools:
allowed:
- read # 允许读取文件
- write # 允许写入文件
- grep # 允许搜索
- glob # 允许文件匹配
blocked:
- bash # 阻止执行命令
- delete # 阻止删除操作
- edit # 阻止编辑(只读)
read_only:
- true # 所有文件只读
path_restrictions:
allowed:
- "src/**"
- "tests/**"
blocked:
- "**/secrets/**"
- "**/.env"
- "**/*.pem"操作权限
yaml
agents:
limited-agent:
name: "受限助手"
description: "操作受限的助手"
permissions:
operations:
file_write:
allowed: true
require_confirmation: true
max_file_size: "1MB"
bash_execution:
allowed: false
network_requests:
allowed: true
whitelist:
- "api.example.com"
- "github.com"
blacklist:
- "localhost"
- "127.0.0.1"
database_write:
allowed: false
secret_access:
allowed: false数据权限
yaml
agents:
data-safe-agent:
name: "数据安全助手"
description: "保护敏感数据的助手"
permissions:
data:
classification:
public:
- "*.md"
- "*.txt"
internal:
- "src/**"
- "docs/**"
confidential:
- "**/config/**"
- "**/secrets/**"
access_levels:
- level: "public"
can_read: true
can_write: true
- level: "internal"
can_read: true
can_write: false
- level: "confidential"
can_read: false
can_write: false
encryption:
required: true
algorithm: "aes-256"安全策略
危险操作确认
yaml
agents:
safe-coding-agent:
name: "安全编码助手"
description: "需要确认的助手"
security:
dangerous_operations:
confirmation_required:
- "删除文件"
- "执行 rm 命令"
- "修改系统配置"
- "访问生产环境"
auto_block:
- "格式化磁盘"
- "删除所有文件"
- "修改权限为 777"
require_approval:
- "部署到生产"
- "修改数据库"
- "添加用户权限"
audit:
enabled: true
log_all_operations: true
sensitive_operations:
- "文件删除"
- "命令执行"
- "网络请求"输入验证
yaml
agents:
validated-agent:
name: "输入验证助手"
description: "验证所有输入的助手"
security:
input_validation:
enabled: true
file_paths:
max_length: 255
allowed_chars: "[a-zA-Z0-9/_.-]"
block_patterns:
- "../"
- "..\\"
- "/etc/passwd"
- "C:\\Windows"
commands:
allowed_commands:
- "ls"
- "cat"
- "grep"
- "find"
blocked_commands:
- "rm"
- "sudo"
- "chmod"
- "mkfs"
sql_injection:
enabled: true
block_patterns:
- "' OR '1'='1"
- "; DROP TABLE"
- "--"跟我做
实战:创建一个安全的开发助手
目标:配置一个只能读、不能执行危险操作的 Agent
yaml
agents:
safe-developer:
name: "安全开发者"
description: "只读模式的安全开发助手"
role: |
你是一个安全的开发助手,只能查看代码,不能执行任何命令或修改文件。
permissions:
tools:
allowed:
- read # 只能读取
- grep # 只能搜索
- glob # 只能查找
- lsp-* # LSP 相关工具
blocked:
- write # 阻止写入
- bash # 阻止命令执行
- delete # 阻止删除
- edit # 阻止编辑
path_restrictions:
allowed:
- "src/**"
- "tests/**"
- "docs/**"
- "*.md"
- "*.json"
- "*.yaml"
- "*.yml"
blocked:
- "**/node_modules/**"
- "**/.git/**"
- "**/*.log"
- ".env*"
- "**/secrets/**"
- "**/*.pem"
- "**/*.key"
security:
input_validation:
enabled: true
file_paths:
max_depth: 10
commands:
auto_block: true
audit:
enabled: true
log_operations:
- "read"
- "grep"📋 权限配置模板
模板 1:只读助手
yaml
agents:
reader-agent:
name: "只读助手"
description: "只能查看代码的助手"
permissions:
tools:
allowed: [read, grep, glob, lsp-*]
blocked: [write, bash, delete, edit]模板 2:安全编码助手
yaml
agents:
safe-coder:
name: "安全编码助手"
description: "需要确认的危险操作助手"
permissions:
tools:
allowed: [read, write, grep, glob]
blocked: [bash]
operations:
file_write:
require_confirmation: true
dangerous_commands:
auto_block: true模板 3:生产环境助手
yaml
agents:
production-agent:
name: "生产环境助手"
description: "最高安全级别的助手"
permissions:
tools:
allowed: [read, grep]
blocked: [write, bash, delete, edit, exec]
path_restrictions:
blocked:
- "**/*"
- "!**/docs/**"
operations:
all_require_approval: true
audit: true检查点 ✅
全部通过才能继续
- [ ] 理解权限控制的重要性
- [ ] 能配置工具权限
- [ ] 能设置操作权限
- [ ] 能配置数据权限
本课小结
你学会了:
- 权限控制的必要性
- 工具权限配置
- 操作权限配置
- 数据权限配置
- 安全策略配置
- 输入验证
下一课预告
下一课我们将学习 Agent 高级技巧,掌握更多优化方法。
📚 更多完整模板:Prompt 模板库