| # SecretsAuditEnv Specification v3.0 |
|
|
| This document defines the architecture, grading logic, and task matrix for the **SecretsAuditEnv**, a benchmark designed for the Meta OpenEnv Hackathon to evaluate AI agents on their ability to remediate leaked secrets in a Git-backed environment. |
|
|
| --- |
|
|
| ## 1. System Architecture |
|
|
| The environment operates as a FastAPI-based server that manages an isolated workspace for the AI agent. |
|
|
| ### 1.1 Components |
| * **Environment (`server/environment.py`)**: Manages the state machine, workspace isolation, and task resets. |
| * **API Wrapper (`server/app.py`)**: Exposes endpoints (`/reset`, `/step`, `/state`) for the agent to interact with. |
| * **Grading Engine (`graders/`)**: A modular scoring system that evaluates security and code health. |
| * **Tasks (`tasks/`)**: A hierarchical directory of vulnerable codebases categorized by difficulty. |
|
|
| --- |
|
|
| ## 2. Grading Logic |
|
|
| The environment uses a multi-faceted scoring approach to ensure agents do not "cheat" by deleting vulnerable code or breaking functionality. |
|
|
| ### 2.1 The Core Formula |
| The final reward is a product of security remediation and functional integrity: |
|
|
| $$Total Reward = Security Score \times Health Score$$ |
|
|
| Where: |
| * **Security Score**: Calculated using Gitleaks. It is normalized based on the number of leaks fixed compared to the initial state. |
| $$Security Score = \frac{InitialLeaks - CurrentLeaks}{InitialLeaks}$$ |
| * **Health Score**: Derived from `pytest` results. If the code fails to execute (e.g., due to a `NameError`), this score is **0.0**. |
| |
| ### 2.2 History-Aware Scanning |
| To prevent "Scorched Earth" tactics (deleting the `.git` directory or source files), the grader employs a recovery mechanism: |
| > **`_ensure_git_source`**: If the agent deletes the Git history, the grader force-initializes a temporary repository and commits the current files. Gitleaks then scans the *entire* history to ensure secrets haven't simply been moved to a previous commit. |
| |
| --- |
| |
| ## 3. Expanded Task Matrix |
| |
| ### Category 1: Easy (The "Low-Hanging Fruit") |
| *Focus: Detection and basic remediation of plain-text secrets.* |
| |
| | Task ID | Scenario | Primary File(s) | Vulnerability | Success Criteria | |
| | :--- | :--- | :--- | :--- | :--- | |
| | **Task 1** | Cloud Provisioning | `config.py` | Hardcoded AWS Access Key. | Secret moved to `.env`; `os.getenv` used. | |
| | **Task 2** | Database Layer | `db.py` | Password inside a raw SQL connection string. | String parameterized; creds externalized. | |
| | **Task 3** | Frontend Config | `settings.js` | Firebase API key in client-side config. | Moved to build-time environment variables. | |
| | **Task 4** | System Logging | `logger.py` | `logger.debug` leaking user tokens. | Log statement redacted or level changed. | |
| | **Task 5** | Git Basics | `.env` | `.env` file present in the working tree. | `.gitignore` created; file removed from tree. | |
| |
| ### Category 2: Medium (The "Obfuscation & Format" Challenge) |
| *Focus: Handling encoding, multiline strings, and non-Python configurations.* |
| |
| | Task ID | Scenario | Primary File(s) | Vulnerability | Success Criteria | |
| | :--- | :--- | :--- | :--- | :--- | |
| | **Task 6** | Utility Module | `utils.py` | Base64 encoded auth token. | Token identified and externalized correctly. | |
| | **Task 7** | CI/CD Pipeline | `deploy.yml` | GitHub Action echoing a secret to logs. | Replaced with `${{ secrets.GITHUB_TOKEN }}`. | |
| | **Task 8** | Noise Filtering | `.toml` | Dummies mixed with one high-entropy key. | Agent uses `.gitleaks.toml` to filter noise. | |
| | **Task 9** | DB Migration | `migrate.sql` | Admin credentials in a legacy SQL script. | Script refactored; credentials scrubbed. | |
| | **Task 10** | Deployment | `deploy.sh` | Multiline RSA Private Key string. | Key moved; `\n` formatting preserved. | |
|
|
| ### Category 3: Hard (The "Architectural & History" Bosses) |
| *Focus: Cross-file consistency, logical embedding, and Git history manipulation.* |
|
|
| | Task ID | Scenario | Primary File(s) | Vulnerability | Success Criteria | |
| | :--- | :--- | :--- | :--- | :--- | |
| | **Task 11** | Microservices | `service_*.py` | Same API key leaked across 5 separate files. | All 5 files updated consistently. | |
| | **Task 12** | Deep Logic | `crypto.py` | Secret used as a local variable inside a function. | Function logic remains valid after fix. | |
| | **Task 13** | Legacy Audit | `.git/` | Secret committed in v1.0, still in history. | `git filter-repo` used to rewrite history. | |
|
|
| --- |
|
|
| ## 4. Technical Requirements for Remediation |
|
|
| To achieve a **1.00 score**, the agent must satisfy three technical constraints: |
|
|
| 1. **Detection**: Gitleaks must return 0 findings for the *entire* Git history. |
| 2. **Externalization**: Hardcoded values must be replaced by environment variable lookups (e.g., `os.environ.get()`). |
| 3. **Dependency Integrity**: If the agent introduces a library like `os`, it must explicitly include the necessary `import` statements. Failure results in a **Health Score of 0.0**. |
|
|
| --- |
|
|
| ## 5. Known Failure Modes & Guardrails |
|
|
| ### 5.1 The "Missing Import" Loop |
| **Issue**: Agents often replace a secret with `os.environ.get()` but forget `import os`. |
| **Guardrail**: The `Health Score` stays at **0.0** until the `NameError` is resolved. |
|
|
| ### 5.2 The `NoneType` / `true` Fallback |
| **Issue**: If an LLM returns non-executable prose, the parser returns an empty string. |
| **Guardrail**: `inference.py` defaults empty actions to the bash command `true` to maintain the loop. |
|
|
| ### 5.3 Environment Variable Exports |
| **Issue**: Bare assignments in `.env` files are not picked up by Python. |
| **Requirement**: Users must use `set -a && source .env && set +a` to ensure variables are exported. |
|
|
| --- |
|
|
| ## 6. Operational Checklist |
| * [ ] **Server**: `uvicorn server.app:app` is running on `localhost:8000`. |
| * [ ] **Gitleaks**: Binary is installed and accessible in system path. |
| * [ ] **Filter-Repo**: `git-filter-repo` is installed for Task 13. |
| * [ ] **Dependencies**: `pip install -r requirements.txt --break-system-packages`. |
|
|