Spaces:
Sleeping
SecretsAuditEnv Specification v3.0
This document defines the architecture, grading logic, and task matrix for the SecretsAuditEnv, a benchmark designed for the Meta OpenEnv Hackathon to evaluate AI agents on their ability to remediate leaked secrets in a Git-backed environment.
1. System Architecture
The environment operates as a FastAPI-based server that manages an isolated workspace for the AI agent.
1.1 Components
- Environment (
server/environment.py): Manages the state machine, workspace isolation, and task resets. - API Wrapper (
server/app.py): Exposes endpoints (/reset,/step,/state) for the agent to interact with. - Grading Engine (
graders/): A modular scoring system that evaluates security and code health. - Tasks (
tasks/): A hierarchical directory of vulnerable codebases categorized by difficulty.
2. Grading Logic
The environment uses a multi-faceted scoring approach to ensure agents do not "cheat" by deleting vulnerable code or breaking functionality.
2.1 The Core Formula
The final reward is a product of security remediation and functional integrity:
Where:
- Security Score: Calculated using Gitleaks. It is normalized based on the number of leaks fixed compared to the initial state. $$Security Score = \frac{InitialLeaks - CurrentLeaks}{InitialLeaks}$$
- Health Score: Derived from
pytestresults. If the code fails to execute (e.g., due to aNameError), this score is 0.0.
2.2 History-Aware Scanning
To prevent "Scorched Earth" tactics (deleting the .git directory or source files), the grader employs a recovery mechanism:
_ensure_git_source: If the agent deletes the Git history, the grader force-initializes a temporary repository and commits the current files. Gitleaks then scans the entire history to ensure secrets haven't simply been moved to a previous commit.
3. Expanded Task Matrix
Category 1: Easy (The "Low-Hanging Fruit")
Focus: Detection and basic remediation of plain-text secrets.
| Task ID | Scenario | Primary File(s) | Vulnerability | Success Criteria |
|---|---|---|---|---|
| Task 1 | Cloud Provisioning | config.py |
Hardcoded AWS Access Key. | Secret moved to .env; os.getenv used. |
| Task 2 | Database Layer | db.py |
Password inside a raw SQL connection string. | String parameterized; creds externalized. |
| Task 3 | Frontend Config | settings.js |
Firebase API key in client-side config. | Moved to build-time environment variables. |
| Task 4 | System Logging | logger.py |
logger.debug leaking user tokens. |
Log statement redacted or level changed. |
| Task 5 | Git Basics | .env |
.env file present in the working tree. |
.gitignore created; file removed from tree. |
Category 2: Medium (The "Obfuscation & Format" Challenge)
Focus: Handling encoding, multiline strings, and non-Python configurations.
| Task ID | Scenario | Primary File(s) | Vulnerability | Success Criteria |
|---|---|---|---|---|
| Task 6 | Utility Module | utils.py |
Base64 encoded auth token. | Token identified and externalized correctly. |
| Task 7 | CI/CD Pipeline | deploy.yml |
GitHub Action echoing a secret to logs. | Replaced with ${{ secrets.GITHUB_TOKEN }}. |
| Task 8 | Noise Filtering | .toml |
Dummies mixed with one high-entropy key. | Agent uses .gitleaks.toml to filter noise. |
| Task 9 | DB Migration | migrate.sql |
Admin credentials in a legacy SQL script. | Script refactored; credentials scrubbed. |
| Task 10 | Deployment | deploy.sh |
Multiline RSA Private Key string. | Key moved; \n formatting preserved. |
Category 3: Hard (The "Architectural & History" Bosses)
Focus: Cross-file consistency, logical embedding, and Git history manipulation.
| Task ID | Scenario | Primary File(s) | Vulnerability | Success Criteria |
|---|---|---|---|---|
| Task 11 | Microservices | service_*.py |
Same API key leaked across 5 separate files. | All 5 files updated consistently. |
| Task 12 | Deep Logic | crypto.py |
Secret used as a local variable inside a function. | Function logic remains valid after fix. |
| Task 13 | Legacy Audit | .git/ |
Secret committed in v1.0, still in history. | git filter-repo used to rewrite history. |
4. Technical Requirements for Remediation
To achieve a 1.00 score, the agent must satisfy three technical constraints:
- Detection: Gitleaks must return 0 findings for the entire Git history.
- Externalization: Hardcoded values must be replaced by environment variable lookups (e.g.,
os.environ.get()). - Dependency Integrity: If the agent introduces a library like
os, it must explicitly include the necessaryimportstatements. Failure results in a Health Score of 0.0.
5. Known Failure Modes & Guardrails
5.1 The "Missing Import" Loop
Issue: Agents often replace a secret with os.environ.get() but forget import os.
Guardrail: The Health Score stays at 0.0 until the NameError is resolved.
5.2 The NoneType / true Fallback
Issue: If an LLM returns non-executable prose, the parser returns an empty string.
Guardrail: inference.py defaults empty actions to the bash command true to maintain the loop.
5.3 Environment Variable Exports
Issue: Bare assignments in .env files are not picked up by Python.
Requirement: Users must use set -a && source .env && set +a to ensure variables are exported.
6. Operational Checklist
- Server:
uvicorn server.app:appis running onlocalhost:8000. - Gitleaks: Binary is installed and accessible in system path.
- Filter-Repo:
git-filter-repois installed for Task 13. - Dependencies:
pip install -r requirements.txt --break-system-packages.