# SecretsAuditEnv Specification v3.0 This document defines the architecture, grading logic, and task matrix for the **SecretsAuditEnv**, a benchmark designed for the Meta OpenEnv Hackathon to evaluate AI agents on their ability to remediate leaked secrets in a Git-backed environment. --- ## 1. System Architecture The environment operates as a FastAPI-based server that manages an isolated workspace for the AI agent. ### 1.1 Components * **Environment (`server/environment.py`)**: Manages the state machine, workspace isolation, and task resets. * **API Wrapper (`server/app.py`)**: Exposes endpoints (`/reset`, `/step`, `/state`) for the agent to interact with. * **Grading Engine (`graders/`)**: A modular scoring system that evaluates security and code health. * **Tasks (`tasks/`)**: A hierarchical directory of vulnerable codebases categorized by difficulty. --- ## 2. Grading Logic The environment uses a multi-faceted scoring approach to ensure agents do not "cheat" by deleting vulnerable code or breaking functionality. ### 2.1 The Core Formula The final reward is a product of security remediation and functional integrity: $$Total Reward = Security Score \times Health Score$$ Where: * **Security Score**: Calculated using Gitleaks. It is normalized based on the number of leaks fixed compared to the initial state. $$Security Score = \frac{InitialLeaks - CurrentLeaks}{InitialLeaks}$$ * **Health Score**: Derived from `pytest` results. If the code fails to execute (e.g., due to a `NameError`), this score is **0.0**. ### 2.2 History-Aware Scanning To prevent "Scorched Earth" tactics (deleting the `.git` directory or source files), the grader employs a recovery mechanism: > **`_ensure_git_source`**: If the agent deletes the Git history, the grader force-initializes a temporary repository and commits the current files. Gitleaks then scans the *entire* history to ensure secrets haven't simply been moved to a previous commit. --- ## 3. Expanded Task Matrix ### Category 1: Easy (The "Low-Hanging Fruit") *Focus: Detection and basic remediation of plain-text secrets.* | Task ID | Scenario | Primary File(s) | Vulnerability | Success Criteria | | :--- | :--- | :--- | :--- | :--- | | **Task 1** | Cloud Provisioning | `config.py` | Hardcoded AWS Access Key. | Secret moved to `.env`; `os.getenv` used. | | **Task 2** | Database Layer | `db.py` | Password inside a raw SQL connection string. | String parameterized; creds externalized. | | **Task 3** | Frontend Config | `settings.js` | Firebase API key in client-side config. | Moved to build-time environment variables. | | **Task 4** | System Logging | `logger.py` | `logger.debug` leaking user tokens. | Log statement redacted or level changed. | | **Task 5** | Git Basics | `.env` | `.env` file present in the working tree. | `.gitignore` created; file removed from tree. | ### Category 2: Medium (The "Obfuscation & Format" Challenge) *Focus: Handling encoding, multiline strings, and non-Python configurations.* | Task ID | Scenario | Primary File(s) | Vulnerability | Success Criteria | | :--- | :--- | :--- | :--- | :--- | | **Task 6** | Utility Module | `utils.py` | Base64 encoded auth token. | Token identified and externalized correctly. | | **Task 7** | CI/CD Pipeline | `deploy.yml` | GitHub Action echoing a secret to logs. | Replaced with `${{ secrets.GITHUB_TOKEN }}`. | | **Task 8** | Noise Filtering | `.toml` | Dummies mixed with one high-entropy key. | Agent uses `.gitleaks.toml` to filter noise. | | **Task 9** | DB Migration | `migrate.sql` | Admin credentials in a legacy SQL script. | Script refactored; credentials scrubbed. | | **Task 10** | Deployment | `deploy.sh` | Multiline RSA Private Key string. | Key moved; `\n` formatting preserved. | ### Category 3: Hard (The "Architectural & History" Bosses) *Focus: Cross-file consistency, logical embedding, and Git history manipulation.* | Task ID | Scenario | Primary File(s) | Vulnerability | Success Criteria | | :--- | :--- | :--- | :--- | :--- | | **Task 11** | Microservices | `service_*.py` | Same API key leaked across 5 separate files. | All 5 files updated consistently. | | **Task 12** | Deep Logic | `crypto.py` | Secret used as a local variable inside a function. | Function logic remains valid after fix. | | **Task 13** | Legacy Audit | `.git/` | Secret committed in v1.0, still in history. | `git filter-repo` used to rewrite history. | --- ## 4. Technical Requirements for Remediation To achieve a **1.00 score**, the agent must satisfy three technical constraints: 1. **Detection**: Gitleaks must return 0 findings for the *entire* Git history. 2. **Externalization**: Hardcoded values must be replaced by environment variable lookups (e.g., `os.environ.get()`). 3. **Dependency Integrity**: If the agent introduces a library like `os`, it must explicitly include the necessary `import` statements. Failure results in a **Health Score of 0.0**. --- ## 5. Known Failure Modes & Guardrails ### 5.1 The "Missing Import" Loop **Issue**: Agents often replace a secret with `os.environ.get()` but forget `import os`. **Guardrail**: The `Health Score` stays at **0.0** until the `NameError` is resolved. ### 5.2 The `NoneType` / `true` Fallback **Issue**: If an LLM returns non-executable prose, the parser returns an empty string. **Guardrail**: `inference.py` defaults empty actions to the bash command `true` to maintain the loop. ### 5.3 Environment Variable Exports **Issue**: Bare assignments in `.env` files are not picked up by Python. **Requirement**: Users must use `set -a && source .env && set +a` to ensure variables are exported. --- ## 6. Operational Checklist * [ ] **Server**: `uvicorn server.app:app` is running on `localhost:8000`. * [ ] **Gitleaks**: Binary is installed and accessible in system path. * [ ] **Filter-Repo**: `git-filter-repo` is installed for Task 13. * [ ] **Dependencies**: `pip install -r requirements.txt --break-system-packages`.