docs(sdk/security): add rein-openhands as a deterministic, no-LLM analyzer example#582
docs(sdk/security): add rein-openhands as a deterministic, no-LLM analyzer example#582SametAtas wants to merge 1 commit into
Conversation
Signed-off-by: SametAtas <102820357+SametAtas@users.noreply.github.com>
|
Context: this came out of the discussion on OpenHands/software-agent-sdk#3524, where a deterministic, no-LLM SecurityAnalyzer was proposed and refined (fail-closed on unparseable Python, documented deny-list, defense-in-depth ensemble). The package is rein-openhands on PyPI; this PR documents it as an example alongside the built-in analyzers. Happy to adjust the placement or wording |
enyst
left a comment
enyst
left a comment
There was a problem hiding this comment.
Hey @SametAtas ! Thank you for the PR. Sorry, we don’t really include third party new projects like this… that is not about your project specifically, it’s just policy 🤔
On a side note, though, I sent off my agent to see your repos and it posted a couple of issues on rein-openhands. Sorry if it’s a bit overzealous, it’s with GPT-5.5 which can be exaggerated at times. 🙏
2 participants
The SDK security guide shows how to build a custom SecurityAnalyzer. This adds a short example pointing to a ready-made one: rein-openhands, a deterministic, no-LLM analyzer that runs the rein static engine over an action's code content and maps it to SecurityRisk. It makes the SecurityAnalyzer to ConfirmationPolicy path auditable and replayable (same action, same risk, no model call), fails closed on unparseable Python, and complements the pattern analyzer for defense in depth. Discussed in #3524. Package: pip install rein-openhands.