We take security seriously. If you discover a security vulnerability in SureGuard, please report it privately before disclosing it publicly. 我们非常重视安全性。如果您在 SureGuard 中发现安全漏洞，请在公开披露之前私下报告。

1. Do not file a public GitHub issue for the vulnerability 请勿为此漏洞提交公开的 GitHub Issue
2. Email us at: sureguard-security@googlegroups.com 发送邮件至：sureguard-security@googlegroups.com
3. Include the following details: 请包含以下详细信息：
   • Affected component (Sentinel / Inspector / Core) —— 受影响组件（Sentinel / Inspector / Core）
   • Type of vulnerability —— 漏洞类型
   • Steps to reproduce —— 复现步骤
   • Potential impact —— 潜在影响
   • Suggested fix (if any) —— 建议的修复方案（如有）

• Acknowledgment: Within 48 hours 确认收到：48 小时内
• Initial assessment: Within 5 business days 初步评估：5 个工作日内
• Fix for critical issues: Within 7 days 严重问题修复：7 天内
• Public disclosure: Coordinated with reporter 公开披露：与报告者协调进行

• We will acknowledge receipt within 48 hours 我们将在 48 小时内确认收到报告
• We will provide an estimated timeline for a fix 我们将提供修复的预计时间表
• We will notify you when the fix is released 我们将在修复发布时通知您
• We will credit you in the release notes (unless you prefer to remain anonymous) 我们将在发布说明中致谢（除非您希望匿名）

SureGuard is a security tool itself and has built-in protections: SureGuard 本身是一款安全工具，并内置了以下保护机制：

• Prompt injection detection: Blocks common prompt injection patterns 提示注入检测：拦截常见的提示注入模式
• Behavior chain analysis: Detects suspicious multi-step operation sequences 行为链分析：检测可疑的多步操作序列
• Path traversal prevention: Blocks ../ and absolute path escapes 路径遍历防护：拦截 ../ 及绝对路径逃逸
• Command whitelisting: Only allows pre-approved command templates 命令白名单：仅允许预批准的命令模板
• Shell metacharacter filtering: Prevents command injection Shell 元字符过滤：防止命令注入
• Hidden file protection: Blocks access to dotfiles (.env, .ssh, etc.) 隐藏文件保护：拦截对点文件（.env、.ssh 等）的访问
• Extension whitelist: Only allows known safe file extensions 扩展名白名单：仅允许已知安全的文件扩展名
• Size limits: Prevents oversized file writes 大小限制：防止写入过大的文件

• Import validation: Detects missing or incorrect imports 导入验证：检测缺失或错误的导入
• Variable typo detection: Uses Levenshtein distance to find misspellings 变量拼写检测：使用 Levenshtein 距离查找拼写错误
• Function signature checking: Validates argument counts and types 函数签名检查：验证参数数量和类型
• Class inheritance verification: Ensures base classes exist 类继承验证：确保基类存在
• Multi-stage validation pipeline: Ruff + AST + mypy + Bandit 多阶段验证流水线：Ruff + AST + mypy + Bandit

• Tamper-evident logging: SQLite with WAL mode 防篡改日志记录：使用 WAL 模式的 SQLite
• Daily log rotation: Separate files per day for manageability 每日日志轮转：每天独立文件，便于管理
• Priority-sorted queries: Blocked actions appear first 优先级排序查询：被拦截的操作优先显示
• Human-readable summaries: Every record includes a plain-English description 人类可读摘要：每条记录均包含通俗易懂的描述

1. Behavior analysis is in-memory: The behavior chain analyzer keeps session state in memory. Restarting the server resets the session context. This is acceptable because each stdio session is a single-agent session. 行为分析基于内存：行为链分析器将会话状态保存在内存中。重启服务器会重置会话上下文。这是可接受的，因为每个 stdio 会话都是单智能体会话。

2. No encryption at rest: The SQLite audit database is not encrypted. If you need encryption, use filesystem-level encryption (LUKS, BitLocker, etc.). 静态数据未加密：SQLite 审计数据库未加密。如果需要加密，请使用文件系统级加密（如 LUKS、BitLocker 等）。

3. Prompt injection is heuristic-based: The current detection uses regex patterns, not ML. Sophisticated injection attempts may bypass detection. We recommend using SureGuard as part of a defense-in-depth strategy. 提示注入基于启发式规则：当前检测使用正则表达式模式，而非机器学习。复杂的注入尝试可能绕过检测。建议将 SureGuard 作为纵深防御策略的一部分使用。

4. Python-only code analysis: The Inspector's AST checker only supports Python. TypeScript and Go support is planned for v0.2.0. 仅支持 Python 代码分析：Inspector 的 AST 检查器目前仅支持 Python。TypeScript 和 Go 的支持计划在 v0.2.0 中实现。

Last updated: 2026-05-26 最后更新：2026-05-26