-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathdemo.sh
More file actions
executable file
·117 lines (102 loc) · 4.29 KB
/
demo.sh
File metadata and controls
executable file
·117 lines (102 loc) · 4.29 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
#!/bin/bash
# AegisFlow Demo - Agent Execution Governance
# This script demonstrates how AegisFlow controls agent actions
set -e
ADMIN_URL="${AEGISFLOW_ADMIN_URL:-http://localhost:8081}"
API_KEY="${AEGISFLOW_API_KEY:-demo-key-001}"
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
BOLD='\033[1m'
AUTH=(-H "X-API-Key: $API_KEY")
echo ""
echo -e "${BOLD}========================================${NC}"
echo -e "${BOLD} AegisFlow Demo - Agent Governance${NC}"
echo -e "${BOLD}========================================${NC}"
echo ""
pause() {
echo ""
echo -e "${BLUE}Press Enter to continue...${NC}"
read -r
}
echo -e "${BOLD}1. Agent reads GitHub repos (ALLOWED)${NC}"
echo -e " Tool: github.list_repos | Protocol: git | Capability: read"
echo ""
curl -s -X POST "$ADMIN_URL/admin/v1/test-action" \
-H "Content-Type: application/json" "${AUTH[@]}" \
-d '{"protocol":"git","tool":"github.list_repos","target":"aegisflow/aegisflow","capability":"read"}' | jq .
pause
echo -e "${BOLD}2. Agent tries to delete a repo (BLOCKED)${NC}"
echo -e " Tool: github.delete_repo | Protocol: git | Capability: delete"
echo ""
curl -s -X POST "$ADMIN_URL/admin/v1/test-action" \
-H "Content-Type: application/json" "${AUTH[@]}" \
-d '{"protocol":"git","tool":"github.delete_repo","target":"aegisflow/aegisflow","capability":"delete"}' | jq .
pause
echo -e "${BOLD}3. Agent creates a pull request (REVIEW REQUIRED)${NC}"
echo -e " Tool: github.create_pull_request | Protocol: git | Capability: write"
echo ""
RESULT=$(curl -s -X POST "$ADMIN_URL/admin/v1/test-action" \
-H "Content-Type: application/json" "${AUTH[@]}" \
-d '{"protocol":"git","tool":"github.create_pull_request","target":"aegisflow/aegisflow","capability":"write"}')
echo "$RESULT" | jq .
ENVELOPE_ID=$(echo "$RESULT" | jq -r '.envelope_id')
pause
echo -e "${BOLD}4. Human reviews and approves the PR creation${NC}"
echo -e " Checking pending approvals..."
echo ""
curl -s "$ADMIN_URL/admin/v1/approvals" "${AUTH[@]}" | jq .
echo ""
echo -e " Approving ${ENVELOPE_ID}..."
curl -s -X POST "$ADMIN_URL/admin/v1/approvals/$ENVELOPE_ID/approve" \
-H "Content-Type: application/json" "${AUTH[@]}" \
-d '{"reviewer":"demo-admin","comment":"Looks good, approved"}' | jq .
pause
echo -e "${BOLD}5. Agent runs a safe shell command (ALLOWED)${NC}"
echo -e " Tool: shell.pytest | Protocol: shell | Capability: execute"
echo ""
curl -s -X POST "$ADMIN_URL/admin/v1/test-action" \
-H "Content-Type: application/json" "${AUTH[@]}" \
-d '{"protocol":"shell","tool":"shell.pytest","target":"/workspace","capability":"execute"}' | jq .
pause
echo -e "${BOLD}6. Agent tries rm -rf / (BLOCKED)${NC}"
echo -e " Tool: shell.rm | Protocol: shell | Capability: delete"
echo ""
curl -s -X POST "$ADMIN_URL/admin/v1/test-action" \
-H "Content-Type: application/json" "${AUTH[@]}" \
-d '{"protocol":"shell","tool":"shell.rm","target":"/","capability":"delete"}' | jq .
pause
echo -e "${BOLD}7. Agent runs SELECT query (ALLOWED)${NC}"
echo -e " Tool: sql.select | Protocol: sql | Capability: read"
echo ""
curl -s -X POST "$ADMIN_URL/admin/v1/test-action" \
-H "Content-Type: application/json" "${AUTH[@]}" \
-d '{"protocol":"sql","tool":"sql.select","target":"production_db","capability":"read"}' | jq .
pause
echo -e "${BOLD}8. Agent tries DROP TABLE (BLOCKED)${NC}"
echo -e " Tool: sql.drop_table | Protocol: sql | Capability: delete"
echo ""
curl -s -X POST "$ADMIN_URL/admin/v1/test-action" \
-H "Content-Type: application/json" "${AUTH[@]}" \
-d '{"protocol":"sql","tool":"sql.drop_table","target":"production_db","capability":"delete"}' | jq .
pause
echo -e "${BOLD}9. Verify audit chain integrity${NC}"
echo ""
curl -s -X POST "$ADMIN_URL/admin/v1/audit/verify" "${AUTH[@]}" | jq .
echo ""
echo -e " ${BOLD}Approval history:${NC}"
curl -s "$ADMIN_URL/admin/v1/approvals/history" "${AUTH[@]}" | jq '.history | length | " \(.) actions reviewed"'
pause
echo ""
echo -e "${BOLD}========================================${NC}"
echo -e "${GREEN}${BOLD} Demo complete!${NC}"
echo -e "${BOLD}========================================${NC}"
echo ""
echo "Summary:"
echo " - Read operations: ALLOWED"
echo " - Destructive operations: BLOCKED"
echo " - Write operations: REVIEW REQUIRED -> APPROVED"
echo " - Evidence chain: VERIFIED"
echo ""