feat(security): add sensitive word filtering and data masking capabilities #228

Libres-coder · 2025-10-28T15:19:46Z

Describe what this PR does / why we need it

Add security and risk control capabilities for Agent applications:

Sensitive Word Filtering: DFA-based filtering with customizable dictionaries
Data Masking: Auto-detect and mask PII (phone, ID card, email, bank card, IP, password)
Security Callback (Java): Optional automated security checks during Agent execution

Includes bug fixes:

Fixed IP address detection in Chinese text context (Python)
Fixed security callback blocking mechanism (Java)

Does this pull request fix one issue?

Yes
Fixes 安全能力贡献 #30

Describe how you did it

Core Implementation:

SensitiveWordFilterTool: DFA algorithm, 4 replace strategies (asterisk/delete/custom/detect_only)
DataMaskingTool: 6 PII types with flexible masking strategies
SecurityCallback: Implements existing Callback interface for automated checks

Design:

Implements BaseTool interface, consistent with project architecture
New security package under core/tools, minimal coupling
No breaking changes to existing code

Files Changed (13 total):

Documentation: README.md, README_CN.md, Security-Guide.md, Security-Guide_CN.md
Java: 3 tools + 1 test class
Python: 2 tools + 1 example
Config: 2 pom.xml files (added dependencies)

Describe how to verify it

Run Tests:

Java:

cd ali-agentic-adk-java/ali-agentic-adk-extension/ali-agentic-example
mvn test -Dtest=SecurityAgentTest

Python:

cd ali-agentic-adk-python
python examples/security_demo/security_example.py

Test Results:

Java: 5/5 tests passed
Linter: 0 errors

Special notes for reviews

Dependencies Added:

Java: ali-langengine-core, Spring Framework, Apache POI, Commons-IO, Groovy (test)
Python: None (standard library only)

Production Notes:

Default sensitive word dictionary is basic, use comprehensive wordlist in production
DFA algorithm optimized for large dictionaries (10K+ words)
SecurityCallback is optional, no impact on existing features

Future Enhancements:

Load dictionaries from external files
Tiered sensitivity levels
Fine-grained masking strategies

Libres-coder · 2025-10-28T15:21:41Z

@bleastrind @xiaoxuan-lp @Changri-Liuhen ptal,thx

Libres-coder added 2 commits October 28, 2025 20:58

feat: Add Security and Risk Control Capabilities

948b91c

modify

21ba272

Libres-coder changed the title ~~feat: add sensitive word filtering and data masking capabilities~~ feat(security): add sensitive word filtering and data masking capabilities Oct 28, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(security): add sensitive word filtering and data masking capabilities #228

feat(security): add sensitive word filtering and data masking capabilities #228

Uh oh!

Libres-coder commented Oct 28, 2025

Uh oh!

Libres-coder commented Oct 28, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

feat(security): add sensitive word filtering and data masking capabilities #228

Are you sure you want to change the base?

feat(security): add sensitive word filtering and data masking capabilities #228

Uh oh!

Conversation

Libres-coder commented Oct 28, 2025

Describe what this PR does / why we need it

Does this pull request fix one issue?

Describe how you did it

Describe how to verify it

Special notes for reviews

Uh oh!

Libres-coder commented Oct 28, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant