Files
2026-07-13 13:12:00 +08:00

71 lines
3.1 KiB
YAML

# Demo for the built-in Google Drive *Bell-LaPadula "no write-down"* policy.
#
# Bell-LaPadula is the classic confidentiality model. Its "*-property" forbids a
# **write down**: once a subject is cleared for confidential material, it must
# not write that material into a less-protected place (a leak).
#
# This policy models a simple two-level compartment. You declare a set of
# confidential documents up front (``confidential_files``). The rule is:
#
# * The agent may freely read and write anything to start with.
# * The moment it *reads* one of the confidential documents, the session is
# "in the compartment": from then on, its writes are confined to the
# confidential set. Writing to — or creating — any other file is a
# write-down and is blocked.
#
# The confidential set is declared explicitly rather than inferred from a
# per-document label, so the policy works on any Google Drive tenant — nothing
# depends on Databricks-internal classification labels.
#
# The very same "create a new doc and write the summary there" action is allowed
# before the agent has opened the strategy doc, and denied after — the action
# didn't change, the session state did.
#
# Usage:
# export DATABRICKS_CONFIG_PROFILE=<your-profile>
# python -m omnigent tests/resources/examples/info_flow_agent.yaml \
# --prompt "Read the strategy doc, then create a public summary doc and paste the highlights."
# # Reading the confidential strategy doc puts the session in the compartment;
# # the follow-up docs_document_create is then blocked as a write-down.
name: info_flow_agent
prompt: |
You are an assistant with Google Workspace tools. You can read, edit, and
create Google Drive files and Docs. Your actions are governed by an
information-flow policy: once you have opened a confidential document, you may
only write back into confidential documents — writing that content into any
other file (or a new one) is blocked to prevent leaks. If an action is denied,
explain that it was gated by the no-write-down policy and suggest keeping the
work inside the confidential document.
executor:
harness: openai-agents
model: databricks-gpt-5-4-mini
auth:
type: databricks
profile: oss
tools:
# Point this at your Google MCP server. The policy matches tools by canonical
# name regardless of the server prefix (mcp__google__*, google__*, or bare),
# so no server-specific configuration is needed here.
google:
type: mcp
command: npx
args: ["-y", "@your-org/google-mcp-server"]
policies:
confidential_containment:
type: function
handler: omnigent.policies.builtins.google.gdrive_policy
factory_params:
# The confidential compartment. Replace these with your own document IDs
# or URLs. Reading any of them confines the session's writes to this set.
confidential_files:
- "1ConfidentialStrategyDocDEMO0000000000000000"
# Allow creating new files so the demo can show a *create* being gated as a
# write-down (rather than blocked outright by the base access rules).
allow_create: true
# DENY (hard block) or ASK (require human approval) on a write-down.
write_down_action: DENY