Security

Yunque Agent implements defense-in-depth security architecture with barriers at every stage from input to output.

Security Flow

Request → [Auth] → [RBAC] → [Input Guardrails] → [Approval] → [Execution] → [Output Guardrails] → [Audit] → Response

Guardrail	Function
PII Redaction	Auto-detect and mask personal information (email, phone, SSN, credit card, etc.)
Injection Detection	Detect prompt injection (role override, system prompt leak, jailbreak attempts)
Content Moderation	Filter harmful, illegal, or inappropriate content

Guardrail	Function
PII Redaction	Ensure no PII in replies
Egress Guard	Sensitive data exfiltration detection
Audit Logging	Every reply recorded in Merkle audit chain

Behavior-based progressive permission model:

Immutable Merkle chain records every Agent action:

Fine-grained role-based access control:

High-risk operations require explicit approval:

Feature	Description
Risk Classification	4-tier auto classification: safe / caution / danger / critical
Shell Guard	40+ regex patterns for dangerous shell syntax
Tool Guard	Tool call risk assessment
Decision Options	`allow_once` / `allow_always` / `deny_always`
Persistent Rules	Session/user/global scope, stored in Ledger KV
IM Integration	Feishu cards / Telegram buttons for direct approval

Auto-applied in production: CSP, HSTS, X-Content-Type-Options, X-Frame-Options.

On first launch without a password, all API access is blocked (only auth/setup/health allowed) until a password is set via the setup wizard.