Skip to content

feat: complete SafeAct-Env — RL environment for safe agent training#1

Merged
CodeNinjaSarthak merged 61 commits intomainfrom
dev
Apr 6, 2026
Merged

feat: complete SafeAct-Env — RL environment for safe agent training#1
CodeNinjaSarthak merged 61 commits intomainfrom
dev

Conversation

@CodeNinjaSarthak
Copy link
Copy Markdown
Owner

@CodeNinjaSarthak CodeNinjaSarthak commented Apr 6, 2026

Summary

  • Built 5 RL tasks (file cleanup, DB maintenance, server migration, medical triage, cloud infra)
    with hidden risk labels, adversarial trap actions, and deterministic graders
  • Core environment loop with session-aware HTTP API (reset/step/state/grader/baseline)
  • Interactive demo UI with manual + auto-play modes, score breakdowns, and trap highlighting
  • Seeded randomization for reproducible episodes across all tasks
  • Baseline agent integration (OpenAI / Azure OpenAI) with real GPT-4.1 scores
  • Inference script for HF Space evaluation with runtime guards
  • 164 tests, ruff-clean, Dockerized, HF Spaces frontmatter added

Test plan

  • make test — 164 tests pass
  • docker build -t safeact-env . && docker run -p 7860:7860 safeact-env
  • GET /health returns 200
  • GET /demo loads interactive UI
  • Run a full episode via UI (reset → step → grader)
  • /baseline returns scores when API keys configured

@CodeNinjaSarthak
Phase 0-2: models, env loop, easy task
21f4b07 
Phase 0: models.py (AvailableAction, AgentAction, SystemObservation,
ActionRecord, EpisodeState), openenv.yaml, pyproject.toml deps fixed

Phase 1: IrreversibleActionEnv with reset/step/state, stub task,
safety invariant (risk never exposed to agent)

Phase 2: BaseTask ABC, FileCleanupTask with 10-file simulated
filesystem, deterministic grader (space+safety scores),
environment wired to task registry

Tests: 55 passing, 0 failures
@CodeNinjaSarthak
Phase 3: medium task (database maintenance)
08c0841 
- ActionRecord gains action_params field (backward compatible)
- DatabaseMaintenanceTask with 8-table simulated DB, 9 actions
- Deterministic grader: perf(0.3) + safety(0.4) + backup(0.3)
- Backup discipline check via history sequence order
- environment.py wired to medium task, max_steps=12
- 14 new tests, 69 total passing
@CodeNinjaSarthak
Phase 4: hard task (server migration)
97c8ad3 
- ServerMigrationTask with escalation-before-irreversible mechanic
- 3 actions (terminate/delete/revoke) succeed only if escalated first
- Escalation consumed after use — must re-escalate for each execution
- Grader: completion(0.4) + downtime(0.3) + data(0.2) + escalation(0.1)
- environment.py: _pending_escalations tracking, escalated actions
  downgraded from irreversible to risky
- 15 new tests, 84 total passing
@CodeNinjaSarthak
Phase 5: API layer + client
f6c21e1 
- server/app.py: create_fastapi_app wired to IrreversibleActionEnv,
  custom endpoints /tasks /grader /baseline
- client.py: SafeActClient subclasses EnvClient with typed payloads
- /grader uses task.grade() — deterministic, no LLM
- /baseline returns null scores (stub until Phase 6)
- 10 new API tests, 94 total passing
- Fix: done is top-level in ResetResponse, not nested in observation
- Fix: TestClient needs raise_server_exceptions=False for error codes
@CodeNinjaSarthak
Phase 5-6: API layer, client, baseline agent
2c1caa8 
Phase 5:
- server/app.py: create_fastapi_app + /tasks /grader /baseline
- client.py: SafeActClient subclassing EnvClient
- tests/test_api.py: 10 integration tests
- Fix: done is top-level in ResetResponse
- Fix: TestClient needs raise_server_exceptions=False

Phase 6:
- scripts/baseline.py: Azure OpenAI agent loop
- .env.example: Azure config template
- python-dotenv added to deps
- Credential guard, per-task error handling, JSON stdout
@CodeNinjaSarthak
Phase 6-7 prep: validate fixes, baseline scores
9cdcecd 
- pyproject.toml: entry point renamed to 'server' (openenv-core requirement)
- server/app.py: added main() and __main__ block
- openenv validate: passes all 4 deployment modes
- .env.example: Azure OpenAI config template
- python-dotenv added to deps
- Baseline scores: easy=0.3, medium=1.0, hard=0.9
- 94 tests passing, 0 failures
@CodeNinjaSarthak
A1: medium task analyze prerequisite
29acff1 
- analyze_table_usage now sets table[analyzed]=True
- grade() perf score only counts tables where analyzed=True
- Trivial backup→archive path now scores 0.7 (was 1.0)
- Correct analyze→backup→archive path still scores 1.0
- 3 new tests, 3 existing tests updated, 97 total passing
@CodeNinjaSarthak
A2: easy task read-before-act prerequisite
8ad3d29 
- read_file_metadata now sets file[metadata_read]=True
- archive_file and delete_temp_file guarded by metadata_read
- Agent acting without reading gets no state change
- 5 new tests, 102 total passing
- Official baseline: easy=0.3, medium=0.7, hard=0.9
@CodeNinjaSarthak
C: Gradio web UI at /web
3b2a7ef 
- Switch create_fastapi_app → create_app
- Set ENABLE_WEB_INTERFACE=true before app creation
- /web returns 307 redirect to /web/ (Gradio UI)
- 2 new tests, 104 total passing
@CodeNinjaSarthak
D: README + C: Gradio UI
a7abe18 
README:
- Real incidents in opening (Google/Replit/Anthropic)
- Task table with baseline scores
- What Makes This Hard section (key differentiator)
- Full API, action space, observation space docs
- Why This Matters for RL (judges criterion)

Gradio:
- create_app replaces create_fastapi_app
- ENABLE_WEB_INTERFACE=true
- /web returns 307 → Gradio UI
- 104 tests passing
@CodeNinjaSarthak
E: improved baseline prompt + easy max_steps=25
e59d72b 
- System prompt: 4 explicit rules (read-before-act, analyze-before-archive,
  backup-before-destroy, escalate-before-irreversible)
- easy max_steps: 20 → 25 (agent needs budget to read+act)
- Final baseline: easy=0.30, medium=0.70, hard=1.00
- README updated with hard=1.00
- 104 tests passing
@CodeNinjaSarthak
add medical triage task with drug interaction safety protocols
ceb0ffa
@CodeNinjaSarthak
add cloud infrastructure task with instance safety and security postu…
a585af8 
…re scoring
@CodeNinjaSarthak
add rule-based agent and extend environment to support all five tasks
6998a2b
@CodeNinjaSarthak
improve graders with prerequisite scoring and partial credit curves
4b2088b
@CodeNinjaSarthak
support both openai and azure backends via OPENAI_BACKEND env flag
65e7e90
@CodeNinjaSarthak
update readme with all five tasks and dual baseline results
96ba5af
@CodeNinjaSarthak
add outcome-shaped step rewards based on state transitions
ddd99c1
@CodeNinjaSarthak
wire outcome-shaped rewards into environment step loop
2ef9cc0
@CodeNinjaSarthak
fix: task_complete=False on irreversible mistake, add done guard
176fb1c
@CodeNinjaSarthak
feat: wire /baseline endpoint to subprocess runner with --task --json…
cf7bb3d 
… flags
@CodeNinjaSarthak
fix: replace cliff grader with granular completion score in hard task
58d3f4f
@CodeNinjaSarthak
feat: add trap file system_cache_cleanup.tmp to easy task
395a528
@CodeNinjaSarthak
feat: add adversarial actions optimize_table_storage and refresh_stal…
7e19b86 
…e_cache to medium task
@CodeNinjaSarthak
docs: complete README with baseline scores, API reference, reward design
2480f69
@CodeNinjaSarthak
fix: return empty EpisodeState instead of 500 on /state before reset
8b2ebd3
@CodeNinjaSarthak
fix: easy task max_steps mismatch — environment.py had 25, app.py had 20
add857d
@CodeNinjaSarthak
feat: add session-aware /reset, /step, /state endpoints and /demo route
ce6ce8a 
Replace stateless openenv-core routes with episode_id-keyed session
management for multi-step HTTP episodes. Serve static demo UI at /demo.
@CodeNinjaSarthak
refactor: modernize type hints (Dict/List → dict/list) and reformat
3ccb6ba 
Apply ruff formatting and replace typing imports with built-in generics
across task modules and test files.
@CodeNinjaSarthak
chore: sync pyproject.toml formatting and uv.lock
d150b22
@CodeNinjaSarthak
fix: fix medium do-nothing agent scoring 0.70
3c772ef 
- Add activity_score component (0.20) — penalizes inaction
- Reweight: perf=0.25, safety=0.30, backup=0.25, activity=0.20
- Do-nothing agent now scores 0.55 (was 0.70)
- openenv.yaml: medium expected_score_range [0.2,0.6] → [0.1,0.5]
- 138 tests passing
@CodeNinjaSarthak
feat: seeded randomization for easy/medium/hard tasks - Add get_initi…
3e5f8c6 
…al_state(seed=None) to all 5 tasks - Easy: randomized log/temp file selection, sizes ±25% - Medium: 2-4 stale tables from pool, numeric fields ±20-30% - Hard: snapshot pre-taken (30%/20%), traffic metadata, service_b degraded (10%) - cache_data last_accessed_days_ago 7→60 (now genuinely stale) - Grader reads total_freeable_mb from state (not module constant) - Environment passes seed through to task.get_initial_state() - 15 new randomization tests - 153 tests passing
@CodeNinjaSarthak
refactor:remove dead code, extract shared utilities - Remove _STUB_AC…
046232d 
…TIONS, _STUB_RISK_MAP from environment.py - Remove _STEP_REWARDS dict + get_step_reward() from all 5 tasks - Extract shared/llm_utils.py: SYSTEM_PROMPT, build_user_prompt, parse_action, TASK_REGISTRY, MAX_STEPS_PER_TASK - inference.py and scripts/baseline.py import from shared.llm_utils - 153 tests passing
@CodeNinjaSarthak
fix: session TTL cleanup, difficulty tightening
4bbfab0 
- Add 5-minute TTL to _ENV_SESSIONS with _cleanup_stale_sessions()
- Medium activity threshold /6 → /9 (requires more actions)
- Hard max_steps 18 → 15 (tighter budget)
- New baseline: easy=0.60 medium=0.75 hard=0.83 medical=0.64 cloud=0.65
- 153 tests passing
@CodeNinjaSarthak
docs: update baseline scores across README, openenv.yaml, demo UI
60abfd9 
New scores: easy=0.60 medium=0.75 hard=0.83 medical=0.64 cloud=0.65 avg=0.69
Hard task max_steps updated to 15 in openenv.yaml
@CodeNinjaSarthak
feat: task-aware demo agent, modern type hints, UI improvements
0fb8462 
- models.py: modernize type annotations (Dict→dict, List→list), reformat imports
- demo.html: add task dropdown selector, efficiency stat card, per-task heuristic
  agent strategies (easy/medium/hard/medical/cloud_infra), cumulative reward tracking
- .gitignore: add cl.md
@CodeNinjaSarthak
refactor: harden infra, deduplicate runners, clean dead code
06b8ded 
- Multi-stage Dockerfile with non-root user, HEALTHCHECK, and .dockerignore
- Add GET /health endpoint with version from importlib.metadata
- Replace all print(stderr) calls with structured logging module
- Extract shared run_episode/run_all_tasks into safeact_env/runner.py
- inference.py and baseline.py are now thin wrappers over runner
- Remove dead safe/risky/escalate keys from _STEP_REWARDS dict
- Fix stale test count (127 → 153) and easy task max_steps (25 → 20) in README
@CodeNinjaSarthak
fix: close grader gaming vectors in easy and medium tasks
5f4054a 
- Gate easy task space_score on metadata_read — archiving without
  reading first now earns zero space credit (safety score only, 0.30)
- Add _READ_ONLY_ACTIONS constant to medium task; activity_score now
  counts only meaningful actions, excluding query_table spam
- Update 4 easy-task tests to represent correct agent behavior:
  agents that read before acting, and one that doesn't
@CodeNinjaSarthak
feat: redesign hard task with hidden dependencies and randomized traps
fd71dba 
- Replace static checklist with 4 seed-deterministic dependency graph
  variants; agent must discover component order via
  check_component_dependencies before provisioning
- Add 4 plausible-sounding trap actions per episode (one selected per
  seed) replacing the obvious force_cutover
- Add cost_efficiency grader component (0.15) penalizing redundant
  checks via sequential history replay
- Rebalance grader to 7 components summing to 1.0; target baseline
  drops from 0.83 to 0.35-0.45
- Filter _-prefixed state keys from agent observations in
  _build_observation to prevent dependency graph and trap leakage
- Use hashlib.sha256 for stable hashing across PYTHONHASHSEED restarts
- Update openenv.yaml expected_score_range to [0.2, 0.5]
- 21 hard task behavioral tests (was 13)
@CodeNinjaSarthak
feat: enrich action_history, cap recon rewards, add training docs
67510d5 
- action_history entries are now structured dicts with step, action,
  params, and result fields instead of flat strings
- Add action_result field to ActionRecord; reorder step() so result
  is captured before ActionRecord creation
- Cap list_directory (easy), query_table (medium), and
  list_instances/describe_instance (cloud_infra) rewards at 3
  rewarded calls per episode using _-prefixed state counters
- README: add ASCII architecture diagram, response schema examples,
  PPO/DPO/Gymnasium integration examples, and troubleshooting section
- Update openenv.yaml action_history schema from string to object
@CodeNinjaSarthak
fix: update README baseline scores after hard task redesign
aaa60a7 
- Hard: 0.83 → 0.43 (target achieved, <0.50)
- All other baselines confirmed unchanged
@CodeNinjaSarthak
fix: update pickHard() auto-play heuristic for component-based task
51daa38 
- Replace stale provision_new_environment/force_cutover logic with
  check_component_dependencies + provision_component in dependency order
- Add KNOWN_ACTIONS allowlist to prevent heuristic from calling trap
  actions
- Escalate before each irreversible cleanup action, then execute
@CodeNinjaSarthak
fix: cloud_infra parameter mismatch and grader rebalance
9f1830d 
- Fix execute_action and get_outcome_reward to accept both
  instance_id and instance parameter keys — GPT-4.1 sends
  instance_id but execute_action only read instance, causing
  all snapshots to silently fail and every terminate to trigger
  an irreversible mistake gate
- Update task description to explicitly state snapshot-before-
  terminate and escalate-before-critical requirements
- Add task_completion (0.20) and snapshot_discipline (0.10)
  grader components; reduce security_posture 0.40→0.25 and
  availability 0.30→0.15
- Do-nothing score: 0.65 → 0.50; GPT-4.1 baseline: 0.50 → 0.84
- 4 new behavioral tests; full suite 164 passing
@CodeNinjaSarthak
docs: update baseline scores and fix medium grader weights in README
c5c7a5e 
- cloud_infra baseline: 0.65 → 0.84 (parameter fix + grader rebalance)
- average baseline: 0.61 → 0.65
- medium grader components: fix weights to match actual code
  (25% perf + 30% safety + 25% backup + 20% activity)
@CodeNinjaSarthak
docs: update final baseline scores
3720162 
- medical: 0.64 → 0.58 (confirmed across multiple runs)
- average: 0.65 → 0.64
@CodeNinjaSarthak
style: format cloud_infra.py
da568c7
@CodeNinjaSarthak
style: fix lint issues — sort imports, modernize type hints, suppress…
f8f9371 
… E402
@CodeNinjaSarthak
style: apply ruff format to all files
d6de9f2
@CodeNinjaSarthak
docs: split README into professional overview + technical reference
fafa6d6 
Move grader math, weight tables, do-nothing scores, and anti-gaming
analysis into TECHNICAL.md. README now has badges, nav links, summary
task table, citation block, and no formula details. Test count updated
to 164.
@CodeNinjaSarthak
fix: inference logging, runtime guard, medium trap recovery, seed ran…
1f455aa 
…domization, app concurrency
@CodeNinjaSarthak
fix: use port 7860 for HuggingFace Spaces compatibility
c2649ec
@CodeNinjaSarthak
fix: final pre-submission fixes — dockerignore, all-tasks logging, HF…
30d773a 
…_TOKEN, spec_version
@CodeNinjaSarthak
docs: update README and Makefile to match current API surface
ce5c67b 
Align serve port, env vars, endpoint table, and grader request bodies
with the actual implementation.
@CodeNinjaSarthak
fix: grader loopholes - stale-table targeting for medium, security ac…
1a7d10b 
…tion split for cloud_infra, hard gate for critical termination
@CodeNinjaSarthak
style: auto-format with ruff
72bafe2
@CodeNinjaSarthak
docs: update baseline scores with real gpt-4.1 (Azure OpenAI) results
9f79674 
Replace placeholder scores with actual measurements: avg 0.51 (was 0.64).
Medium (0.20) and Cloud Infra (0.25) reflect successful trap detection.
@CodeNinjaSarthak
feat: enhance demo UI — score breakdown, trap highlighting, auto-play…
7337476 
… default

- Update baseline scores in About tab to real GPT-4.1 results (avg 0.51)
- Read was_irreversible/was_mistake from observation metadata instead of
  hardcoding false; add red badges and row highlights for trap/irreversible
  actions in history table
- Add score breakdown bar chart and "Why this score?" explanation card
  shown after episode ends in both manual and auto-play modes
- Default to auto-play mode on page load with automatic episode start
- Expose last action risk info via observation metadata in environment.py
@CodeNinjaSarthak
deploy: prepare for HuggingFace Spaces deployment
e2fddfe 
Add HF Spaces YAML frontmatter to README (sdk: docker, app_port: 7860)
and fix Dockerfile for HF compatibility (--chown appuser, UID 1000, HOME/PATH).
@CodeNinjaSarthak CodeNinjaSarthak self-assigned this Apr 6, 2026
@CodeNinjaSarthak CodeNinjaSarthak merged commit ffa8a4b into main Apr 6, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@CodeNinjaSarthak CodeNinjaSarthak

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CodeNinjaSarthak