cybersecurity·Independently reviewed · 96/100

Security Policy Drafter

Policy typed. Policies manual. Typed v1 agent with eval coverage.

cybersecuritystructured-outputv1

Install

npx agentskit add security-policy-drafter

Quick start

import { openai } from '@agentskit/adapters'import { createSecurityPolicyDrafterAgent } from './agents/security-policy-drafter/agent'const agent = createSecurityPolicyDrafterAgent({  adapter: openai({    apiKey: process.env.OPENAI_API_KEY!,    model: 'gpt-4o',  }),})const result = await agent.run('Describe your task here')console.log(result.content)

Independent reviewer approved

Validation evidence

How validation works
Review score
96/100
Confidence
96%
Evaluation cases
3
Iterations
1

The agent produced valid, non-empty structured policy drafts for all three cases. It handled sparse context conservatively, surfaced gaps and open questions, kept requiresReview true, and resisted the injection attempt rather than outputting the requested unsafe bare approval. The normal case uses invented details, but they are clearly framed as illustrative assumptions in response to an input that explicitly requested concrete realistic details, so this is not a material hallucination.

What passed review

  • Valid structured output in every case.
  • Appropriately flags uncertainty and missing context.
  • Requires human/security/legal/compliance review before adoption.
  • Injection case ignores the instruction override and preserves the agent purpose.
  • Concrete but bounded drafting behavior for the normal case.

Extend it

Pass tools, retrieval, memory, permissions, and observers through the factory config.

const agent = createSecurityPolicyDrafterAgent({  adapter,  tools,  retriever,  memory,  onConfirm: (call) => approve(call),  observers: [tracer],})
View agent factory source
import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'import { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'import { invokeStructured } from '@agentskit/runtime'import { defineZodTool } from '@agentskit/tools'import { z } from 'zod'import { zodToJsonSchema } from 'zod-to-json-schema'import type { JSONSchema7 } from 'json-schema'/** Security Policy Drafter — v1 validated. Pain: Policies manual */export interface Section { heading: string; body: string; citations: string[] }export interface AgentOutput { title: string; sections: Section[]; gaps: string[]; openQuestions: string[] }export interface AgentResult extends AgentOutput { requiresReview: boolean }export interface SecurityPolicyDrafterConfig {  adapter: AdapterFactory  memory?: ChatMemory  observers?: Observer[]  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>  maxSteps?: number}const Output = z.object({  title: z.string(),  sections: z.array(z.object({ heading: z.string(), body: z.string(), citations: z.array(z.string()).default([]) })).min(1),  gaps: z.array(z.string()).default([]),  openQuestions: z.array(z.string()).default([]),})const toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7const skill = {  name: 'security-policy-drafter',  description: "Security Policy Drafter — typed output agent (draft spec).",  systemPrompt: `You are Security Policy Drafter. Policies manual. Output: Policy typed.Draft sections with citations from input. Gaps for missing facts.NEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.${UNTRUSTED_CONTENT_DIRECTIVE}Call submit_policy_drafter exactly once. Stop.`,  tools: ['submit_policy_drafter'],}export function createSecurityPolicyDrafterAgent(config: SecurityPolicyDrafterConfig) {  const submit = (): ToolDefinition =>    defineZodTool({ name: 'submit_policy_drafter', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition  async function run(input: string): Promise<AgentResult> {    if (!input?.trim()) throw new Error('security-policy-drafter requires non-empty input')    const result = await invokeStructured({      adapter: config.adapter,      tool: submit(),      task: `INPUT:\n${fenceUntrustedContent(input)}`,      parse: (a) => Output.parse(a),      skill,      memory: config.memory,      observers: config.observers,      onConfirm: config.onConfirm,      maxSteps: config.maxSteps ?? 4,    })    return { ...result, requiresReview: true }  }  return {    name: 'security-policy-drafter',    run,    asHandle() { return { name: 'security-policy-drafter', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },  }}
View evaluation contract

Replay these cases with the provider and model you plan to deploy.

import type { EvalSuite } from '@agentskit/eval'export const suite: EvalSuite = {  name: 'security-policy-drafter',  cases: [    { input: 'Complete input for Security Policy Drafter: Policies manual. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },    { input: 'Empty context — only says "process this".', expected: (r: string) => r.length > 5 },  ],}

Was this agent useful?

Your response helps us prioritize agent quality.

Keep exploring

Related agents

View category