sunilgentyala/TRACE-MAS

GitHub: sunilgentyala/TRACE-MAS

TRACE-MAS 是一个用 Python 实现的多智能体 LLM 流水线安全框架，通过零知识证明门控、漂移校正和时序监控三阶段机制抵御智能体间交接中的漂移、欺骗、注入和时序攻击。

Stars: 1 | Forks: 0

# TRACE-MAS **用于协同具身多智能体安全的三向量弹性算法** [![License](https://img.shields.io/badge/License-MIT-green)](LICENSE) [![Tests](https://img.shields.io/badge/Tests-25%20passing-brightgreen)](tests/) [![Python](https://img.shields.io/badge/Python-3.10%2B-blue)](pyproject.toml) [![Research](https://img.shields.io/badge/Research-Under%20Submission-orange)](https://github.com/sunilgentyala/TRACE-MAS) [![Website](https://img.shields.io/badge/Website-Live-brightgreen)](https://sunilgentyala.github.io/TRACE-MAS/) 多智能体 LLM pipeline 安全层的开源 Python 实现。解决了智能体间接口处的四个结构性攻击向量：级联对齐漂移、身份欺骗、跨智能体 prompt 注入以及时序对抗操纵。 ## 问题所在 ``` Agent A₁ ──► [SEAM] ──► Agent A₂ ──► [SEAM] ──► Agent A₃ ──► Outcome │ │ ▼ ▼ Drift / Injection Spoof / Poison / Temporal ``` 多智能体 LLM pipeline 中的每个智能体边界都是一个未经验证的交接。单个被破坏或发生漂移的输出会悄无声息地传播到每个下游智能体。TRACE-MAS 会在下一个智能体接收到输出之前，通过三次连续检查来拦截每次交接。 ## 安装 ``` git clone https://github.com/sunilgentyala/TRACE-MAS cd TRACE-MAS pip install -e ".[dev]" ``` ## 快速开始 ``` from trace_mas import TraceMASRuntime, TraceMASConfig from trace_mas.drift import DriftCorrectorConfig from trace_mas.runtime import AgentSpec, PolicyCommitment config = TraceMASConfig( drift=DriftCorrectorConfig(gamma_min=0.4, rho=0.04, epsilon=0.02), ) runtime = TraceMASRuntime(config, agents, verifier_fn, alpha_0) # 在受到攻击时引发 DriftAlarm、SpoofAlarm、InjectionAlarm 或 TemporalAlarm trajectory = runtime.run(T=10) ``` 运行完整 demo： ``` python examples/pipeline_demo.py ``` ``` BENIGN PIPELINE RUN (3 agents, 5 rounds) Max drift: 0.0629 Theoretical bound: 0.0700 ← empirically confirmed STATUS: PASSED ADVERSARIAL RUN: Prompt Injection Attack CAUGHT: InjectionAlarm — behavioral score 0.10 < threshold 0.40 STATUS: BLOCKED ``` ## 仓库结构 ``` TRACE-MAS/ ├── src/trace_mas/ │ ├── drift.py # Phase 2: contractive aggregation, DriftAlarm │ ├── attestation.py # Phase 1: ZKP gate, SpoofAlarm, InjectionAlarm │ ├── temporal.py # Phase 3: KL-window monitor, TemporalAlarm │ └── runtime.py # Unified TraceMASRuntime ├── tests/ # 25 tests covering all three security phases ├── examples/ │ └── pipeline_demo.py # Benign + adversarial 3-agent demo ├── docs/ # GitHub Pages website ├── CITATION.cff └── pyproject.toml ``` ## 测试 ``` python -m pytest tests/ -v # 25 项通过 ``` 涵盖：漂移边界正确性、定理包络与链长无关性、欺骗拒绝、注入检测、分布偏移下的时序告警。 ## 工作原理 runtime 的每一轮针对每个智能体运行三个连续阶段： ``` Phase 1 — Attestation Gate Agent generates ZKP: π = Prove(key, message, policy_commit, history) Dynamic threshold: τ = τ₀ + κ·log(1 + risk_score) If Verify(π) fails or behavioral_score < τ → SpoofOrInjectAlarm Phase 2 — Drift Correction Verifier quorum produces reference signal ξ α_next = (1-γ)·agent_output + γ·ξ [contractive aggregation] If ‖α_next - α₀‖ > δ* → DriftAlarm Phase 3 — Temporal Monitoring (per round) I = sup KL(M^s1 ‖ M^s2) over sliding window If I > φ(B) → TemporalAlarm; rollback to last certified checkpoint ``` ## 作者 **Sunil Gentyala** 独立研究，MAS 安全与应用密码学 IEEE 会员 | sugentyala@ieee.org [LinkedIn](https://www.linkedin.com/in/sunil-gentyala/) | [GitHub](https://github.com/sunilgentyala) ## 许可证 MIT 许可证。请参阅 [LICENSE](LICENSE)。

标签：DLL 劫持, Python, 人工智能, 多智能体, 大语言模型, 安全规则引擎, 无后门, 用户模式Hook绕过, 身份认证与防护, 逆向工具