能力标签

🔌 MCP 🤖 Agent 🔄 工作流 🐳 Docker 💻 CLI 🔗 REST API

⚙️

Agent工作流

智能防火墙

基于 Rust · 无代码搭建完整 AI 自动化流程

英文名：The-Jinn-Guard

⭐ 6 Stars 💻 Rust 📄 Apache-2.0 🏷 AI 8.0分

8.0AI 综合评分

AI安全eBPFRust工作流

⬇ 下载源码 ZIP ⚙️ 配置说明 📺 TG 频道

✦ AI Skill Hub 推荐

智能防火墙是 AI Skill Hub 本期精选Agent工作流之一。综合评分 8.0 分，整体质量较高。我们强烈推荐将其纳入你的 AI 工具库，帮助提升工作效率。

📚 深度解析

智能防火墙是一套完整的 AI Agent 自动化工作流方案。随着 AI 能力的不断提升，基于 Agent 的自动化工作流正在成为提升个人和团队效率的核心方式。区别于传统的 RPA 自动化（模拟鼠标键盘操作），AI Agent 工作流通过理解任务意图、动态规划执行路径，能够处理更复杂的非结构化任务。

智能防火墙工作流的设计遵循"最小配置，最大复用"原则：核心逻辑已经封装好，用户只需配置自己的 API Key 和业务参数即可快速上手。工作流内置错误处理和重试机制，在网络波动或 API 限速等情况下仍能稳定运行，适合作为生产环境的自动化基础设施。

在实际部署时，建议先在测试环境中运行 3-5 次，验证各个环节的输出结果符合预期，再部署到生产环境。AI Skill Hub 评分 8.0 分，是同类 Agent 工作流中的精选推荐。

📋 工具概览

基于eBPF/BPF-LSM的语义防火墙，强化AI安全

智能防火墙是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排，将复杂的多步骤任务拆解为清晰的自动化流程，实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成，适合构建数据处理管线、业务自动化和 AI 辅助决策系统。

GitHub Stars

⭐ 6

开发语言

Rust

支持平台

Windows / macOS / Linux

维护状态

轻量级项目，按需更新

开源协议

Apache-2.0

AI 综合评分

8.0 分

工具类型

Agent工作流

Forks

—

📖 中文文档

以下内容由 AI Skill Hub 根据项目信息自动整理，如需查看完整原始文档请访问底部「原始来源」。

基于eBPF/BPF-LSM的语义防火墙，强化AI安全

📌 核心特色

可视化 Agent 工作流编排，无需编写复杂代码
支持多步骤自动化任务链，实现全流程无人值守
与外部 API、数据库和第三方服务无缝集成
内置错误处理与自动重试机制，保障稳定运行
提供可复用的自动化模板，快速在同类场景部署

🎯 主要使用场景

自动化日常重复性工作，将精力集中于创造性任务
构建数据采集 → 处理 → 输出的完整自动化管线
实现跨平台、跨系统的数据流转和业务协同

以下安装命令基于项目开发语言和类型自动生成，实际以官方 README 为准。

安装命令

# 方式一：cargo install（推荐）
cargo install the-jinn-guard

# 方式二：从源码编译
git clone https://github.com/AlphaReasoning/The-Jinn-Guard
cd The-Jinn-Guard
cargo build --release
# 二进制在 ./target/release/the-jinn-guard

📋 安装步骤说明

访问 GitHub 仓库获取工作流文件
在对应平台（Dify / Flowise / Make 等）中找到「导入工作流」功能
上传工作流文件
按照提示配置必要的环境变量和 API Key
运行测试确认流程正常后投入使用

以下用法示例由 AI Skill Hub 整理，涵盖最常见的使用场景。

常用命令 / 代码示例

# 查看帮助
the-jinn-guard --help

# 基本运行
the-jinn-guard [options] <input>

# 详细使用说明请查阅文档
# https://github.com/AlphaReasoning/The-Jinn-Guard

以下配置示例基于典型使用场景生成，具体参数请参照官方文档调整。

配置示例

# the-jinn-guard 配置说明
# 查看配置选项
the-jinn-guard --config-example > config.yml

# 常见配置项
# output_dir: ./output
# log_level: info
# workers: 4

# 环境变量（覆盖配置文件）
export THE_JINN_GUARD_CONFIG="/path/to/config.yml"

📑 README 深度解析真实文档完整度 70/100 查看 GitHub 原文 →

以下内容由系统直接从 GitHub README 解析整理，保留代码块、表格与列表结构。

🛡️ Jinn Guard — Kernel-enforced semantic firewall for autonomous AI agents (validated research prototype)

Jinn Guard is an asynchronous, kernel-aware semantic firewall designed to enforce mathematical safety constraints on autonomous AI agents before any tool execution is permitted. It intercepts high-level natural language intents and processes them through a lifetime-anchored Z3 SMT solver pipeline — verifying state transitions and risk ceilings against formalized compliance models before granting or denying execution authority.

Operating locally over high-throughput UNIX domain sockets, the platform binds user-space proxy validation with low-level eBPF kernel telemetry and namespace tracking to enforce zero-trust process isolation and anti-replay protection for governed cgroups.

System Requirements

- Linux kernel 5.16+ - CONFIG_BPF_LSM=y - bpf present in the active LSM list (cat /sys/kernel/security/lsm) - Debian cloud kernels often have it pre-armed. - Ubuntu does not — append bpf to the existing list via the lsm= boot parameter, then update-grub and reboot. For example, in /etc/default/grub:

    GRUB_CMDLINE_LINUX="lsm=lockdown,capability,landlock,yama,apparmor,ima,evm,bpf"

(List the modules already in /sys/kernel/security/lsm plus bpf; an explicit lsm= replaces the kernel default, so include the full set.) - rpm-ostree / immutable hosts should not hand-edit grub. On a booted ostree host, stage the full active LSM set plus bpf declaratively:

    sudo deploy/arm-lsm-ostree.sh
    sudo systemctl reboot

The helper prints the exact rpm-ostree kargs change before applying it and prints the one-line revert (rpm-ostree kargs --delete=lsm=...; or rpm-ostree rollback before reboot). Off ostree hosts, it is a no-op. On daemon startup, the audit chain records a boot marker with the booted ostree commit, kernel release, and ostree/non-ostree flag. rpm-ostree provides platform immutability; it does not perform Jinn Guard action blocking. - bpftool installed for vmlinux.h generation (Debian: bpftool; Ubuntu: linux-tools-generic)

Validated on three distributions / three kernel generations: Debian 13 / kernel 6.12 (BENCHMARKS-01.md, BENCHMARKS-02.md), Ubuntu 24.04 / kernel 6.17 (BENCHMARKS-03.md), and AlmaLinux 9 / kernel 5.14 under SELinux Enforcing (BENCHMARKS-04.md).

---

Prerequisites

```bash

Prerequisites (Debian)

sudo apt install clang llvm libbpf-dev linux-headers-$(uname -r) bpftool

Install (automated)

git clone https://github.com/AlphaReasoning/The-Jinn-Guard
cd The-Jinn-Guard
sudo ./deploy/install.sh

The installer will: 1. Create the jinnguard system user 2. Generate a 256-bit HMAC secret → /etc/jinnguard/secret 3. Load the key into the kernel keyring 4. Build and install /usr/sbin/jinnguard 5. Enable and start jinnguard.service

🧬 Building eBPF Programs

```bash

sudo apt install clang llvm libbpf-dev linux-headers-$(uname -r) linux-tools-generic

Build all four programs and merge into jinnguard_ebpf.o

cd bpf && make

Install to /usr/lib/jinnguard/

sudo make install ```

The merged object is loaded at runtime by the aya-rs backend inside the daemon when built with the kernel_telemetry feature.

---

Check without building

cargo check ```

---

🚀 Quick Start

Python client example

from jinnguard_py import JinnGuardClient

client = JinnGuardClient(
    socket_path="/run/jinnguard/jinnguard.sock",
    secret_key="<your-hmac-secret>",  # or use keyring lookup
    agent_id="fabric_swarm_production_01",
)

result = client.propose(
    intent_name="read_file",
    sequence_counter=1,
    action_risk_score=20.0,
    proposed_action={"kind": "file_write", "path": "/tmp/out.txt", "contents": "hello"},
    context_vars={"spending_ceiling_usd": 50.0},
)

if result.allowed:
    print("Execution permitted:", result.signal)
else:
    print("Blocked:", result.signal)

---

Rust Sandbox / Dev Environment

This repository includes a reproducible Rust sandbox for development, CI-style builds, and Step 1 capability-broker testing. It installs Rust/Cargo, native Z3, SQLite/OpenSSL headers, Python 3, and Clang/LLVM in a Docker image.

make docker-build
make dev-shell
make docker-smoke

For the full workflow, see docs/rust_sandbox.md. If the sandbox MCP gateway port is busy, set JINN_GUARD_MCP_PORT, for example:

JINN_GUARD_MCP_PORT=4860 make smoke

⚙️ Configuration — `policy.yaml`

global_safety_ceiling: 75.0   # fused_risk must be below this

agent_nodes:
  - id: fabric_swarm_production_01
    privilege_tier: 1
    # Optional: bind this signed agent_id to local Unix users observed through
    # SO_PEERCRED. Empty/omitted preserves the shared-key legacy behavior.
    allowed_peer_uids:
      - 10001
    allowed_intents:
      - read_file
      - model_inference
      - write_temp
    max_sequence_quota: 500    # max decisions per lineage session (0 = unlimited)
    invariants:
      - "spending_ceiling_usd <= 150.00"
      - "privilege_escalation_depth < 3"
      - "fused_risk <= 74.0"

  - id: admin_agent_00
    privilege_tier: 3
    allowed_intents: []        # empty = all intents allowed
    max_sequence_quota: 0      # 0 = unlimited
    invariants:
      - "trust_score >= 30.0"

🔧 CLI Flags

jinnguard [OPTIONS]

Options:
  --socket-path   <PATH>   UDS socket path  [default: /run/jinnguard/jinnguard.sock]
  --lineage-file  <PATH>   Lineage persistence file  [default: /var/lib/jinnguard/lineage.json]
  --audit-log     <PATH>   Audit log path  [default: /var/log/jinnguard/audit.log]
  --policy-file   <PATH>   Policy YAML  [default: /etc/jinnguard/policy.yaml]
  -h, --help               Print help

---

📦 Components

Crate / Directory	Purpose
`ts_cli/`	Main daemon — UDS listener, enforcement pipeline, audit logger
`ts_checker/`	Z3 SMT policy engine — state transition proofs + declarative invariants
`jinnguard_py/`	Python SDK for agent integration
`bpf/`	eBPF C programs (execve, openat, connect, cap_capable) + Makefile
`deploy/`	systemd unit + `install.sh` provisioner
`tests/`	Integration test harness

---

Ubuntu only: bpftool ships inside linux-tools (no standalone package)

sudo apt install linux-tools-generic # provides bpftool for vmlinux.h generation

On Ubuntu, bpftool comes from linux-tools-generic instead of a `bpftool` package:

Run the full suite (122 tests: 4 Z3 + 93 unit + 13 integration + 12 swarm-attack)

cargo test

✅ Shippable components

Component	Status
UDS IPC transport (framed, version-tagged)	✅ Production
HMAC-SHA256 authentication	✅ Production
Kernel keyring secret management	✅ Production
Bounded HMAC key rotation grace	✅ Production
`SO_PEERCRED` process identity	✅ Production
Z3 totality audit	✅ Production
Z3 per-agent invariant verification (G2)	✅ Production
Per-agent intent allowlist enforcement (G1)	✅ Production
Per-agent sequence quota enforcement (G1)	✅ Production
Replay attack protection	✅ Production
Behavioral drift detection	✅ Production
Hash-chained audit log	✅ Production
ExecutionBroker hard denylist	✅ Production
Lineage persistence	✅ Production
systemd unit + installer	✅ Production
Python SDK (`jinnguard_py`)	✅ Functional
eBPF C sources (4 programs + Makefile)	✅ Source complete
UDS saturation benchmark	✅ Implemented