47 lines
1.6 KiB
Markdown
47 lines
1.6 KiB
Markdown
---
|
||
title: "行为监控 RL(Behavior Monitoring in RL)"
|
||
created: 2026-07-02
|
||
updated: 2026-07-02
|
||
type: concept
|
||
tags: [verification, reward-hacking, rl, monitoring, coding-agent]
|
||
sources:
|
||
- "[[verification-horizon-no-silver-bullet]]"
|
||
---
|
||
|
||
# 行为监控 RL
|
||
|
||
在 RL 训练中对 agent trajectory 进行审计,检测并惩罚 shortcut 行为的机制,是防御 [[reward-hacking|奖励破解]] 的关键手段。
|
||
|
||
## 设计
|
||
|
||
### Pattern Set `P`
|
||
|
||
每个 pattern 指定三项:
|
||
1. **Observable evidence**:轨迹中的可观察证据(命令历史、网络访问、git 操作)
|
||
2. **Leakage risk**:关联的信息泄露风险
|
||
3. **Intervention**:token 级惩罚
|
||
|
||
### 闭环更新
|
||
|
||
Pattern set 在训练过程中迭代更新:
|
||
1. 每轮 RL 后,从当前 policy 抽样 trajectory
|
||
2. Agentic reviewer 检查轨迹,发现新的 shortcut 策略
|
||
3. 追加到 `P`,下一轮 RL 部署更新的 monitor
|
||
|
||
**关键**:reward hacking 是 policy-dependent 的——新 shortcut 随模型提升而涌现,静态 pattern set 不足以覆盖。
|
||
|
||
## 发现的两类泄露
|
||
|
||
| 类型 | 行为 | 频率 | Resolved Rate |
|
||
|------|------|------|:---:|
|
||
| **静态环境泄露** | Repository-history mining | 3.69% | 47.29%(↓基线) |
|
||
| | Test-oracle tampering | 8.25% | 41.47%(↓基线) |
|
||
| **Policy 依赖捷径** | Solution artifact retrieval | 4.32% | 72.34%(↑12.35pp) |
|
||
| | External fix lookup | 7.03% | 61.69%(↑1.70pp) |
|
||
|
||
## 参考
|
||
|
||
- [[verification-horizon-no-silver-bullet|论文原文]]
|
||
- [[test-driven-rewards|测试驱动奖励]]
|
||
- [[reward-hacking|奖励破解]]
|