[feat(backend)] Alignment checker for browsing agent

[s-aniruddha]

End-user friendly description of the problem this fixes or functionality that this introduces
Recent work (https://scale.com/research/browser-art) showed that agentic LLMs do not refuse harmful instructions even though the backbone LLMs do. In order to combat this, we introduce a guardrail that detects and prevents unsafe behaviour by the browsing agent.

• Include this change in the Release Notes. If checked, you must provide an end-user friendly description for your change below

---

Give a summary of what the PR does, explaining any non-trivial design decisions

Guardrail feature that uses the underlying LLM of the agent to:
* Examine the user's request and check if it is harmful.
* Examine the content entered by the agent in a textbox (argument of the “fill” browser action) and check if it is harmful.
If the guardrail evaluates either of the 2 conditions to be true, it emits a change_agent_state action and transforms the AgentState to ERROR. This stops the agent from proceeding further. To enable this feature: In the InvariantAnalyzer object, set the check_browsing_alignment attribute to True and initialise the guardrail_llm attribute with an LLM object.

---

Link of any specific issues this addresses

[neubig]

This looks great, thanks so much!

Do you have actual evaluation results on BrowserArt? Or is that still pending?

[mamoodi]

Hey @s-aniruddha just wanted to check that you saw neubig's comment.

[s-aniruddha]

Hey @s-aniruddha just wanted to check that you saw neubig's comment.

Hello @mamoodi! Yes, I saw @neubig 's comment and presented a longer response in slack. Here's an abridged version of the response:

Summary of results:

• Experiments conducted on a more recent version of OpenHands with GPT-4o as backbone LLM
• Blocks 94/100 of the harmful tasks in direct ask mode
• Permits 9/10 of the benign tasks

[neubig]

This looks great, thank you for the contribution!