abom-cli 0.1.0__py3-none-any.whl

abom/scan.py

@@ -0,0 +1,207 @@
+"""abom scan — statically detect an AI agent's components from a repository.
+
+Produces the `agent`, `components`, and `controls` of an ABOM Composition
+Manifest by inspecting dependency manifests, source, prompt files, and MCP
+configs. Pure stdlib. Best-effort and conservative: it reports what it
+can see, with where it saw it (`detected_from`).
+"""
+from __future__ import annotations
+
+import hashlib
+import json
+import re
+import tomllib
+from pathlib import Path
+
+# --- known signals -----------------------------------------------------------
+FRAMEWORKS = {
+    "langchain": "LangChain", "langchain-core": "LangChain", "langgraph": "LangGraph",
+    "crewai": "CrewAI", "llama-index": "LlamaIndex", "llama_index": "LlamaIndex",
+    "autogen": "AutoGen", "pyautogen": "AutoGen", "autogen-agentchat": "AutoGen",
+    "semantic-kernel": "Semantic Kernel", "haystack-ai": "Haystack",
+    "smolagents": "smolagents", "openai-agents": "OpenAI Agents SDK",
+    "google-adk": "Google ADK", "google-genai": "Google GenAI", "mcp": "Model Context Protocol",
+    "dspy": "DSPy", "dspy-ai": "DSPy", "pydantic-ai": "Pydantic AI",
+}
+MODEL_SDKS = {
+    "openai": "OpenAI", "anthropic": "Anthropic", "mistralai": "Mistral",
+    "cohere": "Cohere", "google-generativeai": "Google", "vertexai": "Google Vertex",
+    "boto3": "AWS Bedrock", "ollama": "Ollama", "vllm": "vLLM",
+    "huggingface-hub": "Hugging Face", "transformers": "Hugging Face",
+    "groq": "Groq", "together": "Together", "replicate": "Replicate",
+}
+VECTOR_STORES = {
+    "chromadb": "Chroma", "pinecone-client": "Pinecone", "pinecone": "Pinecone",
+    "weaviate-client": "Weaviate", "qdrant-client": "Qdrant", "faiss-cpu": "FAISS",
+    "faiss-gpu": "FAISS", "pgvector": "pgvector", "pymilvus": "Milvus", "lancedb": "LanceDB",
+}
+GUARDRAILS = {
+    "guardrails-ai": "Guardrails AI", "nemoguardrails": "NeMo Guardrails",
+    "llm-guard": "LLM Guard", "presidio-analyzer": "Presidio", "rebuff": "Rebuff",
+}
+
+MODEL_NAME_RE = re.compile(
+    r"\b(gpt-4[\w.\-]*|gpt-3\.5[\w.\-]*|o[134][\w.\-]*|chatgpt[\w.\-]*|"
+    r"claude-[\w.\-]+|gemini-[\w.\-]+|mistral[\w.\-]*|mixtral[\w.\-]*|"
+    r"llama-?[23][\w.\-]*|qwen[\w.\-]*|command-r[\w.\-]*|deepseek[\w.\-]*|phi-?[34][\w.\-]*)\b",
+    re.IGNORECASE,
+)
+TOOL_RE = re.compile(r"@(?:tool|function_tool|tool\([^)]*\))\s*(?:\n\s*)*def\s+(\w+)|"
+                     r"@(?:tool|function_tool)\b[\s\S]{0,80}?def\s+(\w+)")
+MCP_CONFIG_NAMES = {"mcp.json", ".mcp.json", "claude_desktop_config.json", "mcp_config.json", ".cursor/mcp.json"}
+IGNORE_DIRS = {".git", "node_modules", ".venv", "venv", "env", "__pycache__", "dist", "build",
+               ".mypy_cache", ".pytest_cache", ".tox", ".ruff_cache", "site-packages", ".next"}
+TEXT_EXT = {".py", ".js", ".ts", ".tsx", ".yaml", ".yml", ".json", ".toml", ".env", ".cfg", ".ini", ".md", ".txt"}
+MAX_FILE = 1_000_000
+
+
+def _read(p: Path) -> str:
+    try:
+        return p.read_text(encoding="utf-8", errors="ignore")
+    except Exception:
+        return ""
+
+
+def _sha256(text: str) -> str:
+    return hashlib.sha256(text.encode("utf-8")).hexdigest()
+
+
+def _iter_files(root: Path):
+    for p in root.rglob("*"):
+        if not p.is_file():
+            continue
+        if any(part in IGNORE_DIRS for part in p.parts):
+            continue
+        try:
+            if p.stat().st_size > MAX_FILE:
+                continue
+        except OSError:
+            continue
+        yield p
+
+
+def _norm_dep(name: str) -> str:
+    return re.split(r"[<>=!~ ;\[]", name.strip(), maxsplit=1)[0].strip().lower().replace("_", "-")
+
+
+def parse_dependencies(root: Path) -> set[str]:
+    deps: set[str] = set()
+    for req in list(root.glob("requirements*.txt")) + list(root.glob("**/requirements*.txt")):
+        if any(part in IGNORE_DIRS for part in req.parts):
+            continue
+        for line in _read(req).splitlines():
+            line = line.strip()
+            if line and not line.startswith(("#", "-")):
+                deps.add(_norm_dep(line))
+    pp = root / "pyproject.toml"
+    if pp.exists():
+        try:
+            data = tomllib.loads(_read(pp))
+            for d in data.get("project", {}).get("dependencies", []) or []:
+                deps.add(_norm_dep(d))
+            poetry = data.get("tool", {}).get("poetry", {}).get("dependencies", {})
+            for d in poetry:
+                deps.add(_norm_dep(d))
+        except Exception:
+            pass
+    pkg = root / "package.json"
+    if pkg.exists():
+        try:
+            data = json.loads(_read(pkg))
+            for section in ("dependencies", "devDependencies"):
+                deps.update(_norm_dep(k) for k in data.get(section, {}))
+        except Exception:
+            pass
+    deps.discard("")
+    return deps
+
+
+def _agent_meta(root: Path) -> dict:
+    name, version = root.resolve().name, "0.0.0"
+    pp = root / "pyproject.toml"
+    if pp.exists():
+        try:
+            data = tomllib.loads(_read(pp))
+            proj = data.get("project", {})
+            name = proj.get("name", name)
+            version = proj.get("version", version)
+        except Exception:
+            pass
+    pkg = root / "package.json"
+    if pkg.exists():
+        try:
+            data = json.loads(_read(pkg))
+            name = data.get("name", name)
+            version = data.get("version", version)
+        except Exception:
+            pass
+    return {"name": name, "version": version}
+
+
+def scan(root: Path) -> dict:
+    root = Path(root)
+    deps = parse_dependencies(root)
+    components: list[dict] = []
+    seen: set[tuple] = set()
+
+    def add(comp: dict):
+        key = (comp["type"], comp.get("name"))
+        if key not in seen:
+            seen.add(key)
+            components.append(comp)
+
+    # 1. from dependencies
+    for d in sorted(deps):
+        if d in FRAMEWORKS:
+            add({"type": "framework", "name": FRAMEWORKS[d], "detected_from": f"dependency:{d}"})
+        if d in MODEL_SDKS:
+            add({"type": "model", "name": f"{MODEL_SDKS[d]} (SDK)", "provider": MODEL_SDKS[d],
+                 "egress": d not in ("vllm", "ollama", "transformers"),
+                 "detected_from": f"dependency:{d}"})
+        if d in VECTOR_STORES:
+            add({"type": "dataSource", "kind": "vector-store", "name": VECTOR_STORES[d],
+                 "detected_from": f"dependency:{d}"})
+        if d in GUARDRAILS:
+            add({"type": "policy", "kind": "guardrail", "name": GUARDRAILS[d],
+                 "detected_from": f"dependency:{d}"})
+
+    # 2. concrete model names, prompt files, tools, MCP servers — from source
+    model_names: set[str] = set()
+    for p in _iter_files(root):
+        suffix = p.suffix.lower()
+        rel = str(p.relative_to(root))
+        # prompt files
+        if suffix == ".prompt" or "prompt" in p.parent.name.lower() and suffix in (".txt", ".md"):
+            text = _read(p)
+            add({"type": "prompt", "name": rel, "sha256": _sha256(text),
+                 "detected_from": f"file:{rel}"})
+        # mcp configs
+        if p.name in MCP_CONFIG_NAMES or rel in MCP_CONFIG_NAMES:
+            try:
+                cfg = json.loads(_read(p))
+                for server in (cfg.get("mcpServers") or {}):
+                    add({"type": "mcpServer", "name": server, "detected_from": f"file:{rel}"})
+            except Exception:
+                pass
+        if suffix not in TEXT_EXT:
+            continue
+        text = _read(p)
+        for m in MODEL_NAME_RE.findall(text):
+            model_names.add(m if isinstance(m, str) else next(filter(None, m)))
+        if suffix == ".py" and ("@tool" in text or "@function_tool" in text):
+            for groups in TOOL_RE.findall(text):
+                fn = next((g for g in groups if g), None)
+                if fn:
+                    add({"type": "tool", "name": fn, "detected_from": f"file:{rel}"})
+
+    for name in sorted(model_names):
+        provider = "external" if not name.lower().startswith(("llama", "qwen", "mistral", "mixtral", "phi", "deepseek")) else "open-weight"
+        add({"type": "model", "name": name, "provenance": "referenced in source",
+             "egress": provider == "external", "detected_from": "source"})
+
+    return {
+        "agent": _agent_meta(root),
+        "components": components,
+        "controls": {"scan": "static", "scanned_path": str(root.resolve().name),
+                     "egress": "unknown (static scan)"},
+    }

abom/schemas.py

@@ -0,0 +1,79 @@
+"""Pydantic request/response models for the Control API."""
+from __future__ import annotations
+
+import uuid
+from datetime import datetime
+from typing import Any, Literal
+
+from pydantic import BaseModel, Field
+
+
+class ProjectCreate(BaseModel):
+    name: str
+    repo_url: str
+    test_command: str = "pytest -q"
+
+
+class ProjectOut(BaseModel):
+    id: uuid.UUID
+    name: str
+    repo_url: str
+    test_command: str
+
+    model_config = {"from_attributes": True}
+
+
+class RunCreate(BaseModel):
+    project_id: uuid.UUID
+    intent: str = Field(min_length=3)
+    workload_type: Literal["dev_agent"] = "dev_agent"
+    max_iterations: int = Field(default=4, ge=1, le=8)
+
+
+class RunOut(BaseModel):
+    id: uuid.UUID
+    project_id: uuid.UUID
+    intent: str
+    status: str
+    model: str
+    max_iterations: int
+    prompt_tokens: int
+    completion_tokens: int
+    created_at: datetime
+    updated_at: datetime
+
+    model_config = {"from_attributes": True}
+
+
+class StepOut(BaseModel):
+    seq: int
+    type: str
+    payload: dict[str, Any]
+    created_at: datetime
+
+    model_config = {"from_attributes": True}
+
+
+class ApprovalDecision(BaseModel):
+    decision: Literal["approved", "rejected"]
+    comment: str = ""
+
+
+class AuditEventOut(BaseModel):
+    seq: int
+    event_type: str
+    actor: str
+    data: dict[str, Any]
+    prev_hash: str
+    hash: str
+    created_at: datetime
+
+    model_config = {"from_attributes": True}
+
+
+class VerifyResult(BaseModel):
+    run_id: uuid.UUID
+    valid: bool
+    broken_seq: int | None = None
+    reason: str | None = None
+    event_count: int

abom/sign.py

@@ -0,0 +1,91 @@
+"""ed25519 signing for ABOM — real detached signatures over canonical JSON.
+
+A signing key lives at ``~/.abom/signing_key.pem`` (override with ``ABOM_KEY``).
+The public key and a short key id are embedded in the signature, so verification
+is self-contained. In production a Notary / key registry pins the set of trusted
+key ids; ``verify_obj(obj, trusted_keys=...)`` enforces that.
+"""
+from __future__ import annotations
+
+import base64
+import hashlib
+import os
+from pathlib import Path
+
+from cryptography.hazmat.primitives import serialization
+from cryptography.hazmat.primitives.asymmetric.ed25519 import (
+    Ed25519PrivateKey,
+    Ed25519PublicKey,
+)
+
+from .audit import canonical_json
+
+
+def default_key_path() -> Path:
+    return Path(os.environ.get("ABOM_KEY", str(Path.home() / ".abom" / "signing_key.pem")))
+
+
+def load_or_create_key(path: Path | None = None) -> Ed25519PrivateKey:
+    path = Path(path or default_key_path())
+    if path.exists():
+        return serialization.load_pem_private_key(path.read_bytes(), password=None)
+    key = Ed25519PrivateKey.generate()
+    path.parent.mkdir(parents=True, exist_ok=True)
+    path.write_bytes(
+        key.private_bytes(
+            serialization.Encoding.PEM,
+            serialization.PrivateFormat.PKCS8,
+            serialization.NoEncryption(),
+        )
+    )
+    try:
+        os.chmod(path, 0o600)
+    except OSError:
+        pass
+    return key
+
+
+def _pub_b64(pub: Ed25519PublicKey) -> str:
+    raw = pub.public_bytes(serialization.Encoding.Raw, serialization.PublicFormat.Raw)
+    return base64.b64encode(raw).decode()
+
+
+def key_id(pub_b64: str) -> str:
+    return hashlib.sha256(base64.b64decode(pub_b64)).hexdigest()[:16]
+
+
+def sign_obj(obj: dict, key: Ed25519PrivateKey | None = None) -> dict:
+    """Return ``obj`` with a detached ed25519 ``signature`` over its canonical form."""
+    key = key or load_or_create_key()
+    body = {k: v for k, v in obj.items() if k != "signature"}
+    sig = key.sign(canonical_json(body).encode("utf-8"))
+    pub_b64 = _pub_b64(key.public_key())
+    return {
+        **obj,
+        "signature": {
+            "alg": "ed25519",
+            "public_key": pub_b64,
+            "key_id": key_id(pub_b64),
+            "value": base64.b64encode(sig).decode(),
+        },
+    }
+
+
+def verify_obj(obj: dict, trusted_keys: set[str] | None = None) -> bool:
+    """Verify the embedded ed25519 signature. If ``trusted_keys`` is given, the
+    signer's key id must be in it."""
+    sig = obj.get("signature") or {}
+    if sig.get("alg") != "ed25519":
+        return False
+    pub_b64, value = sig.get("public_key"), sig.get("value")
+    if not pub_b64 or not value:
+        return False
+    if trusted_keys is not None and key_id(pub_b64) not in trusted_keys:
+        return False
+    try:
+        pub = Ed25519PublicKey.from_public_bytes(base64.b64decode(pub_b64))
+        body = {k: v for k, v in obj.items() if k != "signature"}
+        pub.verify(base64.b64decode(value), canonical_json(body).encode("utf-8"))
+        return True
+    except Exception:
+        return False

abom_cli-0.1.0.dist-info/METADATA

@@ -0,0 +1,108 @@
+Metadata-Version: 2.4
+Name: abom-cli
+Version: 0.1.0
+Summary: ABOM — the Agent Bill of Materials. Scan, sign, and verify what your AI agents are made of.
+Project-URL: Homepage, https://abom.ai
+Project-URL: Repository, https://github.com/josephassiga/abom
+Project-URL: Specification, https://github.com/josephassiga/abom/tree/main/spec
+Author: ABOM Contributors
+License-Expression: Apache-2.0
+Keywords: agent,ai,ai-security,cyclonedx,llm,ml-bom,provenance,sbom,supply-chain
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: License :: OSI Approved :: Apache Software License
+Classifier: Programming Language :: Python :: 3 :: Only
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.11
+Requires-Dist: cryptography>=42.0
+Requires-Dist: typer>=0.12
+Provides-Extra: dev
+Requires-Dist: build>=1.2; extra == 'dev'
+Requires-Dist: jsonschema>=4.21; extra == 'dev'
+Requires-Dist: pytest>=8.3; extra == 'dev'
+Requires-Dist: ruff>=0.7; extra == 'dev'
+Requires-Dist: twine>=5.0; extra == 'dev'
+Provides-Extra: server
+Requires-Dist: alembic>=1.13; extra == 'server'
+Requires-Dist: asyncpg>=0.30; extra == 'server'
+Requires-Dist: boto3>=1.35; extra == 'server'
+Requires-Dist: fastapi>=0.115; extra == 'server'
+Requires-Dist: httpx>=0.27; extra == 'server'
+Requires-Dist: pydantic-settings>=2.6; extra == 'server'
+Requires-Dist: pydantic>=2.9; extra == 'server'
+Requires-Dist: python-jose[cryptography]>=3.3; extra == 'server'
+Requires-Dist: sqlalchemy[asyncio]>=2.0; extra == 'server'
+Requires-Dist: temporalio>=1.8; extra == 'server'
+Requires-Dist: uvicorn[standard]>=0.32; extra == 'server'
+Description-Content-Type: text/markdown
+
+# abom-cli
+
+The reference implementation of [ABOM](../spec/) — the Agent Bill of Materials.
+Scan a repo, emit a **signed** Composition Manifest, and **verify** it.
+
+```bash
+pip install abom-cli        # (until published: pip install -e .)
+abom scan .                 # → abom.json (signed with ed25519)
+abom verify abom.json       # check signature
+abom verify abom.json --policy policy.json   # + enforce a policy (exit 1 on violations)
+```
+
+## Commands
+
+| Command | What it does |
+|---|---|
+| `abom scan [PATH]` | Detect agent components (models, prompts, tools, MCP servers, frameworks, vector stores, guardrails) and emit a signed Composition Manifest. `-o -` writes to stdout. |
+| `abom verify [FILE]` | Verify the ed25519 signature; with `--policy`, enforce model allowlist / residency / egress / approval rules. Non-zero exit on findings (CI-friendly). |
+| `abom keygen` | Show (or create) the local ed25519 signing key (`~/.abom/signing_key.pem`, override with `ABOM_KEY`). |
+| `abom version` | Print the tool and spec versions. |
+
+### Example
+
+```
+$ abom scan .
+  ABOM · my-agent @ 1.2.0
+  models                  3  gpt-4o-mini, claude-3-5-sonnet, OpenAI (SDK)
+  frameworks              2  LangChain, LangGraph
+  MCP servers             2  filesystem, github
+  tools                   1  lookup_customer
+  prompts                 1  prompts/system.txt
+  signed: ed25519 · key 5846eabc738b3542
+  → wrote abom.json
+```
+
+## How detection works
+
+`abom scan` is a static scanner (pure stdlib + `cryptography`):
+- **Dependencies** (`requirements*.txt`, `pyproject.toml`, `package.json`) → frameworks, model SDKs, vector stores, guardrails.
+- **Source** → concrete model names (`gpt-4o`, `claude-*`, …) and `@tool`-decorated functions.
+- **Prompt files** (`*.prompt`, `prompts/*.txt|md`) → hashed.
+- **MCP configs** (`mcp.json`, `claude_desktop_config.json`, …) → MCP servers.
+
+Each component records `detected_from` so the manifest is auditable. The output
+validates against [`spec/abom-0.1.schema.json`](../spec/abom-0.1.schema.json).
+
+## Signing
+
+`abom scan` signs with **ed25519** (`cryptography`). The key lives at
+`~/.abom/signing_key.pem` (override with `ABOM_KEY`); the public key + a short
+`key_id` are embedded so `abom verify` is self-contained. A Notary / key registry
+pins trusted key ids in production.
+
+## Dev
+
+```bash
+make install          # pip install -e ".[dev]"
+make test             # pytest (audit chain, scanner, signing)
+make scan && make verify
+make build            # wheel + sdist + twine check
+python demo/demo.py   # generate → verify → tamper-evidence walkthrough
+```
+
+## What else is in this package
+
+`src/abom/` also contains a **prototype control-plane** (`api.py`, `db.py`,
+`orchestration.py`, the Notary) behind the optional `[server]` extra — the
+beginnings of the commercial layer. It is **not** required for `scan`/`verify`
+and is not part of the v0.1 spec. See [MVP_SPEC.md](MVP_SPEC.md).

abom_cli-0.1.0.dist-info/RECORD

@@ -0,0 +1,19 @@
+abom/__init__.py,sha256=ZMeFiJTyfJkr7vXP-G2aGc3a6iIVrmMTeGX5auXz-v0,101
+abom/agents.py,sha256=kgzkSIukMybcCDOyZoN8Xm45Ly2kolP9fUvmMvWyGp0,1999
+abom/api.py,sha256=hek2SCygDxq6r17xMbOIIjU2UXAvkrjVhSvgUUkPR2Q,6769
+abom/audit.py,sha256=ZzNjvJNNMXK3KYMdcgUzP5fVi5qePP3lp_2Jk48OBcg,4128
+abom/bom.py,sha256=ot5cKd1ngkXxkNGpiGHr3kmjXmyMRK-p1CDe7PjY-bY,6771
+abom/cli.py,sha256=0zToq9X8xvJgdlWbnY4UE-3RXLfVqh98Tutgnd9kJC8,4976
+abom/config.py,sha256=4tEwFglXjVKA82f8hOrG_nv96WN3TQ_tKua24X5gW4I,1233
+abom/db.py,sha256=Qq65ExI5Hvoosn8MCm1hpTXePnjuKK6TX82bOPYy5-o,5769
+abom/execution.py,sha256=V-pijLQVwu25c3nta8377Ykm1yRpPoCwHhJZ99SxAe8,2699
+abom/models_router.py,sha256=OfbE0cFHVejAe4gUno_uIBxDyjyg6rNsRSJxNdl0hPo,2927
+abom/orchestration.py,sha256=s0IhJSVYyRDJRoLSTTSD6VhrffgS7V_CYiNOQ8uCeZE,10135
+abom/policy.py,sha256=cgad67d8ycEHiELaELed8tyf1-i0S3citG6AV1OUXng,1471
+abom/scan.py,sha256=1Kijg7FSSejd4IHwo11CUzaCbZT-QqvMsrEdhVYp_xQ,8379
+abom/schemas.py,sha256=L46khKUR4pKfXiWFAXSPkUNlKgDOBBWhWLqyPQTN1o0,1577
+abom/sign.py,sha256=Aze5qykBTAJ2wQcaeppfcbTogQP2qLZ4xcsbqWmoIMs,3068
+abom_cli-0.1.0.dist-info/METADATA,sha256=K0-hPwTqTLmPD4T89utfbC8D5PfU2vrYPBd3ZA6xLGI,4690
+abom_cli-0.1.0.dist-info/WHEEL,sha256=mffPy8wBnZQn2VnJUU5jE99KsxaSfiyMHV9Yt0aLVxs,87
+abom_cli-0.1.0.dist-info/entry_points.txt,sha256=BW8BE6sSWrJAnjvPKN-VtT8ah_LnuhaXIFRYGzE39lQ,38
+abom_cli-0.1.0.dist-info/RECORD,,

abom_cli-0.1.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.30.1
+Root-Is-Purelib: true
+Tag: py3-none-any

abom_cli-0.1.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+abom = abom.cli:app