agent-audit-kit 0.2.0__tar.gz

agent_audit_kit-0.2.0/.agent-audit-kit.yml

@@ -0,0 +1,22 @@
+# AgentAuditKit Configuration
+# Place this file at your project root to customize scanning behavior.
+# CLI flags override these values.
+
+# Minimum severity to report
+severity: low
+
+# Fail CI if any finding at this severity or above (critical, high, medium, low, none)
+fail-on: high
+
+# Paths to exclude from scanning
+ignore-paths:
+  - vendor/
+  - third_party/
+
+# Rules to skip (uncomment as needed)
+# exclude-rules:
+#   - AAK-MCP-007    # We intentionally don't pin npx versions
+#   - AAK-SUPPLY-005  # Large dependency tree is expected
+
+# Scan user-level agent configs (~/.claude/, etc.)
+include-user-config: false

agent_audit_kit-0.2.0/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,34 @@
+---
+name: Bug Report
+about: Report a bug or incorrect behavior
+title: "[BUG] "
+labels: bug
+assignees: ''
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is.
+
+## To reproduce
+
+Steps to reproduce the behavior:
+
+1. Run `agent-audit-kit scan ...`
+2. With this config: ...
+3. See error
+
+## Expected behavior
+
+A clear description of what you expected to happen.
+
+## Environment
+
+- **OS:** (e.g., macOS 14.5, Ubuntu 22.04)
+- **Python version:** (e.g., 3.11.9)
+- **AgentAuditKit version:** (run `agent-audit-kit --version`)
+- **Installation method:** (pip, Docker, GitHub Action)
+
+## Additional context
+
+Add any other context, logs, or screenshots about the problem here.

agent_audit_kit-0.2.0/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,23 @@
+---
+name: Feature Request
+about: Suggest a new feature or improvement
+title: "[FEATURE] "
+labels: enhancement
+assignees: ''
+---
+
+## Problem description
+
+A clear description of the problem this feature would solve.
+
+## Proposed solution
+
+Describe how you'd like this to work.
+
+## Alternatives considered
+
+Any alternative solutions or features you've considered.
+
+## Additional context
+
+Add any other context, mockups, or references here.

agent_audit_kit-0.2.0/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,22 @@
+## Summary
+
+Brief description of what changed and why.
+
+## Motivation
+
+Why is this change needed? Link to related issues if applicable.
+
+## Test plan
+
+How was this tested?
+
+- [ ] Unit tests added/updated
+- [ ] `pytest -v` passes
+- [ ] Self-scan passes: `agent-audit-kit scan . --fail-on critical`
+
+## Checklist
+
+- [ ] Tests pass locally
+- [ ] No secrets or credentials committed
+- [ ] Documentation updated (if applicable)
+- [ ] CHANGELOG.md updated (if user-facing change)

agent_audit_kit-0.2.0/.github/dependabot.yml

@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    ignore:
+      - dependency-name: "python"
+        update-types: ["version-update:semver-major"]

agent_audit_kit-0.2.0/.github/workflows/ci.yml

@@ -0,0 +1,51 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.9", "3.10", "3.11", "3.12"]
+
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -e ".[dev]"
+
+      - name: Run linting
+        run: ruff check agent_audit_kit/ tests/
+
+      - name: Run type checking
+        run: mypy agent_audit_kit/ --ignore-missing-imports
+
+      - name: Run tests
+        run: pytest -v --tb=short
+
+      - name: Self-scan (verify CLI works)
+        run: agent-audit-kit scan . --format json --score --fail-on none --ignore-paths tests/fixtures,benchmarks/sample_configs
+
+      - name: Self-scan SARIF
+        run: agent-audit-kit scan . --format sarif -o self-scan.sarif --fail-on none --ignore-paths tests/fixtures,benchmarks/sample_configs
+
+      - name: Verify OWASP report
+        run: agent-audit-kit scan . --owasp-report --fail-on none --ignore-paths tests/fixtures,benchmarks/sample_configs
+
+      - name: Verify discovery
+        run: agent-audit-kit discover
+
+      - name: Verify score
+        run: agent-audit-kit score .

agent_audit_kit-0.2.0/.github/workflows/codeql.yml

@@ -0,0 +1,40 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: "0 6 * * 1"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [python]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
+        with:
+          category: "/language:${{ matrix.language }}"

agent_audit_kit-0.2.0/.github/workflows/release.yml

@@ -0,0 +1,147 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+  packages: write
+  id-token: write
+  attestations: write
+
+jobs:
+  # --------------------------------------------------------------------------
+  # 1. Publish to PyPI using trusted publishing (OIDC)
+  # --------------------------------------------------------------------------
+  pypi:
+    name: Publish to PyPI
+    runs-on: ubuntu-latest
+    environment:
+      name: pypi
+      url: https://pypi.org/p/agent-audit-kit
+    permissions:
+      id-token: write
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Set up Python
+        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+        with:
+          python-version: '3.11'
+
+      - name: Install build tools
+        run: python -m pip install --upgrade pip build
+
+      - name: Build package
+        run: python -m build
+
+      - name: Publish to PyPI
+        uses: pypa/gh-action-pypi-publish@v1.13.0
+
+  # --------------------------------------------------------------------------
+  # 2. Build, scan, and push Docker image to GHCR
+  # --------------------------------------------------------------------------
+  docker:
+    name: Push Docker image to GHCR
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      attestations: write
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      - name: Log in to GHCR
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract version from tag
+        id: version
+        run: echo "version=${GITHUB_REF_NAME#v}" >> "$GITHUB_OUTPUT"
+
+      - name: Build image for scanning
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: .
+          load: true
+          tags: agent-audit-kit:scan
+
+      - name: Scan Docker image with Trivy
+        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1 # v0.35.0
+        with:
+          image-ref: agent-audit-kit:scan
+          format: sarif
+          output: trivy-results.sarif
+          severity: CRITICAL,HIGH
+
+      - name: Build and push
+        id: push
+        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 # v5.0.0
+        with:
+          context: .
+          push: true
+          tags: |
+            ghcr.io/sattyamjjain/agent-audit-kit:${{ steps.version.outputs.version }}
+            ghcr.io/sattyamjjain/agent-audit-kit:latest
+          labels: |
+            org.opencontainers.image.title=AgentAuditKit
+            org.opencontainers.image.description=Security scanner for MCP-connected AI agent pipelines
+            org.opencontainers.image.version=${{ steps.version.outputs.version }}
+            org.opencontainers.image.source=https://github.com/sattyamjjain/agent-audit-kit
+            org.opencontainers.image.licenses=MIT
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Generate SLSA provenance attestation
+        uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
+        with:
+          subject-name: ghcr.io/sattyamjjain/agent-audit-kit
+          subject-digest: ${{ steps.push.outputs.digest }}
+          push-to-registry: true
+
+  # --------------------------------------------------------------------------
+  # 3. Create GitHub Release with auto-generated notes
+  # --------------------------------------------------------------------------
+  github-release:
+    name: Create GitHub Release
+    runs-on: ubuntu-latest
+    needs: [pypi, docker]
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Create release
+        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
+        with:
+          generate_release_notes: true
+          body: |
+            ## Installation
+
+            **pip:**
+            ```bash
+            pip install agent-audit-kit==${{ github.ref_name }}
+            ```
+
+            **Docker:**
+            ```bash
+            docker pull ghcr.io/sattyamjjain/agent-audit-kit:${{ github.ref_name }}
+            ```
+
+            **GitHub Action:**
+            ```yaml
+            - uses: sattyamjjain/agent-audit-kit@${{ github.ref_name }}
+              with:
+                fail-on: high
+            ```
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

agent_audit_kit-0.2.0/.github/workflows/scorecard.yml

@@ -0,0 +1,36 @@
+name: "Scorecard"
+
+on:
+  push:
+    branches: [main]
+  schedule:
+    - cron: "0 6 * * 1"
+
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          persist-credentials: false
+
+      - name: Run OSSF Scorecard
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          publish_results: true
+
+      - name: Upload SARIF results
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
+        with:
+          sarif_file: results.sarif

agent_audit_kit-0.2.0/.gitignore

@@ -0,0 +1,43 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.egg-info/
+*.egg
+dist/
+build/
+.eggs/
+
+# Virtual environments
+.venv/
+venv/
+env/
+
+# IDE
+.idea/
+.vscode/
+*.swp
+*.swo
+
+# Test/Coverage
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+.mypy_cache/
+.ruff_cache/
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Environment
+.env
+.env.*
+
+# Agent Audit Kit cache
+.agent-audit-kit/
+
+# Benchmark data (downloaded configs)
+benchmarks/data/
+benchmarks/results.json

agent_audit_kit-0.2.0/.pre-commit-hooks.yaml

@@ -0,0 +1,10 @@
+- id: agent-audit-kit
+  name: AgentAuditKit Security Scan
+  description: Scan MCP agent configs, hooks, and dependencies for security issues
+  entry: agent-audit-kit scan
+  language: python
+  types: [json, yaml]
+  files: '(\.mcp\.json|mcp.*\.json|settings\.json|\.env|package\.json|pyproject\.toml)'
+  args: ['--ci']
+  pass_filenames: false
+  always_run: false

agent_audit_kit-0.2.0/CHANGELOG.md

@@ -0,0 +1,28 @@
+# Changelog
+
+All notable changes to AgentAuditKit are documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [0.2.0] - 2026-04-05
+
+Initial public release.
+
+### Added
+
+- **74 security rules** across 11 scanner categories: MCP configuration, hook injection, trust boundaries, secret exposure, supply chain, agent config, tool poisoning, taint analysis, transport security, A2A protocol, and legal compliance.
+- **11 scanners** with full coverage of MCP-connected AI agent pipelines.
+- **9 CLI commands**: `scan`, `discover`, `pin`, `verify`, `fix`, `score`, `update`, and CI-mode shortcuts.
+- **SARIF 2.1.0** output with GitHub Security tab integration and inline PR annotations.
+- **GitHub Action** (`sattyamjjain/agent-audit-kit@v1`) for zero-install CI scanning.
+- **Pre-commit hook** for local scanning before every commit.
+- **OWASP coverage**: full mapping to OWASP Agentic Top 10 (10/10), OWASP MCP Top 10, and Adversa AI Top 25.
+- **Compliance mapping** for EU AI Act, SOC2, ISO 27001, HIPAA, and NIST AI RMF via `--compliance` flag.
+- **Tool pinning** (`pin` and `verify` commands) to detect rug-pull and supply chain drift.
+- **Taint analysis** tracking `@tool` parameter flows to shell, eval, SQL, SSRF, file, and deserialization sinks.
+- **Security scoring** with letter grades and embeddable badges via `score` command.
+- **Auto-fix** with `fix --dry-run` for safe remediation of common findings.
+- **Agent discovery** supporting Claude Code, Cursor, VS Code Copilot, Windsurf, Amazon Q, Gemini CLI, Goose, Continue, Roo Code, and Kiro.
+
+[0.2.0]: https://github.com/sattyamjjain/agent-audit-kit/releases/tag/v0.2.0

agent_audit_kit-0.2.0/CODE_OF_CONDUCT.md

@@ -0,0 +1,54 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, caste, color, religion, or sexual
+identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior:
+
+* The use of sexualized language or imagery, and sexual attention or advances
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information without explicit permission
+* Other conduct which could reasonably be considered inappropriate
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+**security@agentauditkit.io**.
+
+All complaints will be reviewed and investigated promptly and fairly.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://www.contributor-covenant.org),
+version 2.1, available at
+<https://www.contributor-covenant.org/version/2/1/code_of_conduct.html>.

agent_audit_kit-0.2.0/CONTRIBUTING.md

@@ -0,0 +1,99 @@
+# Contributing to AgentAuditKit
+
+Thank you for your interest in making AI agent pipelines safer. This guide covers everything you need to start contributing.
+
+## Development Setup
+
+**Prerequisites:** Python 3.9+ and Git.
+
+```bash
+git clone https://github.com/sattyamjjain/agent-audit-kit.git
+cd agent-audit-kit
+pip install -e ".[dev]"
+```
+
+This installs AgentAuditKit in editable mode along with testing, linting, and type-checking tools.
+
+Verify the install:
+
+```bash
+agent-audit-kit scan .
+```
+
+## Running Tests
+
+```bash
+pytest -v
+```
+
+With coverage:
+
+```bash
+pytest -v --cov=agent_audit_kit --cov-report=term-missing
+```
+
+## Linting
+
+```bash
+ruff check .
+```
+
+Auto-fix issues:
+
+```bash
+ruff check . --fix
+```
+
+## Type Checking
+
+```bash
+mypy agent_audit_kit
+```
+
+## Code Conventions
+
+- **Python 3.9+** compatibility is required. Do not use features exclusive to 3.10+.
+- Add `from __future__ import annotations` at the top of every module.
+- Use **type hints** on all function signatures and return types.
+- Keep functions under 50 lines. Extract helpers if longer.
+- Use `click` for CLI commands, `pyyaml` for config parsing.
+- No hardcoded secrets, tokens, or API keys in source code.
+
+## Adding a New Rule
+
+1. Create the rule in the appropriate scanner module under `agent_audit_kit/`.
+2. Assign a unique rule ID following the pattern `AAK-<CATEGORY>-<NNN>`.
+3. Include `severity`, `message`, `remediation`, and `owasp_ref` fields.
+4. Add tests in `tests/` that cover both detection and non-detection cases.
+5. Update `docs/rules.md` with the new rule.
+
+## Pull Request Process
+
+1. **Fork** the repository and create a branch from `main`:
+   - `feature/<short-description>` for new features
+   - `fix/<short-description>` for bug fixes
+   - `chore/<short-description>` for maintenance
+2. Make your changes. Ensure all checks pass:
+   ```bash
+   pytest -v
+   ruff check .
+   mypy agent_audit_kit
+   ```
+3. Write a clear commit message in imperative mood (e.g., "Add taint analysis for pickle.loads sink").
+4. Open a pull request against `main`. Fill out the PR template completely.
+5. A maintainer will review your PR. Address feedback promptly.
+
+## What Makes a Good PR
+
+- Solves one problem. Keep the diff focused.
+- Includes tests that prove the change works.
+- Updates documentation if user-facing behavior changes.
+- Does not introduce secret values, `.env` files, or credentials.
+
+## Reporting Issues
+
+Use [GitHub Issues](https://github.com/sattyamjjain/agent-audit-kit/issues) for bugs and feature requests. For security vulnerabilities, see [SECURITY.md](SECURITY.md).
+
+## License
+
+By contributing, you agree that your contributions will be licensed under the [MIT License](LICENSE).

agent_audit_kit-0.2.0/Dockerfile

@@ -0,0 +1,21 @@
+# Pin to specific digest for supply chain security
+FROM python:3.11-slim@sha256:9358444059ed78e2975ada2c189f1c1a3144a5dab6f35bff8c981afb38946634 AS base
+
+LABEL maintainer="AgentAuditKit"
+LABEL org.opencontainers.image.source="https://github.com/sattyamjjain/agent-audit-kit"
+LABEL org.opencontainers.image.description="Security scanner for MCP-connected AI agent pipelines"
+
+COPY . /app
+WORKDIR /app
+RUN pip install --no-cache-dir .
+
+# Create non-root user for security
+RUN groupadd -r scanner && useradd -r -g scanner -d /home/scanner -s /sbin/nologin scanner
+RUN mkdir -p /home/scanner && chown -R scanner:scanner /home/scanner
+
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+USER scanner
+
+ENTRYPOINT ["/entrypoint.sh"]

agent_audit_kit-0.2.0/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 AgentAuditKit Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.