agentdiscover 2.7.2__tar.gz

agentdiscover-2.7.2/.claude/commands/grow-scanner.md

@@ -0,0 +1,58 @@
+# Grow AgentDiscover Scanner Traction
+
+Autonomous task: increase real-world adoption of the AgentDiscover scanner.
+
+Rules:
+- NEVER fake metrics (no artificial stars, downloads, or issues)
+- NEVER create fake user testimonials or reviews
+- ONLY improve the product, documentation, and discoverability
+- Every change must make the scanner genuinely more useful
+
+Execute the following improvement categories in order:
+
+## 1. First-Run Experience (highest impact)
+- Audit the README.md: Can a security engineer go from zero to first scan in under 3 minutes?
+- Ensure `pipx install agentdiscover && agent-discover-scanner scan-all ~/projects --duration 30` works flawlessly
+- Add a "What You'll See" section with REAL example output (not mocked)
+- Add a "Common Issues" section addressing known friction points
+- Test the install path on a clean Python 3.10+ environment
+
+## 2. Output Quality
+- Ensure scan output is immediately actionable (not just raw data)
+- Add a `--summary` flag that prints a human-readable executive summary
+- Add a `--report` flag that generates a markdown report suitable for sharing with management
+- Ensure AIBOM/CycloneDX output is valid and parseable by standard tools
+- Add `--json` output that's clean enough to pipe into jq
+
+## 3. CI/CD Integration
+- Create a GitHub Action: `defendai/agentdiscover-action`
+- Usage: add to any repo's CI to scan for AI agents on every PR
+- Output: SARIF format for GitHub Security tab integration
+- Create the action.yml, Dockerfile, and documentation
+- Write a blog-post-ready tutorial: "Add AI Agent Discovery to Your CI Pipeline in 5 Minutes"
+
+## 4. Comparison Content
+- Create docs/comparisons/ directory
+- Write honest comparisons: AgentDiscover vs Cisco DefenseClaw Skills Scanner
+- Write: AgentDiscover vs manual `grep` for AI frameworks
+- Write: AgentDiscover vs Nudge Security agent discovery
+- Be honest about limitations — credibility > marketing
+
+## 5. Integration Guides
+- Create docs/integrations/ directory
+- Write: "Using AgentDiscover with Splunk" (forward JSONL audit to Splunk HEC)
+- Write: "Using AgentDiscover with Elastic/Kibana" (filebeat config for scan output)
+- Write: "Using AgentDiscover in a Kubernetes cluster" (DaemonSet + Tetragon setup)
+- Write: "Using AgentDiscover with GitHub Actions" (reference the action from #3)
+
+## 6. SEO and Discoverability
+- Ensure PyPI metadata is complete: description, keywords, project URLs, classifiers
+- Add "AI agent security scanner" and "MCP security" to keywords
+- Ensure GitHub topics include: ai-security, mcp, agent-discovery, llm-security, sbom
+- Create a one-line description that's search-friendly: "Find every AI agent in your enterprise — the ones you know about and the ones you don't"
+
+## 7. Developer Experience
+- Ensure all CLI help text is clear and complete (`--help` on every subcommand)
+- Add shell completion scripts (bash, zsh, fish)
+- Add a `--verbose` mode that explains what each detection layer is doing in real-time
+- Add a `--dry-run` mode for CI environments that just validates configuration

agentdiscover-2.7.2/.github/workflows/aibom.yml

@@ -0,0 +1,126 @@
+# GitHub Action — CI/CD AIBOM Generation
+# File: .github/workflows/aibom.yml
+# Drop this into any repo that uses AI agents to get AIBOM on every push.
+
+name: Generate AI Bill of Materials (AIBOM)
+
+on:
+  push:
+    branches: [main, master]
+  pull_request:
+    branches: [main, master]
+  schedule:
+    # Run weekly on Mondays at 09:00 UTC for drift detection
+    - cron: '0 9 * * 1'
+  workflow_dispatch:
+    # Allow manual trigger
+
+jobs:
+  aibom:
+    name: Scan and generate AIBOM
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write  # For uploading to GitHub Security tab
+      actions: read
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0  # Full history for change detection
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'
+
+      - name: Install AgentDiscover Scanner
+        run: |
+          pip install agent-discover-scanner
+
+      - name: Run AIBOM scan
+        id: aibom_scan
+        run: |
+          agent-discover audit \
+            --output ./aibom-output/ \
+            --format cyclonedx-1.6 \
+            --no-runtime \
+            --ci
+        env:
+          # Optional: if your agents use these, the scanner can validate configs
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+
+      - name: Upload AIBOM artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: aibom-${{ github.sha }}
+          path: ./aibom-output/
+          retention-days: 90
+
+      - name: Check for GHOST agent findings
+        run: |
+          if [ -f ./aibom-output/ghost-agents.md ]; then
+            GHOST_COUNT=$(grep -c "CRITICAL\|HIGH" ./aibom-output/ghost-agents.md || true)
+            if [ "$GHOST_COUNT" -gt "0" ]; then
+              echo "::warning::GHOST agent findings detected. Review aibom-output/ghost-agents.md"
+            fi
+          fi
+
+      - name: Check for Toxic Flow findings
+        run: |
+          if [ -f ./aibom-output/toxic-flows.md ]; then
+            echo "::warning::Potential Toxic Flow patterns detected. Review aibom-output/toxic-flows.md"
+          fi
+
+      - name: Comment PR with AIBOM summary
+        if: github.event_name == 'pull_request'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            let summary = '## AgentDiscover AIBOM Summary\n\n';
+
+            try {
+              const aibom = JSON.parse(fs.readFileSync('./aibom-output/aibom.json', 'utf8'));
+              const components = aibom.components || [];
+              const agentCount = components.filter(c => c.type === 'ai-model').length;
+              const ghostCount = components.filter(c => {
+                const ghost = c.properties?.find(p => p.name === 'agent:ghost');
+                return ghost?.value === 'true';
+              }).length;
+
+              summary += `| Metric | Value |\n|---|---|\n`;
+              summary += `| Agents inventoried | ${agentCount} |\n`;
+              summary += `| GHOST agents | ${ghostCount === 0 ? '✅ 0' : '🚨 ' + ghostCount} |\n`;
+              summary += `| AIBOM format | CycloneDX 1.6 |\n`;
+              summary += `| Scan commit | \`${context.sha.substring(0, 7)}\` |\n\n`;
+
+              if (ghostCount > 0) {
+                summary += '> ⚠️ **GHOST agents detected** — agents visible at runtime with no declared inventory entry. Review `aibom-output/ghost-agents.md`.\n';
+              } else {
+                summary += '> ✅ All detected agents match declared inventory.\n';
+              }
+            } catch (e) {
+              summary += '_AIBOM generation completed. Download artifact for full report._\n';
+            }
+
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: summary
+            });
+
+      - name: Fail on critical GHOST findings
+        if: ${{ inputs.fail_on_ghost || false }}
+        run: |
+          if [ -f ./aibom-output/ghost-agents.md ]; then
+            CRITICAL=$(grep -c "CRITICAL" ./aibom-output/ghost-agents.md || true)
+            if [ "$CRITICAL" -gt "0" ]; then
+              echo "Critical GHOST agent found. Failing build."
+              exit 1
+            fi
+          fi

agentdiscover-2.7.2/.github/workflows/ci.yml

@@ -0,0 +1,93 @@
+name: CI
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+
+jobs:
+  test:
+    name: Test on Python ${{ matrix.python-version }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ["3.10", "3.11", "3.12"]
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
+      with:
+        enable-cache: true
+    
+    - name: Set up Python ${{ matrix.python-version }}
+      run: uv python install ${{ matrix.python-version }}
+    
+    - name: Install dependencies
+      run: uv sync --all-extras
+    
+    - name: Run tests
+      run: uv run pytest tests/ -v --cov=src/agent_discover_scanner --cov-report=xml --cov-report=term
+    
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v4
+      if: matrix.python-version == '3.12'
+      with:
+        file: ./coverage.xml
+        fail_ci_if_error: false
+        token: ${{ secrets.CODECOV_TOKEN }}
+
+  lint:
+    name: Lint and Format Check
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
+    
+    - name: Set up Python
+      run: uv python install 3.12
+    
+    - name: Install dependencies
+      run: uv sync
+    
+    - name: Run ruff (lint)
+      run: uv run ruff check .
+    
+    - name: Run ruff (format check)
+      run: uv run ruff format --check .
+
+  build:
+    name: Build Package
+    runs-on: ubuntu-latest
+    
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    
+    - name: Install uv
+      uses: astral-sh/setup-uv@v5
+    
+    - name: Set up Python
+      run: uv python install 3.12
+    
+    - name: Install build dependencies
+      run: uv sync --dev
+    
+    - name: Build package
+      run: uv run python -m build
+    
+    - name: Check package
+      run: uv run twine check dist/*
+    
+    - name: Upload build artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: dist-packages
+        path: dist/

agentdiscover-2.7.2/.github/workflows/scan.yml

@@ -0,0 +1,38 @@
+name: AI Agent Discovery
+
+on:
+  schedule:
+    - cron: '0 2 * * 1'  # Weekly on Monday at 2 AM
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  workflow_dispatch:
+
+permissions:
+  security-events: write
+  contents: read
+
+jobs:
+  agent-scan:
+    name: Scan for AI agents
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Scan and upload to GitHub Security
+        uses: Defend-AI-Tech-Inc/agent-discover-scanner@v2.5.0
+        with:
+          path: '.'
+          output: 'agent-scan-results.sarif'
+          upload-sarif: 'true'
+
+      - name: Upload SARIF artifact
+        uses: actions/upload-artifact@v4
+        if: always()
+        with:
+          name: agent-scan-sarif
+          path: agent-scan-results.sarif
+          retention-days: 30

agentdiscover-2.7.2/.gitignore

@@ -0,0 +1,70 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+.venv/
+venv/
+ENV/
+env/
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+
+# IDE
+.cursor/
+.vscode/
+.idea/
+*.code-workspace
+*.swp
+*.swo
+*~
+
+# Output files
+*.sarif
+*.json
+network-findings.*
+*.log
+agents-scan-results.*
+defendai-scan.*
+test-results.*
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Secrets
+*.key
+*.pem
+.env
+.env.*
+
+# Allow example JSON files
+!examples/**/*.json
+.pypirc
+demo_*.txt
+demo_*.md
+*_report.md
+*.jsonl

agentdiscover-2.7.2/.python-version

@@ -0,0 +1 @@
+3.12