agentfort 0.1.1__tar.gz

agentfort-0.1.1/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 NeuronKnight
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

agentfort-0.1.1/PKG-INFO

@@ -0,0 +1,154 @@
+Metadata-Version: 2.4
+Name: agentfort
+Version: 0.1.1
+Summary: CVE-style advisory database and static scanner for AI agent security risks
+Author-email: NeuronKnight <dev@neuronknight.com>
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/NeuronKnight/agentfort
+Project-URL: Source, https://github.com/NeuronKnight/agentfort
+Project-URL: Issues, https://github.com/NeuronKnight/agentfort/issues
+Keywords: security,ai,agents,mcp,llm,scanner,langchain,crewai
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: click>=8.0
+Requires-Dist: rich>=13.0
+Requires-Dist: pyyaml>=6.0
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Dynamic: license-file
+
+# AgentFort
+
+Static security scanner for AI agent codebases. Analyzes repositories and MCP config files against a CVE-style advisory database — no live agent interaction required.
+
+## What it does
+
+- Scans Python repos for dangerous patterns: `eval()`, `exec()`, `shell=True`, hardcoded API keys
+- Parses MCP config files (`claude_desktop_config.json`, `.mcp.json`) for shell execution tools, overly broad filesystem access, and unverified `npx`/`uvx` packages
+- Detects agent framework imports (LangChain, CrewAI, AutoGen, OpenAI, Anthropic, etc.) and cross-references against known vulnerabilities
+- **Queries OSV.dev live** for real CVEs against every detected package — findings stay current without any database updates
+- Produces risk scores, terminal reports, Markdown, and JSON output
+- Exits with code 1 on critical findings — CI pipeline friendly
+
+## Install
+
+```bash
+# From repo root (inside a virtualenv)
+pip install agentfort
+
+# Or dev install from repo
+pip install -e agentsentry/
+```
+
+## Usage
+
+```bash
+# Scan a repo
+agentfort scan --repo /path/to/your/agent-project
+
+# Scan just an MCP config file
+agentfort scan --mcp-config ~/.config/claude/claude_desktop_config.json
+
+# JSON output (clean stdout, progress on stderr)
+agentfort scan --repo . --format json
+
+# Markdown report to file
+agentfort scan --repo . --format md --output report.md
+
+# Only show high and above
+agentfort scan --repo . --min-severity high
+
+# Disable CI exit code
+agentfort scan --repo . --no-fail-on-critical
+
+# Skip OSV live lookup (air-gapped / CI without outbound)
+agentfort scan --repo . --offline
+
+# Browse advisories
+agentfort advisories list
+agentfort advisories list --severity critical
+agentfort advisories show AGSA-001
+```
+
+## Live CVE lookup (OSV.dev)
+
+Every scan queries [OSV.dev](https://osv.dev) in parallel for known CVEs against every package detected in the repo. No database to update — findings reflect OSV's current state on each run.
+
+- Results are capped at 5 CVEs per package (highest severity first) to avoid noise from very old pinned versions
+- Uses GHSA severity labels (`database_specific.severity`) for accurate critical/high/medium/low mapping
+- Falls back silently if the network is unreachable — use `--offline` to skip the lookup entirely
+
+```bash
+# Scan with live CVEs (default)
+agentfort scan --repo .
+
+# Air-gapped / no outbound network
+agentfort scan --repo . --offline
+```
+
+## Advisory database
+
+14 static advisories covering structural/behavioral risks from the [OWASP Agentic Top 10](https://owasp.org/www-project-top-10-for-large-language-model-applications/). Package CVEs are handled live by OSV.dev (see above).
+
+| ID | Severity | Risk |
+|---|---|---|
+| AGSA-001 | Critical | LangChain ShellTool unrestricted shell execution |
+| AGSA-002 | Critical | MCP server exposes shell execution tool |
+| AGSA-003 | Critical | `eval()`/`exec()` in agent tool handler |
+| AGSA-005 | Critical | AutoGen/CrewAI code execution without confirmation |
+| AGSA-004 | High | Hardcoded API key or secret in MCP config |
+| AGSA-006 | High | MCP filesystem server with overly broad path (`/`, `~`) |
+| AGSA-007 | High | `subprocess` with `shell=True` or `os.system()` |
+| AGSA-008 | High | Agent tool writes to arbitrary file paths |
+| AGSA-010 | High | Prompt injection via unvalidated tool output |
+| AGSA-013 | High | OpenAI Assistants `file_search`/`code_interpreter` without scope restriction |
+| AGSA-009 | Medium | MCP server loaded via unverified `npx`/`uvx` package |
+| AGSA-012 | Medium | Secrets exposed via `os.environ` in tool scope |
+| AGSA-014 | Medium | Non-PyPI/non-npm dependency as framework component |
+| AGSA-015 | Medium | System prompt in user-accessible config location |
+
+## Risk score
+
+`0–100`. Each finding adds: critical=40, high=15, medium=5, low=1. Capped at 100.
+
+## Output formats
+
+**Terminal** (default) — Rich panels with color-coded severity table and detail panels for critical/high findings.
+
+**JSON** — Machine-readable. Progress messages go to stderr so stdout is clean for piping:
+```bash
+agentfort scan --repo . --format json 2>/dev/null | jq '.findings[] | select(.severity=="critical")'
+```
+
+**Markdown** — Full report with summary table and per-finding sections, suitable for GitHub issues or PR comments.
+
+## Project structure
+
+```
+agentsentry/
+├── agentsentry/
+│   ├── cli.py              # Click CLI entry point
+│   ├── models.py           # Finding, ScanResult dataclasses
+│   ├── db/
+│   │   ├── advisory.py     # Advisory loader and index
+│   │   └── data/           # AGSA-001.yaml … AGSA-015.yaml
+│   ├── scanner/
+│   │   ├── frameworks.py   # requirements.txt / pyproject.toml / package.json
+│   │   ├── mcp.py          # MCP config file scanner
+│   │   ├── osv.py          # Live CVE lookup via OSV.dev API
+│   │   ├── patterns.py     # Python source pattern scanner
+│   │   └── secrets.py      # Hardcoded credential scanner
+│   └── report/
+│       └── formatter.py    # Terminal, Markdown, JSON renderers
+└── pyproject.toml
+```

agentfort-0.1.1/README.md

@@ -0,0 +1,125 @@
+# AgentFort
+
+Static security scanner for AI agent codebases. Analyzes repositories and MCP config files against a CVE-style advisory database — no live agent interaction required.
+
+## What it does
+
+- Scans Python repos for dangerous patterns: `eval()`, `exec()`, `shell=True`, hardcoded API keys
+- Parses MCP config files (`claude_desktop_config.json`, `.mcp.json`) for shell execution tools, overly broad filesystem access, and unverified `npx`/`uvx` packages
+- Detects agent framework imports (LangChain, CrewAI, AutoGen, OpenAI, Anthropic, etc.) and cross-references against known vulnerabilities
+- **Queries OSV.dev live** for real CVEs against every detected package — findings stay current without any database updates
+- Produces risk scores, terminal reports, Markdown, and JSON output
+- Exits with code 1 on critical findings — CI pipeline friendly
+
+## Install
+
+```bash
+# From repo root (inside a virtualenv)
+pip install agentfort
+
+# Or dev install from repo
+pip install -e agentsentry/
+```
+
+## Usage
+
+```bash
+# Scan a repo
+agentfort scan --repo /path/to/your/agent-project
+
+# Scan just an MCP config file
+agentfort scan --mcp-config ~/.config/claude/claude_desktop_config.json
+
+# JSON output (clean stdout, progress on stderr)
+agentfort scan --repo . --format json
+
+# Markdown report to file
+agentfort scan --repo . --format md --output report.md
+
+# Only show high and above
+agentfort scan --repo . --min-severity high
+
+# Disable CI exit code
+agentfort scan --repo . --no-fail-on-critical
+
+# Skip OSV live lookup (air-gapped / CI without outbound)
+agentfort scan --repo . --offline
+
+# Browse advisories
+agentfort advisories list
+agentfort advisories list --severity critical
+agentfort advisories show AGSA-001
+```
+
+## Live CVE lookup (OSV.dev)
+
+Every scan queries [OSV.dev](https://osv.dev) in parallel for known CVEs against every package detected in the repo. No database to update — findings reflect OSV's current state on each run.
+
+- Results are capped at 5 CVEs per package (highest severity first) to avoid noise from very old pinned versions
+- Uses GHSA severity labels (`database_specific.severity`) for accurate critical/high/medium/low mapping
+- Falls back silently if the network is unreachable — use `--offline` to skip the lookup entirely
+
+```bash
+# Scan with live CVEs (default)
+agentfort scan --repo .
+
+# Air-gapped / no outbound network
+agentfort scan --repo . --offline
+```
+
+## Advisory database
+
+14 static advisories covering structural/behavioral risks from the [OWASP Agentic Top 10](https://owasp.org/www-project-top-10-for-large-language-model-applications/). Package CVEs are handled live by OSV.dev (see above).
+
+| ID | Severity | Risk |
+|---|---|---|
+| AGSA-001 | Critical | LangChain ShellTool unrestricted shell execution |
+| AGSA-002 | Critical | MCP server exposes shell execution tool |
+| AGSA-003 | Critical | `eval()`/`exec()` in agent tool handler |
+| AGSA-005 | Critical | AutoGen/CrewAI code execution without confirmation |
+| AGSA-004 | High | Hardcoded API key or secret in MCP config |
+| AGSA-006 | High | MCP filesystem server with overly broad path (`/`, `~`) |
+| AGSA-007 | High | `subprocess` with `shell=True` or `os.system()` |
+| AGSA-008 | High | Agent tool writes to arbitrary file paths |
+| AGSA-010 | High | Prompt injection via unvalidated tool output |
+| AGSA-013 | High | OpenAI Assistants `file_search`/`code_interpreter` without scope restriction |
+| AGSA-009 | Medium | MCP server loaded via unverified `npx`/`uvx` package |
+| AGSA-012 | Medium | Secrets exposed via `os.environ` in tool scope |
+| AGSA-014 | Medium | Non-PyPI/non-npm dependency as framework component |
+| AGSA-015 | Medium | System prompt in user-accessible config location |
+
+## Risk score
+
+`0–100`. Each finding adds: critical=40, high=15, medium=5, low=1. Capped at 100.
+
+## Output formats
+
+**Terminal** (default) — Rich panels with color-coded severity table and detail panels for critical/high findings.
+
+**JSON** — Machine-readable. Progress messages go to stderr so stdout is clean for piping:
+```bash
+agentfort scan --repo . --format json 2>/dev/null | jq '.findings[] | select(.severity=="critical")'
+```
+
+**Markdown** — Full report with summary table and per-finding sections, suitable for GitHub issues or PR comments.
+
+## Project structure
+
+```
+agentsentry/
+├── agentsentry/
+│   ├── cli.py              # Click CLI entry point
+│   ├── models.py           # Finding, ScanResult dataclasses
+│   ├── db/
+│   │   ├── advisory.py     # Advisory loader and index
+│   │   └── data/           # AGSA-001.yaml … AGSA-015.yaml
+│   ├── scanner/
+│   │   ├── frameworks.py   # requirements.txt / pyproject.toml / package.json
+│   │   ├── mcp.py          # MCP config file scanner
+│   │   ├── osv.py          # Live CVE lookup via OSV.dev API
+│   │   ├── patterns.py     # Python source pattern scanner
+│   │   └── secrets.py      # Hardcoded credential scanner
+│   └── report/
+│       └── formatter.py    # Terminal, Markdown, JSON renderers
+└── pyproject.toml
+```

agentfort-0.1.1/agentfort.egg-info/PKG-INFO

@@ -0,0 +1,154 @@
+Metadata-Version: 2.4
+Name: agentfort
+Version: 0.1.1
+Summary: CVE-style advisory database and static scanner for AI agent security risks
+Author-email: NeuronKnight <dev@neuronknight.com>
+License-Expression: MIT
+Project-URL: Homepage, https://github.com/NeuronKnight/agentfort
+Project-URL: Source, https://github.com/NeuronKnight/agentfort
+Project-URL: Issues, https://github.com/NeuronKnight/agentfort/issues
+Keywords: security,ai,agents,mcp,llm,scanner,langchain,crewai
+Classifier: Development Status :: 3 - Alpha
+Classifier: Intended Audience :: Developers
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.9
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Topic :: Security
+Classifier: Topic :: Software Development :: Quality Assurance
+Requires-Python: >=3.9
+Description-Content-Type: text/markdown
+License-File: LICENSE
+Requires-Dist: click>=8.0
+Requires-Dist: rich>=13.0
+Requires-Dist: pyyaml>=6.0
+Provides-Extra: dev
+Requires-Dist: pytest>=8.0; extra == "dev"
+Dynamic: license-file
+
+# AgentFort
+
+Static security scanner for AI agent codebases. Analyzes repositories and MCP config files against a CVE-style advisory database — no live agent interaction required.
+
+## What it does
+
+- Scans Python repos for dangerous patterns: `eval()`, `exec()`, `shell=True`, hardcoded API keys
+- Parses MCP config files (`claude_desktop_config.json`, `.mcp.json`) for shell execution tools, overly broad filesystem access, and unverified `npx`/`uvx` packages
+- Detects agent framework imports (LangChain, CrewAI, AutoGen, OpenAI, Anthropic, etc.) and cross-references against known vulnerabilities
+- **Queries OSV.dev live** for real CVEs against every detected package — findings stay current without any database updates
+- Produces risk scores, terminal reports, Markdown, and JSON output
+- Exits with code 1 on critical findings — CI pipeline friendly
+
+## Install
+
+```bash
+# From repo root (inside a virtualenv)
+pip install agentfort
+
+# Or dev install from repo
+pip install -e agentsentry/
+```
+
+## Usage
+
+```bash
+# Scan a repo
+agentfort scan --repo /path/to/your/agent-project
+
+# Scan just an MCP config file
+agentfort scan --mcp-config ~/.config/claude/claude_desktop_config.json
+
+# JSON output (clean stdout, progress on stderr)
+agentfort scan --repo . --format json
+
+# Markdown report to file
+agentfort scan --repo . --format md --output report.md
+
+# Only show high and above
+agentfort scan --repo . --min-severity high
+
+# Disable CI exit code
+agentfort scan --repo . --no-fail-on-critical
+
+# Skip OSV live lookup (air-gapped / CI without outbound)
+agentfort scan --repo . --offline
+
+# Browse advisories
+agentfort advisories list
+agentfort advisories list --severity critical
+agentfort advisories show AGSA-001
+```
+
+## Live CVE lookup (OSV.dev)
+
+Every scan queries [OSV.dev](https://osv.dev) in parallel for known CVEs against every package detected in the repo. No database to update — findings reflect OSV's current state on each run.
+
+- Results are capped at 5 CVEs per package (highest severity first) to avoid noise from very old pinned versions
+- Uses GHSA severity labels (`database_specific.severity`) for accurate critical/high/medium/low mapping
+- Falls back silently if the network is unreachable — use `--offline` to skip the lookup entirely
+
+```bash
+# Scan with live CVEs (default)
+agentfort scan --repo .
+
+# Air-gapped / no outbound network
+agentfort scan --repo . --offline
+```
+
+## Advisory database
+
+14 static advisories covering structural/behavioral risks from the [OWASP Agentic Top 10](https://owasp.org/www-project-top-10-for-large-language-model-applications/). Package CVEs are handled live by OSV.dev (see above).
+
+| ID | Severity | Risk |
+|---|---|---|
+| AGSA-001 | Critical | LangChain ShellTool unrestricted shell execution |
+| AGSA-002 | Critical | MCP server exposes shell execution tool |
+| AGSA-003 | Critical | `eval()`/`exec()` in agent tool handler |
+| AGSA-005 | Critical | AutoGen/CrewAI code execution without confirmation |
+| AGSA-004 | High | Hardcoded API key or secret in MCP config |
+| AGSA-006 | High | MCP filesystem server with overly broad path (`/`, `~`) |
+| AGSA-007 | High | `subprocess` with `shell=True` or `os.system()` |
+| AGSA-008 | High | Agent tool writes to arbitrary file paths |
+| AGSA-010 | High | Prompt injection via unvalidated tool output |
+| AGSA-013 | High | OpenAI Assistants `file_search`/`code_interpreter` without scope restriction |
+| AGSA-009 | Medium | MCP server loaded via unverified `npx`/`uvx` package |
+| AGSA-012 | Medium | Secrets exposed via `os.environ` in tool scope |
+| AGSA-014 | Medium | Non-PyPI/non-npm dependency as framework component |
+| AGSA-015 | Medium | System prompt in user-accessible config location |
+
+## Risk score
+
+`0–100`. Each finding adds: critical=40, high=15, medium=5, low=1. Capped at 100.
+
+## Output formats
+
+**Terminal** (default) — Rich panels with color-coded severity table and detail panels for critical/high findings.
+
+**JSON** — Machine-readable. Progress messages go to stderr so stdout is clean for piping:
+```bash
+agentfort scan --repo . --format json 2>/dev/null | jq '.findings[] | select(.severity=="critical")'
+```
+
+**Markdown** — Full report with summary table and per-finding sections, suitable for GitHub issues or PR comments.
+
+## Project structure
+
+```
+agentsentry/
+├── agentsentry/
+│   ├── cli.py              # Click CLI entry point
+│   ├── models.py           # Finding, ScanResult dataclasses
+│   ├── db/
+│   │   ├── advisory.py     # Advisory loader and index
+│   │   └── data/           # AGSA-001.yaml … AGSA-015.yaml
+│   ├── scanner/
+│   │   ├── frameworks.py   # requirements.txt / pyproject.toml / package.json
+│   │   ├── mcp.py          # MCP config file scanner
+│   │   ├── osv.py          # Live CVE lookup via OSV.dev API
+│   │   ├── patterns.py     # Python source pattern scanner
+│   │   └── secrets.py      # Hardcoded credential scanner
+│   └── report/
+│       └── formatter.py    # Terminal, Markdown, JSON renderers
+└── pyproject.toml
+```

agentfort-0.1.1/agentfort.egg-info/SOURCES.txt

@@ -0,0 +1,37 @@
+LICENSE
+README.md
+pyproject.toml
+agentfort.egg-info/PKG-INFO
+agentfort.egg-info/SOURCES.txt
+agentfort.egg-info/dependency_links.txt
+agentfort.egg-info/entry_points.txt
+agentfort.egg-info/requires.txt
+agentfort.egg-info/top_level.txt
+agentsentry/__init__.py
+agentsentry/cli.py
+agentsentry/models.py
+agentsentry/db/__init__.py
+agentsentry/db/advisory.py
+agentsentry/db/data/AGSA-001.yaml
+agentsentry/db/data/AGSA-002.yaml
+agentsentry/db/data/AGSA-003.yaml
+agentsentry/db/data/AGSA-004.yaml
+agentsentry/db/data/AGSA-005.yaml
+agentsentry/db/data/AGSA-006.yaml
+agentsentry/db/data/AGSA-007.yaml
+agentsentry/db/data/AGSA-008.yaml
+agentsentry/db/data/AGSA-009.yaml
+agentsentry/db/data/AGSA-010.yaml
+agentsentry/db/data/AGSA-012.yaml
+agentsentry/db/data/AGSA-013.yaml
+agentsentry/db/data/AGSA-014.yaml
+agentsentry/db/data/AGSA-015.yaml
+agentsentry/report/__init__.py
+agentsentry/report/formatter.py
+agentsentry/scanner/__init__.py
+agentsentry/scanner/frameworks.py
+agentsentry/scanner/mcp.py
+agentsentry/scanner/osv.py
+agentsentry/scanner/patterns.py
+agentsentry/scanner/secrets.py
+tests/test_scanners.py

agentfort-0.1.1/agentfort.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

agentfort-0.1.1/agentfort.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+agentfort = agentsentry.cli:cli

agentfort-0.1.1/agentfort.egg-info/requires.txt

@@ -0,0 +1,6 @@
+click>=8.0
+rich>=13.0
+pyyaml>=6.0
+
+[dev]
+pytest>=8.0

agentfort-0.1.1/agentfort.egg-info/top_level.txt

@@ -0,0 +1 @@
+agentsentry

agentfort-0.1.1/agentsentry/cli.py

@@ -0,0 +1,173 @@
+import sys
+import time
+from pathlib import Path
+
+import click
+from rich.console import Console
+
+from agentsentry.models import ScanResult, SEVERITY_ORDER
+from agentsentry.db.advisory import load_advisories
+from agentsentry.scanner.frameworks import scan_frameworks, detect_packages
+from agentsentry.scanner.mcp import scan_mcp
+from agentsentry.scanner.osv import scan_osv
+from agentsentry.scanner.patterns import scan_patterns
+from agentsentry.scanner.secrets import scan_secrets
+from agentsentry.report.formatter import render_terminal, render_markdown, render_json
+
+console = Console()
+err_console = Console(stderr=True)
+
+
+@click.group()
+@click.version_option("0.1.1", prog_name="agentfort")
+def cli():
+    """AgentFort — static scanner for AI agent security risks."""
+    pass
+
+
+@cli.command()
+@click.option("--repo", type=click.Path(exists=True, file_okay=False, path_type=Path),
+              default=None, help="Path to the repository to scan.")
+@click.option("--mcp-config", type=click.Path(exists=True, dir_okay=False, path_type=Path),
+              default=None, help="Path to a specific MCP config file to scan.")
+@click.option("--format", "fmt", type=click.Choice(["terminal", "md", "json"]), default="terminal",
+              show_default=True, help="Output format.")
+@click.option("--output", "-o", type=click.Path(path_type=Path), default=None,
+              help="Write report to a file instead of stdout.")
+@click.option("--min-severity", type=click.Choice(SEVERITY_ORDER), default="low",
+              show_default=True, help="Only show findings at or above this severity.")
+@click.option("--fail-on-critical/--no-fail-on-critical", default=True, show_default=True,
+              help="Exit with code 1 if any critical findings exist.")
+@click.option("--offline/--no-offline", default=False, show_default=True,
+              help="Skip OSV.dev live CVE lookup (use for air-gapped or CI environments).")
+def scan(repo, mcp_config, fmt, output, min_severity, fail_on_critical, offline):
+    """Scan a repository or MCP config file for AI agent security risks."""
+
+    if not repo and not mcp_config:
+        # Default to current directory
+        repo = Path(".")
+
+    start = time.monotonic()
+    advisories = load_advisories()
+    findings = []
+
+    if repo:
+        err_console.print(f"[dim]Scanning repository: {repo.resolve()}[/dim]")
+        findings.extend(scan_frameworks(repo, advisories))
+        findings.extend(scan_mcp(repo_path=repo))
+        findings.extend(scan_patterns(repo, advisories))
+        findings.extend(scan_secrets(repo))
+        if not offline:
+            err_console.print("[dim]Querying OSV.dev for live CVEs...[/dim]")
+            packages = detect_packages(repo)
+            findings.extend(scan_osv(packages))
+
+    if mcp_config:
+        err_console.print(f"[dim]Scanning MCP config: {mcp_config.resolve()}[/dim]")
+        findings.extend(scan_mcp(config_path=mcp_config))
+
+    elapsed = time.monotonic() - start
+    result = ScanResult(
+        findings=findings,
+        scanned_path=repo or mcp_config,
+        scan_duration_seconds=elapsed,
+    )
+
+    if min_severity != "low":
+        result = result.filter_min_severity(min_severity)
+
+    if fmt == "terminal":
+        if output:
+            # Write terminal-stripped output to file
+            from rich.console import Console as RichConsole
+            file_console = RichConsole(file=open(output, "w"), highlight=False)
+            render_terminal(result)
+        else:
+            render_terminal(result)
+        report_str = None
+    elif fmt == "md":
+        report_str = render_markdown(result)
+    else:
+        report_str = render_json(result)
+
+    if report_str is not None:
+        if output:
+            output.write_text(report_str)
+            console.print(f"[green]Report written to {output}[/green]")
+        else:
+            click.echo(report_str)
+
+    if fail_on_critical and any(f.severity == "critical" for f in result.findings):
+        sys.exit(1)
+
+
+@cli.group()
+def advisories():
+    """Manage and browse the advisory database."""
+    pass
+
+
+@advisories.command("list")
+@click.option("--severity", type=click.Choice(SEVERITY_ORDER + ["all"]), default="all",
+              help="Filter by severity.")
+def advisories_list(severity):
+    """List all advisories in the database."""
+    from rich.table import Table
+    from rich import box
+
+    adv_list = load_advisories()
+    if severity != "all":
+        adv_list = [a for a in adv_list if a.severity == severity]
+
+    table = Table(box=box.ROUNDED, expand=True)
+    table.add_column("ID", style="bold cyan", width=12)
+    table.add_column("Severity", width=10)
+    table.add_column("Frameworks", width=20)
+    table.add_column("Title")
+
+    from agentsentry.report.formatter import SEVERITY_COLORS, SEVERITY_EMOJI
+    from rich.text import Text
+
+    for adv in sorted(adv_list, key=lambda a: (SEVERITY_ORDER.index(a.severity), a.id)):
+        sev_text = Text(
+            f"{SEVERITY_EMOJI.get(adv.severity, '')} {adv.severity.upper()}",
+            style=SEVERITY_COLORS.get(adv.severity, "white"),
+        )
+        frameworks = ", ".join(adv.frameworks[:3]) + ("..." if len(adv.frameworks) > 3 else "")
+        table.add_row(adv.id, sev_text, frameworks, adv.title)
+
+    console.print(table)
+    console.print(f"\n[dim]{len(adv_list)} advisories[/dim]")
+
+
+@advisories.command("show")
+@click.argument("advisory_id")
+def advisories_show(advisory_id):
+    """Show full detail for an advisory by ID."""
+    from rich.panel import Panel
+    from rich.markdown import Markdown
+
+    adv_list = load_advisories()
+    adv = next((a for a in adv_list if a.id.upper() == advisory_id.upper()), None)
+    if not adv:
+        console.print(f"[red]Advisory {advisory_id} not found.[/red]")
+        sys.exit(1)
+
+    from agentsentry.report.formatter import SEVERITY_COLORS, SEVERITY_EMOJI
+    color = SEVERITY_COLORS.get(adv.severity, "white")
+
+    content = (
+        f"**Severity:** {adv.severity.upper()}\n"
+        f"**Frameworks:** {', '.join(adv.frameworks)}\n"
+        f"**Attack Types:** {', '.join(adv.attack_types)}\n\n"
+        f"**Description:**\n{adv.description}\n\n"
+        f"**Mitigation:**\n{adv.mitigation}\n\n"
+        f"**References:**\n" + "\n".join(f"- {r}" for r in adv.references)
+    )
+
+    console.print(Panel(
+        Markdown(content),
+        title=f"[{color}]{SEVERITY_EMOJI.get(adv.severity, '')} {adv.id}: {adv.title}[/{color}]",
+        border_style=color.replace("bold ", ""),
+        padding=(1, 2),
+    ))