agentsec-cli 0.1.0__tar.gz → 1.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. agentsec_cli-1.0.0/CHANGELOG.md +30 -0
  2. agentsec_cli-1.0.0/CODE_OF_CONDUCT.md +133 -0
  3. agentsec_cli-1.0.0/CONTRIBUTING.md +177 -0
  4. agentsec_cli-1.0.0/MANIFEST.in +8 -0
  5. agentsec_cli-1.0.0/PKG-INFO +399 -0
  6. agentsec_cli-1.0.0/README.md +371 -0
  7. agentsec_cli-1.0.0/SECURITY.md +65 -0
  8. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/__init__.py +1 -1
  9. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/cli.py +23 -10
  10. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/parsers/toml_parser.py +2 -2
  11. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/sarif.py +1 -1
  12. agentsec_cli-1.0.0/agentsec/utils/__init__.py +0 -0
  13. agentsec_cli-1.0.0/agentsec/utils/toml_compat.py +27 -0
  14. agentsec_cli-1.0.0/agentsec_cli.egg-info/PKG-INFO +399 -0
  15. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec_cli.egg-info/SOURCES.txt +8 -0
  16. agentsec_cli-1.0.0/agentsec_cli.egg-info/requires.txt +9 -0
  17. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/pyproject.toml +15 -8
  18. agentsec_cli-1.0.0/tests/test_compat.py +52 -0
  19. agentsec_cli-0.1.0/PKG-INFO +0 -161
  20. agentsec_cli-0.1.0/README.md +0 -138
  21. agentsec_cli-0.1.0/agentsec_cli.egg-info/PKG-INFO +0 -161
  22. agentsec_cli-0.1.0/agentsec_cli.egg-info/requires.txt +0 -6
  23. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/LICENSE +0 -0
  24. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/baseline.py +0 -0
  25. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/owasp.py +0 -0
  26. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/parsers/__init__.py +0 -0
  27. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/parsers/core.py +0 -0
  28. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/parsers/json_parser.py +0 -0
  29. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/parsers/yaml_parser.py +0 -0
  30. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/report.py +0 -0
  31. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/rules/__init__.py +0 -0
  32. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/rules/additional.py +0 -0
  33. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/rules/base.py +0 -0
  34. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec/scanner.py +0 -0
  35. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec_cli.egg-info/dependency_links.txt +0 -0
  36. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec_cli.egg-info/entry_points.txt +0 -0
  37. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/agentsec_cli.egg-info/top_level.txt +0 -0
  38. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/setup.cfg +0 -0
  39. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/tests/test_baseline.py +0 -0
  40. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/tests/test_owasp.py +0 -0
  41. {agentsec_cli-0.1.0 → agentsec_cli-1.0.0}/tests/test_scanner.py +0 -0
@@ -0,0 +1,30 @@
1
+ # CHANGELOG
2
+
3
+ All notable changes to AgentSec will be documented in this file.
4
+
5
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
+
8
+ ## [1.0.0] - 2026-07-02
9
+
10
+ ### Added
11
+
12
+ - Initial public release.
13
+ - 41 security rules for MCP, Cursor, Claude Desktop, Codex, Cline, and Continue configurations.
14
+ - CLI interface with `scan` command.
15
+ - Output formats: terminal, JSON, SARIF, Markdown.
16
+ - OWASP Top 10 for LLM Applications (LLM01–LLM10) mapping on every rule.
17
+ - OWASP Agentic Security Top 10 (AG01–AG10) mapping on applicable rules.
18
+ - CI/CD gating with `--fail-on critical|high|medium|low`.
19
+ - Baseline/lockfile support with `--baseline` and `--update-baseline`.
20
+ - SARIF v2.1.0 output for GitHub CodeQL integration.
21
+ - Support for JSON, YAML, TOML, Markdown config files.
22
+ - Automatic detection of MCP server manifests, Claude Desktop configs, Cursor rules, Codex configs, Cline configs, and agent instruction files.
23
+ - MkDocs documentation (installation, usage, rules reference, OWASP mapping, FAQ, CI/CD).
24
+ - Landing page at https://locface.github.io/AgentSec/.
25
+ - PyPI package `agentsec-cli`.
26
+
27
+ ### Security
28
+
29
+ - Every security rule is mapped to industry-standard OWASP frameworks.
30
+ - No LLM dependencies — purely static analysis, zero data leakage.
@@ -0,0 +1,133 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ We as members, contributors, and leaders pledge to make participation in our
6
+ community a harassment-free experience for everyone, regardless of age, body
7
+ size, visible or invisible disability, ethnicity, sex characteristics, gender
8
+ identity and expression, level of experience, education, socio-economic status,
9
+ nationality, personal appearance, race, caste, color, religion, or sexual
10
+ identity and orientation.
11
+
12
+ We pledge to act and interact in ways that contribute to an open, welcoming,
13
+ diverse, inclusive, and healthy community.
14
+
15
+ ## Our Standards
16
+
17
+ Examples of behavior that contributes to a positive environment for our
18
+ community include:
19
+
20
+ * Demonstrating empathy and kindness toward other people
21
+ * Being respectful of differing opinions, viewpoints, and experiences
22
+ * Giving and gracefully accepting constructive feedback
23
+ * Accepting responsibility and apologizing to those affected by our mistakes,
24
+ and learning from the experience
25
+ * Focusing on what is best not just for us as individuals, but for the overall
26
+ community
27
+
28
+ Examples of unacceptable behavior include:
29
+
30
+ * The use of sexualized language or imagery, and sexual attention or advances of
31
+ any kind
32
+ * Trolling, insulting or derogatory comments, and personal or political attacks
33
+ * Public or private harassment
34
+ * Publishing others' private information, such as a physical or email address,
35
+ without their explicit permission
36
+ * Other conduct which could reasonably be considered inappropriate in a
37
+ professional setting
38
+
39
+ ## Enforcement Responsibilities
40
+
41
+ Community leaders are responsible for clarifying and enforcing our standards of
42
+ acceptable behavior and will take appropriate and fair corrective action in
43
+ response to any behavior that they deem inappropriate, threatening, offensive,
44
+ or harmful.
45
+
46
+ Community leaders have the right and responsibility to remove, edit, or reject
47
+ comments, commits, code, wiki edits, issues, and other contributions that are
48
+ not aligned to this Code of Conduct, and will communicate reasons for moderation
49
+ decisions when appropriate.
50
+
51
+ ## Scope
52
+
53
+ This Code of Conduct applies within all community spaces, and also applies when
54
+ an individual is officially representing the community in public spaces.
55
+ Examples of representing our community include using an official email address,
56
+ posting via an official social media account, or acting as an appointed
57
+ representative at an online or offline event.
58
+
59
+ ## Enforcement
60
+
61
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
62
+ reported to the community leaders responsible for enforcement at
63
+ locface (via GitHub Issues).
64
+
65
+ All complaints will be reviewed and investigated promptly and fairly.
66
+
67
+ All community leaders are obligated to respect the privacy and security of the
68
+ reporter of any incident.
69
+
70
+ ## Enforcement Guidelines
71
+
72
+ Community leaders will follow these Community Impact Guidelines in determining
73
+ the consequences for any action they deem in violation of this Code of Conduct:
74
+
75
+ ### 1. Correction
76
+
77
+ **Community Impact**: Use of inappropriate language or other behavior deemed
78
+ unprofessional or unwelcome in the community.
79
+
80
+ **Consequence**: A private, written warning from community leaders, providing
81
+ clarity around the nature of the violation and an explanation of why the
82
+ behavior was inappropriate. A public apology may be requested.
83
+
84
+ ### 2. Warning
85
+
86
+ **Community Impact**: A violation through a single incident or series of
87
+ actions.
88
+
89
+ **Consequence**: A warning with consequences for continued behavior. No
90
+ interaction with the people involved, including unsolicited interaction with
91
+ those enforcing the Code of Conduct, for a specified period of time. This
92
+ includes avoiding interactions in community spaces as well as external channels
93
+ like social media. Violating these terms may lead to a temporary or permanent
94
+ ban.
95
+
96
+ ### 3. Temporary Ban
97
+
98
+ **Community Impact**: A serious violation of community standards, including
99
+ sustained inappropriate behavior.
100
+
101
+ **Consequence**: A temporary ban from any sort of interaction or public
102
+ communication with the community for a specified period of time. No public or
103
+ private interaction with the people involved, including unsolicited interaction
104
+ with those enforcing the Code of Conduct, is allowed during this period.
105
+ Violating these terms may lead to a permanent ban.
106
+
107
+ ### 4. Permanent Ban
108
+
109
+ **Community Impact**: Demonstrating a pattern of violation of community
110
+ standards, including sustained inappropriate behavior, harassment of an
111
+ individual, or aggression toward or disparagement of classes of individuals.
112
+
113
+ **Consequence**: A permanent ban from any sort of public interaction within the
114
+ community.
115
+
116
+ ## Attribution
117
+
118
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage],
119
+ version 2.1, available at
120
+ [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
121
+
122
+ Community Impact Guidelines were inspired by
123
+ [Mozilla's code of conduct enforcement ladder][Mozilla CoC].
124
+
125
+ For answers to common questions about this code of conduct, see the FAQ at
126
+ [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
127
+ [https://www.contributor-covenant.org/translations][translations].
128
+
129
+ [homepage]: https://www.contributor-covenant.org
130
+ [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
131
+ [Mozilla CoC]: https://github.com/mozilla/diversity
132
+ [FAQ]: https://www.contributor-covenant.org/faq
133
+ [translations]: https://www.contributor-covenant.org/translations
@@ -0,0 +1,177 @@
1
+ # Contributing to AgentSec
2
+
3
+ Thank you for considering contributing to AgentSec. This document outlines the process for contributing code, reporting issues, and improving documentation.
4
+
5
+ ## Table of Contents
6
+
7
+ - [Development Setup](#development-setup)
8
+ - [Running Tests](#running-tests)
9
+ - [Code Style](#code-style)
10
+ - [Commit Style](#commit-style)
11
+ - [Branch Naming](#branch-naming)
12
+ - [Pull Request Workflow](#pull-request-workflow)
13
+ - [Reporting Issues](#reporting-issues)
14
+ - [Review Process](#review-process)
15
+
16
+ ## Development Setup
17
+
18
+ ### Prerequisites
19
+
20
+ - Python 3.10 or later
21
+ - git
22
+
23
+ ### Setup
24
+
25
+ ```bash
26
+ # Clone the repository
27
+ git clone https://github.com/locface/AgentSec.git
28
+ cd AgentSec
29
+
30
+ # Create a virtual environment
31
+ python3 -m venv .venv
32
+ source .venv/bin/activate
33
+
34
+ # Install in development mode
35
+ pip install -e .[dev]
36
+
37
+ # Verify installation
38
+ agentsec --help
39
+ ```
40
+
41
+ ## Running Tests
42
+
43
+ ```bash
44
+ # Run all tests
45
+ pytest
46
+
47
+ # Run with verbose output
48
+ pytest -v
49
+
50
+ # Run a specific test file
51
+ pytest tests/test_baseline.py
52
+
53
+ # Run tests with coverage
54
+ pip install pytest-cov
55
+ pytest --cov=agentsec
56
+ ```
57
+
58
+ Tests are located in the `tests/` directory. Each test file follows the `test_*.py` naming convention.
59
+
60
+ ### Writing Tests
61
+
62
+ - Place test files in `tests/`
63
+ - Name test files `test_<module>.py`
64
+ - Use descriptive test function names
65
+ - Use fixtures for sample configs (see `tests/fixtures/`)
66
+ - Test each rule independently
67
+ - Prefer behavioral assertions over snapshot comparisons
68
+
69
+ ## Code Style
70
+
71
+ - Follow [PEP 8](https://peps.python.org/pep-0008/) for Python code.
72
+ - Use type hints for all function signatures.
73
+ - Maximum line length: 100 characters.
74
+ - Use descriptive variable names — avoid single-letter names except in comprehensions.
75
+ - Prefer `pathlib.Path` over `os.path`.
76
+ - Use `pathlib.Path` for file operations.
77
+ - Keep functions focused and small.
78
+
79
+ ## Commit Style
80
+
81
+ We follow [Conventional Commits](https://www.conventionalcommits.org/):
82
+
83
+ ```
84
+ <type>: <description>
85
+
86
+ [optional body]
87
+ ```
88
+
89
+ Types:
90
+
91
+ - `feat:` — new feature
92
+ - `fix:` — bug fix
93
+ - `docs:` — documentation only
94
+ - `style:` — formatting, missing semicolons, etc.
95
+ - `refactor:` — code change that neither fixes a bug nor adds a feature
96
+ - `test:` — adding or modifying tests
97
+ - `chore:` — build process, dependencies, etc.
98
+ - `perf:` — performance improvement
99
+ - `ci:` — CI configuration
100
+ - `security:` — security fixes
101
+
102
+ Examples:
103
+
104
+ ```
105
+ feat: add --fail-on flag for CI gating
106
+ fix: handle missing server field in json output
107
+ docs: add SARIF integration example
108
+ ```
109
+
110
+ ## Branch Naming
111
+
112
+ - `feat/<short-description>` — new features
113
+ - `fix/<short-description>` — bug fixes
114
+ - `docs/<short-description>` — documentation
115
+ - `chore/<short-description>` — maintenance
116
+
117
+ Use hyphens to separate words. Keep names short but descriptive.
118
+
119
+ ## Pull Request Workflow
120
+
121
+ 1. Fork the repository.
122
+ 2. Create a branch from `main`.
123
+ 3. Make your changes.
124
+ 4. Run tests: `pytest`.
125
+ 5. Ensure your code follows the style guide.
126
+ 6. Commit using conventional commit format.
127
+ 7. Push your branch and open a pull request.
128
+ 8. In the PR description, explain what the change does and why.
129
+ 9. Ensure CI passes.
130
+ 10. Request review from a maintainer.
131
+
132
+ ### Pull Request Checklist
133
+
134
+ - [ ] Tests pass (`pytest`)
135
+ - [ ] New tests added for new functionality
136
+ - [ ] Code follows project style
137
+ - [ ] Documentation updated (if applicable)
138
+ - [ ] CHANGELOG entry added (if applicable)
139
+ - [ ] Commits follow conventional commit format
140
+ - [ ] Branch is up-to-date with `main`
141
+
142
+ ## Reporting Issues
143
+
144
+ ### Bug Reports
145
+
146
+ When filing a bug report, include:
147
+
148
+ - AgentSec version (`agentsec --version` or `pip show agentsec-cli`)
149
+ - Python version
150
+ - Operating system
151
+ - Steps to reproduce
152
+ - Expected behavior
153
+ - Actual behavior
154
+ - Sample input (if possible, sanitize sensitive data)
155
+
156
+ ### Feature Requests
157
+
158
+ When requesting a feature, describe:
159
+
160
+ - What you want to do
161
+ - Why existing functionality doesn't cover it
162
+ - How you envision the feature working (API, flags, etc.)
163
+
164
+ ### Security Issues
165
+
166
+ For security vulnerabilities, **do not** file a public issue. Instead, follow the process in [SECURITY.md](./SECURITY.md).
167
+
168
+ ## Review Process
169
+
170
+ 1. A maintainer will review your PR within a few days.
171
+ 2. Address any feedback with additional commits.
172
+ 3. Once approved, a maintainer will merge your PR.
173
+ 4. The change will be included in the next release.
174
+
175
+ ## Questions?
176
+
177
+ If you have questions, open a [Discussion](https://github.com/locface/AgentSec/discussions) or reach out via the issue tracker.
@@ -0,0 +1,8 @@
1
+ include README.md
2
+ include LICENSE
3
+ include CHANGELOG.md
4
+ include SECURITY.md
5
+ include CONTRIBUTING.md
6
+ include CODE_OF_CONDUCT.md
7
+ include pyproject.toml
8
+ recursive-include agentsec *.py