agentsec-cli 0.1.0__tar.gz → 1.0.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. agentsec_cli-1.0.1/CHANGELOG.md +30 -0
  2. agentsec_cli-1.0.1/CODE_OF_CONDUCT.md +133 -0
  3. agentsec_cli-1.0.1/CONTRIBUTING.md +177 -0
  4. agentsec_cli-1.0.1/MANIFEST.in +8 -0
  5. agentsec_cli-1.0.1/PKG-INFO +137 -0
  6. agentsec_cli-1.0.1/README.md +109 -0
  7. agentsec_cli-1.0.1/SECURITY.md +65 -0
  8. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/__init__.py +1 -1
  9. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/cli.py +23 -10
  10. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/parsers/toml_parser.py +2 -2
  11. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/sarif.py +1 -1
  12. agentsec_cli-1.0.1/agentsec/utils/__init__.py +0 -0
  13. agentsec_cli-1.0.1/agentsec/utils/toml_compat.py +27 -0
  14. agentsec_cli-1.0.1/agentsec_cli.egg-info/PKG-INFO +137 -0
  15. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec_cli.egg-info/SOURCES.txt +8 -0
  16. agentsec_cli-1.0.1/agentsec_cli.egg-info/requires.txt +9 -0
  17. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/pyproject.toml +15 -8
  18. agentsec_cli-1.0.1/tests/test_compat.py +52 -0
  19. agentsec_cli-0.1.0/PKG-INFO +0 -161
  20. agentsec_cli-0.1.0/README.md +0 -138
  21. agentsec_cli-0.1.0/agentsec_cli.egg-info/PKG-INFO +0 -161
  22. agentsec_cli-0.1.0/agentsec_cli.egg-info/requires.txt +0 -6
  23. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/LICENSE +0 -0
  24. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/baseline.py +0 -0
  25. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/owasp.py +0 -0
  26. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/parsers/__init__.py +0 -0
  27. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/parsers/core.py +0 -0
  28. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/parsers/json_parser.py +0 -0
  29. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/parsers/yaml_parser.py +0 -0
  30. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/report.py +0 -0
  31. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/rules/__init__.py +0 -0
  32. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/rules/additional.py +0 -0
  33. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/rules/base.py +0 -0
  34. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec/scanner.py +0 -0
  35. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec_cli.egg-info/dependency_links.txt +0 -0
  36. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec_cli.egg-info/entry_points.txt +0 -0
  37. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/agentsec_cli.egg-info/top_level.txt +0 -0
  38. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/setup.cfg +0 -0
  39. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/tests/test_baseline.py +0 -0
  40. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/tests/test_owasp.py +0 -0
  41. {agentsec_cli-0.1.0 → agentsec_cli-1.0.1}/tests/test_scanner.py +0 -0
@@ -0,0 +1,30 @@
1
+ # CHANGELOG
2
+
3
+ All notable changes to AgentSec will be documented in this file.
4
+
5
+ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
6
+ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
7
+
8
+ ## [1.0.0] - 2026-07-02
9
+
10
+ ### Added
11
+
12
+ - Initial public release.
13
+ - 41 security rules for MCP, Cursor, Claude Desktop, Codex, Cline, and Continue configurations.
14
+ - CLI interface with `scan` command.
15
+ - Output formats: terminal, JSON, SARIF, Markdown.
16
+ - OWASP Top 10 for LLM Applications (LLM01–LLM10) mapping on every rule.
17
+ - OWASP Agentic Security Top 10 (AG01–AG10) mapping on applicable rules.
18
+ - CI/CD gating with `--fail-on critical|high|medium|low`.
19
+ - Baseline/lockfile support with `--baseline` and `--update-baseline`.
20
+ - SARIF v2.1.0 output for GitHub CodeQL integration.
21
+ - Support for JSON, YAML, TOML, Markdown config files.
22
+ - Automatic detection of MCP server manifests, Claude Desktop configs, Cursor rules, Codex configs, Cline configs, and agent instruction files.
23
+ - MkDocs documentation (installation, usage, rules reference, OWASP mapping, FAQ, CI/CD).
24
+ - Landing page at https://locface.github.io/AgentSec/.
25
+ - PyPI package `agentsec-cli`.
26
+
27
+ ### Security
28
+
29
+ - Every security rule is mapped to industry-standard OWASP frameworks.
30
+ - No LLM dependencies — purely static analysis, zero data leakage.
@@ -0,0 +1,133 @@
1
+ # Contributor Covenant Code of Conduct
2
+
3
+ ## Our Pledge
4
+
5
+ We as members, contributors, and leaders pledge to make participation in our
6
+ community a harassment-free experience for everyone, regardless of age, body
7
+ size, visible or invisible disability, ethnicity, sex characteristics, gender
8
+ identity and expression, level of experience, education, socio-economic status,
9
+ nationality, personal appearance, race, caste, color, religion, or sexual
10
+ identity and orientation.
11
+
12
+ We pledge to act and interact in ways that contribute to an open, welcoming,
13
+ diverse, inclusive, and healthy community.
14
+
15
+ ## Our Standards
16
+
17
+ Examples of behavior that contributes to a positive environment for our
18
+ community include:
19
+
20
+ * Demonstrating empathy and kindness toward other people
21
+ * Being respectful of differing opinions, viewpoints, and experiences
22
+ * Giving and gracefully accepting constructive feedback
23
+ * Accepting responsibility and apologizing to those affected by our mistakes,
24
+ and learning from the experience
25
+ * Focusing on what is best not just for us as individuals, but for the overall
26
+ community
27
+
28
+ Examples of unacceptable behavior include:
29
+
30
+ * The use of sexualized language or imagery, and sexual attention or advances of
31
+ any kind
32
+ * Trolling, insulting or derogatory comments, and personal or political attacks
33
+ * Public or private harassment
34
+ * Publishing others' private information, such as a physical or email address,
35
+ without their explicit permission
36
+ * Other conduct which could reasonably be considered inappropriate in a
37
+ professional setting
38
+
39
+ ## Enforcement Responsibilities
40
+
41
+ Community leaders are responsible for clarifying and enforcing our standards of
42
+ acceptable behavior and will take appropriate and fair corrective action in
43
+ response to any behavior that they deem inappropriate, threatening, offensive,
44
+ or harmful.
45
+
46
+ Community leaders have the right and responsibility to remove, edit, or reject
47
+ comments, commits, code, wiki edits, issues, and other contributions that are
48
+ not aligned to this Code of Conduct, and will communicate reasons for moderation
49
+ decisions when appropriate.
50
+
51
+ ## Scope
52
+
53
+ This Code of Conduct applies within all community spaces, and also applies when
54
+ an individual is officially representing the community in public spaces.
55
+ Examples of representing our community include using an official email address,
56
+ posting via an official social media account, or acting as an appointed
57
+ representative at an online or offline event.
58
+
59
+ ## Enforcement
60
+
61
+ Instances of abusive, harassing, or otherwise unacceptable behavior may be
62
+ reported to the community leaders responsible for enforcement at
63
+ locface (via GitHub Issues).
64
+
65
+ All complaints will be reviewed and investigated promptly and fairly.
66
+
67
+ All community leaders are obligated to respect the privacy and security of the
68
+ reporter of any incident.
69
+
70
+ ## Enforcement Guidelines
71
+
72
+ Community leaders will follow these Community Impact Guidelines in determining
73
+ the consequences for any action they deem in violation of this Code of Conduct:
74
+
75
+ ### 1. Correction
76
+
77
+ **Community Impact**: Use of inappropriate language or other behavior deemed
78
+ unprofessional or unwelcome in the community.
79
+
80
+ **Consequence**: A private, written warning from community leaders, providing
81
+ clarity around the nature of the violation and an explanation of why the
82
+ behavior was inappropriate. A public apology may be requested.
83
+
84
+ ### 2. Warning
85
+
86
+ **Community Impact**: A violation through a single incident or series of
87
+ actions.
88
+
89
+ **Consequence**: A warning with consequences for continued behavior. No
90
+ interaction with the people involved, including unsolicited interaction with
91
+ those enforcing the Code of Conduct, for a specified period of time. This
92
+ includes avoiding interactions in community spaces as well as external channels
93
+ like social media. Violating these terms may lead to a temporary or permanent
94
+ ban.
95
+
96
+ ### 3. Temporary Ban
97
+
98
+ **Community Impact**: A serious violation of community standards, including
99
+ sustained inappropriate behavior.
100
+
101
+ **Consequence**: A temporary ban from any sort of interaction or public
102
+ communication with the community for a specified period of time. No public or
103
+ private interaction with the people involved, including unsolicited interaction
104
+ with those enforcing the Code of Conduct, is allowed during this period.
105
+ Violating these terms may lead to a permanent ban.
106
+
107
+ ### 4. Permanent Ban
108
+
109
+ **Community Impact**: Demonstrating a pattern of violation of community
110
+ standards, including sustained inappropriate behavior, harassment of an
111
+ individual, or aggression toward or disparagement of classes of individuals.
112
+
113
+ **Consequence**: A permanent ban from any sort of public interaction within the
114
+ community.
115
+
116
+ ## Attribution
117
+
118
+ This Code of Conduct is adapted from the [Contributor Covenant][homepage],
119
+ version 2.1, available at
120
+ [https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1].
121
+
122
+ Community Impact Guidelines were inspired by
123
+ [Mozilla's code of conduct enforcement ladder][Mozilla CoC].
124
+
125
+ For answers to common questions about this code of conduct, see the FAQ at
126
+ [https://www.contributor-covenant.org/faq][FAQ]. Translations are available at
127
+ [https://www.contributor-covenant.org/translations][translations].
128
+
129
+ [homepage]: https://www.contributor-covenant.org
130
+ [v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html
131
+ [Mozilla CoC]: https://github.com/mozilla/diversity
132
+ [FAQ]: https://www.contributor-covenant.org/faq
133
+ [translations]: https://www.contributor-covenant.org/translations
@@ -0,0 +1,177 @@
1
+ # Contributing to AgentSec
2
+
3
+ Thank you for considering contributing to AgentSec. This document outlines the process for contributing code, reporting issues, and improving documentation.
4
+
5
+ ## Table of Contents
6
+
7
+ - [Development Setup](#development-setup)
8
+ - [Running Tests](#running-tests)
9
+ - [Code Style](#code-style)
10
+ - [Commit Style](#commit-style)
11
+ - [Branch Naming](#branch-naming)
12
+ - [Pull Request Workflow](#pull-request-workflow)
13
+ - [Reporting Issues](#reporting-issues)
14
+ - [Review Process](#review-process)
15
+
16
+ ## Development Setup
17
+
18
+ ### Prerequisites
19
+
20
+ - Python 3.10 or later
21
+ - git
22
+
23
+ ### Setup
24
+
25
+ ```bash
26
+ # Clone the repository
27
+ git clone https://github.com/locface/AgentSec.git
28
+ cd AgentSec
29
+
30
+ # Create a virtual environment
31
+ python3 -m venv .venv
32
+ source .venv/bin/activate
33
+
34
+ # Install in development mode
35
+ pip install -e .[dev]
36
+
37
+ # Verify installation
38
+ agentsec --help
39
+ ```
40
+
41
+ ## Running Tests
42
+
43
+ ```bash
44
+ # Run all tests
45
+ pytest
46
+
47
+ # Run with verbose output
48
+ pytest -v
49
+
50
+ # Run a specific test file
51
+ pytest tests/test_baseline.py
52
+
53
+ # Run tests with coverage
54
+ pip install pytest-cov
55
+ pytest --cov=agentsec
56
+ ```
57
+
58
+ Tests are located in the `tests/` directory. Each test file follows the `test_*.py` naming convention.
59
+
60
+ ### Writing Tests
61
+
62
+ - Place test files in `tests/`
63
+ - Name test files `test_<module>.py`
64
+ - Use descriptive test function names
65
+ - Use fixtures for sample configs (see `tests/fixtures/`)
66
+ - Test each rule independently
67
+ - Prefer behavioral assertions over snapshot comparisons
68
+
69
+ ## Code Style
70
+
71
+ - Follow [PEP 8](https://peps.python.org/pep-0008/) for Python code.
72
+ - Use type hints for all function signatures.
73
+ - Maximum line length: 100 characters.
74
+ - Use descriptive variable names — avoid single-letter names except in comprehensions.
75
+ - Prefer `pathlib.Path` over `os.path`.
76
+ - Use `pathlib.Path` for file operations.
77
+ - Keep functions focused and small.
78
+
79
+ ## Commit Style
80
+
81
+ We follow [Conventional Commits](https://www.conventionalcommits.org/):
82
+
83
+ ```
84
+ <type>: <description>
85
+
86
+ [optional body]
87
+ ```
88
+
89
+ Types:
90
+
91
+ - `feat:` — new feature
92
+ - `fix:` — bug fix
93
+ - `docs:` — documentation only
94
+ - `style:` — formatting, missing semicolons, etc.
95
+ - `refactor:` — code change that neither fixes a bug nor adds a feature
96
+ - `test:` — adding or modifying tests
97
+ - `chore:` — build process, dependencies, etc.
98
+ - `perf:` — performance improvement
99
+ - `ci:` — CI configuration
100
+ - `security:` — security fixes
101
+
102
+ Examples:
103
+
104
+ ```
105
+ feat: add --fail-on flag for CI gating
106
+ fix: handle missing server field in json output
107
+ docs: add SARIF integration example
108
+ ```
109
+
110
+ ## Branch Naming
111
+
112
+ - `feat/<short-description>` — new features
113
+ - `fix/<short-description>` — bug fixes
114
+ - `docs/<short-description>` — documentation
115
+ - `chore/<short-description>` — maintenance
116
+
117
+ Use hyphens to separate words. Keep names short but descriptive.
118
+
119
+ ## Pull Request Workflow
120
+
121
+ 1. Fork the repository.
122
+ 2. Create a branch from `main`.
123
+ 3. Make your changes.
124
+ 4. Run tests: `pytest`.
125
+ 5. Ensure your code follows the style guide.
126
+ 6. Commit using conventional commit format.
127
+ 7. Push your branch and open a pull request.
128
+ 8. In the PR description, explain what the change does and why.
129
+ 9. Ensure CI passes.
130
+ 10. Request review from a maintainer.
131
+
132
+ ### Pull Request Checklist
133
+
134
+ - [ ] Tests pass (`pytest`)
135
+ - [ ] New tests added for new functionality
136
+ - [ ] Code follows project style
137
+ - [ ] Documentation updated (if applicable)
138
+ - [ ] CHANGELOG entry added (if applicable)
139
+ - [ ] Commits follow conventional commit format
140
+ - [ ] Branch is up-to-date with `main`
141
+
142
+ ## Reporting Issues
143
+
144
+ ### Bug Reports
145
+
146
+ When filing a bug report, include:
147
+
148
+ - AgentSec version (`agentsec --version` or `pip show agentsec-cli`)
149
+ - Python version
150
+ - Operating system
151
+ - Steps to reproduce
152
+ - Expected behavior
153
+ - Actual behavior
154
+ - Sample input (if possible, sanitize sensitive data)
155
+
156
+ ### Feature Requests
157
+
158
+ When requesting a feature, describe:
159
+
160
+ - What you want to do
161
+ - Why existing functionality doesn't cover it
162
+ - How you envision the feature working (API, flags, etc.)
163
+
164
+ ### Security Issues
165
+
166
+ For security vulnerabilities, **do not** file a public issue. Instead, follow the process in [SECURITY.md](./SECURITY.md).
167
+
168
+ ## Review Process
169
+
170
+ 1. A maintainer will review your PR within a few days.
171
+ 2. Address any feedback with additional commits.
172
+ 3. Once approved, a maintainer will merge your PR.
173
+ 4. The change will be included in the next release.
174
+
175
+ ## Questions?
176
+
177
+ If you have questions, open a [Discussion](https://github.com/locface/AgentSec/discussions) or reach out via the issue tracker.
@@ -0,0 +1,8 @@
1
+ include README.md
2
+ include LICENSE
3
+ include CHANGELOG.md
4
+ include SECURITY.md
5
+ include CONTRIBUTING.md
6
+ include CODE_OF_CONDUCT.md
7
+ include pyproject.toml
8
+ recursive-include agentsec *.py
@@ -0,0 +1,137 @@
1
+ Metadata-Version: 2.4
2
+ Name: agentsec-cli
3
+ Version: 1.0.1
4
+ Summary: Static security scanner for AI coding agents and MCP configurations
5
+ Author: locface
6
+ License-Expression: MIT
7
+ Project-URL: homepage, https://locface.github.io/AgentSec/
8
+ Project-URL: repository, https://github.com/locface/AgentSec
9
+ Project-URL: documentation, https://locface.github.io/AgentSec/docs/
10
+ Project-URL: changelog, https://github.com/locface/AgentSec/blob/main/CHANGELOG.md
11
+ Classifier: Development Status :: 5 - Production/Stable
12
+ Classifier: Intended Audience :: Developers
13
+ Classifier: Programming Language :: Python :: 3
14
+ Classifier: Programming Language :: Python :: 3.10
15
+ Classifier: Programming Language :: Python :: 3.11
16
+ Classifier: Programming Language :: Python :: 3.12
17
+ Classifier: Programming Language :: Python :: 3.13
18
+ Requires-Python: >=3.10
19
+ Description-Content-Type: text/markdown
20
+ License-File: LICENSE
21
+ Requires-Dist: click<9,>=8.0.0
22
+ Requires-Dist: pyyaml<7,>=6.0
23
+ Requires-Dist: toml<1,>=0.10.2
24
+ Requires-Dist: tomli<3,>=2.0.1; python_version < "3.11"
25
+ Provides-Extra: dev
26
+ Requires-Dist: pytest>=7.0.0; extra == "dev"
27
+ Dynamic: license-file
28
+
29
+ <picture>
30
+ <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-dark.svg">
31
+ <img alt="AgentSec" src="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-light.svg">
32
+ </picture>
33
+
34
+ # AgentSec
35
+
36
+ **Static security scanner for AI coding agents and MCP configurations.**
37
+
38
+ [![PyPI](https://img.shields.io/pypi/v/agentsec-cli.svg)](https://pypi.org/project/agentsec-cli/)
39
+ [![Python](https://img.shields.io/pypi/pyversions/agentsec-cli.svg)](https://pypi.org/project/agentsec-cli/)
40
+ [![License](https://img.shields.io/github/license/locface/AgentSec)](LICENSE)
41
+ [![Tests](https://img.shields.io/github/actions/workflow/status/locface/AgentSec/agentsec.yml?label=tests)](https://github.com/locface/AgentSec/actions)
42
+
43
+ AI coding agents have access to your shell, filesystem, network, and secrets. Most agent configurations are never audited for security risks. AgentSec inspects MCP server manifests, Claude Desktop configs, Cursor rules, and agent instruction files for dangerous permissions, prompt injection risks, and secret exposure — with no LLM dependencies and no data leaving your machine.
44
+
45
+ All findings map to [OWASP Top 10 for LLM Applications](https://genai.owasp.org/) (LLM01–LLM10) and the [OWASP Agentic Security Top 10](https://owasp.org/) (AG01–AG10).
46
+
47
+ ## Features
48
+
49
+ - 41 security rules covering shell execution, filesystem access, network exfiltration, OAuth scopes, prompt injection, container escape, and credential exposure
50
+ - OWASP LLM + Agentic mapping on every finding
51
+ - 4 output formats: terminal, JSON, Markdown, SARIF v2.1.0
52
+ - CI/CD gating with `--fail-on` (exit code 1 at severity threshold)
53
+ - Baseline comparison for regression tracking
54
+ - Automatic detection of JSON, YAML, TOML, and Markdown configs
55
+ - Zero runtime dependencies beyond the Python standard library
56
+
57
+ ## Installation
58
+
59
+ ```bash
60
+ pip install agentsec-cli
61
+ ```
62
+
63
+ Requires Python 3.10 or later.
64
+
65
+ ## Quick Start
66
+
67
+ ```bash
68
+ # Scan a project
69
+ agentsec scan /path/to/project
70
+
71
+ # Generate SARIF for CI/CD
72
+ agentsec scan . --format sarif > results.sarif
73
+
74
+ # Gate CI on critical findings
75
+ agentsec scan . --fail-on critical
76
+
77
+ # Baseline comparison
78
+ agentsec scan . --update-baseline baseline.json
79
+ agentsec scan . --baseline baseline.json
80
+
81
+ # OWASP mapping
82
+ agentsec scan . --show-owasp
83
+ ```
84
+
85
+ Example output:
86
+
87
+ ```text
88
+ Scanning /home/user/dev/mcp-project...
89
+
90
+ [CRITICAL] MCP shell execution
91
+ File: claude_desktop_config.json
92
+ Server: shell-server
93
+ Description: MCP server can execute shell commands
94
+ Recommendation: Require explicit approval or remove shell access.
95
+
96
+ [CRITICAL] MCP filesystem write access
97
+ File: claude_desktop_config.json
98
+ Server: filesystem
99
+ Description: MCP server has filesystem write access
100
+ Recommendation: Restrict filesystem access to read-only or specific directories.
101
+
102
+ Total findings: 4 · Critical: 3 · High: 0 · Medium: 1 · Low: 0
103
+ ```
104
+
105
+ ### Output Formats
106
+
107
+ - **terminal** (default) — human-readable with severity coloring
108
+ - **json** — machine-parseable JSON array of findings
109
+ - **markdown** — formatted report suitable for commit comments
110
+ - **sarif** — SARIF v2.1.0, compatible with GitHub CodeQL
111
+
112
+ ### Supported Config Files
113
+
114
+ AgentSec automatically detects and scans these file types:
115
+
116
+ - MCP servers: `mcp.json`, `mcp.yaml`, `mcp.toml`
117
+ - Claude Desktop: `claude_desktop_config.json`
118
+ - Cursor: `.cursorrules`, `.cursor/rules/*`
119
+ - Codex / Cline: `codex.toml`, `.clinerules`
120
+ - Agent instructions: `AGENTS.md`, `CLAUDE.md`
121
+ - Infrastructure: `Dockerfile`, `package.json`
122
+
123
+ ## Documentation
124
+
125
+ Full documentation: [https://locface.github.io/AgentSec/docs/](https://locface.github.io/AgentSec/docs/)
126
+
127
+ ## Contributing
128
+
129
+ See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, testing, and pull request workflow.
130
+
131
+ ## Security
132
+
133
+ Report vulnerabilities privately. See [SECURITY.md](SECURITY.md) for our disclosure policy.
134
+
135
+ ## License
136
+
137
+ MIT — see [LICENSE](LICENSE).
@@ -0,0 +1,109 @@
1
+ <picture>
2
+ <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-dark.svg">
3
+ <img alt="AgentSec" src="https://raw.githubusercontent.com/locface/AgentSec/main/docs/images/agentsec-light.svg">
4
+ </picture>
5
+
6
+ # AgentSec
7
+
8
+ **Static security scanner for AI coding agents and MCP configurations.**
9
+
10
+ [![PyPI](https://img.shields.io/pypi/v/agentsec-cli.svg)](https://pypi.org/project/agentsec-cli/)
11
+ [![Python](https://img.shields.io/pypi/pyversions/agentsec-cli.svg)](https://pypi.org/project/agentsec-cli/)
12
+ [![License](https://img.shields.io/github/license/locface/AgentSec)](LICENSE)
13
+ [![Tests](https://img.shields.io/github/actions/workflow/status/locface/AgentSec/agentsec.yml?label=tests)](https://github.com/locface/AgentSec/actions)
14
+
15
+ AI coding agents have access to your shell, filesystem, network, and secrets. Most agent configurations are never audited for security risks. AgentSec inspects MCP server manifests, Claude Desktop configs, Cursor rules, and agent instruction files for dangerous permissions, prompt injection risks, and secret exposure — with no LLM dependencies and no data leaving your machine.
16
+
17
+ All findings map to [OWASP Top 10 for LLM Applications](https://genai.owasp.org/) (LLM01–LLM10) and the [OWASP Agentic Security Top 10](https://owasp.org/) (AG01–AG10).
18
+
19
+ ## Features
20
+
21
+ - 41 security rules covering shell execution, filesystem access, network exfiltration, OAuth scopes, prompt injection, container escape, and credential exposure
22
+ - OWASP LLM + Agentic mapping on every finding
23
+ - 4 output formats: terminal, JSON, Markdown, SARIF v2.1.0
24
+ - CI/CD gating with `--fail-on` (exit code 1 at severity threshold)
25
+ - Baseline comparison for regression tracking
26
+ - Automatic detection of JSON, YAML, TOML, and Markdown configs
27
+ - Zero runtime dependencies beyond the Python standard library
28
+
29
+ ## Installation
30
+
31
+ ```bash
32
+ pip install agentsec-cli
33
+ ```
34
+
35
+ Requires Python 3.10 or later.
36
+
37
+ ## Quick Start
38
+
39
+ ```bash
40
+ # Scan a project
41
+ agentsec scan /path/to/project
42
+
43
+ # Generate SARIF for CI/CD
44
+ agentsec scan . --format sarif > results.sarif
45
+
46
+ # Gate CI on critical findings
47
+ agentsec scan . --fail-on critical
48
+
49
+ # Baseline comparison
50
+ agentsec scan . --update-baseline baseline.json
51
+ agentsec scan . --baseline baseline.json
52
+
53
+ # OWASP mapping
54
+ agentsec scan . --show-owasp
55
+ ```
56
+
57
+ Example output:
58
+
59
+ ```text
60
+ Scanning /home/user/dev/mcp-project...
61
+
62
+ [CRITICAL] MCP shell execution
63
+ File: claude_desktop_config.json
64
+ Server: shell-server
65
+ Description: MCP server can execute shell commands
66
+ Recommendation: Require explicit approval or remove shell access.
67
+
68
+ [CRITICAL] MCP filesystem write access
69
+ File: claude_desktop_config.json
70
+ Server: filesystem
71
+ Description: MCP server has filesystem write access
72
+ Recommendation: Restrict filesystem access to read-only or specific directories.
73
+
74
+ Total findings: 4 · Critical: 3 · High: 0 · Medium: 1 · Low: 0
75
+ ```
76
+
77
+ ### Output Formats
78
+
79
+ - **terminal** (default) — human-readable with severity coloring
80
+ - **json** — machine-parseable JSON array of findings
81
+ - **markdown** — formatted report suitable for commit comments
82
+ - **sarif** — SARIF v2.1.0, compatible with GitHub CodeQL
83
+
84
+ ### Supported Config Files
85
+
86
+ AgentSec automatically detects and scans these file types:
87
+
88
+ - MCP servers: `mcp.json`, `mcp.yaml`, `mcp.toml`
89
+ - Claude Desktop: `claude_desktop_config.json`
90
+ - Cursor: `.cursorrules`, `.cursor/rules/*`
91
+ - Codex / Cline: `codex.toml`, `.clinerules`
92
+ - Agent instructions: `AGENTS.md`, `CLAUDE.md`
93
+ - Infrastructure: `Dockerfile`, `package.json`
94
+
95
+ ## Documentation
96
+
97
+ Full documentation: [https://locface.github.io/AgentSec/docs/](https://locface.github.io/AgentSec/docs/)
98
+
99
+ ## Contributing
100
+
101
+ See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, testing, and pull request workflow.
102
+
103
+ ## Security
104
+
105
+ Report vulnerabilities privately. See [SECURITY.md](SECURITY.md) for our disclosure policy.
106
+
107
+ ## License
108
+
109
+ MIT — see [LICENSE](LICENSE).
@@ -0,0 +1,65 @@
1
+ # Security Policy
2
+
3
+ ## Supported Versions
4
+
5
+ | Version | Supported |
6
+ |---------|--------------------|
7
+ | 1.0.x | :white_check_mark: |
8
+ | < 1.0 | :x: |
9
+
10
+ ## Reporting a Vulnerability
11
+
12
+ AgentSec takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings.
13
+
14
+ ### How to Report
15
+
16
+ Please **do not** file a public issue for security vulnerabilities. Instead, send a private report via one of the following methods:
17
+
18
+ 1. **GitHub Private Vulnerability Reporting**: Use the "Report a vulnerability" feature under the repository's Security tab.
19
+ 2. **Email**: Send details to the maintainer via locface@users.noreply.github.com.
20
+
21
+ ### What to Include
22
+
23
+ - Type of issue (e.g., code execution, data exposure, etc.)
24
+ - Full paths of source file(s) related to the manifestation of the issue
25
+ - The location of the affected source code (tag/branch/commit or direct URL)
26
+ - Any special configuration required to reproduce the issue
27
+ - Step-by-step instructions to reproduce the issue
28
+ - Proof-of-concept or exploit code (if possible)
29
+ - Impact of the issue, including how an attacker might exploit it
30
+
31
+ ### Response Expectations
32
+
33
+ - **Acknowledgement**: We will acknowledge receipt of your report within 48 hours.
34
+ - **Status Update**: We will provide a status update within 5 business days.
35
+ - **Fix Timeline**: We aim to release a fix within 14 days for critical issues, depending on complexity.
36
+ - **Disclosure**: We will coordinate disclosure timing with you.
37
+
38
+ ## Disclosure Policy
39
+
40
+ - We request that you give us 90 days from the time you report the issue to release a fix before publishing details.
41
+ - We will publish a security advisory on GitHub once the fix is released.
42
+ - We will credit the reporter in the advisory unless they request anonymity.
43
+
44
+ ## Scope
45
+
46
+ The following are in scope:
47
+
48
+ - The `agentsec` Python package (source code in this repository)
49
+ - Documentation generation and CI/CD integrations
50
+
51
+ The following are out of scope:
52
+
53
+ - Third-party MCP servers used as example data
54
+ - The landing page website (report separately via the landing page repository)
55
+ - Previously reported issues that have been fixed
56
+
57
+ ## Safe Harbor
58
+
59
+ We consider security research conducted under this policy to be:
60
+
61
+ - Authorized conduct under the Computer Fraud and Abuse Act
62
+ - Exempt from any anti-circumvention provisions in our Terms of Service
63
+ - Lawful, and we will not pursue legal action against researchers acting in good faith
64
+
65
+ Please act in good faith — do not intentionally damage systems or access data beyond what is necessary to demonstrate the vulnerability.
@@ -1,3 +1,3 @@
1
1
  """AgentSec: Static security scanner for AI coding agents and MCP configs."""
2
2
 
3
- __version__ = "0.1.0"
3
+ __version__ = "1.0.1"