PyPI - agentsentinel-cli - Versions diffs - 0.3.0__py3-none-any.whl - Mend

agentsentinel-cli 0.3.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

agentsentinel_cli/__init__.py +3 -0
agentsentinel_cli/cli.py +338 -0
agentsentinel_cli/discover.py +691 -0
agentsentinel_cli/discover_report.py +206 -0
agentsentinel_cli/frameworks.py +144 -0
agentsentinel_cli/mcp_client.py +241 -0
agentsentinel_cli/mcp_report.py +186 -0
agentsentinel_cli/mcp_rules.py +231 -0
agentsentinel_cli/report.py +191 -0
agentsentinel_cli/rules.py +239 -0
agentsentinel_cli/scanner.py +314 -0
agentsentinel_cli-0.3.0.dist-info/METADATA +187 -0
agentsentinel_cli-0.3.0.dist-info/RECORD +15 -0
agentsentinel_cli-0.3.0.dist-info/WHEEL +4 -0
agentsentinel_cli-0.3.0.dist-info/entry_points.txt +2 -0

agentsentinel_cli/discover_report.py ADDED Viewed

@@ -0,0 +1,206 @@
+"""Rich terminal output for sentinel discover results."""
+from __future__ import annotations
+from rich.console import Console
+from rich.panel import Panel
+from rich.rule import Rule
+from rich.text import Text
+from agentsentinel_cli.discover import DiscoveredAgent, SubnetScanStats
+console = Console()
+_RISK_COLOR = {
+    "CRITICAL": "bold red",
+    "HIGH":     "bold orange1",
+    "MEDIUM":   "bold yellow",
+    "LOW":      "bold cyan",
+    "UNKNOWN":  "dim white",
+}
+_RISK_ICON = {
+    "CRITICAL": "🔴",
+    "HIGH":     "🟠",
+    "MEDIUM":   "🟡",
+    "LOW":      "🟢",
+    "UNKNOWN":  "⚪",
+}
+_SOURCE_LABEL = {
+    "process": "PROCESS",
+    "network": "NETWORK",
+    "subnet":  "SUBNET",
+    "file":    "FILE",
+    "docker":  "DOCKER",
+}
+def print_subnet_progress(completed: int, total: int, current_ip: str) -> None:
+    """Inline progress updater for subnet scan — overwrites the same line."""
+    pct = int(completed / total * 100) if total else 0
+    console.print(
+        f"\r  [dim]Scanning {current_ip} … {pct}% ({completed}/{total})[/dim]",
+        end="",
+        highlight=False,
+    )
+    if completed == total:
+        console.print()  # newline when done
+def print_discover_result(
+    agents: list[DiscoveredAgent],
+    vectors: list[str],
+    verbose: bool = False,
+    subnet_stats: SubnetScanStats | None = None,
+) -> None:
+    console.print()
+    console.print(Panel.fit(
+        f"[bold white]AgentSentinel — Discover[/bold white]\n"
+        f"[dim]Scanning: {' · '.join(vectors)}[/dim]",
+        border_style="bright_blue",
+        padding=(0, 2),
+    ))
+    console.print()
+    if not agents:
+        console.print("  [green]✓  No AI agents found in the scanned environment.[/green]")
+        if subnet_stats:
+            console.print(
+                f"  [dim]Subnet scan: {subnet_stats.cidr} — "
+                f"{subnet_stats.hosts_scanned:,} host{'s' if subnet_stats.hosts_scanned != 1 else ''} · "
+                f"{subnet_stats.open_ports_found} open port{'s' if subnet_stats.open_ports_found != 1 else ''} · "
+                f"{subnet_stats.elapsed_seconds:.1f}s[/dim]"
+            )
+        console.print()
+        console.print("  [dim]Tip: use [bold]--path ./your/code[/bold] to scan source files, "
+                      "or [bold]--docker[/bold] to inspect containers.[/dim]")
+        console.print()
+        return
+    # Group by source
+    by_source: dict[str, list[DiscoveredAgent]] = {}
+    for agent in agents:
+        by_source.setdefault(agent.source, []).append(agent)
+    for source, source_agents in by_source.items():
+        console.print(Rule(
+            f"  {_SOURCE_LABEL.get(source, source.upper())} SCAN",
+            style="bright_blue",
+            align="left",
+        ))
+        console.print()
+        for agent in source_agents:
+            _print_agent(agent, verbose=verbose)
+        console.print()
+    _print_summary(agents, subnet_stats=subnet_stats)
+def _print_agent(agent: DiscoveredAgent, verbose: bool) -> None:
+    risk_color = _RISK_COLOR.get(agent.risk, "white")
+    icon = _RISK_ICON.get(agent.risk, "⚪")
+    # Framework + provider display
+    framework_str = agent.framework
+    if agent.provider:
+        framework_str = f"{agent.framework} + {agent.provider}" if agent.framework not in (
+            agent.provider, "Unknown"
+        ) else agent.provider
+    # Location pill
+    loc = f"[dim]{agent.location}[/dim]"
+    # Header line
+    name_text = Text(agent.name, style="bold white")
+    framework_text = Text(f"{framework_str:<28}", style="cyan")
+    risk_text = Text(f"{agent.risk:<8}", style=risk_color)
+    console.print(
+        f"  {icon}  [{risk_color}]{agent.risk:<8}[/{risk_color}]  "
+        f"[bold white]{agent.name:<30}[/bold white]  "
+        f"[cyan]{framework_str:<28}[/cyan]  "
+        f"[dim]{agent.location}[/dim]"
+    )
+    # Model
+    if agent.model:
+        console.print(f"  {'':>10}[dim]Model:[/dim] {agent.model}")
+    # API key exposure (always shown — this is the "oh shit" moment)
+    for key in agent.api_keys:
+        console.print(f"  {'':>10}[bold red]⚠  API key exposed:[/bold red] [red]{key}[/red]")
+    # Live LLM connections
+    if agent.live_connections:
+        hosts = ", ".join(sorted(set(agent.live_connections)))
+        console.print(f"  {'':>10}[dim]Live connections:[/dim] {hosts}")
+    # Risk reason
+    console.print(f"  {'':>10}[dim]{agent.risk_reason}[/dim]")
+    # Next step suggestion
+    console.print(
+        f"  {'':>10}[dim]→ [/dim][bold dim]{agent.next_step}[/bold dim]"
+    )
+    console.print()
+def _print_summary(
+    agents: list[DiscoveredAgent],
+    subnet_stats: SubnetScanStats | None = None,
+) -> None:
+    console.rule(style="bright_blue")
+    console.print()
+    total     = len(agents)
+    critical  = sum(1 for a in agents if a.risk == "CRITICAL")
+    high      = sum(1 for a in agents if a.risk == "HIGH")
+    medium    = sum(1 for a in agents if a.risk == "MEDIUM")
+    low       = sum(1 for a in agents if a.risk == "LOW")
+    unknown   = sum(1 for a in agents if a.risk == "UNKNOWN")
+    exposed   = sum(1 for a in agents if a.api_keys)
+    parts: list[str] = [f"[bold white]{total}[/bold white] agent{'s' if total != 1 else ''} found"]
+    if critical:
+        parts.append(f"[bold red]{critical} CRITICAL[/bold red]")
+    if high:
+        parts.append(f"[bold orange1]{high} HIGH[/bold orange1]")
+    if medium:
+        parts.append(f"[bold yellow]{medium} MEDIUM[/bold yellow]")
+    if low:
+        parts.append(f"[bold cyan]{low} LOW[/bold cyan]")
+    if unknown:
+        parts.append(f"[dim]{unknown} UNKNOWN[/dim]")
+    console.print("  " + " · ".join(parts))
+    if exposed:
+        console.print()
+        console.print(
+            f"  [bold red]⚠  {exposed} agent{'s have' if exposed != 1 else ' has'} "
+            f"API key{'s' if exposed != 1 else ''} exposed in the environment.[/bold red]"
+        )
+        console.print(
+            "  [dim]Exposed keys are visible to all processes on this host. "
+            "Rotate them and move to a secrets manager.[/dim]"
+        )
+    if critical or high:
+        console.print()
+        console.print(
+            "  [dim]Run [bold]sentinel scan <file or --pid or --url>[/bold] "
+            "for a full posture analysis on any agent above.[/dim]"
+        )
+    if subnet_stats:
+        console.print()
+        console.print(
+            f"  [dim]Subnet scan: {subnet_stats.cidr} — "
+            f"{subnet_stats.hosts_scanned:,} hosts · "
+            f"{subnet_stats.open_ports_found} open port{'s' if subnet_stats.open_ports_found != 1 else ''} · "
+            f"{subnet_stats.elapsed_seconds:.1f}s[/dim]"
+        )
+    console.print()

agentsentinel_cli/frameworks.py ADDED Viewed

@@ -0,0 +1,144 @@
+"""Framework fingerprinting — identifies which AI agent framework a process or file uses."""
+from __future__ import annotations
+# ── Framework signals ──────────────────────────────────────────────────────────
+# Ordered most-specific first so the first match wins.
+# Each entry: (signal_string, display_name, provider)
+_FRAMEWORK_SIGNALS: list[tuple[str, str, str]] = [
+    # LangChain variants
+    ("langchain_anthropic",       "LangChain",           "Anthropic"),
+    ("langchain_openai",          "LangChain",           "OpenAI"),
+    ("langchain_google",          "LangChain",           "Google"),
+    ("langchain_community",       "LangChain",           ""),
+    ("langchain",                 "LangChain",           ""),
+    # OpenAI
+    ("openai.agents",             "OpenAI Agents SDK",   "OpenAI"),
+    ("agents_sdk",                "OpenAI Agents SDK",   "OpenAI"),
+    # CrewAI
+    ("crewai",                    "CrewAI",              ""),
+    # AutoGen
+    ("pyautogen",                 "AutoGen",             "Microsoft"),
+    ("autogen",                   "AutoGen",             "Microsoft"),
+    # MCP
+    ("mcp.server",                "MCP Server",          ""),
+    ("mcp.client",                "MCP Client",          ""),
+    ("mcp",                       "MCP",                 ""),
+    # Microsoft Semantic Kernel
+    ("semantic_kernel",           "Semantic Kernel",     "Microsoft"),
+    # LlamaIndex
+    ("llama_index",               "LlamaIndex",          ""),
+    ("llama-index",               "LlamaIndex",          ""),
+    # Haystack
+    ("haystack",                  "Haystack",            "deepset"),
+    # PydanticAI
+    ("pydantic_ai",               "PydanticAI",          "Pydantic"),
+    # Google ADK
+    ("google.adk",                "Google ADK",          "Google"),
+    ("google_adk",                "Google ADK",          "Google"),
+    # AgentSentinel (self-monitored)
+    ("agentsentinel",             "AgentSentinel",       ""),
+    # Raw SDKs (least specific — match last)
+    ("anthropic",                 "Anthropic SDK",       "Anthropic"),
+    ("openai",                    "OpenAI SDK",          "OpenAI"),
+]
+# LLM API environment variable → (provider_label, key_prefix)
+LLM_ENV_VARS: dict[str, tuple[str, str]] = {
+    "OPENAI_API_KEY":             ("OpenAI",        "sk-"),
+    "ANTHROPIC_API_KEY":          ("Anthropic",     "sk-ant-"),
+    "GOOGLE_API_KEY":             ("Google",        "AIza"),
+    "GEMINI_API_KEY":             ("Google Gemini", ""),
+    "COHERE_API_KEY":             ("Cohere",        ""),
+    "HUGGINGFACE_TOKEN":          ("HuggingFace",   "hf_"),
+    "HF_TOKEN":                   ("HuggingFace",   "hf_"),
+    "AZURE_OPENAI_API_KEY":       ("Azure OpenAI",  ""),
+    "GROQ_API_KEY":               ("Groq",          "gsk_"),
+    "MISTRAL_API_KEY":            ("Mistral",       ""),
+    "TOGETHER_API_KEY":           ("Together AI",   ""),
+    "REPLICATE_API_TOKEN":        ("Replicate",     "r8_"),
+    "PERPLEXITY_API_KEY":         ("Perplexity",    "pplx-"),
+    "BEDROCK_API_KEY":            ("AWS Bedrock",   ""),
+}
+# Known LLM API hostnames — presence in process connections confirms active agent
+LLM_API_HOSTS: frozenset[str] = frozenset({
+    "api.openai.com",
+    "api.anthropic.com",
+    "generativelanguage.googleapis.com",
+    "aiplatform.googleapis.com",
+    "api.cohere.com",
+    "api.groq.com",
+    "api.mistral.ai",
+    "api.together.xyz",
+    "api.perplexity.ai",
+    "bedrock-runtime.us-east-1.amazonaws.com",
+    "bedrock-runtime.ap-southeast-1.amazonaws.com",
+})
+# Model name fragments → canonical label
+_MODEL_PATTERNS: list[tuple[str, str]] = [
+    ("claude-opus",      "claude-opus"),
+    ("claude-sonnet",    "claude-sonnet"),
+    ("claude-haiku",     "claude-haiku"),
+    ("claude",           "claude"),
+    ("gpt-4o",           "gpt-4o"),
+    ("gpt-4",            "gpt-4"),
+    ("gpt-3.5",          "gpt-3.5-turbo"),
+    ("o1",               "o1"),
+    ("o3",               "o3"),
+    ("gemini-2",         "gemini-2"),
+    ("gemini-1",         "gemini-1"),
+    ("gemini",           "gemini"),
+    ("mistral",          "mistral"),
+    ("llama",            "llama"),
+    ("mixtral",          "mixtral"),
+    ("command",          "command"),
+]
+def detect_framework(text: str) -> tuple[str, str]:
+    """Return (framework_name, provider) from any text blob (cmdline, env, source).
+    Returns ("Unknown", "") if no framework is detected.
+    """
+    lower = text.lower()
+    for signal, framework, provider in _FRAMEWORK_SIGNALS:
+        if signal in lower:
+            return framework, provider
+    return "Unknown", ""
+def detect_provider_from_env(env: dict[str, str]) -> str:
+    """Identify which LLM provider a process is using from its environment variables."""
+    for var, (provider, _) in LLM_ENV_VARS.items():
+        if var in env and env[var]:
+            return provider
+    return ""
+def detect_model(text: str) -> str:
+    """Extract a model name from any text blob."""
+    lower = text.lower()
+    for fragment, label in _MODEL_PATTERNS:
+        if fragment in lower:
+            return label
+    return ""
+def mask_key(value: str) -> str:
+    """Mask an API key, showing only prefix and last 4 chars."""
+    if len(value) <= 12:
+        return "***"
+    return f"{value[:8]}...{value[-4:]}"
+def extract_api_keys(env: dict[str, str]) -> list[str]:
+    """Return masked API key strings from a process environment."""
+    found = []
+    for var, (provider, _) in LLM_ENV_VARS.items():
+        val = env.get(var, "")
+        if val and len(val) > 8:
+            found.append(f"{var}={mask_key(val)}")
+    return found

agentsentinel_cli/mcp_client.py ADDED Viewed

@@ -0,0 +1,241 @@
+"""Minimal MCP (Model Context Protocol) client for security scanning.
+Implements the initialize + tools/list exchange over stdio and streamable-HTTP
+transports. Only what an auditor needs — no full MCP client dependency.
+"""
+import dataclasses
+import json
+import queue
+import shlex
+import subprocess
+import threading
+from typing import Any
+from agentsentinel_cli.scanner import classify_tool
+_PROTOCOL_VERSION = "2024-11-05"
+_CLIENT_INFO = {"name": "sentinel-mcp-scanner", "version": "0.2.0"}
+@dataclasses.dataclass
+class McpToolInfo:
+    """A single tool exposed by an MCP server."""
+    name: str
+    description: str
+    input_schema: dict[str, Any]
+    scope: str = "read"
+    is_dangerous: bool = False
+    category: str = "other"
+@dataclasses.dataclass
+class McpServerInfo:
+    """Result of a successful MCP server connection."""
+    name: str
+    version: str
+    tools: list[McpToolInfo]
+    transport: str  # "http" | "stdio"
+class McpError(Exception):
+    """Raised when the MCP connection or protocol exchange fails."""
+class McpAuthRequired(McpError):
+    """Raised when the server returns 401/403 and no credentials were provided."""
+    def __init__(self, status_code: int) -> None:
+        super().__init__(f"HTTP {status_code}: authentication required")
+        self.status_code = status_code
+def _rpc(method: str, params: dict[str, Any], req_id: int) -> dict[str, Any]:
+    return {"jsonrpc": "2.0", "id": req_id, "method": method, "params": params}
+def _make_tool(raw: dict[str, Any]) -> McpToolInfo:
+    name = raw.get("name", "")
+    description = raw.get("description", "")
+    scope, is_dangerous, category = classify_tool(name, description)
+    return McpToolInfo(
+        name=name,
+        description=description,
+        input_schema=raw.get("inputSchema", {}),
+        scope=scope,
+        is_dangerous=is_dangerous,
+        category=category,
+    )
+# ── Streamable HTTP transport ─────────────────────────────────────────────────
+def scan_http(
+    url: str,
+    extra_headers: dict[str, str] | None = None,
+    timeout: float = 10.0,
+) -> McpServerInfo:
+    """Scan an MCP server via streamable HTTP (POST-based) transport.
+    Raises McpAuthRequired if the server requires credentials.
+    Raises McpError for all other connection or protocol failures.
+    """
+    try:
+        import httpx
+    except ImportError:
+        raise McpError("httpx is required: pip install 'agentsentinel-cli[mcp]'")
+    base = url.rstrip("/")
+    headers: dict[str, str] = {
+        "Content-Type": "application/json",
+        "Accept": "application/json, text/event-stream",
+    }
+    if extra_headers:
+        headers.update(extra_headers)
+    with httpx.Client(timeout=timeout) as client:
+        resp = client.post(base, json=_rpc("initialize", {
+            "protocolVersion": _PROTOCOL_VERSION,
+            "capabilities": {},
+            "clientInfo": _CLIENT_INFO,
+        }, 1), headers=headers)
+        if resp.status_code in (401, 403):
+            raise McpAuthRequired(resp.status_code)
+        if resp.status_code == 405:
+            raise McpError(
+                "Server returned 405 Method Not Allowed. "
+                "This server may use the older SSE transport (GET /sse). "
+                "Try scanning it locally with: sentinel mcp scan --stdio 'python server.py'"
+            )
+        content_type = resp.headers.get("content-type", "")
+        if "text/event-stream" in content_type:
+            raise McpError(
+                "Server responded with SSE stream (older transport). "
+                "Try scanning it locally with: sentinel mcp scan --stdio 'python server.py'"
+            )
+        resp.raise_for_status()
+        init_data = _parse_rpc_response(resp.text)
+        # Send initialized notification — no response expected
+        client.post(base, json={
+            "jsonrpc": "2.0",
+            "method": "notifications/initialized",
+            "params": {},
+        }, headers=headers)
+        resp = client.post(base, json=_rpc("tools/list", {}, 2), headers=headers)
+        resp.raise_for_status()
+        tools_data = _parse_rpc_response(resp.text)
+    server_meta = init_data.get("result", {}).get("serverInfo", {})
+    raw_tools = tools_data.get("result", {}).get("tools", [])
+    return McpServerInfo(
+        name=server_meta.get("name", "unknown"),
+        version=server_meta.get("version", "unknown"),
+        tools=[_make_tool(t) for t in raw_tools],
+        transport="http",
+    )
+def _parse_rpc_response(text: str) -> dict[str, Any]:
+    """Parse a JSON-RPC response body, unwrapping SSE data-lines if present."""
+    text = text.strip()
+    if not text:
+        raise McpError("Empty response from MCP server")
+    if text.startswith("data:") or text.startswith("event:"):
+        for line in text.splitlines():
+            if line.startswith("data:"):
+                text = line[5:].strip()
+                break
+    try:
+        return json.loads(text)
+    except json.JSONDecodeError as exc:
+        raise McpError(f"Invalid JSON from server: {exc}") from exc
+# ── Stdio transport ───────────────────────────────────────────────────────────
+def scan_stdio(command: str, timeout: float = 15.0) -> McpServerInfo:
+    """Launch an MCP server as a subprocess and scan it via stdio transport."""
+    args = shlex.split(command)
+    try:
+        proc = subprocess.Popen(
+            args,
+            stdin=subprocess.PIPE,
+            stdout=subprocess.PIPE,
+            stderr=subprocess.DEVNULL,
+            text=True,
+        )
+    except FileNotFoundError as exc:
+        raise McpError(f"Command not found: {args[0]}") from exc
+    try:
+        return _stdio_exchange(proc, timeout)
+    finally:
+        proc.terminate()
+        try:
+            proc.wait(timeout=3.0)
+        except subprocess.TimeoutExpired:
+            proc.kill()
+def _stdio_send(proc: subprocess.Popen, obj: dict[str, Any]) -> None:
+    assert proc.stdin is not None
+    proc.stdin.write(json.dumps(obj) + "\n")
+    proc.stdin.flush()
+def _stdio_recv(proc: subprocess.Popen, timeout: float) -> dict[str, Any]:
+    """Read one newline-delimited JSON-RPC message from subprocess stdout."""
+    assert proc.stdout is not None
+    result_q: queue.Queue[str | None] = queue.Queue()
+    def _reader() -> None:
+        try:
+            result_q.put(proc.stdout.readline())  # type: ignore[union-attr]
+        except Exception:
+            result_q.put(None)
+    threading.Thread(target=_reader, daemon=True).start()
+    try:
+        line = result_q.get(timeout=timeout)
+    except queue.Empty:
+        raise McpError(f"No response from stdio server within {timeout}s")
+    if not line or not line.strip():
+        raise McpError("MCP server closed stdout without responding")
+    try:
+        return json.loads(line.strip())
+    except json.JSONDecodeError as exc:
+        raise McpError(f"Invalid JSON from stdio server: {exc}") from exc
+def _stdio_exchange(proc: subprocess.Popen, timeout: float) -> McpServerInfo:
+    _stdio_send(proc, _rpc("initialize", {
+        "protocolVersion": _PROTOCOL_VERSION,
+        "capabilities": {},
+        "clientInfo": _CLIENT_INFO,
+    }, 1))
+    init_resp = _stdio_recv(proc, timeout)
+    _stdio_send(proc, {"jsonrpc": "2.0", "method": "notifications/initialized", "params": {}})
+    _stdio_send(proc, _rpc("tools/list", {}, 2))
+    tools_resp = _stdio_recv(proc, timeout)
+    server_meta = init_resp.get("result", {}).get("serverInfo", {})
+    raw_tools = tools_resp.get("result", {}).get("tools", [])
+    return McpServerInfo(
+        name=server_meta.get("name", "unknown"),
+        version=server_meta.get("version", "unknown"),
+        tools=[_make_tool(t) for t in raw_tools],
+        transport="stdio",
+    )