agentsentinel-cli 0.6.1__tar.gz → 0.7.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/DOCUMENTATION.md +110 -2
  2. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/PKG-INFO +39 -1
  3. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/README.md +38 -0
  4. agentsentinel_cli-0.7.0/agentsentinel_cli/a2a_report.py +236 -0
  5. agentsentinel_cli-0.7.0/agentsentinel_cli/a2a_rules.py +287 -0
  6. agentsentinel_cli-0.7.0/agentsentinel_cli/a2a_scanner.py +654 -0
  7. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/cli.py +132 -0
  8. agentsentinel_cli-0.7.0/agentsentinel_cli/suppress.py +79 -0
  9. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/pyproject.toml +1 -1
  10. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/.gitignore +0 -0
  11. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/LICENSE +0 -0
  12. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/__init__.py +0 -0
  13. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/agent_mode.py +0 -0
  14. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/agent_mode_report.py +0 -0
  15. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/ai_probe.py +0 -0
  16. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/attacks/__init__.py +0 -0
  17. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/attacks/library.py +0 -0
  18. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/discover.py +0 -0
  19. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/discover_report.py +0 -0
  20. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/fingerprint.py +0 -0
  21. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/frameworks.py +0 -0
  22. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/inspect.py +0 -0
  23. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/inspect_report.py +0 -0
  24. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/mcp_client.py +0 -0
  25. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/mcp_report.py +0 -0
  26. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/mcp_rules.py +0 -0
  27. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/probe.py +0 -0
  28. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/probe_report.py +0 -0
  29. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/report.py +0 -0
  30. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/rules.py +0 -0
  31. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/scanner.py +0 -0
  32. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/secrets.py +0 -0
  33. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/secrets_report.py +0 -0
  34. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/secrets_rules.py +0 -0
  35. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/supply_chain_ai.py +0 -0
  36. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/supply_chain_report.py +0 -0
  37. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/supply_chain_rules.py +0 -0
  38. {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/target.py +0 -0
@@ -20,6 +20,7 @@ No server required. No Docker. Works on any Python agent file or live HTTP endpo
20
20
  - [sentinel mcp scan](#sentinel-mcp-scan)
21
21
  - [sentinel probe](#sentinel-probe)
22
22
  - [sentinel ai-probe](#sentinel-ai-probe)
23
+ - [Finding Suppression](#finding-suppression)
23
24
  - [Real-World Workflows](#real-world-workflows)
24
25
  - [CI/CD Integration](#cicd-integration)
25
26
  - [Reference](#reference)
@@ -119,6 +120,7 @@ TARGET can be a Python file, a directory, or a live HTTP endpoint URL.
119
120
  | `--model TEXT` | `claude-haiku-4-5-20251001` | Claude model for AI summary |
120
121
  | `--auth-header HEADER` | — | HTTP auth header for live endpoints, e.g. `Authorization: Bearer token` |
121
122
  | `--fail-on [CRITICAL\|HIGH\|MEDIUM\|LOW]` | — | Exit code 1 if findings reach this severity |
123
+ | `--ignore-rule RULE_ID` | — | Suppress a finding by rule ID. Repeatable. Also reads `.sentinelignore` in the target directory |
122
124
 
123
125
  #### What it shows
124
126
 
@@ -155,6 +157,9 @@ sentinel inspect http://my-agent.internal/chat \
155
157
  # JSON output — pipe into jq, SIEM, dashboards
156
158
  sentinel inspect my_agent.py --format json | jq '.fingerprint'
157
159
 
160
+ # Suppress a known-accepted finding while still gating on CRITICAL
161
+ sentinel inspect my_agent.py --fail-on CRITICAL --ignore-rule DANGEROUS_GRANTS
162
+
158
163
  # CI gate — fail if any CRITICAL finding
159
164
  sentinel inspect my_agent.py --fail-on CRITICAL
160
165
  ```
@@ -220,6 +225,7 @@ TARGET defaults to `.` (current directory, scanned recursively).
220
225
  |------|---------|-------------|
221
226
  | `--format [text\|json]` | `text` | Output format |
222
227
  | `--fail-on [CRITICAL\|HIGH\|MEDIUM\|LOW]` | — | Exit code 1 if findings reach this severity |
228
+ | `--ignore-rule RULE_ID` | — | Suppress a finding by rule ID. Repeatable. Also reads `.sentinelignore` in the target directory |
223
229
  | `--connect URL` | — | Pull live behavior data from a running AgentSentinel instance |
224
230
  | `--api-key TEXT` | `$AGENTSENTINEL_API_KEY` | API key for `--connect` |
225
231
 
@@ -268,6 +274,14 @@ sentinel scan my_agent.py --format json
268
274
 
269
275
  # Include live behavior data from a running AgentSentinel instance
270
276
  sentinel scan my_agent.py --connect http://localhost:9000 --api-key $AGENTSENTINEL_KEY
277
+
278
+ # Suppress a noisy LOW finding and still gate on HIGH
279
+ sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT
280
+
281
+ # Stack multiple suppressions
282
+ sentinel scan ./agents/ --fail-on CRITICAL \
283
+ --ignore-rule MISSING_RATE_LIMIT \
284
+ --ignore-rule TOOL_SPRAWL
271
285
  ```
272
286
 
273
287
  #### Example output
@@ -342,6 +356,7 @@ sentinel secrets ~/.claude/projects/ --severity LOW
342
356
  | `--format [text\|json]` | `text` | Output format |
343
357
  | `--fail-on [CRITICAL\|HIGH\|MEDIUM\|LOW]` | — | Exit code 1 if findings reach this severity |
344
358
  | `--no-redact` | off | Show full matched values instead of masking them |
359
+ | `--ignore-rule RULE_ID` | — | Suppress a finding by rule ID. Repeatable. Also reads `.sentinelignore` in the target directory |
345
360
 
346
361
  #### Choosing the right scope
347
362
 
@@ -597,8 +612,8 @@ Common false positives and how to handle them:
597
612
  | `SG_UEN` | 9-digit numbers that happen to end in a letter | UENs are common in business documents — confirm the surrounding context |
598
613
 
599
614
  If a finding is a confirmed false positive, it does not affect the finding count for `--fail-on`
600
- evaluation — you still need to address it or suppress it by restructuring the content.
601
- Suppression via ignore-lists is not yet implemented (planned for v0.6).
615
+ evaluation — you still need to address it, suppress it with `--ignore-rule`, or restructure the
616
+ content to remove the match. See [Finding Suppression](#finding-suppression).
602
617
 
603
618
  ---
604
619
 
@@ -692,6 +707,7 @@ sentinel mcp scan --stdio "CMD" [OPTIONS]
692
707
  | `--format [text\|json]` | `text` | Output format |
693
708
  | `--timeout SECONDS` | `10.0` | Connection timeout |
694
709
  | `--fail-on [CRITICAL\|HIGH\|MEDIUM\|LOW]` | — | Exit code 1 if findings reach this severity |
710
+ | `--ignore-rule RULE_ID` | — | Suppress a finding by rule ID. Repeatable. Also reads `.sentinelignore` in the working directory |
695
711
 
696
712
  #### Transport support
697
713
 
@@ -740,6 +756,9 @@ sentinel mcp scan http://localhost:3000 --fail-on CRITICAL
740
756
 
741
757
  # Longer timeout for slow servers
742
758
  sentinel mcp scan http://remote-server.com/mcp --timeout 30
759
+
760
+ # CI gate — suppress a finding accepted at the infrastructure layer
761
+ sentinel mcp scan http://localhost:3000 --fail-on CRITICAL --ignore-rule NO_AUTH
743
762
  ```
744
763
 
745
764
  #### Example output
@@ -958,6 +977,87 @@ sentinel ai-probe http://my-agent.com/chat --fail-on CRITICAL
958
977
 
959
978
  ---
960
979
 
980
+ ## Finding Suppression
981
+
982
+ Use `--ignore-rule` and `.sentinelignore` to suppress specific findings by rule ID. Suppressed findings are excluded from both output display and `--fail-on` evaluation — they never break a CI gate.
983
+
984
+ Supported commands: `sentinel scan`, `sentinel mcp scan`, `sentinel supply-chain`, `sentinel secrets`, `sentinel inspect`.
985
+
986
+ ### --ignore-rule flag
987
+
988
+ Suppress one or more rules for a single run. The flag is repeatable.
989
+
990
+ ```bash
991
+ # Suppress a single rule
992
+ sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT
993
+
994
+ # Stack multiple suppressions
995
+ sentinel mcp scan http://localhost:3001 --fail-on CRITICAL \
996
+ --ignore-rule NO_AUTH \
997
+ --ignore-rule UNBOUNDED_INPUT
998
+
999
+ # Suppress during secrets scan
1000
+ sentinel secrets . --fail-on HIGH --ignore-rule SG_UEN
1001
+ ```
1002
+
1003
+ ### .sentinelignore file
1004
+
1005
+ For persistent, project-level suppressions, create a `.sentinelignore` file and commit it to source control. sentinel walks up from the target directory to find it — same discovery pattern as `.gitignore`.
1006
+
1007
+ ```
1008
+ # .sentinelignore
1009
+
1010
+ # Comments start with #. Blank lines are ignored.
1011
+ # Rule IDs are case-insensitive.
1012
+
1013
+ MISSING_RATE_LIMIT # rate limiting enforced at API gateway layer
1014
+ SC03_HIDDEN_NETWORK_FIELDS # webhook field is for audit logging — verified safe
1015
+ NO_AUTH # MCP server is behind an authenticated reverse proxy
1016
+ ```
1017
+
1018
+ sentinel searches for `.sentinelignore` starting from the target path and walking up to the filesystem root. For URL targets (`sentinel mcp scan`, `sentinel supply-chain`), it searches from the current working directory.
1019
+
1020
+ ### Suppression notice
1021
+
1022
+ When findings are suppressed, sentinel prints a dim notice at the end of text output:
1023
+
1024
+ ```
1025
+ 1 finding suppressed by .sentinelignore / --ignore-rule: MISSING_RATE_LIMIT
1026
+ ```
1027
+
1028
+ In JSON output, suppressed findings are absent from the `findings` array. The `--fail-on` threshold is evaluated only against the active (non-suppressed) findings.
1029
+
1030
+ ### What to suppress — and what not to
1031
+
1032
+ Suppressions are appropriate for findings where the risk is genuinely accepted at another layer:
1033
+
1034
+ | Scenario | Appropriate suppression |
1035
+ |----------|------------------------|
1036
+ | Rate limiting handled at API gateway | `MISSING_RATE_LIMIT` |
1037
+ | MCP server behind authenticated proxy | `NO_AUTH` |
1038
+ | Known webhook field verified safe | `SC03_HIDDEN_NETWORK_FIELDS` |
1039
+ | Agent description intentionally omitted | `UNDESCRIBED_WRITE_AGENT` |
1040
+
1041
+ Do not suppress CRITICAL findings (`EXFILTRATION_PATH`, `CODE_EXECUTION_GRANT`, `HARDCODED_CREDENTIALS`, `SC01_DESCRIPTION_INJECTION`) without a very specific, documented reason. These represent confirmed active risk paths, not configuration preferences.
1042
+
1043
+ ### Incremental CI adoption
1044
+
1045
+ The `.sentinelignore` + `--fail-on` combination is the recommended way to adopt CI gates incrementally:
1046
+
1047
+ ```bash
1048
+ # Week 1 — gate only on CRITICAL, suppress anything that isn't actually critical
1049
+ sentinel scan ./agents/ --fail-on CRITICAL
1050
+
1051
+ # Week 2 — raise threshold to HIGH, suppress accepted HIGH findings
1052
+ echo "DANGEROUS_GRANTS" >> .sentinelignore
1053
+ sentinel scan ./agents/ --fail-on HIGH
1054
+
1055
+ # Week 3 — full posture gate, suppressions document accepted risk
1056
+ sentinel scan ./agents/ --fail-on MEDIUM
1057
+ ```
1058
+
1059
+ ---
1060
+
961
1061
  ## Real-World Workflows
962
1062
 
963
1063
  ### Workflow 1: Unknown agent found in production
@@ -1121,6 +1221,7 @@ jobs:
1121
1221
  runs-on: ubuntu-latest
1122
1222
  steps:
1123
1223
  - uses: actions/checkout@v4
1224
+ # .sentinelignore in the repo root is picked up automatically
1124
1225
 
1125
1226
  - name: Install sentinel
1126
1227
  run: pip install "agentsentinel-cli[all]"
@@ -1146,6 +1247,13 @@ jobs:
1146
1247
  run: sentinel mcp scan http://localhost:3000 --fail-on CRITICAL
1147
1248
  ```
1148
1249
 
1250
+ Add a `.sentinelignore` at the repo root to suppress known-accepted findings without weakening the gate threshold:
1251
+
1252
+ ```
1253
+ # .sentinelignore — committed to source control
1254
+ MISSING_RATE_LIMIT # rate limiting handled at infra layer
1255
+ ```
1256
+
1149
1257
  ### GitLab CI
1150
1258
 
1151
1259
  ```yaml
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: agentsentinel-cli
3
- Version: 0.6.1
3
+ Version: 0.7.0
4
4
  Summary: Agentic security CLI — AI analyst with memory, supply chain audit, MCP audit, red-team probing, and agent discovery
5
5
  Project-URL: Homepage, https://github.com/jaydenaung/agentsentinel-cli
6
6
  Project-URL: Repository, https://github.com/jaydenaung/agentsentinel-cli
@@ -195,6 +195,7 @@ sentinel scan my_agent.py
195
195
  sentinel scan ./agents/
196
196
  sentinel scan my_agent.py --fail-on CRITICAL # CI gate
197
197
  sentinel scan my_agent.py --format json
198
+ sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT # suppress known-accepted finding
198
199
  ```
199
200
 
200
201
  **Rules:**
@@ -299,6 +300,35 @@ sentinel discover --format json
299
300
 
300
301
  ---
301
302
 
303
+ ## Finding suppression
304
+
305
+ Use `--ignore-rule` to suppress specific findings by rule ID. Suppressed findings are excluded from `--fail-on` evaluation and output — they don't break CI gates.
306
+
307
+ ```bash
308
+ # Suppress a single finding for one run
309
+ sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT
310
+
311
+ # Stack multiple suppressions
312
+ sentinel mcp scan http://localhost:3001 --fail-on CRITICAL \
313
+ --ignore-rule NO_AUTH \
314
+ --ignore-rule UNBOUNDED_INPUT
315
+ ```
316
+
317
+ For project-level suppressions, create a **`.sentinelignore`** file in your project root. sentinel walks up from the target directory to find it — the same discovery pattern as `.gitignore`.
318
+
319
+ ```
320
+ # .sentinelignore
321
+ # Comments start with #
322
+
323
+ MISSING_RATE_LIMIT # rate limiting enforced at API gateway
324
+ SC03_HIDDEN_NETWORK_FIELDS # webhook field verified safe — used for audit logging
325
+ NO_AUTH # server is behind an authenticated reverse proxy
326
+ ```
327
+
328
+ Supported on: `sentinel scan`, `sentinel mcp scan`, `sentinel supply-chain`, `sentinel secrets`, `sentinel inspect`.
329
+
330
+ ---
331
+
302
332
  ## OWASP Top 10 for Agentic Applications 2026 coverage
303
333
 
304
334
  | OWASP Risk | ID | sentinel coverage |
@@ -345,6 +375,13 @@ jobs:
345
375
  run: sentinel mcp scan http://localhost:3001 --fail-on CRITICAL
346
376
  ```
347
377
 
378
+ Use a `.sentinelignore` file at the repo root to suppress known-accepted findings without weakening the gate threshold:
379
+
380
+ ```
381
+ # .sentinelignore — committed to source control
382
+ MISSING_RATE_LIMIT # rate limiting handled at infra layer
383
+ ```
384
+
348
385
  ---
349
386
 
350
387
  ## When to use analyst mode vs. static mode
@@ -352,6 +389,7 @@ jobs:
352
389
  | Situation | Use |
353
390
  |-----------|-----|
354
391
  | CI/CD gate on every PR | Static rules (`--fail-on CRITICAL`) |
392
+ | Adopting CI gates incrementally | Static rules + `.sentinelignore` to suppress accepted risks |
355
393
  | Investigating a specific server or codebase | `sentinel agentic` |
356
394
  | First assessment of a new MCP server | `sentinel agentic` |
357
395
  | Scheduled nightly security check | `sentinel agentic` (memory tracks drift) |
@@ -148,6 +148,7 @@ sentinel scan my_agent.py
148
148
  sentinel scan ./agents/
149
149
  sentinel scan my_agent.py --fail-on CRITICAL # CI gate
150
150
  sentinel scan my_agent.py --format json
151
+ sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT # suppress known-accepted finding
151
152
  ```
152
153
 
153
154
  **Rules:**
@@ -252,6 +253,35 @@ sentinel discover --format json
252
253
 
253
254
  ---
254
255
 
256
+ ## Finding suppression
257
+
258
+ Use `--ignore-rule` to suppress specific findings by rule ID. Suppressed findings are excluded from `--fail-on` evaluation and output — they don't break CI gates.
259
+
260
+ ```bash
261
+ # Suppress a single finding for one run
262
+ sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT
263
+
264
+ # Stack multiple suppressions
265
+ sentinel mcp scan http://localhost:3001 --fail-on CRITICAL \
266
+ --ignore-rule NO_AUTH \
267
+ --ignore-rule UNBOUNDED_INPUT
268
+ ```
269
+
270
+ For project-level suppressions, create a **`.sentinelignore`** file in your project root. sentinel walks up from the target directory to find it — the same discovery pattern as `.gitignore`.
271
+
272
+ ```
273
+ # .sentinelignore
274
+ # Comments start with #
275
+
276
+ MISSING_RATE_LIMIT # rate limiting enforced at API gateway
277
+ SC03_HIDDEN_NETWORK_FIELDS # webhook field verified safe — used for audit logging
278
+ NO_AUTH # server is behind an authenticated reverse proxy
279
+ ```
280
+
281
+ Supported on: `sentinel scan`, `sentinel mcp scan`, `sentinel supply-chain`, `sentinel secrets`, `sentinel inspect`.
282
+
283
+ ---
284
+
255
285
  ## OWASP Top 10 for Agentic Applications 2026 coverage
256
286
 
257
287
  | OWASP Risk | ID | sentinel coverage |
@@ -298,6 +328,13 @@ jobs:
298
328
  run: sentinel mcp scan http://localhost:3001 --fail-on CRITICAL
299
329
  ```
300
330
 
331
+ Use a `.sentinelignore` file at the repo root to suppress known-accepted findings without weakening the gate threshold:
332
+
333
+ ```
334
+ # .sentinelignore — committed to source control
335
+ MISSING_RATE_LIMIT # rate limiting handled at infra layer
336
+ ```
337
+
301
338
  ---
302
339
 
303
340
  ## When to use analyst mode vs. static mode
@@ -305,6 +342,7 @@ jobs:
305
342
  | Situation | Use |
306
343
  |-----------|-----|
307
344
  | CI/CD gate on every PR | Static rules (`--fail-on CRITICAL`) |
345
+ | Adopting CI gates incrementally | Static rules + `.sentinelignore` to suppress accepted risks |
308
346
  | Investigating a specific server or codebase | `sentinel agentic` |
309
347
  | First assessment of a new MCP server | `sentinel agentic` |
310
348
  | Scheduled nightly security check | `sentinel agentic` (memory tracks drift) |
@@ -0,0 +1,236 @@
1
+ """Rich terminal and JSON output for sentinel a2a — multi-agent trust analysis."""
2
+
3
+ import json
4
+
5
+ from rich.console import Console
6
+ from rich.panel import Panel
7
+ from rich.table import Table
8
+ from rich import box
9
+ from rich.text import Text
10
+
11
+ from agentsentinel_cli.a2a_scanner import A2AGraph, AgentNode, A2AEdge
12
+ from agentsentinel_cli.a2a_rules import A2AFinding, a2a_posture_score
13
+
14
+ console = Console()
15
+
16
+ _SEVERITY_COLOR = {
17
+ "CRITICAL": "bold red",
18
+ "HIGH": "bold orange1",
19
+ "MEDIUM": "bold yellow",
20
+ "LOW": "bold cyan",
21
+ }
22
+ _STATUS_COLOR = {
23
+ "TRUSTED": "bold green",
24
+ "WATCH": "bold yellow",
25
+ "ALERT": "bold orange1",
26
+ "CRITICAL": "bold red",
27
+ }
28
+ _FRAMEWORK_COLOR = {
29
+ "autogen": "cyan",
30
+ "langchain": "green",
31
+ "langgraph": "bright_green",
32
+ "crewai": "magenta",
33
+ "generic": "dim",
34
+ }
35
+ _ROLE_TAG = {
36
+ "orchestrator": "[bold white]orchestrator[/bold white]",
37
+ "worker": "[dim]worker[/dim]",
38
+ "peer": "[dim]peer[/dim]",
39
+ "unknown": "[dim]unknown[/dim]",
40
+ }
41
+
42
+
43
+ def _status_label(score: int) -> str:
44
+ if score >= 80:
45
+ return "TRUSTED"
46
+ if score >= 60:
47
+ return "WATCH"
48
+ if score >= 40:
49
+ return "ALERT"
50
+ return "CRITICAL"
51
+
52
+
53
+ def print_a2a_result(
54
+ graph: A2AGraph,
55
+ findings: list[A2AFinding],
56
+ score: int,
57
+ target: str,
58
+ ) -> None:
59
+ status = _status_label(score)
60
+ status_color = _STATUS_COLOR[status]
61
+
62
+ console.print()
63
+ console.print(Panel.fit(
64
+ f"[bold white]AgentSentinel A2A Trust Analysis[/bold white]\n"
65
+ f"[dim]Target: {target}[/dim]",
66
+ border_style="bright_blue",
67
+ padding=(0, 2),
68
+ ))
69
+
70
+ if not graph.nodes:
71
+ console.print(
72
+ "\n [yellow]No multi-agent patterns detected.[/yellow]\n"
73
+ " [dim]sentinel a2a recognises LangChain/LangGraph, AutoGen, and CrewAI patterns.[/dim]\n"
74
+ )
75
+ return
76
+
77
+ # ── Call graph summary ────────────────────────────────────────────────────
78
+ has_cycles = graph.has_cycles
79
+ max_depth = graph.max_depth
80
+ cycle_tag = "[bold red]⚠ cycle[/bold red]" if has_cycles else "[dim green]acyclic[/dim green]"
81
+
82
+ console.print(
83
+ f"\n [bold white]{len(graph.nodes)}[/bold white] agents "
84
+ f"[bold white]{len(graph.edges)}[/bold white] edges "
85
+ f"[bold white]{max_depth}[/bold white] max depth "
86
+ f"{cycle_tag}"
87
+ )
88
+
89
+ # ── Agent nodes table ─────────────────────────────────────────────────────
90
+ console.print()
91
+ node_table = Table(box=box.SIMPLE, show_header=True, header_style="dim", padding=(0, 1))
92
+ node_table.add_column("Agent", style="bold white", min_width=20)
93
+ node_table.add_column("Framework", width=12)
94
+ node_table.add_column("Role", width=14)
95
+ node_table.add_column("Tools", style="dim", max_width=30)
96
+ node_table.add_column("", width=16)
97
+
98
+ for node in graph.nodes:
99
+ fw_color = _FRAMEWORK_COLOR.get(node.framework, "white")
100
+ role_text = _ROLE_TAG.get(node.role, node.role)
101
+ tools_str = ", ".join(node.tools[:3]) + ("…" if len(node.tools) > 3 else "")
102
+
103
+ flags = Text()
104
+ if node.has_code_execution:
105
+ flags.append("⚠ code exec", style="bold red")
106
+ if node.spawned_in_loop:
107
+ if flags.plain:
108
+ flags.append(" ")
109
+ flags.append("⟲ in loop", style="bold orange1")
110
+
111
+ node_table.add_row(
112
+ node.name,
113
+ Text(node.framework, style=fw_color),
114
+ Text.from_markup(role_text),
115
+ tools_str or "—",
116
+ flags,
117
+ )
118
+ console.print(node_table)
119
+
120
+ # ── Call graph edges ──────────────────────────────────────────────────────
121
+ if graph.edges:
122
+ console.print(" [dim]Call graph:[/dim]")
123
+ shown: set[tuple[str, str]] = set()
124
+ for edge in graph.edges:
125
+ key = (edge.caller, edge.callee)
126
+ if key in shown:
127
+ continue
128
+ shown.add(key)
129
+ tags = []
130
+ if edge.passes_user_input:
131
+ tags.append("[bold orange1]passes input[/bold orange1]")
132
+ if not edge.callee_tools_scoped:
133
+ tags.append("[yellow]unscoped tools[/yellow]")
134
+ tag_str = " " + " ".join(tags) if tags else ""
135
+ arrow = "──►" if edge.call_type != "group_member" else "◄──►"
136
+ console.print(
137
+ f" [dim white]{edge.caller}[/dim white] "
138
+ f"[dim]{arrow}[/dim] "
139
+ f"[bold white]{edge.callee}[/bold white]"
140
+ f" [dim]{edge.call_type}[/dim]{tag_str}"
141
+ )
142
+ console.print()
143
+
144
+ # ── Findings ──────────────────────────────────────────────────────────────
145
+ if findings:
146
+ for f in findings:
147
+ color = _SEVERITY_COLOR.get(f.severity, "white")
148
+ console.print(
149
+ f" [{color}]● {f.severity:<8}[/{color}] "
150
+ f"[bold white]{f.rule_id}[/bold white]"
151
+ f" [dim]{f.owasp}[/dim]"
152
+ )
153
+ console.print(f" [dim] {f.message}[/dim]")
154
+ if f.detail:
155
+ console.print(f" [dim] {f.detail}[/dim]")
156
+ console.print()
157
+ else:
158
+ console.print(" [green]✓ No trust findings[/green]\n")
159
+
160
+ # ── Score footer ──────────────────────────────────────────────────────────
161
+ bar_filled = int(score / 5)
162
+ bar = "█" * bar_filled + "░" * (20 - bar_filled)
163
+ console.print(
164
+ f" Trust Score [{status_color}]{score:>3}/100[/{status_color}] "
165
+ f"[dim]{bar}[/dim] [{status_color}]{status}[/{status_color}]"
166
+ )
167
+
168
+ n_critical = sum(1 for f in findings if f.severity == "CRITICAL")
169
+ n_high = sum(1 for f in findings if f.severity == "HIGH")
170
+
171
+ console.print()
172
+ console.rule(style="bright_blue")
173
+ parts = [
174
+ f"[bold white]{len(graph.nodes)}[/bold white] agent{'s' if len(graph.nodes) != 1 else ''}",
175
+ f"[bold white]{len(graph.edges)}[/bold white] edge{'s' if len(graph.edges) != 1 else ''}",
176
+ f"[bold white]{len(findings)}[/bold white] finding{'s' if len(findings) != 1 else ''}",
177
+ ]
178
+ if n_critical:
179
+ parts.append(f"[bold red]{n_critical} CRITICAL[/bold red]")
180
+ if n_high:
181
+ parts.append(f"[bold orange1]{n_high} HIGH[/bold orange1]")
182
+ console.print(" " + " · ".join(parts))
183
+ console.print()
184
+
185
+
186
+ def as_a2a_json(
187
+ graph: A2AGraph,
188
+ findings: list[A2AFinding],
189
+ score: int,
190
+ target: str,
191
+ ) -> str:
192
+ return json.dumps({
193
+ "target": target,
194
+ "agent_count": len(graph.nodes),
195
+ "edge_count": len(graph.edges),
196
+ "has_cycles": graph.has_cycles,
197
+ "max_depth": graph.max_depth,
198
+ "agents": [
199
+ {
200
+ "name": n.name,
201
+ "framework": n.framework,
202
+ "role": n.role,
203
+ "tools": n.tools,
204
+ "has_code_execution": n.has_code_execution,
205
+ "spawned_in_loop": n.spawned_in_loop,
206
+ "file": str(n.file),
207
+ "line": n.line,
208
+ }
209
+ for n in graph.nodes
210
+ ],
211
+ "edges": [
212
+ {
213
+ "caller": e.caller,
214
+ "callee": e.callee,
215
+ "call_type": e.call_type,
216
+ "passes_user_input": e.passes_user_input,
217
+ "callee_tools_scoped": e.callee_tools_scoped,
218
+ "file": str(e.file),
219
+ "line": e.line,
220
+ }
221
+ for e in graph.edges
222
+ ],
223
+ "findings": [
224
+ {
225
+ "severity": f.severity,
226
+ "rule_id": f.rule_id,
227
+ "message": f.message,
228
+ "detail": f.detail,
229
+ "node_name": f.node_name,
230
+ "owasp": f.owasp,
231
+ }
232
+ for f in findings
233
+ ],
234
+ "trust_score": score,
235
+ "status": _status_label(score),
236
+ }, indent=2)