agentsentinel-cli 0.6.1__tar.gz → 0.7.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/DOCUMENTATION.md +110 -2
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/PKG-INFO +39 -1
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/README.md +38 -0
- agentsentinel_cli-0.7.0/agentsentinel_cli/a2a_report.py +236 -0
- agentsentinel_cli-0.7.0/agentsentinel_cli/a2a_rules.py +287 -0
- agentsentinel_cli-0.7.0/agentsentinel_cli/a2a_scanner.py +654 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/cli.py +132 -0
- agentsentinel_cli-0.7.0/agentsentinel_cli/suppress.py +79 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/pyproject.toml +1 -1
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/.gitignore +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/LICENSE +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/__init__.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/agent_mode.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/agent_mode_report.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/ai_probe.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/attacks/__init__.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/attacks/library.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/discover.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/discover_report.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/fingerprint.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/frameworks.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/inspect.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/inspect_report.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/mcp_client.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/mcp_report.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/mcp_rules.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/probe.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/probe_report.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/report.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/rules.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/scanner.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/secrets.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/secrets_report.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/secrets_rules.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/supply_chain_ai.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/supply_chain_report.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/supply_chain_rules.py +0 -0
- {agentsentinel_cli-0.6.1 → agentsentinel_cli-0.7.0}/agentsentinel_cli/target.py +0 -0
|
@@ -20,6 +20,7 @@ No server required. No Docker. Works on any Python agent file or live HTTP endpo
|
|
|
20
20
|
- [sentinel mcp scan](#sentinel-mcp-scan)
|
|
21
21
|
- [sentinel probe](#sentinel-probe)
|
|
22
22
|
- [sentinel ai-probe](#sentinel-ai-probe)
|
|
23
|
+
- [Finding Suppression](#finding-suppression)
|
|
23
24
|
- [Real-World Workflows](#real-world-workflows)
|
|
24
25
|
- [CI/CD Integration](#cicd-integration)
|
|
25
26
|
- [Reference](#reference)
|
|
@@ -119,6 +120,7 @@ TARGET can be a Python file, a directory, or a live HTTP endpoint URL.
|
|
|
119
120
|
| `--model TEXT` | `claude-haiku-4-5-20251001` | Claude model for AI summary |
|
|
120
121
|
| `--auth-header HEADER` | — | HTTP auth header for live endpoints, e.g. `Authorization: Bearer token` |
|
|
121
122
|
| `--fail-on [CRITICAL\|HIGH\|MEDIUM\|LOW]` | — | Exit code 1 if findings reach this severity |
|
|
123
|
+
| `--ignore-rule RULE_ID` | — | Suppress a finding by rule ID. Repeatable. Also reads `.sentinelignore` in the target directory |
|
|
122
124
|
|
|
123
125
|
#### What it shows
|
|
124
126
|
|
|
@@ -155,6 +157,9 @@ sentinel inspect http://my-agent.internal/chat \
|
|
|
155
157
|
# JSON output — pipe into jq, SIEM, dashboards
|
|
156
158
|
sentinel inspect my_agent.py --format json | jq '.fingerprint'
|
|
157
159
|
|
|
160
|
+
# Suppress a known-accepted finding while still gating on CRITICAL
|
|
161
|
+
sentinel inspect my_agent.py --fail-on CRITICAL --ignore-rule DANGEROUS_GRANTS
|
|
162
|
+
|
|
158
163
|
# CI gate — fail if any CRITICAL finding
|
|
159
164
|
sentinel inspect my_agent.py --fail-on CRITICAL
|
|
160
165
|
```
|
|
@@ -220,6 +225,7 @@ TARGET defaults to `.` (current directory, scanned recursively).
|
|
|
220
225
|
|------|---------|-------------|
|
|
221
226
|
| `--format [text\|json]` | `text` | Output format |
|
|
222
227
|
| `--fail-on [CRITICAL\|HIGH\|MEDIUM\|LOW]` | — | Exit code 1 if findings reach this severity |
|
|
228
|
+
| `--ignore-rule RULE_ID` | — | Suppress a finding by rule ID. Repeatable. Also reads `.sentinelignore` in the target directory |
|
|
223
229
|
| `--connect URL` | — | Pull live behavior data from a running AgentSentinel instance |
|
|
224
230
|
| `--api-key TEXT` | `$AGENTSENTINEL_API_KEY` | API key for `--connect` |
|
|
225
231
|
|
|
@@ -268,6 +274,14 @@ sentinel scan my_agent.py --format json
|
|
|
268
274
|
|
|
269
275
|
# Include live behavior data from a running AgentSentinel instance
|
|
270
276
|
sentinel scan my_agent.py --connect http://localhost:9000 --api-key $AGENTSENTINEL_KEY
|
|
277
|
+
|
|
278
|
+
# Suppress a noisy LOW finding and still gate on HIGH
|
|
279
|
+
sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT
|
|
280
|
+
|
|
281
|
+
# Stack multiple suppressions
|
|
282
|
+
sentinel scan ./agents/ --fail-on CRITICAL \
|
|
283
|
+
--ignore-rule MISSING_RATE_LIMIT \
|
|
284
|
+
--ignore-rule TOOL_SPRAWL
|
|
271
285
|
```
|
|
272
286
|
|
|
273
287
|
#### Example output
|
|
@@ -342,6 +356,7 @@ sentinel secrets ~/.claude/projects/ --severity LOW
|
|
|
342
356
|
| `--format [text\|json]` | `text` | Output format |
|
|
343
357
|
| `--fail-on [CRITICAL\|HIGH\|MEDIUM\|LOW]` | — | Exit code 1 if findings reach this severity |
|
|
344
358
|
| `--no-redact` | off | Show full matched values instead of masking them |
|
|
359
|
+
| `--ignore-rule RULE_ID` | — | Suppress a finding by rule ID. Repeatable. Also reads `.sentinelignore` in the target directory |
|
|
345
360
|
|
|
346
361
|
#### Choosing the right scope
|
|
347
362
|
|
|
@@ -597,8 +612,8 @@ Common false positives and how to handle them:
|
|
|
597
612
|
| `SG_UEN` | 9-digit numbers that happen to end in a letter | UENs are common in business documents — confirm the surrounding context |
|
|
598
613
|
|
|
599
614
|
If a finding is a confirmed false positive, it does not affect the finding count for `--fail-on`
|
|
600
|
-
evaluation — you still need to address it
|
|
601
|
-
|
|
615
|
+
evaluation — you still need to address it, suppress it with `--ignore-rule`, or restructure the
|
|
616
|
+
content to remove the match. See [Finding Suppression](#finding-suppression).
|
|
602
617
|
|
|
603
618
|
---
|
|
604
619
|
|
|
@@ -692,6 +707,7 @@ sentinel mcp scan --stdio "CMD" [OPTIONS]
|
|
|
692
707
|
| `--format [text\|json]` | `text` | Output format |
|
|
693
708
|
| `--timeout SECONDS` | `10.0` | Connection timeout |
|
|
694
709
|
| `--fail-on [CRITICAL\|HIGH\|MEDIUM\|LOW]` | — | Exit code 1 if findings reach this severity |
|
|
710
|
+
| `--ignore-rule RULE_ID` | — | Suppress a finding by rule ID. Repeatable. Also reads `.sentinelignore` in the working directory |
|
|
695
711
|
|
|
696
712
|
#### Transport support
|
|
697
713
|
|
|
@@ -740,6 +756,9 @@ sentinel mcp scan http://localhost:3000 --fail-on CRITICAL
|
|
|
740
756
|
|
|
741
757
|
# Longer timeout for slow servers
|
|
742
758
|
sentinel mcp scan http://remote-server.com/mcp --timeout 30
|
|
759
|
+
|
|
760
|
+
# CI gate — suppress a finding accepted at the infrastructure layer
|
|
761
|
+
sentinel mcp scan http://localhost:3000 --fail-on CRITICAL --ignore-rule NO_AUTH
|
|
743
762
|
```
|
|
744
763
|
|
|
745
764
|
#### Example output
|
|
@@ -958,6 +977,87 @@ sentinel ai-probe http://my-agent.com/chat --fail-on CRITICAL
|
|
|
958
977
|
|
|
959
978
|
---
|
|
960
979
|
|
|
980
|
+
## Finding Suppression
|
|
981
|
+
|
|
982
|
+
Use `--ignore-rule` and `.sentinelignore` to suppress specific findings by rule ID. Suppressed findings are excluded from both output display and `--fail-on` evaluation — they never break a CI gate.
|
|
983
|
+
|
|
984
|
+
Supported commands: `sentinel scan`, `sentinel mcp scan`, `sentinel supply-chain`, `sentinel secrets`, `sentinel inspect`.
|
|
985
|
+
|
|
986
|
+
### --ignore-rule flag
|
|
987
|
+
|
|
988
|
+
Suppress one or more rules for a single run. The flag is repeatable.
|
|
989
|
+
|
|
990
|
+
```bash
|
|
991
|
+
# Suppress a single rule
|
|
992
|
+
sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT
|
|
993
|
+
|
|
994
|
+
# Stack multiple suppressions
|
|
995
|
+
sentinel mcp scan http://localhost:3001 --fail-on CRITICAL \
|
|
996
|
+
--ignore-rule NO_AUTH \
|
|
997
|
+
--ignore-rule UNBOUNDED_INPUT
|
|
998
|
+
|
|
999
|
+
# Suppress during secrets scan
|
|
1000
|
+
sentinel secrets . --fail-on HIGH --ignore-rule SG_UEN
|
|
1001
|
+
```
|
|
1002
|
+
|
|
1003
|
+
### .sentinelignore file
|
|
1004
|
+
|
|
1005
|
+
For persistent, project-level suppressions, create a `.sentinelignore` file and commit it to source control. sentinel walks up from the target directory to find it — same discovery pattern as `.gitignore`.
|
|
1006
|
+
|
|
1007
|
+
```
|
|
1008
|
+
# .sentinelignore
|
|
1009
|
+
|
|
1010
|
+
# Comments start with #. Blank lines are ignored.
|
|
1011
|
+
# Rule IDs are case-insensitive.
|
|
1012
|
+
|
|
1013
|
+
MISSING_RATE_LIMIT # rate limiting enforced at API gateway layer
|
|
1014
|
+
SC03_HIDDEN_NETWORK_FIELDS # webhook field is for audit logging — verified safe
|
|
1015
|
+
NO_AUTH # MCP server is behind an authenticated reverse proxy
|
|
1016
|
+
```
|
|
1017
|
+
|
|
1018
|
+
sentinel searches for `.sentinelignore` starting from the target path and walking up to the filesystem root. For URL targets (`sentinel mcp scan`, `sentinel supply-chain`), it searches from the current working directory.
|
|
1019
|
+
|
|
1020
|
+
### Suppression notice
|
|
1021
|
+
|
|
1022
|
+
When findings are suppressed, sentinel prints a dim notice at the end of text output:
|
|
1023
|
+
|
|
1024
|
+
```
|
|
1025
|
+
1 finding suppressed by .sentinelignore / --ignore-rule: MISSING_RATE_LIMIT
|
|
1026
|
+
```
|
|
1027
|
+
|
|
1028
|
+
In JSON output, suppressed findings are absent from the `findings` array. The `--fail-on` threshold is evaluated only against the active (non-suppressed) findings.
|
|
1029
|
+
|
|
1030
|
+
### What to suppress — and what not to
|
|
1031
|
+
|
|
1032
|
+
Suppressions are appropriate for findings where the risk is genuinely accepted at another layer:
|
|
1033
|
+
|
|
1034
|
+
| Scenario | Appropriate suppression |
|
|
1035
|
+
|----------|------------------------|
|
|
1036
|
+
| Rate limiting handled at API gateway | `MISSING_RATE_LIMIT` |
|
|
1037
|
+
| MCP server behind authenticated proxy | `NO_AUTH` |
|
|
1038
|
+
| Known webhook field verified safe | `SC03_HIDDEN_NETWORK_FIELDS` |
|
|
1039
|
+
| Agent description intentionally omitted | `UNDESCRIBED_WRITE_AGENT` |
|
|
1040
|
+
|
|
1041
|
+
Do not suppress CRITICAL findings (`EXFILTRATION_PATH`, `CODE_EXECUTION_GRANT`, `HARDCODED_CREDENTIALS`, `SC01_DESCRIPTION_INJECTION`) without a very specific, documented reason. These represent confirmed active risk paths, not configuration preferences.
|
|
1042
|
+
|
|
1043
|
+
### Incremental CI adoption
|
|
1044
|
+
|
|
1045
|
+
The `.sentinelignore` + `--fail-on` combination is the recommended way to adopt CI gates incrementally:
|
|
1046
|
+
|
|
1047
|
+
```bash
|
|
1048
|
+
# Week 1 — gate only on CRITICAL, suppress anything that isn't actually critical
|
|
1049
|
+
sentinel scan ./agents/ --fail-on CRITICAL
|
|
1050
|
+
|
|
1051
|
+
# Week 2 — raise threshold to HIGH, suppress accepted HIGH findings
|
|
1052
|
+
echo "DANGEROUS_GRANTS" >> .sentinelignore
|
|
1053
|
+
sentinel scan ./agents/ --fail-on HIGH
|
|
1054
|
+
|
|
1055
|
+
# Week 3 — full posture gate, suppressions document accepted risk
|
|
1056
|
+
sentinel scan ./agents/ --fail-on MEDIUM
|
|
1057
|
+
```
|
|
1058
|
+
|
|
1059
|
+
---
|
|
1060
|
+
|
|
961
1061
|
## Real-World Workflows
|
|
962
1062
|
|
|
963
1063
|
### Workflow 1: Unknown agent found in production
|
|
@@ -1121,6 +1221,7 @@ jobs:
|
|
|
1121
1221
|
runs-on: ubuntu-latest
|
|
1122
1222
|
steps:
|
|
1123
1223
|
- uses: actions/checkout@v4
|
|
1224
|
+
# .sentinelignore in the repo root is picked up automatically
|
|
1124
1225
|
|
|
1125
1226
|
- name: Install sentinel
|
|
1126
1227
|
run: pip install "agentsentinel-cli[all]"
|
|
@@ -1146,6 +1247,13 @@ jobs:
|
|
|
1146
1247
|
run: sentinel mcp scan http://localhost:3000 --fail-on CRITICAL
|
|
1147
1248
|
```
|
|
1148
1249
|
|
|
1250
|
+
Add a `.sentinelignore` at the repo root to suppress known-accepted findings without weakening the gate threshold:
|
|
1251
|
+
|
|
1252
|
+
```
|
|
1253
|
+
# .sentinelignore — committed to source control
|
|
1254
|
+
MISSING_RATE_LIMIT # rate limiting handled at infra layer
|
|
1255
|
+
```
|
|
1256
|
+
|
|
1149
1257
|
### GitLab CI
|
|
1150
1258
|
|
|
1151
1259
|
```yaml
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Metadata-Version: 2.4
|
|
2
2
|
Name: agentsentinel-cli
|
|
3
|
-
Version: 0.
|
|
3
|
+
Version: 0.7.0
|
|
4
4
|
Summary: Agentic security CLI — AI analyst with memory, supply chain audit, MCP audit, red-team probing, and agent discovery
|
|
5
5
|
Project-URL: Homepage, https://github.com/jaydenaung/agentsentinel-cli
|
|
6
6
|
Project-URL: Repository, https://github.com/jaydenaung/agentsentinel-cli
|
|
@@ -195,6 +195,7 @@ sentinel scan my_agent.py
|
|
|
195
195
|
sentinel scan ./agents/
|
|
196
196
|
sentinel scan my_agent.py --fail-on CRITICAL # CI gate
|
|
197
197
|
sentinel scan my_agent.py --format json
|
|
198
|
+
sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT # suppress known-accepted finding
|
|
198
199
|
```
|
|
199
200
|
|
|
200
201
|
**Rules:**
|
|
@@ -299,6 +300,35 @@ sentinel discover --format json
|
|
|
299
300
|
|
|
300
301
|
---
|
|
301
302
|
|
|
303
|
+
## Finding suppression
|
|
304
|
+
|
|
305
|
+
Use `--ignore-rule` to suppress specific findings by rule ID. Suppressed findings are excluded from `--fail-on` evaluation and output — they don't break CI gates.
|
|
306
|
+
|
|
307
|
+
```bash
|
|
308
|
+
# Suppress a single finding for one run
|
|
309
|
+
sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT
|
|
310
|
+
|
|
311
|
+
# Stack multiple suppressions
|
|
312
|
+
sentinel mcp scan http://localhost:3001 --fail-on CRITICAL \
|
|
313
|
+
--ignore-rule NO_AUTH \
|
|
314
|
+
--ignore-rule UNBOUNDED_INPUT
|
|
315
|
+
```
|
|
316
|
+
|
|
317
|
+
For project-level suppressions, create a **`.sentinelignore`** file in your project root. sentinel walks up from the target directory to find it — the same discovery pattern as `.gitignore`.
|
|
318
|
+
|
|
319
|
+
```
|
|
320
|
+
# .sentinelignore
|
|
321
|
+
# Comments start with #
|
|
322
|
+
|
|
323
|
+
MISSING_RATE_LIMIT # rate limiting enforced at API gateway
|
|
324
|
+
SC03_HIDDEN_NETWORK_FIELDS # webhook field verified safe — used for audit logging
|
|
325
|
+
NO_AUTH # server is behind an authenticated reverse proxy
|
|
326
|
+
```
|
|
327
|
+
|
|
328
|
+
Supported on: `sentinel scan`, `sentinel mcp scan`, `sentinel supply-chain`, `sentinel secrets`, `sentinel inspect`.
|
|
329
|
+
|
|
330
|
+
---
|
|
331
|
+
|
|
302
332
|
## OWASP Top 10 for Agentic Applications 2026 coverage
|
|
303
333
|
|
|
304
334
|
| OWASP Risk | ID | sentinel coverage |
|
|
@@ -345,6 +375,13 @@ jobs:
|
|
|
345
375
|
run: sentinel mcp scan http://localhost:3001 --fail-on CRITICAL
|
|
346
376
|
```
|
|
347
377
|
|
|
378
|
+
Use a `.sentinelignore` file at the repo root to suppress known-accepted findings without weakening the gate threshold:
|
|
379
|
+
|
|
380
|
+
```
|
|
381
|
+
# .sentinelignore — committed to source control
|
|
382
|
+
MISSING_RATE_LIMIT # rate limiting handled at infra layer
|
|
383
|
+
```
|
|
384
|
+
|
|
348
385
|
---
|
|
349
386
|
|
|
350
387
|
## When to use analyst mode vs. static mode
|
|
@@ -352,6 +389,7 @@ jobs:
|
|
|
352
389
|
| Situation | Use |
|
|
353
390
|
|-----------|-----|
|
|
354
391
|
| CI/CD gate on every PR | Static rules (`--fail-on CRITICAL`) |
|
|
392
|
+
| Adopting CI gates incrementally | Static rules + `.sentinelignore` to suppress accepted risks |
|
|
355
393
|
| Investigating a specific server or codebase | `sentinel agentic` |
|
|
356
394
|
| First assessment of a new MCP server | `sentinel agentic` |
|
|
357
395
|
| Scheduled nightly security check | `sentinel agentic` (memory tracks drift) |
|
|
@@ -148,6 +148,7 @@ sentinel scan my_agent.py
|
|
|
148
148
|
sentinel scan ./agents/
|
|
149
149
|
sentinel scan my_agent.py --fail-on CRITICAL # CI gate
|
|
150
150
|
sentinel scan my_agent.py --format json
|
|
151
|
+
sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT # suppress known-accepted finding
|
|
151
152
|
```
|
|
152
153
|
|
|
153
154
|
**Rules:**
|
|
@@ -252,6 +253,35 @@ sentinel discover --format json
|
|
|
252
253
|
|
|
253
254
|
---
|
|
254
255
|
|
|
256
|
+
## Finding suppression
|
|
257
|
+
|
|
258
|
+
Use `--ignore-rule` to suppress specific findings by rule ID. Suppressed findings are excluded from `--fail-on` evaluation and output — they don't break CI gates.
|
|
259
|
+
|
|
260
|
+
```bash
|
|
261
|
+
# Suppress a single finding for one run
|
|
262
|
+
sentinel scan ./agents/ --fail-on HIGH --ignore-rule MISSING_RATE_LIMIT
|
|
263
|
+
|
|
264
|
+
# Stack multiple suppressions
|
|
265
|
+
sentinel mcp scan http://localhost:3001 --fail-on CRITICAL \
|
|
266
|
+
--ignore-rule NO_AUTH \
|
|
267
|
+
--ignore-rule UNBOUNDED_INPUT
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
For project-level suppressions, create a **`.sentinelignore`** file in your project root. sentinel walks up from the target directory to find it — the same discovery pattern as `.gitignore`.
|
|
271
|
+
|
|
272
|
+
```
|
|
273
|
+
# .sentinelignore
|
|
274
|
+
# Comments start with #
|
|
275
|
+
|
|
276
|
+
MISSING_RATE_LIMIT # rate limiting enforced at API gateway
|
|
277
|
+
SC03_HIDDEN_NETWORK_FIELDS # webhook field verified safe — used for audit logging
|
|
278
|
+
NO_AUTH # server is behind an authenticated reverse proxy
|
|
279
|
+
```
|
|
280
|
+
|
|
281
|
+
Supported on: `sentinel scan`, `sentinel mcp scan`, `sentinel supply-chain`, `sentinel secrets`, `sentinel inspect`.
|
|
282
|
+
|
|
283
|
+
---
|
|
284
|
+
|
|
255
285
|
## OWASP Top 10 for Agentic Applications 2026 coverage
|
|
256
286
|
|
|
257
287
|
| OWASP Risk | ID | sentinel coverage |
|
|
@@ -298,6 +328,13 @@ jobs:
|
|
|
298
328
|
run: sentinel mcp scan http://localhost:3001 --fail-on CRITICAL
|
|
299
329
|
```
|
|
300
330
|
|
|
331
|
+
Use a `.sentinelignore` file at the repo root to suppress known-accepted findings without weakening the gate threshold:
|
|
332
|
+
|
|
333
|
+
```
|
|
334
|
+
# .sentinelignore — committed to source control
|
|
335
|
+
MISSING_RATE_LIMIT # rate limiting handled at infra layer
|
|
336
|
+
```
|
|
337
|
+
|
|
301
338
|
---
|
|
302
339
|
|
|
303
340
|
## When to use analyst mode vs. static mode
|
|
@@ -305,6 +342,7 @@ jobs:
|
|
|
305
342
|
| Situation | Use |
|
|
306
343
|
|-----------|-----|
|
|
307
344
|
| CI/CD gate on every PR | Static rules (`--fail-on CRITICAL`) |
|
|
345
|
+
| Adopting CI gates incrementally | Static rules + `.sentinelignore` to suppress accepted risks |
|
|
308
346
|
| Investigating a specific server or codebase | `sentinel agentic` |
|
|
309
347
|
| First assessment of a new MCP server | `sentinel agentic` |
|
|
310
348
|
| Scheduled nightly security check | `sentinel agentic` (memory tracks drift) |
|
|
@@ -0,0 +1,236 @@
|
|
|
1
|
+
"""Rich terminal and JSON output for sentinel a2a — multi-agent trust analysis."""
|
|
2
|
+
|
|
3
|
+
import json
|
|
4
|
+
|
|
5
|
+
from rich.console import Console
|
|
6
|
+
from rich.panel import Panel
|
|
7
|
+
from rich.table import Table
|
|
8
|
+
from rich import box
|
|
9
|
+
from rich.text import Text
|
|
10
|
+
|
|
11
|
+
from agentsentinel_cli.a2a_scanner import A2AGraph, AgentNode, A2AEdge
|
|
12
|
+
from agentsentinel_cli.a2a_rules import A2AFinding, a2a_posture_score
|
|
13
|
+
|
|
14
|
+
console = Console()
|
|
15
|
+
|
|
16
|
+
_SEVERITY_COLOR = {
|
|
17
|
+
"CRITICAL": "bold red",
|
|
18
|
+
"HIGH": "bold orange1",
|
|
19
|
+
"MEDIUM": "bold yellow",
|
|
20
|
+
"LOW": "bold cyan",
|
|
21
|
+
}
|
|
22
|
+
_STATUS_COLOR = {
|
|
23
|
+
"TRUSTED": "bold green",
|
|
24
|
+
"WATCH": "bold yellow",
|
|
25
|
+
"ALERT": "bold orange1",
|
|
26
|
+
"CRITICAL": "bold red",
|
|
27
|
+
}
|
|
28
|
+
_FRAMEWORK_COLOR = {
|
|
29
|
+
"autogen": "cyan",
|
|
30
|
+
"langchain": "green",
|
|
31
|
+
"langgraph": "bright_green",
|
|
32
|
+
"crewai": "magenta",
|
|
33
|
+
"generic": "dim",
|
|
34
|
+
}
|
|
35
|
+
_ROLE_TAG = {
|
|
36
|
+
"orchestrator": "[bold white]orchestrator[/bold white]",
|
|
37
|
+
"worker": "[dim]worker[/dim]",
|
|
38
|
+
"peer": "[dim]peer[/dim]",
|
|
39
|
+
"unknown": "[dim]unknown[/dim]",
|
|
40
|
+
}
|
|
41
|
+
|
|
42
|
+
|
|
43
|
+
def _status_label(score: int) -> str:
|
|
44
|
+
if score >= 80:
|
|
45
|
+
return "TRUSTED"
|
|
46
|
+
if score >= 60:
|
|
47
|
+
return "WATCH"
|
|
48
|
+
if score >= 40:
|
|
49
|
+
return "ALERT"
|
|
50
|
+
return "CRITICAL"
|
|
51
|
+
|
|
52
|
+
|
|
53
|
+
def print_a2a_result(
|
|
54
|
+
graph: A2AGraph,
|
|
55
|
+
findings: list[A2AFinding],
|
|
56
|
+
score: int,
|
|
57
|
+
target: str,
|
|
58
|
+
) -> None:
|
|
59
|
+
status = _status_label(score)
|
|
60
|
+
status_color = _STATUS_COLOR[status]
|
|
61
|
+
|
|
62
|
+
console.print()
|
|
63
|
+
console.print(Panel.fit(
|
|
64
|
+
f"[bold white]AgentSentinel A2A Trust Analysis[/bold white]\n"
|
|
65
|
+
f"[dim]Target: {target}[/dim]",
|
|
66
|
+
border_style="bright_blue",
|
|
67
|
+
padding=(0, 2),
|
|
68
|
+
))
|
|
69
|
+
|
|
70
|
+
if not graph.nodes:
|
|
71
|
+
console.print(
|
|
72
|
+
"\n [yellow]No multi-agent patterns detected.[/yellow]\n"
|
|
73
|
+
" [dim]sentinel a2a recognises LangChain/LangGraph, AutoGen, and CrewAI patterns.[/dim]\n"
|
|
74
|
+
)
|
|
75
|
+
return
|
|
76
|
+
|
|
77
|
+
# ── Call graph summary ────────────────────────────────────────────────────
|
|
78
|
+
has_cycles = graph.has_cycles
|
|
79
|
+
max_depth = graph.max_depth
|
|
80
|
+
cycle_tag = "[bold red]⚠ cycle[/bold red]" if has_cycles else "[dim green]acyclic[/dim green]"
|
|
81
|
+
|
|
82
|
+
console.print(
|
|
83
|
+
f"\n [bold white]{len(graph.nodes)}[/bold white] agents "
|
|
84
|
+
f"[bold white]{len(graph.edges)}[/bold white] edges "
|
|
85
|
+
f"[bold white]{max_depth}[/bold white] max depth "
|
|
86
|
+
f"{cycle_tag}"
|
|
87
|
+
)
|
|
88
|
+
|
|
89
|
+
# ── Agent nodes table ─────────────────────────────────────────────────────
|
|
90
|
+
console.print()
|
|
91
|
+
node_table = Table(box=box.SIMPLE, show_header=True, header_style="dim", padding=(0, 1))
|
|
92
|
+
node_table.add_column("Agent", style="bold white", min_width=20)
|
|
93
|
+
node_table.add_column("Framework", width=12)
|
|
94
|
+
node_table.add_column("Role", width=14)
|
|
95
|
+
node_table.add_column("Tools", style="dim", max_width=30)
|
|
96
|
+
node_table.add_column("", width=16)
|
|
97
|
+
|
|
98
|
+
for node in graph.nodes:
|
|
99
|
+
fw_color = _FRAMEWORK_COLOR.get(node.framework, "white")
|
|
100
|
+
role_text = _ROLE_TAG.get(node.role, node.role)
|
|
101
|
+
tools_str = ", ".join(node.tools[:3]) + ("…" if len(node.tools) > 3 else "")
|
|
102
|
+
|
|
103
|
+
flags = Text()
|
|
104
|
+
if node.has_code_execution:
|
|
105
|
+
flags.append("⚠ code exec", style="bold red")
|
|
106
|
+
if node.spawned_in_loop:
|
|
107
|
+
if flags.plain:
|
|
108
|
+
flags.append(" ")
|
|
109
|
+
flags.append("⟲ in loop", style="bold orange1")
|
|
110
|
+
|
|
111
|
+
node_table.add_row(
|
|
112
|
+
node.name,
|
|
113
|
+
Text(node.framework, style=fw_color),
|
|
114
|
+
Text.from_markup(role_text),
|
|
115
|
+
tools_str or "—",
|
|
116
|
+
flags,
|
|
117
|
+
)
|
|
118
|
+
console.print(node_table)
|
|
119
|
+
|
|
120
|
+
# ── Call graph edges ──────────────────────────────────────────────────────
|
|
121
|
+
if graph.edges:
|
|
122
|
+
console.print(" [dim]Call graph:[/dim]")
|
|
123
|
+
shown: set[tuple[str, str]] = set()
|
|
124
|
+
for edge in graph.edges:
|
|
125
|
+
key = (edge.caller, edge.callee)
|
|
126
|
+
if key in shown:
|
|
127
|
+
continue
|
|
128
|
+
shown.add(key)
|
|
129
|
+
tags = []
|
|
130
|
+
if edge.passes_user_input:
|
|
131
|
+
tags.append("[bold orange1]passes input[/bold orange1]")
|
|
132
|
+
if not edge.callee_tools_scoped:
|
|
133
|
+
tags.append("[yellow]unscoped tools[/yellow]")
|
|
134
|
+
tag_str = " " + " ".join(tags) if tags else ""
|
|
135
|
+
arrow = "──►" if edge.call_type != "group_member" else "◄──►"
|
|
136
|
+
console.print(
|
|
137
|
+
f" [dim white]{edge.caller}[/dim white] "
|
|
138
|
+
f"[dim]{arrow}[/dim] "
|
|
139
|
+
f"[bold white]{edge.callee}[/bold white]"
|
|
140
|
+
f" [dim]{edge.call_type}[/dim]{tag_str}"
|
|
141
|
+
)
|
|
142
|
+
console.print()
|
|
143
|
+
|
|
144
|
+
# ── Findings ──────────────────────────────────────────────────────────────
|
|
145
|
+
if findings:
|
|
146
|
+
for f in findings:
|
|
147
|
+
color = _SEVERITY_COLOR.get(f.severity, "white")
|
|
148
|
+
console.print(
|
|
149
|
+
f" [{color}]● {f.severity:<8}[/{color}] "
|
|
150
|
+
f"[bold white]{f.rule_id}[/bold white]"
|
|
151
|
+
f" [dim]{f.owasp}[/dim]"
|
|
152
|
+
)
|
|
153
|
+
console.print(f" [dim] {f.message}[/dim]")
|
|
154
|
+
if f.detail:
|
|
155
|
+
console.print(f" [dim] {f.detail}[/dim]")
|
|
156
|
+
console.print()
|
|
157
|
+
else:
|
|
158
|
+
console.print(" [green]✓ No trust findings[/green]\n")
|
|
159
|
+
|
|
160
|
+
# ── Score footer ──────────────────────────────────────────────────────────
|
|
161
|
+
bar_filled = int(score / 5)
|
|
162
|
+
bar = "█" * bar_filled + "░" * (20 - bar_filled)
|
|
163
|
+
console.print(
|
|
164
|
+
f" Trust Score [{status_color}]{score:>3}/100[/{status_color}] "
|
|
165
|
+
f"[dim]{bar}[/dim] [{status_color}]{status}[/{status_color}]"
|
|
166
|
+
)
|
|
167
|
+
|
|
168
|
+
n_critical = sum(1 for f in findings if f.severity == "CRITICAL")
|
|
169
|
+
n_high = sum(1 for f in findings if f.severity == "HIGH")
|
|
170
|
+
|
|
171
|
+
console.print()
|
|
172
|
+
console.rule(style="bright_blue")
|
|
173
|
+
parts = [
|
|
174
|
+
f"[bold white]{len(graph.nodes)}[/bold white] agent{'s' if len(graph.nodes) != 1 else ''}",
|
|
175
|
+
f"[bold white]{len(graph.edges)}[/bold white] edge{'s' if len(graph.edges) != 1 else ''}",
|
|
176
|
+
f"[bold white]{len(findings)}[/bold white] finding{'s' if len(findings) != 1 else ''}",
|
|
177
|
+
]
|
|
178
|
+
if n_critical:
|
|
179
|
+
parts.append(f"[bold red]{n_critical} CRITICAL[/bold red]")
|
|
180
|
+
if n_high:
|
|
181
|
+
parts.append(f"[bold orange1]{n_high} HIGH[/bold orange1]")
|
|
182
|
+
console.print(" " + " · ".join(parts))
|
|
183
|
+
console.print()
|
|
184
|
+
|
|
185
|
+
|
|
186
|
+
def as_a2a_json(
|
|
187
|
+
graph: A2AGraph,
|
|
188
|
+
findings: list[A2AFinding],
|
|
189
|
+
score: int,
|
|
190
|
+
target: str,
|
|
191
|
+
) -> str:
|
|
192
|
+
return json.dumps({
|
|
193
|
+
"target": target,
|
|
194
|
+
"agent_count": len(graph.nodes),
|
|
195
|
+
"edge_count": len(graph.edges),
|
|
196
|
+
"has_cycles": graph.has_cycles,
|
|
197
|
+
"max_depth": graph.max_depth,
|
|
198
|
+
"agents": [
|
|
199
|
+
{
|
|
200
|
+
"name": n.name,
|
|
201
|
+
"framework": n.framework,
|
|
202
|
+
"role": n.role,
|
|
203
|
+
"tools": n.tools,
|
|
204
|
+
"has_code_execution": n.has_code_execution,
|
|
205
|
+
"spawned_in_loop": n.spawned_in_loop,
|
|
206
|
+
"file": str(n.file),
|
|
207
|
+
"line": n.line,
|
|
208
|
+
}
|
|
209
|
+
for n in graph.nodes
|
|
210
|
+
],
|
|
211
|
+
"edges": [
|
|
212
|
+
{
|
|
213
|
+
"caller": e.caller,
|
|
214
|
+
"callee": e.callee,
|
|
215
|
+
"call_type": e.call_type,
|
|
216
|
+
"passes_user_input": e.passes_user_input,
|
|
217
|
+
"callee_tools_scoped": e.callee_tools_scoped,
|
|
218
|
+
"file": str(e.file),
|
|
219
|
+
"line": e.line,
|
|
220
|
+
}
|
|
221
|
+
for e in graph.edges
|
|
222
|
+
],
|
|
223
|
+
"findings": [
|
|
224
|
+
{
|
|
225
|
+
"severity": f.severity,
|
|
226
|
+
"rule_id": f.rule_id,
|
|
227
|
+
"message": f.message,
|
|
228
|
+
"detail": f.detail,
|
|
229
|
+
"node_name": f.node_name,
|
|
230
|
+
"owasp": f.owasp,
|
|
231
|
+
}
|
|
232
|
+
for f in findings
|
|
233
|
+
],
|
|
234
|
+
"trust_score": score,
|
|
235
|
+
"status": _status_label(score),
|
|
236
|
+
}, indent=2)
|