agentsentinel-cli 0.8.0__tar.gz → 0.8.3__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. agentsentinel_cli-0.8.3/PKG-INFO +400 -0
  2. agentsentinel_cli-0.8.3/README.md +366 -0
  3. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/a2a_scanner.py +109 -0
  4. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/scanner.py +89 -1
  5. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/secrets_rules.py +89 -4
  6. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/pyproject.toml +5 -28
  7. agentsentinel_cli-0.8.0/PKG-INFO +0 -468
  8. agentsentinel_cli-0.8.0/README.md +0 -421
  9. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/.gitignore +0 -0
  10. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/DOCUMENTATION.md +0 -0
  11. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/LICENSE +0 -0
  12. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/__init__.py +0 -0
  13. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/a2a_report.py +0 -0
  14. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/a2a_rules.py +0 -0
  15. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/cli.py +0 -0
  16. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/discover.py +0 -0
  17. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/discover_report.py +0 -0
  18. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/fingerprint.py +0 -0
  19. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/frameworks.py +0 -0
  20. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/inspect.py +0 -0
  21. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/inspect_report.py +0 -0
  22. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/mcp_client.py +0 -0
  23. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/mcp_report.py +0 -0
  24. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/mcp_rules.py +0 -0
  25. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/report.py +0 -0
  26. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/rules.py +0 -0
  27. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/secrets.py +0 -0
  28. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/secrets_report.py +0 -0
  29. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/supply_chain_ai.py +0 -0
  30. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/supply_chain_report.py +0 -0
  31. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/supply_chain_rules.py +0 -0
  32. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/agentsentinel_cli/suppress.py +0 -0
  33. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/tmp/note.md +0 -0
  34. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/tmp/test-mcp-agent/README.md +0 -0
  35. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/tmp/test-mcp-agent/langchain_agent.py +0 -0
  36. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/tmp/test-mcp-agent/mcp_server.py +0 -0
  37. {agentsentinel_cli-0.8.0 → agentsentinel_cli-0.8.3}/tmp/test-mcp-agent/requirements.txt +0 -0
@@ -0,0 +1,400 @@
1
+ Metadata-Version: 2.4
2
+ Name: agentsentinel-cli
3
+ Version: 0.8.3
4
+ Summary: AI agent and MCP server security scanner — discovery, static analysis, supply chain audit, and multi-agent trust analysis
5
+ Project-URL: Homepage, https://github.com/jaydenaung/agentsentinel-cli
6
+ Project-URL: Repository, https://github.com/jaydenaung/agentsentinel-cli
7
+ Project-URL: Bug Tracker, https://github.com/jaydenaung/agentsentinel-cli/issues
8
+ License: Apache-2.0
9
+ License-File: LICENSE
10
+ Keywords: agent-security,agentic-security,ai-security,cli,devsecops,llm-security,mcp,mcp-security,owasp,red-team,scanner,supply-chain-security
11
+ Classifier: Development Status :: 4 - Beta
12
+ Classifier: Environment :: Console
13
+ Classifier: Intended Audience :: Developers
14
+ Classifier: Intended Audience :: Information Technology
15
+ Classifier: License :: OSI Approved :: Apache Software License
16
+ Classifier: Topic :: Security
17
+ Classifier: Topic :: Software Development :: Libraries :: Python Modules
18
+ Requires-Python: >=3.10
19
+ Requires-Dist: click>=8.0.0
20
+ Requires-Dist: rich>=13.0.0
21
+ Provides-Extra: ai
22
+ Requires-Dist: anthropic>=0.50.0; extra == 'ai'
23
+ Requires-Dist: httpx>=0.24.0; extra == 'ai'
24
+ Provides-Extra: all
25
+ Requires-Dist: anthropic>=0.50.0; extra == 'all'
26
+ Requires-Dist: httpx>=0.24.0; extra == 'all'
27
+ Requires-Dist: psutil>=5.9.0; extra == 'all'
28
+ Provides-Extra: discover
29
+ Requires-Dist: httpx>=0.24.0; extra == 'discover'
30
+ Requires-Dist: psutil>=5.9.0; extra == 'discover'
31
+ Provides-Extra: mcp
32
+ Requires-Dist: httpx>=0.24.0; extra == 'mcp'
33
+ Description-Content-Type: text/markdown
34
+
35
+ # agentsentinel-cli
36
+
37
+ [![PyPI version](https://img.shields.io/pypi/v/agentsentinel-cli)](https://pypi.org/project/agentsentinel-cli/)
38
+ [![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
39
+ [![Python](https://img.shields.io/pypi/pyversions/agentsentinel-cli)](https://pypi.org/project/agentsentinel-cli/)
40
+
41
+ **The nmap of AI agents and MCP servers. Deterministic. Protocol-based. No API key required.**
42
+
43
+ ```bash
44
+ pipx install agentsentinel-cli
45
+ ```
46
+
47
+ ---
48
+
49
+ ## What it does
50
+
51
+ `sentinel` discovers and audits AI agents and MCP servers. Every result is deterministic — same input, same output, every time. No cloud dependency, no API key required for any scan.
52
+
53
+ | Command | What it answers |
54
+ |---------|----------------|
55
+ | `sentinel discover` | What MCP servers are running on this host or network? |
56
+ | `sentinel mcp scan` | How secure is this specific MCP server? |
57
+ | `sentinel supply-chain` | Has this MCP tool manifest been tampered with? |
58
+ | `sentinel scan` | What security risks are in this agent's source code? |
59
+ | `sentinel secrets` | Are credentials or PII exposed in these files? |
60
+ | `sentinel inspect` | What framework, model, and role is this agent? |
61
+ | `sentinel a2a` | Are multi-agent trust boundaries safe? |
62
+
63
+ ---
64
+
65
+ ## Quick start
66
+
67
+ ```bash
68
+ # Discover MCP servers — local and across a network
69
+ sentinel discover
70
+ sentinel discover --host 10.0.1.45
71
+ sentinel discover --subnet 10.0.0.0/24
72
+ sentinel discover --subnet 10.0.0.0/24 --scan # discover + deep audit in one pass
73
+
74
+ # Audit a specific MCP server
75
+ sentinel mcp scan http://localhost:8000/sse --auth-header "Authorization: Bearer token"
76
+ sentinel supply-chain http://localhost:8000/sse
77
+
78
+ # Scan agent source code
79
+ sentinel scan ./agents/
80
+ sentinel a2a ./agents/
81
+
82
+ # Secrets and credentials
83
+ sentinel secrets .
84
+ sentinel secrets ~/.claude/projects/ # scan Claude Code memory
85
+ ```
86
+
87
+ ---
88
+
89
+ ## Install
90
+
91
+ ```bash
92
+ # Zero dependencies — sentinel scan and sentinel a2a
93
+ pip install agentsentinel-cli
94
+
95
+ # + sentinel discover (psutil for process scanning)
96
+ pip install "agentsentinel-cli[discover]"
97
+
98
+ # + sentinel mcp scan, supply-chain, inspect (httpx)
99
+ pip install "agentsentinel-cli[mcp]"
100
+
101
+ # Everything
102
+ pip install "agentsentinel-cli[all]"
103
+
104
+ # Recommended — isolated install
105
+ pipx install "agentsentinel-cli[all]"
106
+ ```
107
+
108
+ ---
109
+
110
+ ## Commands
111
+
112
+ ### `sentinel discover` — find MCP servers and agent processes
113
+
114
+ Confirms MCP servers via protocol handshake — not just open ports. A result means the MCP `initialize` exchange completed.
115
+
116
+ ```bash
117
+ # Local scan — processes + localhost ports
118
+ sentinel discover
119
+
120
+ # Single host
121
+ sentinel discover --host 10.0.1.45
122
+ sentinel discover --host 10.0.1.45 --auth-header "Authorization: Bearer token"
123
+
124
+ # Subnet sweep
125
+ sentinel discover --subnet 10.0.0.0/24
126
+ sentinel discover --subnet 10.0.0.0/24 --auth-header "Authorization: Bearer token"
127
+
128
+ # Discover + deep security audit in one pass
129
+ sentinel discover --host 10.0.1.45 --scan
130
+ sentinel discover --subnet 10.0.0.0/24 --scan
131
+
132
+ # Custom ports, Docker, JSON output
133
+ sentinel discover --ports 8000-9000
134
+ sentinel discover --docker
135
+ sentinel discover --format json
136
+ ```
137
+
138
+ **How it works:**
139
+ - Phase 1 — parallel TCP sweep across host:port combinations
140
+ - Phase 2 — MCP protocol handshake on every open port (streamable-HTTP, falls back to SSE)
141
+ - Auth enforcement verified: servers that accept unauthenticated connections stay CRITICAL even if you pass a token
142
+
143
+ **Risk levels:**
144
+ - `CRITICAL` — unauthenticated server with dangerous or write-scope tools
145
+ - `HIGH` — unauthenticated server with read-only tools
146
+ - `MEDIUM` — MCP server confirmed but auth rejected (credentials needed)
147
+ - `LOW` — authenticated, tools enumerated
148
+
149
+ ---
150
+
151
+ ### `sentinel mcp scan` — MCP server security audit
152
+
153
+ Enumerates all tools on a running MCP server and audits for authentication gaps, dangerous capabilities, injection surface, and exfiltration paths. Supports HTTP (streamable and SSE) and stdio transports.
154
+
155
+ ```bash
156
+ sentinel mcp scan http://localhost:8000/sse
157
+ sentinel mcp scan http://localhost:8000/sse --auth-header "Authorization: Bearer token"
158
+ sentinel mcp scan --stdio "python my_server.py"
159
+ sentinel mcp scan http://localhost:8000/sse --fail-on CRITICAL
160
+ sentinel mcp scan http://localhost:8000/sse --format json
161
+ ```
162
+
163
+ **Rules:**
164
+
165
+ | Rule | Severity | What it catches |
166
+ |------|----------|-----------------|
167
+ | `NO_AUTH` | CRITICAL | Server accepts tool enumeration with no credentials |
168
+ | `UNAUTH_DANGEROUS_EXEC` | CRITICAL | Dangerous tools callable without authentication |
169
+ | `EXFILTRATION_PATH` | CRITICAL | Internal-read tools + external-write tools on the same server |
170
+ | `CODE_EXECUTION_TOOL` | CRITICAL | Server exposes shell/exec/code execution tools |
171
+ | `UNBOUNDED_INPUT` | HIGH | `command`, `path`, `query`, `url`, `code` parameters with no constraints |
172
+ | `TOOL_SPRAWL` | MEDIUM | >10 tools across 5+ distinct categories |
173
+ | `VAGUE_TOOL_DESCRIPTIONS` | MEDIUM | Tools with fewer than 3 words in their description |
174
+
175
+ ---
176
+
177
+ ### `sentinel supply-chain` — MCP tool manifest audit
178
+
179
+ Audits an MCP server's tool manifest for supply chain compromise: description injection, name/capability mismatch, hidden network fields, schema gaps, and registry drift against a saved baseline.
180
+
181
+ Covers **ASI04** (Agentic Supply Chain Compromise).
182
+
183
+ ```bash
184
+ # Static rules
185
+ sentinel supply-chain http://localhost:8000/sse
186
+ sentinel supply-chain --stdio "python my_server.py"
187
+
188
+ # + Claude semantic analysis (catches subtle deception static rules miss)
189
+ sentinel supply-chain http://localhost:8000/sse --ai
190
+
191
+ # Baseline drift — detect changes over time
192
+ sentinel supply-chain http://localhost:8000/sse --save-baseline ./baseline.json
193
+ sentinel supply-chain http://localhost:8000/sse --baseline ./baseline.json
194
+
195
+ # CI gate
196
+ sentinel supply-chain http://localhost:8000/sse --fail-on CRITICAL
197
+ ```
198
+
199
+ **Rules:**
200
+
201
+ | Rule | Severity | What it catches |
202
+ |------|----------|-----------------|
203
+ | `SC01_DESCRIPTION_INJECTION` | CRITICAL | LLM-targeting phrases in tool descriptions |
204
+ | `SC06_REGISTRY_DRIFT` | CRITICAL | Tools added, removed, or schema/description changed vs. baseline |
205
+ | `SC02_NAME_CAPABILITY_MISMATCH` | HIGH | Read-only name (`get_`, `list_`) with write/dangerous capability |
206
+ | `SC03_HIDDEN_NETWORK_FIELDS` | HIGH | Schema accepts `url`, `webhook`, `endpoint` not disclosed in description |
207
+ | `SC04_SCHEMA_MISSING_ON_WRITE` | HIGH | Write/dangerous tool with no input schema |
208
+ | `SC05_DECEPTIVE_BENIGN_NAME` | MEDIUM | `help`, `summarize`, `format` masking dangerous capability |
209
+
210
+ ---
211
+
212
+ ### `sentinel scan` — static posture audit
213
+
214
+ AST analysis of Python agent source files. Detects exfiltration paths, dangerous grants, hardcoded credentials, and privilege excess. No API key required. Zero extra dependencies.
215
+
216
+ ```bash
217
+ sentinel scan my_agent.py
218
+ sentinel scan ./agents/
219
+ sentinel scan ./agents/ --fail-on CRITICAL
220
+ sentinel scan ./agents/ --format json
221
+ sentinel scan ./agents/ --ignore-rule DANGEROUS_GRANTS # suppress accepted finding
222
+ ```
223
+
224
+ **Rules:**
225
+
226
+ | Rule | Severity | Trigger |
227
+ |------|----------|---------|
228
+ | `EXFILTRATION_PATH` | CRITICAL | Internal-read AND external-write grants |
229
+ | `CODE_EXECUTION_GRANT` | CRITICAL | bash/exec/shell grants |
230
+ | `HARDCODED_CREDENTIALS` | CRITICAL | API keys in source |
231
+ | `PROMPT_INJECTION_VECTOR` | HIGH | Web-read + write grants |
232
+ | `LATERAL_MOVEMENT_PATH` | HIGH | Admin/IAM + infrastructure grants |
233
+ | `PRIVILEGE_EXCESS` | HIGH | Write grants on a read-only described agent |
234
+ | `DANGEROUS_GRANTS` | HIGH | Dangerous grants outside code execution category |
235
+ | `TOOL_SPRAWL` | MEDIUM | >10 tools across 5+ categories |
236
+ | `UNDESCRIBED_WRITE_AGENT` | MEDIUM | Write grants, no description |
237
+
238
+ ---
239
+
240
+ ### `sentinel secrets` — credentials, PII, and memory contamination
241
+
242
+ Scans agent files and memory stores for exposed API keys, credentials, PII, and content that leaked from tool call results into persistent memory. No API key required. Zero extra dependencies.
243
+
244
+ ```bash
245
+ sentinel secrets . # scan current directory
246
+ sentinel secrets ~/.claude/projects/ # scan Claude Code memory
247
+ sentinel secrets . --scope memory # memory files only
248
+ sentinel secrets . --severity HIGH # HIGH and CRITICAL only
249
+ sentinel secrets . --fail-on HIGH # CI gate
250
+ sentinel secrets . --format json
251
+ ```
252
+
253
+ **Detects:**
254
+
255
+ - Credentials: Anthropic, OpenAI, AWS, GitHub, Stripe, Google, HuggingFace API keys · private keys · database URLs · JWT tokens
256
+ - PII (global): email addresses · credit cards (Luhn-validated) · US SSN · US phone
257
+ - PII (Singapore): NRIC/FIN (mod-11 checksum-validated) · passport · mobile · landline · UEN · postal code
258
+ - Memory contamination: email + NRIC/SSN clusters from tool call results · system prompt leakage in memory files
259
+
260
+ ---
261
+
262
+ ### `sentinel inspect` — agent intelligence report
263
+
264
+ Fingerprints an agent file or live HTTP endpoint: framework, model, role (MCP server vs. MCP client vs. agent), system prompt, environment variables.
265
+
266
+ ```bash
267
+ sentinel inspect my_agent.py --no-ai
268
+ sentinel inspect mcp_server.py --no-ai
269
+ sentinel inspect http://localhost:8000
270
+ sentinel inspect ./agents/
271
+ ```
272
+
273
+ Correctly distinguishes:
274
+ - **MCP Server** — `mcp.server.*` imports (tool provider, no LLM)
275
+ - **MCP Client** — `mcp.client.*` imports (agent connecting to an MCP server)
276
+ - **AI Agent** — standalone LLM agent
277
+
278
+ With `ANTHROPIC_API_KEY` set, generates a plain English security summary.
279
+
280
+ ---
281
+
282
+ ### `sentinel a2a` — multi-agent trust analysis
283
+
284
+ Builds a call graph from Python agent source and audits trust boundaries. Detects injection propagation across agent boundaries, unbounded spawning, and code-execution agents accepting unverified delegations.
285
+
286
+ Supports **LangChain / LangGraph**, **AutoGen**, and **CrewAI**.
287
+
288
+ ```bash
289
+ sentinel a2a ./agents/
290
+ sentinel a2a multi_agent.py
291
+ sentinel a2a . --fail-on HIGH
292
+ sentinel a2a . --format json
293
+ ```
294
+
295
+ **Rules:**
296
+
297
+ | Rule | Severity | What it catches |
298
+ |------|----------|-----------------|
299
+ | `A2A03_IMPLICIT_TRUST` | CRITICAL | Code-execution agent accepts calls from other agents with no verification |
300
+ | `A2A04_PROMPT_PASSTHROUGH` | HIGH | User input flows directly across an agent boundary without sanitization |
301
+ | `A2A02_UNBOUNDED_SPAWNING` | HIGH | Agent instantiated inside a loop — unbounded creation risk |
302
+ | `A2A06_CIRCULAR_DELEGATION` | HIGH | Cycle in the call graph — agents can loop indefinitely under injection |
303
+ | `A2A05_UNSCOPED_DELEGATION` | MEDIUM | Orchestrator delegates full tool set instead of a restricted subset |
304
+
305
+ Covers **ASI07** (Insecure Inter-Agent Communication).
306
+
307
+ ---
308
+
309
+ ## Finding suppression
310
+
311
+ Use `--ignore-rule` to suppress findings by rule ID. Suppressed findings are excluded from `--fail-on` evaluation — they don't break CI gates.
312
+
313
+ ```bash
314
+ sentinel scan ./agents/ --fail-on HIGH --ignore-rule DANGEROUS_GRANTS
315
+ sentinel mcp scan http://localhost:8000/sse --fail-on CRITICAL \
316
+ --ignore-rule NO_AUTH \
317
+ --ignore-rule UNBOUNDED_INPUT
318
+ ```
319
+
320
+ For project-level suppressions, create a **`.sentinelignore`** file in your project root. `sentinel` walks up from the target to find it — same discovery pattern as `.gitignore`.
321
+
322
+ ```
323
+ # .sentinelignore
324
+ NO_AUTH # server is behind an authenticated reverse proxy
325
+ SC03_HIDDEN_NETWORK_FIELDS # webhook field verified safe — used for audit logging
326
+ ```
327
+
328
+ Supported on: `sentinel scan`, `sentinel a2a`, `sentinel mcp scan`, `sentinel supply-chain`, `sentinel secrets`, `sentinel inspect`.
329
+
330
+ ---
331
+
332
+ ## OWASP Top 10 for Agentic Applications 2026 coverage
333
+
334
+ | OWASP Risk | ID | sentinel coverage |
335
+ |------------|-----|------------------|
336
+ | Agent Goal Hijack | ASI01 | `sentinel scan` (PROMPT_INJECTION_VECTOR), `sentinel supply-chain` (SC01) |
337
+ | Tool Misuse & Exploitation | ASI02 | `sentinel mcp scan`, `sentinel scan` |
338
+ | Agent Identity & Privilege Abuse | ASI03 | `sentinel scan` (PRIVILEGE_EXCESS) |
339
+ | **Agentic Supply Chain Compromise** | **ASI04** | **`sentinel supply-chain`** (static + AI semantic analysis) |
340
+ | Unexpected Code Execution | ASI05 | `sentinel scan` (CODE_EXECUTION_GRANT), `sentinel mcp scan` (CODE_EXECUTION_TOOL) |
341
+ | **Memory & Context Poisoning** | **ASI06** | **`sentinel secrets`** (memory contamination, system prompt leakage) |
342
+ | **Insecure Inter-Agent Communication** | **ASI07** | **`sentinel a2a`** (call graph + trust rules) |
343
+ | Cascading Agent Failures | ASI08 | `sentinel discover` (surface unmonitored agents) |
344
+ | Rogue Agents | ASI10 | `sentinel discover` (find agents that shouldn't exist) |
345
+
346
+ ---
347
+
348
+ ## CI/CD integration
349
+
350
+ ```yaml
351
+ # .github/workflows/agent-security.yml
352
+ name: Agent Security
353
+ on: [pull_request]
354
+
355
+ jobs:
356
+ security:
357
+ runs-on: ubuntu-latest
358
+ steps:
359
+ - uses: actions/checkout@v4
360
+
361
+ - name: Install sentinel
362
+ run: pip install "agentsentinel-cli[mcp]"
363
+
364
+ - name: Posture scan
365
+ run: sentinel scan ./agents/ --fail-on CRITICAL
366
+
367
+ - name: Secrets scan
368
+ run: sentinel secrets . --fail-on HIGH
369
+
370
+ - name: MCP supply chain audit
371
+ run: sentinel supply-chain http://localhost:8000/sse --fail-on CRITICAL
372
+
373
+ - name: MCP security audit
374
+ run: sentinel mcp scan http://localhost:8000/sse --fail-on CRITICAL
375
+
376
+ - name: Multi-agent trust analysis
377
+ run: sentinel a2a ./agents/ --fail-on HIGH
378
+ ```
379
+
380
+ Use `.sentinelignore` at the repo root to suppress accepted risks without weakening the gate:
381
+
382
+ ```
383
+ # .sentinelignore — committed to source control
384
+ NO_AUTH # server is behind an authenticated reverse proxy
385
+ ```
386
+
387
+ ---
388
+
389
+ ## Requirements
390
+
391
+ - Python 3.10+
392
+ - No API key required for: `sentinel discover`, `sentinel mcp scan`, `sentinel supply-chain`, `sentinel scan`, `sentinel secrets`, `sentinel inspect --no-ai`, `sentinel a2a`
393
+ - `ANTHROPIC_API_KEY` required for: `sentinel supply-chain --ai`, `sentinel inspect` (AI summary)
394
+
395
+ ---
396
+
397
+ ## Related
398
+
399
+ - [AgentSentinel platform](https://github.com/jaydenaung/agentsentinel) — enterprise AI agent monitoring (Trust Score, behavior baselining, live dashboard)
400
+ - [OWASP Top 10 for Agentic Applications 2026](https://genai.owasp.org/resource/owasp-top-10-for-agentic-applications-for-2026/)