conduct-cli 0.7.3__tar.gz → 0.7.4__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (39) hide show
  1. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/PKG-INFO +32 -1
  2. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/README.md +31 -0
  3. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/pyproject.toml +1 -1
  4. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/guard.py +6 -3
  5. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli.egg-info/PKG-INFO +32 -1
  6. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/setup.cfg +0 -0
  7. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/setup.py +0 -0
  8. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/__init__.py +0 -0
  9. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/api.py +0 -0
  10. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/guardmcp.py +0 -0
  11. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/hooks/__init__.py +0 -0
  12. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/hooks/base.py +0 -0
  13. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/hooks/posttooluse.py +0 -0
  14. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/hooks/precompact.py +0 -0
  15. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/hooks/pretooluse.py +0 -0
  16. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/hooks/session_parser.py +0 -0
  17. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/hooks/session_start.py +0 -0
  18. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/hooks/stop.py +0 -0
  19. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/log_util.py +0 -0
  20. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/main.py +0 -0
  21. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/mcp_server.py +0 -0
  22. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/memory.py +0 -0
  23. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli/paxel.py +0 -0
  24. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli.egg-info/SOURCES.txt +0 -0
  25. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli.egg-info/dependency_links.txt +0 -0
  26. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli.egg-info/entry_points.txt +0 -0
  27. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli.egg-info/requires.txt +0 -0
  28. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/src/conduct_cli.egg-info/top_level.txt +0 -0
  29. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_advisory_and_hook.py +0 -0
  30. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_bash_operator_signature.py +0 -0
  31. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_command_word_matcher.py +0 -0
  32. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_guard_policy.py +0 -0
  33. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_guard_savings.py +0 -0
  34. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_hook_syntax.py +0 -0
  35. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_journal_drain.py +0 -0
  36. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_log_util.py +0 -0
  37. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_proxy_env.py +0 -0
  38. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_signed_policy.py +0 -0
  39. {conduct_cli-0.7.3 → conduct_cli-0.7.4}/tests/test_switch.py +0 -0
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: conduct-cli
3
- Version: 0.7.3
3
+ Version: 0.7.4
4
4
  Summary: CLI for Conduct AI — secure, govern, install agents, manage projects, run tests
5
5
  Author-email: Conduct AI <hello@conductai.ai>
6
6
  License: MIT
@@ -152,6 +152,37 @@ That's it. Policy enforcement is active from the next tool call.
152
152
  | `conduct guard sync` | Pull latest policy, write hook to `~/.conductguard/hook.py`, register hook + MCP |
153
153
  | `conduct guard status` | Show today's spend, session count, and violations |
154
154
  | `conduct guard audit [--since 7d]` | Print recent guard events in a table |
155
+ | `conduct verify [--evidence FILE] [--strict] [--format json]` | Map guard events to OWASP Agentic Top 10; exit 1 in CI if blocked events (--strict) |
156
+ | `conduct guard discover` | Scan local environment for AI agents; report Guard coverage % |
157
+ | `conduct guard discover --register` | Register discovered agents under Guard |
158
+
159
+ ### Advisory mode
160
+
161
+ When advisory mode is enabled by your security admin, all policy violations are logged as "audited" instead of blocked — the developer sees a note but the tool call proceeds. The hook still posts every event to the audit log.
162
+
163
+ To check if advisory mode is active:
164
+ ```bash
165
+ conduct guard sync # shows "· advisory" badge if active
166
+ conduct guard status
167
+ ```
168
+
169
+ ### conduct verify
170
+
171
+ ```bash
172
+ # Map last 24h of guard events to OWASP Agentic Top 10
173
+ conduct verify
174
+
175
+ # Use a saved evidence file
176
+ conduct verify --evidence ./conduct-evidence.json
177
+
178
+ # CI mode — exit 1 if any blocked events
179
+ conduct verify --strict
180
+
181
+ # JSON output for downstream tooling
182
+ conduct verify --format json
183
+ ```
184
+
185
+ OWASP mapping: `no-rm-rf` → A04 Excessive Agency, `no-sudo` → A09 Privilege Escalation, `policy_signature_invalid` → A07 Insufficient Monitoring, etc. All 10 categories covered.
155
186
 
156
187
  ### How the PreToolUse hook works
157
188
 
@@ -124,6 +124,37 @@ That's it. Policy enforcement is active from the next tool call.
124
124
  | `conduct guard sync` | Pull latest policy, write hook to `~/.conductguard/hook.py`, register hook + MCP |
125
125
  | `conduct guard status` | Show today's spend, session count, and violations |
126
126
  | `conduct guard audit [--since 7d]` | Print recent guard events in a table |
127
+ | `conduct verify [--evidence FILE] [--strict] [--format json]` | Map guard events to OWASP Agentic Top 10; exit 1 in CI if blocked events (--strict) |
128
+ | `conduct guard discover` | Scan local environment for AI agents; report Guard coverage % |
129
+ | `conduct guard discover --register` | Register discovered agents under Guard |
130
+
131
+ ### Advisory mode
132
+
133
+ When advisory mode is enabled by your security admin, all policy violations are logged as "audited" instead of blocked — the developer sees a note but the tool call proceeds. The hook still posts every event to the audit log.
134
+
135
+ To check if advisory mode is active:
136
+ ```bash
137
+ conduct guard sync # shows "· advisory" badge if active
138
+ conduct guard status
139
+ ```
140
+
141
+ ### conduct verify
142
+
143
+ ```bash
144
+ # Map last 24h of guard events to OWASP Agentic Top 10
145
+ conduct verify
146
+
147
+ # Use a saved evidence file
148
+ conduct verify --evidence ./conduct-evidence.json
149
+
150
+ # CI mode — exit 1 if any blocked events
151
+ conduct verify --strict
152
+
153
+ # JSON output for downstream tooling
154
+ conduct verify --format json
155
+ ```
156
+
157
+ OWASP mapping: `no-rm-rf` → A04 Excessive Agency, `no-sudo` → A09 Privilege Escalation, `policy_signature_invalid` → A07 Insufficient Monitoring, etc. All 10 categories covered.
127
158
 
128
159
  ### How the PreToolUse hook works
129
160
 
@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
4
4
 
5
5
  [project]
6
6
  name = "conduct-cli"
7
- version = "0.7.3"
7
+ version = "0.7.4"
8
8
  description = "CLI for Conduct AI — secure, govern, install agents, manage projects, run tests"
9
9
  readme = "README.md"
10
10
  license = { text = "MIT" }
@@ -1699,7 +1699,8 @@ def cmd_guard_status(args):
1699
1699
  violations = [e for e in events if e.get("decision") == "blocked"]
1700
1700
 
1701
1701
  # Format spend figures
1702
- sessions = spend.get("sessions", 0)
1702
+ proxy_sessions = spend.get("sessions", 0)
1703
+ hook_sessions = spend.get("hook_sessions", 0)
1703
1704
  tokens_used = spend.get("tokens_used", 0)
1704
1705
  token_saved_pct = spend.get("token_saved_pct", 0)
1705
1706
  cost = spend.get("cost_usd", 0.0)
@@ -1707,14 +1708,16 @@ def cmd_guard_status(args):
1707
1708
 
1708
1709
  viol_summary = ""
1709
1710
  if violations:
1710
- rule_names = ", ".join(v.get("rule", "unknown") for v in violations[:3])
1711
+ rule_names = ", ".join(v.get("rule_id") or v.get("rule", "unknown") for v in violations[:3])
1711
1712
  viol_summary = f" ({rule_names} — blocked)"
1712
1713
 
1714
+ session_str = f"{proxy_sessions} proxy · {hook_sessions} direct"
1715
+
1713
1716
  print(f"\n{BOLD}Guard status{RESET} — {user_email}")
1714
1717
  print(f"{rule_count} polic{'y' if rule_count == 1 else 'ies'} active")
1715
1718
  print()
1716
1719
  print(f"Today:")
1717
- print(f" Sessions: {sessions}")
1720
+ print(f" Sessions: {session_str}")
1718
1721
  print(f" Tokens used: {tokens_used:,} (saved {token_saved_pct}% via optimization)")
1719
1722
  print(f" Cost: ${cost:.2f} (saved ${cost_saved:.2f})")
1720
1723
  print(f" Violations: {len(violations)}{viol_summary}")
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: conduct-cli
3
- Version: 0.7.3
3
+ Version: 0.7.4
4
4
  Summary: CLI for Conduct AI — secure, govern, install agents, manage projects, run tests
5
5
  Author-email: Conduct AI <hello@conductai.ai>
6
6
  License: MIT
@@ -152,6 +152,37 @@ That's it. Policy enforcement is active from the next tool call.
152
152
  | `conduct guard sync` | Pull latest policy, write hook to `~/.conductguard/hook.py`, register hook + MCP |
153
153
  | `conduct guard status` | Show today's spend, session count, and violations |
154
154
  | `conduct guard audit [--since 7d]` | Print recent guard events in a table |
155
+ | `conduct verify [--evidence FILE] [--strict] [--format json]` | Map guard events to OWASP Agentic Top 10; exit 1 in CI if blocked events (--strict) |
156
+ | `conduct guard discover` | Scan local environment for AI agents; report Guard coverage % |
157
+ | `conduct guard discover --register` | Register discovered agents under Guard |
158
+
159
+ ### Advisory mode
160
+
161
+ When advisory mode is enabled by your security admin, all policy violations are logged as "audited" instead of blocked — the developer sees a note but the tool call proceeds. The hook still posts every event to the audit log.
162
+
163
+ To check if advisory mode is active:
164
+ ```bash
165
+ conduct guard sync # shows "· advisory" badge if active
166
+ conduct guard status
167
+ ```
168
+
169
+ ### conduct verify
170
+
171
+ ```bash
172
+ # Map last 24h of guard events to OWASP Agentic Top 10
173
+ conduct verify
174
+
175
+ # Use a saved evidence file
176
+ conduct verify --evidence ./conduct-evidence.json
177
+
178
+ # CI mode — exit 1 if any blocked events
179
+ conduct verify --strict
180
+
181
+ # JSON output for downstream tooling
182
+ conduct verify --format json
183
+ ```
184
+
185
+ OWASP mapping: `no-rm-rf` → A04 Excessive Agency, `no-sudo` → A09 Privilege Escalation, `policy_signature_invalid` → A07 Insufficient Monitoring, etc. All 10 categories covered.
155
186
 
156
187
  ### How the PreToolUse hook works
157
188
 
File without changes
File without changes