humanbound-cli 0.1.1__tar.gz → 0.3.0__tar.gz

{humanbound_cli-0.1.1 → humanbound_cli-0.3.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: humanbound-cli
-Version: 0.1.1
+Version: 0.3.0
 Summary: Humanbound CLI - command line interface for AI agent security testing.
 Author-email: Kostas Siabanis <hello@humanbound.ai>, Demetris Gerogiannis <hello@humanbound.ai>
 License: Apache-2.0
@@ -19,18 +19,21 @@ Requires-Dist: click>=8.1.0
 Requires-Dist: rich>=13.0.0
 Requires-Dist: requests>=2.32.0
 Requires-Dist: pyyaml>=6.0.0
+Provides-Extra: serve
+Requires-Dist: websockets>=12.0; extra == "serve"
 Provides-Extra: pytest
 Requires-Dist: pytest>=7.0.0; extra == "pytest"
 Provides-Extra: dev
 Requires-Dist: pytest>=7.0.0; extra == "dev"
 Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
 
-# Humanbound CLI (Beta)
+# Humanbound CLI
 
 > CLI-first security testing for AI agents and chatbots. Adversarial attacks, behavioral QA, posture scoring, and guardrails export — from your terminal to your CI/CD pipeline.
 
 [![PyPI](https://img.shields.io/pypi/v/humanbound-cli)](https://pypi.org/project/humanbound-cli/)
 [![License](https://img.shields.io/badge/license-proprietary-blue)]()
+[![Version](https://img.shields.io/badge/version-0.2.0-green)]()
 
 ```
 pip install humanbound-cli
@@ -113,7 +116,7 @@ hb test
 hb test -e ./bot-config.json
 
 # Choose test category and depth
-hb test -t owasp_multi_turn -l system
+hb test -t humanbound/adversarial/owasp_multi_turn -l system
 ```
 
 ### 4. Review results
@@ -285,6 +288,8 @@ Providers are LLM configurations used for running security tests.
 | `projects use <id>` | Select project |
 | `projects current` | Show current project |
 | `projects show [id]` | Show project details |
+| `projects update [id]` | Update project name/description |
+| `projects delete [id]` | Delete project (with confirmation) |
 
 <details>
 <summary><code>init</code> — scan bot & create project</summary>
@@ -324,27 +329,15 @@ Testing Level:
   --testing-level, -l   Depth of testing (default: unit)
                         unit | system | acceptance
 
-Chat Endpoint (required):
-  --chat-endpoint       Chat completion URL of the bot to test
-  --chat-header         Header for chat endpoint (repeatable)
-  --chat-payload        JSON payload template for chat
-
-Init Endpoint (optional):
-  --init-endpoint       Thread initialization URL
-  --init-header         Header for init endpoint (repeatable)
-  --init-payload        JSON payload for init
-
-Auth Endpoint (optional):
-  --auth-endpoint       Auth/token endpoint URL
-  --auth-header         Header for auth endpoint (repeatable)
-  --auth-payload        JSON payload for auth
+Endpoint Override (optional — only needed if no default integration):
+  -e, --endpoint        Bot integration config — JSON string or file path.
+                        Same shape as 'hb init --endpoint'. Overrides default.
 
 Other:
   --provider-id         Provider to use (default: first available)
   --name, -n            Experiment name (auto-generated if omitted)
   --lang                Language (default: english). Accepts codes: en, de, es...
   --adaptive            Enable adaptive mode (evolutionary attack strategy)
-  --streaming           Enable streaming mode (requires wss:// endpoint)
   --no-auto-start       Create without starting (manual mode)
   --wait, -w            Wait for completion
   --fail-on SEVERITY    Exit non-zero if findings >= severity
@@ -363,7 +356,8 @@ Other:
 | `experiments status <id> --watch` | Watch until completion |
 | `experiments wait <id>` | Wait with progressive backoff (30s -> 60s -> 120s -> 300s) |
 | `experiments logs <id>` | List experiment logs |
-| `experiments report <id>` | Download HTML report |
+| `experiments terminate <id>` | Stop a running experiment |
+| `experiments delete <id>` | Delete experiment (with confirmation) |
 
 `status` is also available as a top-level alias — without an ID it shows the most recent experiment:
 
@@ -371,14 +365,79 @@ Other:
 hb status [experiment_id] [--watch]
 ```
 
+### Findings
+
+Track long-term security vulnerabilities across experiments.
+
+| Command | Description |
+|---------|-------------|
+| `findings` | List findings (filterable by --status, --severity) |
+| `findings update <id>` | Update finding status or severity |
+
+Finding states: **open** → **stale** (30+ days unseen) → **fixed** (resolved). Findings can also **regress** (was fixed, reappeared).
+
+### Coverage
+
+| Command | Description |
+|---------|-------------|
+| `coverage` | Test coverage summary |
+| `coverage --gaps` | Include untested categories |
+
+### Campaigns
+
+Continuous security assurance with automated campaign management (ASCAM).
+
+| Command | Description |
+|---------|-------------|
+| `campaigns` | Show current campaign plan |
+| `campaigns break` | Stop a running campaign |
+
+ASCAM phases: Reconnaissance → Hardening → Red Teaming → Analysis → Monitoring
+
+### Upload Conversation Logs
+
+Evaluate real production conversations against security judges.
+
+| Command | Description |
+|---------|-------------|
+| `upload-logs <file>` | Upload JSON conversation logs |
+
+Options: `--tag`, `--lang`
+
+### API Keys
+
+| Command | Description |
+|---------|-------------|
+| `api-keys list` | List API keys |
+| `api-keys create` | Create new key (--name required, --scopes: admin/write/read) |
+| `api-keys update <id>` | Update key name, scopes, or active state |
+| `api-keys revoke <id>` | Revoke (delete) an API key |
+
+### Members
+
+| Command | Description |
+|---------|-------------|
+| `members list` | List organisation members |
+| `members invite <email>` | Invite member (--role: admin/developer) |
+| `members remove <id>` | Remove member |
+
 ### Results & Export
 
 ```bash
-# View experiment results (table, json, or csv)
-hb logs [experiment_id] [--format table] [--verdict pass|fail] [--page N] [--size N]
+# View experiment results
+hb logs [experiment_id] [--format table|json|html] [--verdict pass|fail] [--page N] [--size N]
+
+# Export branded HTML report
+hb logs <experiment_id> --format=html [-o report.html]
+
+# Security posture
+hb posture [--json] [--trends]
+
+# Test coverage
+hb coverage [--gaps] [--json]
 
-# Security posture score
-hb posture [--json]
+# Findings
+hb findings [--status open] [--severity high] [--json]
 
 # Export guardrails configuration
 hb guardrails [--vendor humanbound|openai] [--format json|yaml] [-o FILE]
@@ -406,7 +465,7 @@ hb switch abc123
 hb init -n "Support Bot" -e ./bot-config.json
 
 # Run adversarial test (uses project's default integration)
-hb test -t owasp_multi_turn -l unit
+hb test -t humanbound/adversarial/owasp_multi_turn -l unit
 
 # Watch and review
 hb status --watch

{humanbound_cli-0.1.1 → humanbound_cli-0.3.0}/README.md

@@ -1,9 +1,10 @@
-# Humanbound CLI (Beta)
+# Humanbound CLI
 
 > CLI-first security testing for AI agents and chatbots. Adversarial attacks, behavioral QA, posture scoring, and guardrails export — from your terminal to your CI/CD pipeline.
 
 [![PyPI](https://img.shields.io/pypi/v/humanbound-cli)](https://pypi.org/project/humanbound-cli/)
 [![License](https://img.shields.io/badge/license-proprietary-blue)]()
+[![Version](https://img.shields.io/badge/version-0.2.0-green)]()
 
 ```
 pip install humanbound-cli
@@ -86,7 +87,7 @@ hb test
 hb test -e ./bot-config.json
 
 # Choose test category and depth
-hb test -t owasp_multi_turn -l system
+hb test -t humanbound/adversarial/owasp_multi_turn -l system
 ```
 
 ### 4. Review results
@@ -258,6 +259,8 @@ Providers are LLM configurations used for running security tests.
 | `projects use <id>` | Select project |
 | `projects current` | Show current project |
 | `projects show [id]` | Show project details |
+| `projects update [id]` | Update project name/description |
+| `projects delete [id]` | Delete project (with confirmation) |
 
 <details>
 <summary><code>init</code> — scan bot & create project</summary>
@@ -297,27 +300,15 @@ Testing Level:
   --testing-level, -l   Depth of testing (default: unit)
                         unit | system | acceptance
 
-Chat Endpoint (required):
-  --chat-endpoint       Chat completion URL of the bot to test
-  --chat-header         Header for chat endpoint (repeatable)
-  --chat-payload        JSON payload template for chat
-
-Init Endpoint (optional):
-  --init-endpoint       Thread initialization URL
-  --init-header         Header for init endpoint (repeatable)
-  --init-payload        JSON payload for init
-
-Auth Endpoint (optional):
-  --auth-endpoint       Auth/token endpoint URL
-  --auth-header         Header for auth endpoint (repeatable)
-  --auth-payload        JSON payload for auth
+Endpoint Override (optional — only needed if no default integration):
+  -e, --endpoint        Bot integration config — JSON string or file path.
+                        Same shape as 'hb init --endpoint'. Overrides default.
 
 Other:
   --provider-id         Provider to use (default: first available)
   --name, -n            Experiment name (auto-generated if omitted)
   --lang                Language (default: english). Accepts codes: en, de, es...
   --adaptive            Enable adaptive mode (evolutionary attack strategy)
-  --streaming           Enable streaming mode (requires wss:// endpoint)
   --no-auto-start       Create without starting (manual mode)
   --wait, -w            Wait for completion
   --fail-on SEVERITY    Exit non-zero if findings >= severity
@@ -336,7 +327,8 @@ Other:
 | `experiments status <id> --watch` | Watch until completion |
 | `experiments wait <id>` | Wait with progressive backoff (30s -> 60s -> 120s -> 300s) |
 | `experiments logs <id>` | List experiment logs |
-| `experiments report <id>` | Download HTML report |
+| `experiments terminate <id>` | Stop a running experiment |
+| `experiments delete <id>` | Delete experiment (with confirmation) |
 
 `status` is also available as a top-level alias — without an ID it shows the most recent experiment:
 
@@ -344,14 +336,79 @@ Other:
 hb status [experiment_id] [--watch]
 ```
 
+### Findings
+
+Track long-term security vulnerabilities across experiments.
+
+| Command | Description |
+|---------|-------------|
+| `findings` | List findings (filterable by --status, --severity) |
+| `findings update <id>` | Update finding status or severity |
+
+Finding states: **open** → **stale** (30+ days unseen) → **fixed** (resolved). Findings can also **regress** (was fixed, reappeared).
+
+### Coverage
+
+| Command | Description |
+|---------|-------------|
+| `coverage` | Test coverage summary |
+| `coverage --gaps` | Include untested categories |
+
+### Campaigns
+
+Continuous security assurance with automated campaign management (ASCAM).
+
+| Command | Description |
+|---------|-------------|
+| `campaigns` | Show current campaign plan |
+| `campaigns break` | Stop a running campaign |
+
+ASCAM phases: Reconnaissance → Hardening → Red Teaming → Analysis → Monitoring
+
+### Upload Conversation Logs
+
+Evaluate real production conversations against security judges.
+
+| Command | Description |
+|---------|-------------|
+| `upload-logs <file>` | Upload JSON conversation logs |
+
+Options: `--tag`, `--lang`
+
+### API Keys
+
+| Command | Description |
+|---------|-------------|
+| `api-keys list` | List API keys |
+| `api-keys create` | Create new key (--name required, --scopes: admin/write/read) |
+| `api-keys update <id>` | Update key name, scopes, or active state |
+| `api-keys revoke <id>` | Revoke (delete) an API key |
+
+### Members
+
+| Command | Description |
+|---------|-------------|
+| `members list` | List organisation members |
+| `members invite <email>` | Invite member (--role: admin/developer) |
+| `members remove <id>` | Remove member |
+
 ### Results & Export
 
 ```bash
-# View experiment results (table, json, or csv)
-hb logs [experiment_id] [--format table] [--verdict pass|fail] [--page N] [--size N]
+# View experiment results
+hb logs [experiment_id] [--format table|json|html] [--verdict pass|fail] [--page N] [--size N]
+
+# Export branded HTML report
+hb logs <experiment_id> --format=html [-o report.html]
+
+# Security posture
+hb posture [--json] [--trends]
+
+# Test coverage
+hb coverage [--gaps] [--json]
 
-# Security posture score
-hb posture [--json]
+# Findings
+hb findings [--status open] [--severity high] [--json]
 
 # Export guardrails configuration
 hb guardrails [--vendor humanbound|openai] [--format json|yaml] [-o FILE]
@@ -379,7 +436,7 @@ hb switch abc123
 hb init -n "Support Bot" -e ./bot-config.json
 
 # Run adversarial test (uses project's default integration)
-hb test -t owasp_multi_turn -l unit
+hb test -t humanbound/adversarial/owasp_multi_turn -l unit
 
 # Watch and review
 hb status --watch

{humanbound_cli-0.1.1 → humanbound_cli-0.3.0}/humanbound_cli/__init__.py

@@ -1,3 +1,3 @@
 """Humanbound CLI - command line interface for AI agent security testing."""
 
-__version__ = "0.1.0"
+__version__ = "0.2.0"

{humanbound_cli-0.1.1 → humanbound_cli-0.3.0}/humanbound_cli/client.py

@@ -387,12 +387,9 @@ class HumanboundClient:
         return True
 
     def _exchange_for_api_token(self) -> None:
-        """Exchange Auth0 token for AIandMe API session token."""
-        # Always use production API for auth (token audience must match)
-        auth_base_url = get_auth0_audience()
-
+        """Exchange Auth0 token for API session token."""
         response = requests.get(
-            f"{auth_base_url}/auth",
+            f"{self.base_url}/auth",
             headers={"Authorization": f"Bearer {self._auth0_token}"},
             timeout=DEFAULT_TIMEOUT,
         )
@@ -870,6 +867,125 @@ class HumanboundClient:
         """
         self.delete(f"providers/{provider_id}")
 
+    # -------------------------------------------------------------------------
+    # Findings Methods
+    # -------------------------------------------------------------------------
+
+    def list_findings(self, project_id: str, status: Optional[str] = None, severity: Optional[str] = None, page: int = 1, size: int = 50) -> dict:
+        """List findings for a project."""
+        params = {"page": page, "size": size}
+        if status:
+            params["status"] = status
+        if severity:
+            params["severity"] = severity
+        return self.get(f"projects/{project_id}/findings", include_project=True, params=params)
+
+    def update_finding(self, project_id: str, finding_id: str, data: dict) -> dict:
+        """Update a finding."""
+        return self.put(f"projects/{project_id}/findings/{finding_id}", data=data)
+
+    # -------------------------------------------------------------------------
+    # Experiment Extensions
+    # -------------------------------------------------------------------------
+
+    def terminate_experiment(self, experiment_id: str) -> dict:
+        """Terminate a running experiment."""
+        return self.post(f"experiments/{experiment_id}/terminate", include_project=True)
+
+    def delete_experiment(self, experiment_id: str) -> Any:
+        """Delete an experiment."""
+        return self.delete(f"experiments/{experiment_id}", include_project=True)
+
+    # -------------------------------------------------------------------------
+    # Project Extensions
+    # -------------------------------------------------------------------------
+
+    def update_project(self, project_id: str, data: dict) -> dict:
+        """Update a project."""
+        return self.put(f"projects/{project_id}", data=data)
+
+    def delete_project(self, project_id: str) -> Any:
+        """Delete a project."""
+        return self.delete(f"projects/{project_id}")
+
+    # -------------------------------------------------------------------------
+    # API Key Methods
+    # -------------------------------------------------------------------------
+
+    def list_api_keys(self, page: int = 1, limit: int = 50) -> Any:
+        """List API keys."""
+        return self.get("api-keys", params={"page": page, "limit": limit}, include_org=False)
+
+    def create_api_key(self, name: str, scopes: str = "admin") -> dict:
+        """Create a new API key."""
+        return self.post("api-keys", data={"name": name, "scopes": scopes}, include_org=False)
+
+    def delete_api_key(self, key_id: str) -> Any:
+        """Delete an API key."""
+        return self.delete(f"api-keys/{key_id}", include_org=False)
+
+    def update_api_key(self, key_id: str, data: dict) -> dict:
+        """Update an API key."""
+        return self.put(f"api-keys/{key_id}", data=data, include_org=False)
+
+    # -------------------------------------------------------------------------
+    # Member Methods
+    # -------------------------------------------------------------------------
+
+    def list_members(self) -> Any:
+        """List organisation members."""
+        return self.get("members")
+
+    def invite_member(self, email: str, access_level: str) -> dict:
+        """Invite a member to the organisation."""
+        return self.post("members", data={"email": email, "access_level": access_level})
+
+    def remove_member(self, member_id: str) -> Any:
+        """Remove a member from the organisation."""
+        return self.delete(f"members/{member_id}")
+
+    # -------------------------------------------------------------------------
+    # Coverage Methods
+    # -------------------------------------------------------------------------
+
+    def get_coverage(self, project_id: str, include_gaps: bool = False) -> dict:
+        """Get test coverage for a project."""
+        params = {"include_gaps": "true"} if include_gaps else {}
+        return self.get(f"projects/{project_id}/coverage", params=params)
+
+    # -------------------------------------------------------------------------
+    # Posture Trends Methods
+    # -------------------------------------------------------------------------
+
+    def get_posture_trends(self, project_id: str) -> Any:
+        """Get posture trend history for a project."""
+        return self.get(f"projects/{project_id}/posture/trends")
+
+    # -------------------------------------------------------------------------
+    # Campaign Methods
+    # -------------------------------------------------------------------------
+
+    def get_campaign_plan(self, project_id: str) -> dict:
+        """Get the current campaign plan for a project."""
+        return self.get(f"projects/{project_id}/plan")
+
+    def break_campaign(self, project_id: str, campaign_id: str) -> dict:
+        """Break/stop a running campaign."""
+        return self.post(f"projects/{project_id}/plan/break", data={"campaign_id": campaign_id})
+
+    # -------------------------------------------------------------------------
+    # Upload Conversations Methods
+    # -------------------------------------------------------------------------
+
+    def upload_conversations(self, project_id: str, conversations: list, tag: Optional[str] = None, lang: Optional[str] = None) -> dict:
+        """Upload conversation logs for evaluation."""
+        data = {"conversations": conversations}
+        if tag:
+            data["tag"] = tag
+        if lang:
+            data["lang"] = lang
+        return self.post(f"projects/{project_id}/datasets/conversations", data=data, include_project=True)
+
 
 # Import ValidationError to this module
 from .exceptions import ValidationError

humanbound_cli-0.3.0/humanbound_cli/commands/__init__.py

@@ -0,0 +1,27 @@
+"""CLI command modules."""
+
+from . import (
+    auth, orgs, projects, experiments, init, test, logs, posture,
+    guardrails, docs, providers, findings, api_keys, members,
+    coverage, campaigns, upload_logs,
+)
+
+__all__ = [
+    "auth",
+    "orgs",
+    "projects",
+    "experiments",
+    "init",
+    "test",
+    "logs",
+    "posture",
+    "guardrails",
+    "docs",
+    "providers",
+    "findings",
+    "api_keys",
+    "members",
+    "coverage",
+    "campaigns",
+    "upload_logs",
+]