Skip to content

Releases: debu-sinha/agentsec

v0.4.5

23 Feb 19:21
@debu-sinha debu-sinha
v0.4.5
ea9e95a

Choose a tag to compare

View all tags
v0.4.5 Latest
Latest

v0.4.5

New Features

  • Inline finding suppression via # agentsec:ignore comments
  • .agentsecignore file support (gitignore-style path exclusions)
  • 5 new LLM provider credential patterns (Mistral, Together, Fireworks, Perplexity, DeepSeek)
  • OWASP ASI06/07/09 coverage: memory manipulation, multi-agent exploitation, audit logging checks
  • SHA-pinned all GitHub Actions in CI workflows
  • Version consistency CI check (tag vs pyproject.toml)
  • Test-context severity downgrade for skill scanner findings

Fixed

  • CycloneDX SBOM generation in publish workflow (v7.x CLI flag compatibility)
  • SBOM no longer included in dist/ (was causing PyPI publish rejection)
  • Attestation subject-path now uses multiline glob patterns
  • Fireworks AI credential pattern now detects fw_ prefix keys

Checks Added

  • CMM-001: World/group-writable memory files
  • CMM-002: Memory persistence without integrity checksums
  • CMA-001: Missing inter-agent authentication
  • CMA-002: Unrestricted agent spawning policies
  • CAL-001: Audit logging disabled
  • CAL-002: No log integrity protection

Stats

  • 425 tests passing, 2 skipped, 4 xfailed
  • 32+ named checks across 4 scanner modules
Assets 3
Loading

v0.4.4

18 Feb 21:04
@debu-sinha debu-sinha
v0.4.4
b235afb

Choose a tag to compare

View all tags
v0.4.4

Credential Scanner FP Hardening (Expert Swarm)

False Positive Fixes

  • Add well-known example values allowlist: AWS AKIAIOSFODNN7EXAMPLE, jwt.io canonical token, Databricks documentation tokens
  • Add entropy gating on extra patterns (OpenAI, Groq, Replicate, etc.) — previously only detect-secrets had entropy checks
  • Add character class diversity check: require 2+ of {lowercase, uppercase, digits} in post-prefix body
  • Expand placeholder vocabulary: demo, mock, stub, invalid, redacted, revoked, expired, todo, fixme
  • Expand prefix stripping: gsk_, r8_, pcsk_, co-, vercel_, AIza, sk-proj-, sk-svcacct-
  • Add private key body check: skip PEM blocks with trivially fake content (<10 chars)
  • Fix EXAMPLE word boundary to exclude domain names (example.com)

Stats

  • 324 tests passing, 1 skipped, 4 xfail
  • 70 adversarial Red Team tests (4 previously-known bugs now fixed)
  • All CI checks green across Python 3.10/3.12/3.13, Ubuntu/macOS/Windows
Loading

v0.4.1

17 Feb 00:50
@debu-sinha debu-sinha
v0.4.1
a53769b

Choose a tag to compare

View all tags
v0.4.1

agentsec v0.4.1

Security scanner and hardener for agentic AI installations, with reproducible evidence artifacts and OWASP Agentic Top 10 mapping.

Highlights

  • Four scanner modules: installation, skill, mcp, credential
  • Pre-install package gate for npm/pip workflows
  • Hardening profiles: workstation, vps, public-bot
  • OWASP ASI01-ASI10 posture scoring (0-100 + A-F grade)
  • SARIF/JSON output for CI and security tooling
  • Weekly MCP ecosystem dashboard in-repo

What’s New Since v0.4.0

  • Launch-hardening and documentation accuracy pass
  • Improved README flow with real demo screenshots
  • CLI reference expansion and command clarity improvements
  • Consistency fixes across benchmark/case-study evidence and docs
  • Dashboard improvements and disclaimer update
  • False-positive reduction for non-OpenClaw targets (CEX-001 scope fix)

Reproducibility and Evidence

  • Fixture benchmark:
    • docs/benchmarks/results/2026-02-15-v0.4.0.json
    • docs/benchmarks/results/2026-02-15-v0.4.0.md
  • Case study artifacts:
    • docs/case-studies/artifacts/
  • Top-50 MCP study:
    • docs/benchmarks/2026-02-top50-mcp-security-study.md
    • docs/benchmarks/top50/README.md
  • Evidence manifest:
    • docs/launch/LAUNCH_EVIDENCE_MANIFEST.md
    • docs/launch/REPRODUCIBILITY_SPEC.md

Install

pip install agentsec-ai

Quick Start

agentsec scan
agentsec harden -p workstation --apply
agentsec gate npm install some-package

CI Integration

Use the included action definition in:

  • action.yml

Validation Snapshot

  • ruff check src tests scripts: pass
  • pytest: 206 passed, 1 skipped
  • python scripts/repo_consistency_audit.py: pass

Notes

  • Screenshot/demo environment is intentionally insecure by design to demonstrate detection and hardening behavior.
  • Benchmark artifact filenames retain historical naming where noted; metadata reflects refreshed evidence runs.

Links

  • README: README.md
  • CLI reference: docs/cli-reference.md
  • Security policy: SECURITY.md
  • Contributing: CONTRIBUTING.md
Loading

v0.3.1

15 Feb 14:44
@debu-sinha debu-sinha
v0.3.1
c250036

Choose a tag to compare

View all tags
v0.3.1

What's New

Redesigned terminal UI — built from research across 5 expert security personas (CISO, pentest, DevSecOps, UX, brand).

  • Grade hero at top — security grade + score bar is the first thing you see (the screenshot moment)
  • Severity spectrum bar — proportional colored blocks showing finding distribution at a glance
  • OWASP tags inline — every finding tagged with its OWASP Agentic Top 10 category
  • Fix First panel — top 3 prioritized remediation actions with auto-fix commands
  • Scan progress animation — phase-by-phase Rich progress bar during scanning
  • Compact default output (~20 lines); --verbose for full details + OWASP posture table

Install / Upgrade

pip install --upgrade agentsec-ai
Loading