-
Notifications
You must be signed in to change notification settings - Fork 7
Expand file tree
/
Copy pathpyproject.toml
More file actions
277 lines (260 loc) · 10.4 KB
/
pyproject.toml
File metadata and controls
277 lines (260 loc) · 10.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
[build-system]
requires = ["setuptools>=68.0", "wheel"]
build-backend = "setuptools.build_meta"
[project]
name = "agent-bom"
version = "0.86.4"
description = "Open security scanner and self-hosted control plane for AI-era infrastructure."
readme = "PYPI_README.md"
license = "Apache-2.0"
license-files = ["LICENSE"]
requires-python = ">=3.11"
authors = [
{name = "Wagdy Saad", email = "andwgdysaad@gmail.com"}
]
keywords = ["ai-bom", "sbom", "mcp", "mcp-server", "security", "ai-agents", "vulnerability", "supply-chain", "owasp", "mitre-atlas", "nist-ai-rmf", "blast-radius", "cve", "llm-security", "remediation", "mcp-introspection", "openclaw", "ai-enrichment", "credential-exposure", "config-security", "ai-supply-chain", "ai-infrastructure", "gpu-security", "cuda", "pytorch", "openssf-scorecard", "malicious-package-detection", "runtime-monitoring", "model-provenance"]
classifiers = [
"Development Status :: 4 - Beta",
"Intended Audience :: Developers",
"Intended Audience :: Information Technology",
"Intended Audience :: System Administrators",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3 :: Only",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.13",
"Programming Language :: Python :: 3.14",
"Environment :: Console",
"Topic :: Security",
"Topic :: System :: Monitoring",
]
dependencies = [
"click>=8.0",
"rich>=13.0",
"httpx>=0.28.1", # Requires urllib3>=2.6.3 (CVE-2025-66418, CVE-2025-66471, CVE-2026-21441)
"pydantic>=2.0",
"cyclonedx-python-lib>=11.6", # Updated for better CycloneDX 1.6 support
"packageurl-python>=0.17",
"packaging>=24.0",
"toml>=0.10",
"pyyaml>=6.0",
"jsonschema>=4.0",
# Transitive dep pins — fix known CVEs flagged by OpenSSF/OSV
"jinja2>=3.1.6", # GHSA-cpwx-vrp4-4pq7, GHSA-gmj6-6f8f-6699 (sandbox breakout)
"werkzeug>=3.1.6", # GHSA-29vq-49wr-vm6x, GHSA-2g68-c3qc-8985, GHSA-87hc-h4r5-73f7, GHSA-f9vj-2wh5-fj8j, GHSA-hgf8-39gv-g3f2, GHSA-hrfv-mqp8-q5rw, GHSA-px8h-6qxv-m22q, GHSA-q34m-jh98-gwm2, GHSA-xg9f-g7g7-2323
"flask>=3.1.3", # GHSA-68rp-wp8r-4726, GHSA-m2qf-hxjv-5gpq (Vary: Cookie session exposure; transitive via mlflow)
"requests>=2.33.0", # GHSA-9hjg-9r4m-mvj7, GHSA-j8r2-6x86-q33q (session cookie leak)
# NOTE: nltk pin removed — safety (which pulled nltk) was replaced by pip-audit.
# nltk is not imported by agent-bom. Keeping it added 3 CVEs to Docker images.
"pyjwt>=2.12.0", # CVE-2026-32597 (crit header bypass) — transitive via auth
"tornado>=6.5.5", # CVE-2026-31958 (multipart DoS), GHSA-78cv-mqj4-43f7 (cookie injection) — transitive via streamlit
# NOTE: stale pyopenssl suppressions were retired after snowflake-connector-python moved to a compatible range.
# Tracked: https://github.com/msaad00/agent-bom/issues/930
]
[project.optional-dependencies]
api = [
"fastapi>=0.115",
"uvicorn[standard]>=0.32",
"sse-starlette>=2.1",
]
otel = [
"opentelemetry-api>=1.20",
"opentelemetry-sdk>=1.20",
"opentelemetry-exporter-otlp-proto-http>=1.20",
"protobuf>=6.33.5", # CVE-2022-1941, CVE-2026-0994 (ParseDict DoS) — transitive via otlp-proto-http
]
ui = [
"agent-bom[api]",
]
aws = ["boto3>=1.34"]
azure = [
"azure-identity>=1.15",
"azure-mgmt-cognitiveservices>=13.5",
"azure-mgmt-web>=7.2",
"azure-mgmt-containerinstance>=10.1",
"azure-mgmt-machinelearningservices>=1.0",
"azure-mgmt-containerservice>=30.0",
"azure-mgmt-resource>=23.0",
]
gcp = [
"google-cloud-aiplatform>=1.38",
"google-cloud-functions>=1.16",
"google-cloud-container>=2.36",
"google-cloud-run>=0.10",
"google-cloud-resource-manager>=1.12",
]
coreweave = [] # kubectl only — no pip packages
databricks = ["databricks-sdk>=0.20"]
snowflake = ["snowflake-connector-python>=3.6"]
nebius = ["requests>=2.33.0"] # GHSA-9hjg-9r4m-mvj7 (session cookie leak)
huggingface = ["huggingface-hub>=0.20"]
wandb = ["wandb>=0.16"]
# Temporarily unbundled from agent-bom extras until upstream MLflow CVEs are fixed.
# MLflow discovery still works if users install `mlflow` separately.
openai = ["openai>=1.12"]
ai-enrich = ["litellm>=1.83.7"]
graph = [
"networkx>=3.0",
"numpy>=1.26",
"scipy>=1.13",
]
pdf = []
postgres = ["psycopg[binary]>=3.1", "psycopg-pool>=3.1"]
watch = ["watchdog>=4.0"]
runtime = [
"psutil>=5.9", # Process + container discovery (--include-processes)
"cryptography>=46.0.7", # Proxy audit hash chain + response signing
]
visual = [
# Visual-leak detection on MCP screenshot/image tool responses.
# Opt-in because OCR is CPU-heavy — pilots without screen-capture MCPs
# don't pay for pytesseract at runtime. See issue #1568.
"Pillow>=10.0",
"pytesseract>=0.3.10",
]
mcp-server = [
"mcp>=1.26",
"smithery>=0.4",
]
dashboard = ["streamlit>=1.55.0", "plotly>=5.18.0", "pandas>=2.0.0"]
snyk = [] # Uses existing httpx dependency, no additional packages needed
interactive = ["prompt-toolkit>=3.0"]
oidc = [
"PyJWT>=2.8",
"cryptography>=46.0.7", # Buffer overflow advisory on older releases when non-contiguous buffers reach cryptography APIs
]
saml = [
"python3-saml>=1.16.0",
]
cloud = [
"agent-bom[aws]",
"agent-bom[azure]",
"agent-bom[gcp]",
"agent-bom[databricks]",
"agent-bom[snowflake]",
"agent-bom[nebius]",
"agent-bom[huggingface]",
"agent-bom[wandb]",
"agent-bom[openai]",
]
docs = [
"mkdocs-material>=9.5",
"mkdocstrings[python]>=0.24",
]
dev = [
"pytest>=7.0",
"pytest-asyncio>=0.21",
"ruff>=0.4",
"mypy>=1.0",
"types-PyYAML>=6.0",
"types-requests>=2.31",
"types-toml>=0.10",
"bandit>=1.9", # Static security analysis
"pytest-cov>=4.1", # Coverage reporting
"pytest-benchmark>=5.0", # Performance benchmarking — see docs/PERFORMANCE_BENCHMARKS.md
]
dev-all = [
"agent-bom[dev]",
"agent-bom[ui]",
"agent-bom[mcp-server]",
"agent-bom[graph]",
"agent-bom[postgres]",
]
[project.scripts]
agent-bom = "agent_bom.cli:cli_main"
agent-shield = "agent_bom.cli.shield:shield_main"
agent-cloud = "agent_bom.cli.cloud:cloud_main"
agent-iac = "agent_bom.cli.iac:iac_main"
agent-claw = "agent_bom.cli.claw:claw_main"
[project.entry-points."agent_bom.cloud_providers"]
agent_bom_builtin = "agent_bom.cloud:builtin_provider_registrations"
[project.entry-points."agent_bom.connectors"]
agent_bom_builtin = "agent_bom.connectors:builtin_connector_registrations"
[project.entry-points."agent_bom.inventory_parsers"]
agent_bom_builtin = "agent_bom.parsers:builtin_inventory_parser_registrations"
[project.urls]
Homepage = "https://github.com/msaad00/agent-bom"
Repository = "https://github.com/msaad00/agent-bom"
Issues = "https://github.com/msaad00/agent-bom/issues"
Changelog = "https://github.com/msaad00/agent-bom/releases"
Documentation = "https://github.com/msaad00/agent-bom#readme"
"Security Policy" = "https://github.com/msaad00/agent-bom/blob/main/SECURITY.md"
"Trust & Permissions" = "https://github.com/msaad00/agent-bom/blob/main/PERMISSIONS.md"
[tool.uv]
# Only install core deps by default — extras (cloud, dev) must be explicit.
# Prevents `uv sync` from pulling heavy optional deps (azure, gcp, etc.)
# which break on Python 3.14 and bloat CI/container builds.
default-groups = []
# Override litellm's stale exact transitive pin to avoid CVE-2026-28684.
override-dependencies = ["python-dotenv>=1.2.2"]
[tool.setuptools.packages.find]
where = ["src"]
[tool.setuptools.package-data]
agent_bom = ["mcp_registry.json", "ui_dist/**", "data/*.json"]
[tool.smithery]
server = "agent_bom.mcp_server:create_smithery_server"
[tool.pytest.ini_options]
asyncio_mode = "strict"
pythonpath = ["src"]
markers = [
"network: tests that require network access (OSV API)",
"slow: slow tests (e.g. large-scale perf benchmarks) — opt-in only",
]
[tool.mypy]
python_version = "3.11"
warn_unused_configs = true
disallow_untyped_defs = false # Phase 3: enable after remaining untyped modules are reduced
check_untyped_defs = true # Phase 2: check bodies of existing untyped functions
ignore_missing_imports = true # Third-party stubs (yaml, toml, requests)
no_implicit_optional = true
warn_redundant_casts = true
show_error_codes = true
# Phase 3 (per-module): strict typing for the enterprise/compliance surface.
# New modules land here first; expand the glob as older modules are retyped.
[[tool.mypy.overrides]]
module = [
"agent_bom.api.audit_log",
"agent_bom.api.auth",
"agent_bom.api.compliance_signing",
"agent_bom.api.dashboard_csp",
"agent_bom.api.exception_store",
"agent_bom.api.fleet_store",
"agent_bom.api.idempotency_store",
"agent_bom.api.mcp_observation_store",
"agent_bom.api.metrics",
"agent_bom.api.models",
"agent_bom.api.policy_store",
"agent_bom.api.schedule_store",
"agent_bom.api.scim",
"agent_bom.api.scim_store",
"agent_bom.api.storage_schema",
"agent_bom.api.tenant_quota",
"agent_bom.api.tenant_quota_store",
"agent_bom.api.tracing",
"agent_bom.models",
"agent_bom.backpressure",
"agent_bom.proxy_sandbox",
]
disallow_untyped_defs = true
disallow_incomplete_defs = true
warn_return_any = true
warn_unused_ignores = true
[tool.ruff]
line-length = 140 # Relaxed from 120 for CLI help strings
target-version = "py311"
[tool.ruff.lint]
# T201 = `print` found: library code under src/agent_bom/ routes all
# user-visible output through Rich (``console.print``) and everything else
# through the structured logger (``logging.getLogger(__name__)``). Bare
# ``print()`` is not allowed — it breaks MCP stdio, corrupts JSON API
# responses, and skips log aggregation / SIEM forwarding. This rule locks
# in the print -> logger migration (closes #1521).
select = ["E", "F", "I", "N", "T201", "W"]
ignore = []
[tool.ruff.lint.per-file-ignores]
"__init__.py" = ["F401"] # Allow unused imports in __init__.py
"fuzz/*.py" = ["N802", "T201"] # TestOneInput is required atheris entry; harnesses print repro output
"src/agent_bom/output/html.py" = ["E501"] # Inline HTML/CSS/JS template strings cannot be meaningfully wrapped
"src/agent_bom/cloud/*_cis_benchmark.py" = ["E501"] # CIS benchmark remediation strings are naturally long
# T201 allowlist — places where bare `print()` is legitimately the contract:
"scripts/*.py" = ["T201"] # Ops scripts — stdout is the documented interface
"tests/**/*.py" = ["T201"] # Pytest assertions + debug tracebacks