Quick Start

One-Command Setup

$ pip install securityagent-core
$ as-init
Detected: Claude Code, VS Code, Cursor
Configured protections for all tools

Start the Gateway

$ source .venv/bin/activate
$ uvicorn main:app --port 8000
Dashboard: http://localhost:8000/unified
Red Team: http://localhost:8000/redteam

Docker Compose

$ docker compose up -d
Gateway :8000, Breach Engine :8081, LLM Proxy :18790

Service Ports

ServicePortStart Command
API Gateway + Dashboard8000uvicorn main:app --port 8000
LLM Proxy18790python3 llm/llm_proxy.py --port 18790
Breach Engine8081uvicorn breach_intel.main:app --port 8081

IDE Integration

VS Code Extension

$ code --install-extension agnostic-security-4.31.0.vsix
Extension installed — status bar: "Data Protected from AI"

Context boundary architecture: AI tools cannot read sensitive file content. Files remain visible in Explorer and fully editable by developers. 10 defense layers including .copilotignore, search.exclude, LM API interceptor, Terminal Guard v4.

Cursor / Windsurf / VSCodium

$ cursor --install-extension agnostic-security-4.31.0.vsix
Or install from Open VSX marketplace

Chrome Extension

Covers 12 LLM web UIs: Claude, ChatGPT, Gemini, AI Studio, Copilot, Grok, Perplexity, DeepSeek, Meta AI, HuggingChat. Consent modal for critical PII with per-finding redact/mask/block/allow choices.

Claude Code Hooks

Configured automatically by as-init. Intercepts PreToolUse (Read/Edit/Write/Bash) and UserPromptSubmit. 4-layer prompt analysis: PII regex scan, intent keywords, Pydantic rules, Ollama LLM.

API Reference

Gateway Core

MethodEndpointDescription
POST/v1/chat/completionsSecure chat completions proxy (OpenAI-compatible). Use model: "auto" for smart routing.
GET/healthLiveness probe
GET/v1/auditQuery audit log entries
GET/dashboard-statsDashboard metrics (events, blocks, PII, latency)

Smart Routing

MethodEndpointDescription
GET/routing/modelsList all 14 models with capabilities, costs, speed, coding/reasoning scores
GET/routing/statsPer-provider request counts, latency (avg/p95), cost, failure rates
POST/routing/config?strategy=XChange strategy: auto/cheapest/fastest/best_quality/local_only
GET/routing/explain?prompt=XDry run — shows which model would be selected and why

Privacy Mode

MethodEndpointDescription
GET/privacyCurrent mode, cloud_llm_blocked, allowed_providers
POST/privacy?mode=XSet: full_privacy (local only), balanced, permissive

DLP Controls

MethodEndpointDescription
GET/dlp/controlsPer-type enable/block/confidence settings
PUT/dlp/controlsUpdate all DLP controls
PUT/dlp/controls/type/{name}Update single type (SSN, CC, Aadhaar, etc.)
PUT/dlp/controls/domainsSet egress domain allowlist

Smart Redaction

MethodEndpointDescription
GET/dlp/redaction-policyPer-type mode: block / redact / mask / allow
PUT/dlp/redaction-policyUpdate redaction policy
PUT/dlp/redaction-policy/type/{name}Set mode for single type
GET/dlp/redaction-statsStats: by_action, by_type, recent events
POST/dlp/redaction-restoreRestore tokenized value to original

4 modes: block (API keys, private keys), redact (SSN replaced with reversible token — AI never sees real value, response de-tokenized back), mask (****@domain.com), allow (pass through).

Ingress Guard

MethodEndpointDescription
GET/ingress/statsBlocked, throttled, allowed counts. Risk scores, session phases, cross-session reputation.

Shadow AI

MethodEndpointDescription
GET/shadow-aiScan for 12+ AI tools — detected vs approved vs unauthorized

Knowledge Graph

MethodEndpointDescription
GET/graph/statsNode/edge/event counts, nodes by type (AGENT, THREAT, DATA_ASSET, SESSION)

Block Rules

MethodEndpointDescription
GET/block-rulesList all block rules
POST/block-rulesAdd rule (keyword or regex)
DELETE/block-rules/{id}Remove a rule
POST/block-rules/testTest content against rules

Taxonomy Configuration

MethodEndpointDescription
GET/config/taxonomyActive breach taxonomy
PUT/config/taxonomyUpdate taxonomy (severity levels, breach types, detection hints)

Enterprise Features

RBAC (7 Roles)

RoleLevelAccess
super_admin100Full platform control
it_admin80Policies, DLP config, agent enrollment
analyst60Breach monitor, red team, ingress stats (read-only)
lead40Team-scoped stats only
auditor30Compliance dashboards, audit trails (read-only)
agent20API-only (send events, receive DLP responses)
developer10No dashboard. IDE notifications only.

Auth: X-Role header, EA_*_TOKENS env vars, console API key, or EA_DASHBOARD_TOKEN (backwards compat). Team scoping via X-Team header.

Enterprise Privacy

MethodEndpointDescription
GET/privacy/effectiveEffective privacy mode (resolves org → team hierarchy)
POST/privacy/orgOrg-wide policy with per-team overrides
POST/privacy/scheduleSchedule mode changes (cron + timezone)
GET/privacy/auditPolicy change audit trail

Admin Console

MethodEndpointDescription
GET/api/v1/policiesList all policies with version history
POST/api/v1/policiesCreate/update policy (auto-versioned)
POST/api/v1/agents/registerRegister agent (returns enrollment token)
POST/api/v1/agents/{id}/approveApprove pending agent
POST/api/v1/agents/{id}/revokeRevoke agent access
GET/api/v1/eventsCross-agent event stream
GET/api/v1/dashboardOrg-wide summary

Breach Engine

Runs on port 8081. Classifies 13 breach types (PII_EXPOSURE, CREDENTIAL_EXPOSURE, UNAUTHORIZED_ACCESS, etc.) with 3 severity levels. Immutable SHA-256 audit trail. Gateway bridge auto-emits on every block or PII detection.

MethodEndpointDescription
POST/eventsSubmit agent event for classification
GET/breachesList breaches (tenant-scoped)
GET/summaryBreach counts by type, severity, agent

Red Team & Eval

Docker Harness (55 agents)

$ docker compose -f docker-compose.redteam.yml up --build -d
$ docker exec agsec-attacker python3 /agents/run_all.py
84/84 detected (100%) — 55 agents, 10 OWASP categories

Browser Demo (/redteam)

Live attack simulation at http://localhost:8000/redteam. 55 agents make real API calls through the gateway and breach engine. Visual flow diagram with ingress guard risk scores, DLP detections, and breach classifications. 100% detection rate.

Test Suites (1,116)

# v4.32.0 — 1,116 tests across 31 suites
$ python3 scripts/test_privacy_mode.py # 28 PASS
$ python3 scripts/test_knowledge_graph.py # 33 PASS
$ python3 scripts/test_vuln_scanner.py # 45 PASS
$ python3 scripts/test_shadow_ai.py # 60 PASS
$ python3 scripts/test_ingress_guard.py # 54 PASS
$ python3 scripts/test_smart_router.py # 53 PASS
$ python3 scripts/test_admin_console.py # 51 PASS
$ python3 scripts/test_rbac.py # 95 PASS
$ python3 scripts/test_red_team.py # 52 PASS (274 attack techniques)
$ ... and 20 more suites + 55-agent Docker red-team harness

Reference

Key Environment Variables

VariableDefaultDescription
EA_GATEWAY_API_KEYSauto-generatedComma-separated API keys for gateway auth
EA_PRIVACY_MODEbalancedfull_privacy / balanced / permissive
EA_INGRESS_GUARDfalseEnable 6-layer ingress guard
EA_RBAC_ENABLEDtrueEnable role-based access control
EA_ALLOWED_DOMAINS(all)Comma-separated egress domain allowlist
EA_DASHBOARD_TOKEN(none)Bearer token for dashboard auth
EA_SHADOW_AI_ENABLEDtrueShadow AI detector toggle
EA_CODE_GUARD_ENABLEDtrueCode fingerprint guard toggle
EA_LETHAL_TRIFECTAtrueLethal Trifecta detector (Simon Willison)
EA_LLM_PROVIDERollamaLayer 2 LLM: ollama / anthropic / openai

Compliance Mapping

FrameworkCoverageFile
OWASP Top 10 for LLMs8/10owasp_mapping.json
NIST AI RMF + 800-5314/18nist_mapping.json
MITRE ATLAS11/14docs/MITRE_ATLAS_MAPPING.md
CSA ARIA12/15csa_aria_mapping.json

Architecture (25 components)

20 core components + 5 distribution channels. DLP Engine, API Gateway, LLM Proxy, Breach Engine, Block Rules, VS Code Extension, Chrome Extension, Auto-Instrumentation SDK, Privacy Mode, Knowledge Graph, Vulnerability Scanner, Code Fingerprint Guard, Shadow AI Detector, Security Memory Bridge, Smart Router, Admin Console, Red Team Agents, Ingress Guard, RBAC Middleware, Smart Redaction Engine. Distribution: CLI installer, pre-commit hooks, GitHub Action, admin dashboard, Docker.