agent-shield 0.8.0

Security scanner for AI agent extensions — offline-first, multi-framework, SARIF output
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

pub mod crewai;
pub mod cursor_rules;
pub mod gpt_actions;
pub mod langchain;
pub mod mcp;
pub mod openclaw;

use std::path::Path;

use crate::error::{Result, ShieldError};
use crate::ir::{Framework, ScanTarget};

/// An adapter detects a specific agent framework and loads its artifacts
/// into the unified IR.
pub trait Adapter: Send + Sync {
    /// The framework this adapter handles.
    fn framework(&self) -> Framework;

    /// Check if this adapter can handle the given directory.
    fn detect(&self, root: &Path) -> bool;

    /// Load artifacts from the directory into scan targets.
    /// When `ignore_tests` is true, test files are excluded before parsing.
    fn load(&self, root: &Path, ignore_tests: bool) -> Result<Vec<ScanTarget>>;
}

/// All registered adapters.
pub fn all_adapters() -> Vec<Box<dyn Adapter>> {
    vec![
        Box::new(mcp::McpAdapter),
        Box::new(openclaw::OpenClawAdapter),
        Box::new(crewai::CrewAiAdapter),
        Box::new(langchain::LangChainAdapter),
        Box::new(gpt_actions::GptActionsAdapter),
        Box::new(cursor_rules::CursorRulesAdapter),
    ]
}

/// Auto-detect all matching frameworks and load scan targets from each.
///
/// Repos may contain both MCP and OpenClaw artifacts — all matching
/// adapters contribute targets rather than stopping at the first match.
pub fn auto_detect_and_load(root: &Path, ignore_tests: bool) -> Result<Vec<ScanTarget>> {
    let adapters = all_adapters();
    let mut all_targets = Vec::new();

    for adapter in &adapters {
        if adapter.detect(root) {
            match adapter.load(root, ignore_tests) {
                Ok(targets) => all_targets.extend(targets),
                Err(e) => {
                    tracing::warn!(
                        framework = %adapter.framework(),
                        error = %e,
                        "adapter failed to load, skipping"
                    );
                }
            }
        }
    }

    if all_targets.is_empty() {
        return Err(ShieldError::NoAdapter(root.display().to_string()));
    }

    Ok(all_targets)
}