assay-cli 2.17.0

CLI for Assay
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253

# Assay

[![Crates.io](https://img.shields.io/crates/v/assay-cli.svg)](https://crates.io/crates/assay-cli)
[![CI](https://github.com/Rul1an/assay/actions/workflows/ci.yml/badge.svg)](https://github.com/Rul1an/assay/actions/workflows/ci.yml)
[![License](https://img.shields.io/crates/l/assay-core.svg)](https://github.com/Rul1an/assay/blob/main/LICENSE)

**Policy-as-Code for AI Agents.**

Assay validates AI agent behavior against policies. Record traces, generate policies, run deterministic CI gates, produce evidence bundles for audit. Works with any MCP-compatible agent.

> **Open Core:** Engine + baseline packs are MIT/Apache-2.0.
> Compliance packs (EU AI Act, SOC2) are commercial.
> See [ADR-016](docs/architecture/ADR-016-Pack-Taxonomy.md).

## Install

```bash
cargo install assay-cli
```

## Quickstart

### From scratch

```bash
# Generate policy + config from project defaults
assay init --ci

# Run smoke tests (uses bundled traces, no API calls)
assay ci --config ci-eval.yaml --trace-file traces/ci.jsonl
```

### From an existing trace

```bash
# Generate policy from recorded agent behavior
assay init --from-trace trace.jsonl

# Validate
assay validate --config eval.yaml --trace-file trace.jsonl
```

### From an MCP Inspector session

```bash
# Import trace
assay import --format inspector session.json --out-trace traces/session.jsonl

# Run tests
assay run --config eval.yaml --trace-file traces/session.jsonl
```

## Commands

### Testing & Validation

| Command | What it does |
|---------|-------------|
| `assay run` | Execute test suite against trace file and write `run.json`/`summary.json`. |
| `assay ci` | CI-mode run. Adds `--sarif`, `--junit`, `--pr-comment` outputs. |
| `assay validate` | Stateless policy check. Text, JSON, or SARIF output. |
| `assay replay` | Replay from a self-contained bundle (offline, hermetic). |

### Policy & Config

| Command | What it does |
|---------|-------------|
| `assay init` | Scaffold project: policy, config, CI workflow. `--from-trace` for existing traces. |
| `assay generate` | Generate policy from trace or multi-run profile. `--heuristics` for entropy analysis. |
| `assay profile` | Multi-run stability profiling. Wilson interval gating. |
| `assay doctor` | Diagnose config, trace, and baseline issues. |
| `assay explain` | Step-by-step trace explanation against policy. Terminal, markdown, JSON output. |

### Evidence & Compliance

| Command | What it does |
|---------|-------------|
| `assay evidence export` | Create evidence bundle (tar.gz, content-addressed, Merkle root). |
| `assay evidence verify` | Verify bundle integrity. |
| `assay evidence lint` | Lint bundle with SARIF output. Supports `--pack` for compliance rules. |
| `assay evidence diff` | Diff two verified bundles (network, filesystem, process changes). |
| `assay evidence explore` | Interactive TUI explorer. |
| `assay evidence push/pull/list` | BYOS: S3, GCS, Azure Blob, R2, B2, MinIO. |
| `assay bundle create/verify` | Replay bundles (portable, offline test artifacts). |

### Runtime

| Command | What it does |
|---------|-------------|
| `assay mcp wrap` | Wrap an MCP process with policy enforcement (JSON-RPC over stdio). |
| `assay sandbox` | Landlock sandbox execution (Linux, rootless). |
| `assay monitor` | eBPF/LSM runtime enforcement (Linux, requires capabilities). |

### Misc

| Command | What it does |
|---------|-------------|
| `assay sim run` | Attack simulation suite (integrity, chaos, differential). |
| `assay import` | Import traces from MCP Inspector or JSON-RPC logs. |
| `assay tool sign/verify/keygen` | Ed25519 + DSSE tool signing. |
| `assay fix` | Interactive auto-fix suggestions for policy issues. |

## CI Integration

### GitHub Actions

```yaml
- uses: Rul1an/assay/assay-action@v2
```

The action installs assay, runs your gate, uploads SARIF to the Security tab, and posts a PR comment with results.

```yaml
# .github/workflows/assay.yml
name: Assay Gate
on: [push, pull_request]

permissions:
  contents: read
  pull-requests: write
  security-events: write

jobs:
  assay:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: Rul1an/assay/assay-action@v2
```

Or generate a workflow:

```bash
assay init --ci github   # writes .github/workflows/assay.yml
assay init --ci gitlab   # writes .gitlab-ci.yml
```

### Manual CI

```bash
assay ci \
  --config eval.yaml \
  --trace-file traces/golden.jsonl \
  --sarif reports/sarif.json \
  --junit reports/junit.xml \
  --pr-comment reports/pr-comment.md \
  --replay-strict
```

Exit codes: `0` pass, `1` test failure, `2` config error, `3` infra error.

## Configuration

Two files: a test config (`eval.yaml`) and a policy (`policy.yaml`).

**eval.yaml** — defines what to test:
```yaml
version: 1
suite: "my_agent"
model: "trace"
tests:
  - id: "deploy_args"
    input:
      prompt: "deploy_staging"
    expected:
      type: args_valid
      schema:
        deploy_service:
          type: object
          required: [env]
          properties:
            env: { type: string, enum: [staging, prod] }
```

**policy.yaml** — defines what's allowed:
```yaml
version: "1.0"
name: "my-policy"
allow: ["*"]
deny:
  - "exec"
  - "shell"
  - "bash"
constraints:
  - tool: "read_file"
    params:
      path:
        matches: "^/app/.*|^/data/.*"
```

Policy packs: `assay init --pack default|hardened|dev`

## Evidence Bundles

Tamper-evident `.tar.gz` bundles containing `manifest.json` (SHA-256 hashes, Merkle root) and `events.ndjson` (CloudEvents format, content-addressed IDs).

```bash
assay evidence export --profile profile.yaml --out bundle.tar.gz
assay evidence verify bundle.tar.gz
assay evidence lint --pack eu-ai-act-baseline bundle.tar.gz
assay evidence diff baseline.tar.gz current.tar.gz
```

## Python SDK

```bash
pip install assay
```

```python
from assay import AssayClient

client = AssayClient("traces.jsonl")
client.record_trace(tool_call)
```

Pytest plugin:
```python
@pytest.mark.assay(trace_file="test_traces.jsonl")
def test_agent():
    pass
```

## Project Structure

```
crates/
  assay-cli/        CLI binary
  assay-core/       Eval engine, store, trace replay, report formatters
  assay-metrics/    Built-in metrics (args_valid, sequence_valid, regex_match, etc.)
  assay-evidence/   Evidence bundles, lint engine, diff, sanitize
  assay-mcp-server/ MCP proxy for runtime enforcement
  assay-sim/        Attack simulation harness
  assay-monitor/    eBPF/LSM runtime (Linux)
  assay-policy/     Policy compilation (kernel + userspace tiers)
  assay-registry/   Pack registry client (DSSE, OIDC, lockfile)
  assay-common/     Shared types
  assay-ebpf/       Kernel eBPF programs
assay-python-sdk/   Python SDK (PyO3 + pytest plugin)
```

## Contributing

```bash
cargo test --workspace
cargo clippy --workspace --all-targets -- -D warnings
```

See [CONTRIBUTING.md](CONTRIBUTING.md).

## License

[MIT](LICENSE)