Metadata-Version: 2.4
Name: argus-redteam-agent
Version: 1.0.0
Summary: Argus RedTeam local security scan agent — code never leaves your infrastructure
Author-email: BlockSec <dev@blocksec.io>
License: Proprietary
Project-URL: Homepage, https://argus-redteam.io
Project-URL: Documentation, https://argus-redteam.io/docs/agent
Project-URL: Repository, https://github.com/block-s/argus-redteam
Project-URL: Bug Tracker, https://github.com/block-s/argus-redteam/issues
Keywords: security,sast,sca,vulnerability-scanner,semgrep
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Requires-Python: >=3.10
Description-Content-Type: text/markdown
Requires-Dist: click>=8.1
Requires-Dist: httpx>=0.27
Requires-Dist: semgrep>=1.70
Requires-Dist: cryptography>=42.0
Provides-Extra: ai
Requires-Dist: anthropic>=0.40; extra == "ai"
Requires-Dist: openai>=1.50; extra == "ai"

# argus-agent

Argus RedTeam local security scan agent. Runs SAST (semgrep) and SCA (Trivy)
entirely inside your infrastructure — no source code leaves your network.

## Installation

```bash
pip install argus-redteam-agent
```

Requires: Python 3.10+, semgrep, trivy (for dependency scan)

## Quick Start

### Online mode (uploads results to Argus dashboard)

```bash
argus-agent scan /path/to/repo \
  --target-name "my-service" \
  --api-key "$ARGUS_API_KEY" \
  --server "https://argus-origin.block-s.io"
```

### AI deep analysis — server mode (snippet-based, code stays local)

```bash
argus-agent scan /path/to/repo \
  --target-name "my-service" \
  --api-key "$ARGUS_API_KEY" \
  --server "https://argus-origin.block-s.io" \
  --ai-mode server --sensitivity full
```

### AI deep analysis — local mode (Claude API called directly, code never sent to Argus)

```bash
ANTHROPIC_API_KEY=sk-ant-... \
argus-agent scan /path/to/repo \
  --target-name "my-service" \
  --api-key "$ARGUS_API_KEY" \
  --server "https://argus-origin.block-s.io" \
  --ai-mode local
```

### Air-gap mode (results stay local)

```bash
# Scan and save to file
argus-agent airgap /path/to/repo \
  --target-name "my-service" \
  --passphrase "strong-passphrase"

# Decrypt and import via dashboard
argus-agent decrypt argus-my-service-20260101.enc --passphrase "strong-passphrase"
```

### Docker

```bash
docker run --rm \
  -v /path/to/repo:/scan-target \
  -e ARGUS_API_KEY=your-key \
  blocks/argus-agent:latest \
  --target-name my-service --server https://argus-origin.block-s.io
```

## Options

```
argus-agent scan --help
argus-agent airgap --help
```

## Sensitivity levels

| Level     | What is sent               |
|-----------|----------------------------|
| `full`    | Code snippets included     |
| `medium`  | SHA-256 hash only (default)|
| `minimal` | Finding count only         |

## AI modes

| Mode     | Where AI runs        | Code destination        |
|----------|----------------------|-------------------------|
| `off`    | No AI analysis       | —                       |
| `server` | Argus server (snippets only) | Snippets → Argus server |
| `local`  | Local machine (Claude API) | Code → Anthropic API   |

## License

Proprietary — see [argus-redteam.io](https://argus-redteam.io) for licensing.
