Metadata-Version: 2.4
Name: klynx-comply
Version: 0.1.0
Summary: QUIET COYOTE — AI Agent Compliance Scanner by KlynxAI
License: Apache-2.0
Project-URL: Homepage, https://klynxai.com
Project-URL: Documentation, https://klynxai.com/docs/quiet-coyote
Project-URL: Repository, https://github.com/klynx-ai/klynxai-assistant
Project-URL: Bug Tracker, https://github.com/klynx-ai/klynxai-assistant/issues
Keywords: ai,agent,compliance,security,governance,llm,linting
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Topic :: Security
Classifier: Topic :: Software Development :: Quality Assurance
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Requires-Python: >=3.9
Description-Content-Type: text/markdown
Requires-Dist: click>=8.0
Provides-Extra: dev
Requires-Dist: pytest>=7; extra == "dev"
Requires-Dist: pytest-cov; extra == "dev"
Requires-Dist: black; extra == "dev"
Requires-Dist: ruff; extra == "dev"

# QUIET COYOTE — AI Agent Compliance Scanner

**`klynx-comply`** is an open-source CLI that scans AI agent codebases for security,
governance, and safety issues *before* deployment. Built by [KlynxAI](https://klynxai.com).

---

## Install

```bash
pip install klynx-comply
```

Or from source:

```bash
git clone https://github.com/klynx-ai/klynxai-assistant
cd tools/klynx-comply
pip install -e .
```

---

## Quick Start

```bash
# Scan current directory
klynx-comply scan

# Scan a specific path
klynx-comply scan ./my-agent-app

# Output as JSON (for CI/CD)
klynx-comply scan --format json --output report.json

# Output as SARIF (GitHub Code Scanning, VS Code, Azure DevOps)
klynx-comply scan --format sarif --output results.sarif

# Only report HIGH and above
klynx-comply scan --severity HIGH

# Fail CI only on CRITICAL
klynx-comply scan --fail-on critical

# Run specific checks only
klynx-comply scan --checks SC-001 --checks AT-001

# List all checks
klynx-comply checks
```

---

## Checks

| ID      | Category   | Name                          | Severity |
|---------|------------|-------------------------------|----------|
| SC-001  | Security   | Hardcoded Secrets             | CRITICAL |
| AT-001  | Governance | Audit Trail Coverage          | HIGH     |
| AG-001  | Security   | Auth Gating on Endpoints      | HIGH     |
| PII-001 | Privacy    | PII Handling Safety           | HIGH     |
| AP-001  | Governance | Agent Policy Envelope         | HIGH     |
| HO-001  | Safety     | Human Oversight Gates         | HIGH     |
| PI-001  | Security   | Prompt Injection Vulnerability| HIGH     |
| IV-001  | Security   | Input Validation at Boundaries| MEDIUM   |

---

## CI/CD Integration

### GitHub Actions

```yaml
- name: Agent compliance scan
  run: |
    pip install klynx-comply
    klynx-comply scan --format sarif --output results.sarif --fail-on high

- name: Upload SARIF
  uses: github/codeql-action/upload-sarif@v3
  with:
    sarif_file: results.sarif
```

### GitLab CI

```yaml
comply:
  script:
    - pip install klynx-comply
    - klynx-comply scan --format json --output gl-sast-report.json
  artifacts:
    reports:
      sast: gl-sast-report.json
```

---

## Suppression

Add `# comply:ignore` to a line to suppress all findings on that line:

```python
api_key = "test-key-for-unit-tests-only"  # comply:ignore
```

---

## Exit Codes

| Code | Meaning |
|------|---------|
| 0    | Compliant — no findings at or above `--fail-on` severity |
| 1    | Non-compliant — blocking findings found |
| 2    | Scan error |

---

## KlynxAI Integration

When run inside a KlynxAI-managed environment, `klynx-comply` integrates with:

- **Dragon Policy Engine** — auto-validates PolicyEnvelope usage
- **KlynxScan** — feeds findings into vulnerability dashboard
- **WarRoom AI** — compliance gate before deployment

---

## License

Apache 2.0 — free to use, modify, and distribute.

Built with by [KlynxAI](https://klynxai.com)
