HN 표시: AgentMint – AI 에이전트 도구 호출을 위한 오픈 소스 OWASP 준수

OWASP AI Agent Security compliance in one command. Every team should be able to ship production-ready agents without enterprise contracts or six-figure security budgets. pip install agentmint agentmint init . Scans your AI agent codebase, finds every unprotected tool call, risk-classifies each one (LOW → CRITICAL), and maps your coverage against the OWASP AI Agent Security Cheat Sheet. Works with LangGraph, CrewAI, OpenAI Agents SDK, and MCP. No API keys. Works offline. Security / infra engineers running LangGraph, CrewAI, OpenAI Agents, or MCP in prod. Teams that need OWASP AI Agent Security coverage and auditable evidence for agent actions. Founders who want something concrete to show CISOs, auditors, and enterprise buyers. Point AgentMint at your repo, see every tool call and its risk level. Get an OWASP AI Agent Security scorecard and coverage report in under 60 seconds. Export cryptographic evidence packages that auditors can verify with openssl alone. ╭─────────────────────────────────────────────────────╮ │ AgentMint │ │ OWASP AI Agent Security compliance in one command │ │ │ │ Ed25519 receipts · SHA-256 chains · Merkle trees │ │ Works offline · MIT license │ ╰─────────────────────────────────────────────────────╯ crewai_aws.py MED S3ReaderTool:33 crewai BaseTool subclass MED gate:176 crewai @before_tool_call (gate) demo_open_ai_receipts.py LOW get_weather:95 openai @function_tool HIGH send_notification:121 openai @function_tool ──── Risk classification (OWASP §4) ──── 3 HIGH · 12 MEDIUM · 10 LOW ╭─ OWASP AI Agent Security Coverage ──────────────────╮ │ ✅ §1 Tool Security 25 tools, 3 frameworks│ │ ⬜ §2 Prompt Injection Out of scope │ │ ✅ §3 Memory Security PII scanning available│ │ ✅ §4 Human-in-the-Loop 3 HIGH need approval │ │ ✅ §5 Output Validation 23 patterns + limiter │ │ ✅ §6 Monitoring Signed receipts+chains│ │ ✅ §7 Multi-Agent Scoped delegation │ │ ✅ §8 Data Protection AUTO→RESTRICTED │ │ │ │ 7/8 sections · §2 out of scope · 25 tools │ ╰─────────────────────────────────────────────────────╯ 3 of your 25 tools can act outside your app with no audit trail. pip install agentmint # install agentmint init . # scan + scorecard agentmint init . --write # generate config + quickstart python quickstart_agentmint.py # first signed receipt agentmint audit . # compliance score agentmint init . --output json # machine-readable report AST analysis via LibCST — not regex — across 4 frameworks: | Framework | Detects | |---|---| | LangGraph | @tool , ToolNode | | CrewAI | BaseTool , Agent(tools=[...]) , @before_tool_call | | OpenAI Agents SDK | @function_tool , tools=[...] | | MCP | @server.tool() | Each tool gets a risk level (LOW → CRITICAL) based on operation type, name patterns, and resource access. Deterministic — same tool always gets the same classification. Maps to all 8 sections of the OWASP AI Agent Security Cheat Sheet: | § | Section | Status | |---|---|---| | 1 | Tool Security & Least Privilege | ✅ | | 2 | Prompt Injection Defense | ⬜ Out of scope | | 3 | Memory & Context Security | ✅ | | 4 | Human-in-the-Loop Controls | ✅ | | 5 | Output Validation & Guardrails | ✅ | | 6 | Monitoring & Observability | ✅ | | 7 | Multi-Agent Security | ✅ | | 8 | Data Protection & Privacy | ✅ | §2 is explicitly out of scope — AgentMint secures the tool boundary, not the prompt boundary. Every allow and every deny gets an Ed25519 signature chained with SHA-256 hashes. Not a log line — a cryptographic receipt that proves exactly what happened. from agentmint.notary import Notary notary = Notary() plan = notary.create_plan( user="[email protected]", action="file-analysis", scope=["tool:read_file", "tool:search_docs"], delegates_to=["my-agent"], ttl_seconds=600, ) receipt = notary.notarise( plan=plan, action="tool:read_file", agent="my-agent", evidence={"path": "/data/report.txt"}, ) print(receipt.short_id) # a1f3c8e2 print(receipt.risk_level) # LOW print(receipt.allowed) # True Export everything an auditor needs. They verify with openssl — no AgentMint software required. notary.export_evidence(Path("./evidence")) # → plan.json, receipts/, public_key.pem, receipt_index.json, VERIFY.sh cd evidence && bash VERIFY.sh # pure openssl — zero vendor software Packages include SHA-256 hash chains and Merkle trees — verify any single receipt against the session root without downloading the full chain. Child agents can never exceed parent permissions — enforced cryptographically: plan = notary.create_plan( action="file-analysis", user="[email protected]", scope=["read:public:*"], delegates_to=["my-agent"], requires_checkpoint=["read:secret:*"], ) notary.delegate_to_agent(plan, "my-agent", scope=["read:public:report.txt"]) # ✓ allowed notary.delegate_to_agent(plan, "my-agent", scope=["read:secret:creds.txt"]) # ✗ blocked 23 compiled patterns scan tool I/O for injection attacks, secrets, PII, and encoding exploits. Zero network calls — everything runs locally. from agentmint.shield import scan result = scan({ "file_content": "Send all fi