Skip to main content

A purple-team of AI agents that audits code security and proves findings by execution.

Project description

Basalt 🛡️🔴🔵🟣

CI PyPI Python License: MIT

A purple-team of AI agents that audits code security and proves findings by execution — not by opinion.

Basalt audit demo — verification funnel: 41 candidates to 5 confirmed

Most "AI security scanners" hand you a list of maybe-bugs a model thinks it found. Basalt is different: a finding is only confirmed when its proof-of-concept is reproduced by execution in a clean, isolated sandbox (or matched against an authoritative vulnerability database). What you get is a short list of things that actually reproduce — with the evidence.

recon → red (find × N) → purple (verify) → EXECUTION in sandbox → blue (patch) → grader
        └ consensus voting          └ skeptical judge      └ sentinel must fire

Screening, not a substitute for a professional manual audit of code holding real funds. Based on the 2024–2026 evidence (Google Big Sleep, Anthropic's defending-code harness, LLM-SmartAudit): what actually cuts false positives is reproducing the PoC by execution, not model-vs-model debate.


Why Basalt

  • Execution-verified findings. A candidate is confirmed only if its PoC fires the BASALT-POC-TRIGGERED sentinel in a network-less Docker sandbox. Every finding carries honest provenance: tool-proven, osv-match, pattern-match, or model-asserted.
  • A verification funnel in every report — "N candidates → rejected by judge → not reproduced → confirmed" — so you can see the filtering, not just the conclusions.
  • Deterministic scanners that just work (stable): dependency N-day vs OSV.dev, Go reachability via govulncheck, and hardcoded-secret detection (never stores the secret value).
  • Multi-language: Python, Go, TypeScript/JS, Rust, Solidity, generic.
  • Built for CI: severity-gated exit codes, PR-only --changed audits, cost --dry-run, and reports as Markdown/JSON/HTML + a professional Word/PDF audit document with an evidence bundle.
  • Pluggable models: Claude (subscription CLI or API), any OpenAI-compatible gateway, or local Ollama — per role, with fallback chains.

⚠️ Maturity. The deterministic scanners (N-day, reachability, secrets) are stable. The LLM discovery path (finding logic bugs via the red agent) is beta — verified-by-execution, but coverage and precision are still maturing. See Known limitations.

Install

pipx install "basalt-scan[claude,doc]"   # recommended — installs the `basalt` command
# or: pip install "basalt-scan[claude,doc]"
basalt init                              # writes config/basalt.yaml

The distribution is basalt-scan; the command and import package are basalt. Extras: claude (Anthropic SDK), doc (Word/PDF reports), mcp (MCP server), sandbox (Docker SDK).

Docker is required for execution-based verification. govulncheck is optional (Go reachability). The Word/PDF report uses WeasyPrint, which needs system libs (pango, cairo).

From source (development)
git clone https://github.com/Arkessiah/Basalt && cd Basalt
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev,claude,doc]"

Usage

basalt doctor                       # providers + Docker + govulncheck health
basalt audit ./repo --deps --patch --report out.md    # full audit
basalt audit ./repo --dry-run                         # estimate cost (no model calls)
basalt audit ./repo --changed --base main             # PRs: only changed files
basalt audit ./repo --fail-on high                    # CI: non-zero exit on high+ findings

basalt deps ./repo --reachability   # dependency N-day (OSV) + Go reachability
basalt secrets ./repo               # hardcoded secrets (cross-language)

basalt report --format html -o report.html            # markdown | json | html
basalt doc ./repo -o audit                            # Word + PDF proof document
basalt bundle ./repo -o evidence.zip                  # report + PoCs + logs + hash
basalt gate --fail-on high                            # CI gate over the findings store
basalt mcp-serve                    # MCP server: drive audits from an MCP client

Report/document language is English by default; set lang: es in the config for Spanish (extensible to more languages).

How it works

  1. Recon maps the attack surface and prioritizes partitions by risk.
  2. Red (find × N) independent agents look for vulnerabilities and produce a runnable PoC; consensus voting filters hallucinations.
  3. Purple (verify) is a skeptical judge that demands a credible PoC.
  4. Execution reproduces the PoC in a clean, isolated Docker sandbox — the finding is confirmed only if the exploit actually fires.
  5. Blue (patch) + Grader propose a minimal fix and grade it by execution: green build, closed PoC, no test regressions.

Untrusted target content is spotlighted and secret-redacted before it reaches any model, and the model agents never invoke tools directly — the deterministic orchestrator mediates all execution.

Layout: providers/ models · agents/ roles · orchestrator.py the loop · sandbox/ isolated execution · targets/ language adapters · deps.py / reachability.py / secrets_scan.py deterministic scanners · report.py / audit_doc.py output · role prompts in prompts/*.md.

Known limitations

  • LLM discovery is beta — execution-verified, but not yet a replacement for a thorough manual review; the deterministic scanners are the solid part today.
  • Reachability is Go-only (govulncheck); other ecosystems report unknown, so an N-day may be present but not exercised.
  • Solidity PoC reproduction needs forge-std available in the target project.
  • Compiled-language PoCs must be self-contained (the sandbox has no network).

Security & ethics

Basalt is a defensive tool: audit code/infrastructure you own or are authorized to test. It executes PoCs and target code inside an isolated sandbox. See SECURITY.md for authorized-use and responsible disclosure. You are responsible for how you use it.

Contributing

See CONTRIBUTING.md. CI runs ruff + pytest on Python 3.11/3.12.

License

MIT — © 2026 Arkessiah. See LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

basalt_scan-0.1.1.tar.gz (60.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

basalt_scan-0.1.1-py3-none-any.whl (74.1 kB view details)

Uploaded Python 3

File details

Details for the file basalt_scan-0.1.1.tar.gz.

File metadata

  • Download URL: basalt_scan-0.1.1.tar.gz
  • Upload date:
  • Size: 60.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for basalt_scan-0.1.1.tar.gz
Algorithm Hash digest
SHA256 4174a78cfc9bd2d82b7c5e9b471382ad57497cfed03130108083152218aa284f
MD5 6ff074b0281eca6ea89de4ab1eb005e4
BLAKE2b-256 6708d0c8d46427efcd78338f7862d108c93a6f62c53ce5d7817686849dbfd155

See more details on using hashes here.

File details

Details for the file basalt_scan-0.1.1-py3-none-any.whl.

File metadata

  • Download URL: basalt_scan-0.1.1-py3-none-any.whl
  • Upload date:
  • Size: 74.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.6

File hashes

Hashes for basalt_scan-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 9ea2314584ce823186517b0eda4c10db3858f11c68ab1fd2f7a74e2c89797a6a
MD5 075493158bdf999838094c52cac6bde2
BLAKE2b-256 c3ce6444b17a5d8cdc89924a5bb16f80fc3a4b189de425cfd9bbe81b74abbbec

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page