Supply-chain security, capability intelligence, and trust system for AI agents

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bbrumley from gravatar.com bbrumley

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Bastion AI
  • Tags ai , security , agents , supply-chain , sbom , aibom
  • Requires: Python >=3.11
  • Provides-Extra: js , all , cloud
Classifiers
Report project as malware

Project description

Bastion AI

Supply-chain security, capability intelligence, and trust system for AI agents.

Bastion AI protects bot-first ecosystems by detecting malicious or risky skills/plugins/tools, tracking capability drift over time, and producing machine-readable security artifacts (Dynamic AIBOM).

Installation

pip install bastion-ai

For JavaScript/TypeScript analysis support:

pip install bastion-ai[js]

Quick Start

Initialize a project

cd your-agent-project
bastion init

This creates a .bastion/ directory with project configuration and prepares for scanning.

Scan for risks

bastion scan

Bastion auto-discovers plugins, skills, and tools in your project and analyzes them for:

  • System execution — subprocess, os.system, child_process, etc.
  • Network access — requests, fetch, urllib, etc.
  • Secret/environment access — os.environ, process.env, dotenv, etc.
  • Dynamic code execution — eval, exec, Function constructor, etc.
  • Obfuscation patterns — base64+exec, encoded strings, etc.

Check project status

bastion status

Connect to Bastion Cloud

bastion connect

Enables continuous monitoring, trust scores, and dashboard access.

How It Works

Plugin Discovery

Bastion automatically finds plugins by scanning:

  • Known framework directories (skills/, tools/, plugins/, extensions/)
  • Framework-specific patterns (OpenClaw, LangChain, AutoGPT, CrewAI)
  • File naming conventions (*_skill.py, *_tool.js, etc.)

Capability Analysis

Each discovered plugin is analyzed using:

  • Python: AST-based static analysis
  • JavaScript/TypeScript: esprima parsing with regex fallback

Risk Levels

Level Description
Critical System execution, dynamic code, obfuscation detected
High Network access, secret/env access detected
Medium New plugin without dangerous capabilities
Low No risky capabilities detected

Drift Detection

On subsequent scans, Bastion compares against the baseline to detect:

  • New plugins added since last scan
  • Modified plugins with changed capabilities
  • Removed plugins no longer present

Generated Artifacts

All artifacts are written to .bastion/:

File Description
security_state.json Overall security posture
capability_surface.json All plugin capabilities
drift_summary.json Changes since last scan
aibom.json Dynamic AI Bill of Materials
events.log.jsonl Rolling event log
baseline.json Baseline for drift comparison

CI/CD Usage

bastion init
bastion scan --ci

Exit codes:

  • 0 — No high-risk findings
  • 1 — High or Critical findings detected

Language Support

  • Python (.py)
  • JavaScript (.js, .jsx)
  • TypeScript (.ts, .tsx)

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bbrumley from gravatar.com bbrumley

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Bastion AI
  • Tags ai , security , agents , supply-chain , sbom , aibom
  • Requires: Python >=3.11
  • Provides-Extra: js , all , cloud
Classifiers

Release history Release notifications | RSS feed

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bastion_ai_security-0.1.0.tar.gz (18.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bastion_ai_security-0.1.0-py3-none-any.whl (21.4 kB view details)

Uploaded Python 3

File details

Details for the file bastion_ai_security-0.1.0.tar.gz.

File metadata

  • Download URL: bastion_ai_security-0.1.0.tar.gz
  • Upload date:
  • Size: 18.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.14.0

File hashes

Hashes for bastion_ai_security-0.1.0.tar.gz
Algorithm Hash digest
SHA256 6ba7f84cb5a258538e7bb3e112c4a594a9fb004451e1f3ad38fece2af2779345
MD5 0f20bb41f420c4c61bcda54fa401b493
BLAKE2b-256 a426ba6435f746e449f911da5662136cca1aa5decf22229011f6bc3d09085a28

See more details on using hashes here.

File details

Details for the file bastion_ai_security-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for bastion_ai_security-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 366db653636c415891826512690eb370dc9cbce75ba963e3d2b8f070bdf7d7f8
MD5 e6bcece6d925b08050695db923ccf6ea
BLAKE2b-256 45ecfbf73787a968b3319acd6b6bf14046031b456a0fba11cd44d61ef9bb4bdd

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page