Supply-chain security, capability intelligence, and trust system for AI agents

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bbrumley from gravatar.com bbrumley

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Bastion AI
  • Tags ai , security , agents , supply-chain , sbom , aibom
  • Requires: Python >=3.11
  • Provides-Extra: js , all
Classifiers
Report project as malware

Project description

Bastion AI

Supply-chain security, capability intelligence, and trust system for AI agents.

Bastion AI protects bot-first ecosystems by detecting malicious or risky skills/plugins/tools, tracking capability drift over time, and producing machine-readable security artifacts (Dynamic AIBOM).

Installation

pip install bastion-ai-security

For JavaScript/TypeScript analysis support:

pip install bastion-ai-security[js]

PyPI: https://pypi.org/project/bastion-ai-security/

Quick Start

Initialize a project

cd your-agent-project
bastion init

This creates a .bastion/ directory with project configuration and prepares for scanning.

Scan for risks

bastion scan

Bastion auto-discovers plugins, skills, and tools in your project and analyzes them for:

  • System execution — subprocess, os.system, child_process, etc.
  • Network access — requests, fetch, urllib, etc.
  • Secret/environment access — os.environ, process.env, dotenv, etc.
  • Dynamic code execution — eval, exec, Function constructor, etc.
  • Obfuscation patterns — base64+exec, encoded strings, etc.

Check project status

bastion status

Connect to Bastion Cloud

bastion connect

Links your project to Bastion Cloud for continuous monitoring, trust scores, and a security dashboard.

After connecting, the CLI prints a claim URL — click it to link the project to your account on the dashboard. If you're not signed in yet, you'll be prompted to sign in first, and the project will be linked automatically.

Dashboard: https://bastion-ai-hub.replit.app

How It Works

Plugin Discovery

Bastion automatically finds plugins by scanning:

  • Known framework directories (skills/, tools/, plugins/, extensions/)
  • Framework-specific patterns (OpenClaw, LangChain, AutoGPT, CrewAI)
  • File naming conventions (*_skill.py, *_tool.js, etc.)

Capability Analysis

Each discovered plugin is analyzed using:

  • Python: AST-based static analysis
  • JavaScript/TypeScript: esprima parsing with regex fallback

Risk Levels

Level Description
Critical System execution, dynamic code, obfuscation detected
High Network access, secret/env access detected
Medium New plugin without dangerous capabilities
Low No risky capabilities detected

Drift Detection

On subsequent scans, Bastion compares against the baseline to detect:

  • New plugins added since last scan
  • Modified plugins with changed capabilities
  • Removed plugins no longer present

Generated Artifacts

All artifacts are written to .bastion/:

File Description
security_state.json Overall security posture
capability_surface.json All plugin capabilities
drift_summary.json Changes since last scan
aibom.json Dynamic AI Bill of Materials
events.log.jsonl Rolling event log
baseline.json Baseline for drift comparison

CI/CD Usage

bastion init
bastion scan --ci

Exit codes:

  • 0 — No high-risk findings
  • 1 — High or Critical findings detected

Language Support

  • Python (.py)
  • JavaScript (.js, .jsx)
  • TypeScript (.ts, .tsx)

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for bbrumley from gravatar.com bbrumley

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: Bastion AI
  • Tags ai , security , agents , supply-chain , sbom , aibom
  • Requires: Python >=3.11
  • Provides-Extra: js , all
Classifiers

Release history Release notifications | RSS feed

0.1.8

0.1.7

0.1.6

0.1.5

This version

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

bastion_ai_security-0.1.4.tar.gz (21.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

bastion_ai_security-0.1.4-py3-none-any.whl (24.5 kB view details)

Uploaded Python 3

File details

Details for the file bastion_ai_security-0.1.4.tar.gz.

File metadata

  • Download URL: bastion_ai_security-0.1.4.tar.gz
  • Upload date:
  • Size: 21.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.14

File hashes

Hashes for bastion_ai_security-0.1.4.tar.gz
Algorithm Hash digest
SHA256 1ec1febc6de637e33873fafdc3db7b212bcf21b19553f46af78f7541970dfe06
MD5 3ce2ea2cb271983002cf70d860335fe2
BLAKE2b-256 c024999640d5a6e716e6269494a369a74fcf55ea10fa46cb437a3b4c12217555

See more details on using hashes here.

File details

Details for the file bastion_ai_security-0.1.4-py3-none-any.whl.

File metadata

File hashes

Hashes for bastion_ai_security-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 0d1abe473d7e39d8a96972c8e6004bd82f326d897db4c0cfd4b7dbeeb0aba6ff
MD5 72942e9fe5455509c9d48033e3330eb1
BLAKE2b-256 70b684fb1d6971257bec3f496e9ab835e87849423405c2a6cd4e0489883e9fe0

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page