Supply-chain security, capability intelligence, and trust system for AI agents
Project description
Bastion AI
Supply-chain security, capability intelligence, and trust system for AI agents.
Bastion AI protects bot-first ecosystems by detecting malicious or risky skills/plugins/tools, tracking capability drift over time, and producing machine-readable security artifacts (Dynamic AIBOM).
Installation
pip install bastion-ai-security
For JavaScript/TypeScript analysis support:
pip install bastion-ai-security[js]
PyPI: https://pypi.org/project/bastion-ai-security/
Quick Start
Initialize a project
cd your-agent-project
bastion init
This creates a .bastion/ directory with project configuration and prepares for scanning.
Scan for risks
bastion scan
Bastion auto-discovers plugins, skills, and tools in your project and analyzes them for:
- System execution — subprocess, os.system, child_process, etc.
- Network access — requests, fetch, urllib, etc.
- Secret/environment access — os.environ, process.env, dotenv, etc.
- File system access — open, pathlib, glob, shutil, fs module, etc.
- Dynamic code execution — eval, exec, Function constructor, etc.
- Obfuscation patterns — base64+exec, encoded strings, etc.
For each plugin, the scan also captures:
- Dependencies — third-party libraries imported by the plugin
- Skills — exported functions and classes
- Metadata — description (from docstrings), file count, and lines of code
Scan a specific directory:
bastion scan --path ./skills
Check project status
bastion status
Shows your project ID, version, baseline status, cloud connection, and verification URL.
Connect to Bastion Cloud
bastion connect
Links your project to Bastion Cloud for continuous monitoring, trust scores, and a security dashboard.
After connecting, the CLI prints a claim URL — click it to link the project to your account on the dashboard. If you're not signed in yet, you'll be prompted to sign in first, and the project will be linked automatically.
Once connected, every bastion scan automatically uploads results to the cloud. No extra flags needed.
Dashboard: https://bastion-ai-hub.replit.app
Share verification with partners
After a scan uploads to the cloud, the CLI prints a verification URL like:
https://bastion-ai-hub.replit.app/verify/abc123...
Share this link with business partners, customers, or integrators. The public verification page shows:
- Trust score and verification status
- Detected capabilities
- Number of scans and plugins analyzed
- Last scan date
No login is required to view a verification page.
How It Works
Plugin Discovery
Bastion automatically finds plugins by scanning:
- Known framework directories (
skills/,tools/,plugins/,extensions/) - Framework-specific patterns (OpenClaw, LangChain, AutoGPT, CrewAI)
- File naming conventions (
*_skill.py,*_tool.js, etc.)
Capability Analysis
Each discovered plugin is analyzed using:
- Python: AST-based static analysis
- JavaScript/TypeScript: esprima parsing with regex fallback
Risk Levels
| Level | Description |
|---|---|
| Critical | System execution, dynamic code, obfuscation detected |
| High | Network access, secret/env access detected |
| Medium | New plugin without dangerous capabilities |
| Low | No risky capabilities detected |
Drift Detection
On subsequent scans, Bastion compares against the baseline to detect:
- New plugins added since last scan
- Modified plugins with changed capabilities
- Removed plugins no longer present
Generated Artifacts
All artifacts are written to .bastion/:
| File | Description |
|---|---|
security_state.json |
Overall security posture |
capability_surface.json |
All plugin capabilities |
drift_summary.json |
Changes since last scan |
aibom.json |
Dynamic AI Bill of Materials |
events.log.jsonl |
Rolling event log |
baseline.json |
Baseline for drift comparison |
CI/CD Usage
bastion init
bastion scan --ci
Exit codes:
0— No high-risk findings1— High or Critical findings detected
Language Support
- Python (
.py) - JavaScript (
.js,.jsx) - TypeScript (
.ts,.tsx)
Troubleshooting
"bastion: command not found"
Make sure the pip install directory is in your PATH:
python3 -m bastion --version
Or:
pip install --user bastion-ai-security
export PATH="$HOME/.local/bin:$PATH"
bastion --version
Scan finds no plugins
Bastion looks for plugins in common directories like skills/, tools/, plugins/, extensions/. If your plugins are elsewhere:
bastion scan --path /path/to/your/plugins
Cloud connection issues
Scans work fully offline — results are saved locally in .bastion/ even if the cloud is unreachable.
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file bastion_ai_security-0.1.5.tar.gz.
File metadata
- Download URL: bastion_ai_security-0.1.5.tar.gz
- Upload date:
- Size: 23.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
57d58ae0fcaafff28ae55fd5db0c41577ba83e7eeac8a1b1df7079cef572757e
|
|
| MD5 |
01c3b6b1bbc68f3d7a6fffacb451a51b
|
|
| BLAKE2b-256 |
3745cf98145e3eb989509f146a98f144eaa6649806dc902639d1036f6a63475c
|
File details
Details for the file bastion_ai_security-0.1.5-py3-none-any.whl.
File metadata
- Download URL: bastion_ai_security-0.1.5-py3-none-any.whl
- Upload date:
- Size: 25.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8ff55b4c859febb368b05162cd4d4f8e5a108bb26df3efefd2688d183ee06aa3
|
|
| MD5 |
bc66e0807ad24e6d57422b4af2f6b733
|
|
| BLAKE2b-256 |
2eb2cb8b3ef98984c5ba052e5efd4e051bf95c280b5bb82eb5ad50be2a125b2c
|
