Security Gateway for AI Coding Assistants. Validate Cursor, Copilot, Claude Code, Windsurf, and MCP configurations.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for deepsweep-ai from gravatar.com deepsweep-ai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: DeepSweep
  • Maintainer: DeepSweep
  • Tags ai , claude , copilot , cursor , linting , mcp , security , validation , vibe-coding , windsurf
  • Requires: Python >=3.10
  • Provides-Extra: dev , docs
Classifiers
Report project as malware

Project description

DeepSweep

Security validation for AI coding assistants

PyPI version Python 3.8+ License: MIT

DeepSweep validates your AI assistant configurations (Cursor, Windsurf, GitHub Copilot, Claude Code) for security vulnerabilities before they can cause harm.

Quick Start

pip install deepsweep-ai
deepsweep validate

DeepSweep automatically finds and validates:

  • .cursorrules / .windsurfrules / AGENTS.md
  • MCP configurations (mcp.json, claude_desktop_config.json)
  • 46 security patterns including prompt injection, MCP attacks, and data exfiltration

What's New in v0.2.0

  • MCP Security Validation - 7 new patterns for Model Context Protocol configs
  • deepsweep mcp list - Discover all MCP configurations on your system
  • deepsweep mcp validate - Dedicated MCP security scanning
  • deepsweep init - Create secure starter templates
  • deepsweep doctor - Check installation health
  • deepsweep badge - Generate repository security badges

Example Output

DEEPSWEEP Security Report ────────────────────────────────────────────────────── Score: ████████████████████████░░░░░░ 80/100 Grade: B Found 2 issue(s): [HIGH] DS-MCP-001: Unverified MCP server: @random/untrusted

Use @modelcontextprotocol/* servers or verify source [MEDIUM] DS-MCP-003: Unpinned MCP server version Pin version: @server@1.2.3 ────────────────────────────────────────────────────── Run with --fix to see remediation suggestions

Security Patterns

Rules File Patterns (39)

ID Severity Description
DS-PI-001 Critical Prompt injection attempt
DS-PI-002 Critical System prompt extraction
DS-DATA-001 High Sensitive data exposure
DS-EXEC-001 Critical Arbitrary code execution

See full list at https://deepsweep.ai/patterns

MCP Patterns (7)

ID Severity Description
DS-MCP-001 High Unverified MCP server source
DS-MCP-002 Critical Dangerous command arguments
DS-MCP-003 Medium Unpinned server version
DS-MCP-004 High Using @latest tag
DS-MCP-005 High Auto-approve enabled
DS-MCP-006 Critical Shell command execution
DS-MCP-007 Critical Network exfiltration risk

Commands

deepsweep validate [PATH]

deepsweep validate                    # Current directory
deepsweep validate /path/to/project   # Specific path
deepsweep validate --include-mcp      # Include MCP validation
deepsweep validate --fix              # Show fix suggestions
deepsweep validate --format json      # JSON output for CI/CD

deepsweep mcp list

deepsweep mcp list

deepsweep mcp validate

deepsweep mcp validate
deepsweep mcp validate --fix
deepsweep mcp validate --format json

deepsweep init

deepsweep init                    # Create .cursorrules
deepsweep init --type python      # Project type
deepsweep init --include-mcp      # Include MCP template
deepsweep init --force            # Overwrite existing

deepsweep doctor

deepsweep doctor

deepsweep badge

deepsweep badge
deepsweep badge --format markdown
deepsweep badge --format html

Security Badges

Add a DeepSweep badge to your README:

[![DeepSweep Validated](https://img.shields.io/badge/DeepSweep-A%20100%2F100-brightgreen)](https://deepsweep.ai)

Generate yours:

deepsweep validate && deepsweep badge

CI/CD Integration

GitHub Actions

name: AI Security Check
on: [push, pull_request]

jobs:
  deepsweep:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - run: pip install deepsweep-ai
      - run: deepsweep validate --include-mcp --format json

Pre-commit Hook

repos:
  - repo: local
    hooks:
      - id: deepsweep
        name: DeepSweep Security Check
        entry: deepsweep validate
        language: system
        pass_filenames: false

Privacy

  • Your code never leaves your machine - Only pattern IDs and scores transmitted
  • Anonymous by default - No personal information collected
  • Opt-out anytime - Set DO_NOT_TRACK=1
  • Offline mode - Set DEEPSWEEP_OFFLINE=1

Learn more: https://deepsweep.ai/privacy

Contributing

See CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE for details.

Made by DeepSweep | https://deepsweep.ai

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for deepsweep-ai from gravatar.com deepsweep-ai

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: DeepSweep
  • Maintainer: DeepSweep
  • Tags ai , claude , copilot , cursor , linting , mcp , security , validation , vibe-coding , windsurf
  • Requires: Python >=3.10
  • Provides-Extra: dev , docs
Classifiers

Release history Release notifications | RSS feed

1.0.2

1.0.1

1.0.0

This version

0.2.1

0.2.0

0.1.7

0.1.5

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

deepsweep_ai-0.2.1.tar.gz (43.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

deepsweep_ai-0.2.1-py3-none-any.whl (39.2 kB view details)

Uploaded Python 3

File details

Details for the file deepsweep_ai-0.2.1.tar.gz.

File metadata

  • Download URL: deepsweep_ai-0.2.1.tar.gz
  • Upload date:
  • Size: 43.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for deepsweep_ai-0.2.1.tar.gz
Algorithm Hash digest
SHA256 36e521a6a3589d402650d61fb6ee8b425c6246ee2aa84c70fd7f957fc365d934
MD5 d0dbd4b670f95d2e70c53b4edf78a243
BLAKE2b-256 ecbd29904b79633c05f3de80bf85fd8b61eae86485cb746ed28edec576ca50d2

See more details on using hashes here.

Provenance

The following attestation bundles were made for deepsweep_ai-0.2.1.tar.gz:

Publisher: publish.yml on deepsweep-ai/deepsweep

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file deepsweep_ai-0.2.1-py3-none-any.whl.

File metadata

  • Download URL: deepsweep_ai-0.2.1-py3-none-any.whl
  • Upload date:
  • Size: 39.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for deepsweep_ai-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 6273532cb1477997fd214369b8993035182f2c1840880c6bb6ba2895c3ee3acd
MD5 5a0471c596977b9ae19a2a248ead4e76
BLAKE2b-256 727ce3e2c362aeb50146b1e1c285745bef5fa56ad14dc9d46f741e83ae105b4c

See more details on using hashes here.

Provenance

The following attestation bundles were made for deepsweep_ai-0.2.1-py3-none-any.whl:

Publisher: publish.yml on deepsweep-ai/deepsweep

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page