Rule-based GPU kernel hack detector.

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sinatras from gravatar.com sinatras

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Sinatras
  • Tags gpu , kernel , security , benchmark , detection
  • Requires: Python >=3.11
  • Provides-Extra: mcp , parquet
Classifiers
Report project as malware

Project description

KernelGuard

KernelGuard is a rule-based kernel hack detector for GPU-kernel competition submissions.

The core module is kernelguard.py, which can:

  • classify a single submission from stdin
  • scan JSONL pair datasets
  • scan submission parquet exports
  • generate a rule audit from a local review corpus
  • load runtime config from built-in profiles, TOML files, and command-line overrides

Current Layout

  • kernelguard.py Main detector and audit tool.

Install

pip install kernelguard

With extras:

pip install "kernelguard[parquet]"
pip install "kernelguard[mcp]"

uv

One-shot (no install):

uvx kernelguard --help
uvx kernelguard --api-mode < submission.py
uvx --from "kernelguard[parquet]" kernelguard --parquet submissions.parquet
uvx --from "kernelguard[mcp]" kernelguard-mcp --version

Permanent install:

uv tool install kernelguard                # core only
uv tool install "kernelguard[parquet]"     # + parquet scanning
uv tool install "kernelguard[mcp]"         # + MCP server
uv tool install "kernelguard[parquet,mcp]" # everything

Entry points after installation: kernelguard, kguard, kernelguard-mcp, kguard-mcp.

Quick Start

Single kernel from stdin:

kernelguard --api-mode < submission.py

JSONL scan:

kernelguard --jsonl /path/to/pairs.jsonl --output-dir out/

Parquet scan:

kernelguard --parquet /path/to/submissions.parquet --output-dir out/

MCP Server

KernelGuard runs as a local MCP server over stdio.

kernelguard-mcp                  # default profile
kernelguard-mcp --profile strict # higher-recall review mode
kernelguard-mcp --version

Two tools:

  • analyze_code — analyze a code string, return detection results.
  • analyze_file — read a file path, return detection results plus resolved path.

Both accept optional metadata (for score-based detection) and profile parameters.

The server is read-only: no resources, prompts, scan tools, or write operations.

Runtime Config

The standalone repo already includes the later config-support additions from the newer line of development.

Runtime behavior can be controlled with:

  • --profile Select a built-in profile.
  • --config Load a TOML config file.
  • --set Apply dotted key=value overrides from the CLI.
  • --export-config Print or write the resolved config and exit.

Examples:

Export the default resolved config:

kernelguard --export-config

Export the strict profile:

kernelguard --profile strict --export-config

Run with a TOML config file:

kernelguard --config kernelguard.toml --jsonl /path/to/pairs.jsonl --output-dir out/

Apply a one-off override:

kernelguard --set 'entrypoints.names=["kernel"]' --api-mode < submission.py

The config layer covers:

  • rule policy overrides
  • score thresholds
  • duplicate handling
  • classification behavior
  • entrypoint-name configuration

Compatibility

The primary public interfaces are:

  • --api-mode for a single kernel
  • --jsonl for pair datasets
  • --parquet for submission exports

The detector also keeps some legacy compatibility for older internal audit/archive workflows so historical corpora can still be reused.

Audit Behavior

--audit-rules is meant to run in a workspace that contains the audit corpora and prior detector outputs.

This is an internal evaluation mode, not a normal first-run path.

If no audit fixtures are discovered, the command exits with a clear error instead of silently producing an empty audit report.

Minimal audit run:

kernelguard --audit-rules --output-dir audit_out/

If you want to drive audit mode from explicit inputs, put them in your config file:

[audit]
archive_dir = "/path/to/archive"
ground_truth_dir = "/path/to/ground_truth_dir"
manual_review_files = [
  "/path/to/manual_review_1.json",
  "/path/to/manual_review_2.json",
]
filtered_results_path = "/path/to/filtered_results.jsonl"

To compare old and new detector outputs explicitly during audit, put them in config too:

[audit.result_files]
old = "/path/to/old_results.jsonl"
new = "/path/to/new_results.jsonl"

Then run:

kernelguard --config kernelguard.toml --audit-rules --output-dir audit_out/

Generated audit artifacts include:

  • classifier_fixture_manifest.json
  • rule_audit_report.json
  • rule_audit_report.md

Generated scan artifacts include:

  • detection_results_*.jsonl
  • detection_summary_*.json
  • cleaned_pairs.jsonl

These generated files are ignored by the repo-level .gitignore.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for sinatras from gravatar.com sinatras

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: MIT
    SPDX License Expression
  • Author: Sinatras
  • Tags gpu , kernel , security , benchmark , detection
  • Requires: Python >=3.11
  • Provides-Extra: mcp , parquet
Classifiers

Release history Release notifications | RSS feed

0.2.2

0.2.1

This version

0.2.0

0.1.1

0.1.0

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

kernelguard-0.2.0.tar.gz (60.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

kernelguard-0.2.0-py3-none-any.whl (58.8 kB view details)

Uploaded Python 3

File details

Details for the file kernelguard-0.2.0.tar.gz.

File metadata

  • Download URL: kernelguard-0.2.0.tar.gz
  • Upload date:
  • Size: 60.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.10 {"installer":{"name":"uv","version":"0.9.10"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for kernelguard-0.2.0.tar.gz
Algorithm Hash digest
SHA256 e9ab2478bcbbc0730897e7d67419279c49f412cce5913c9e6fef9f3fd74a7699
MD5 524a189e7e9fc3dcebbfa37fb7bda83a
BLAKE2b-256 30b0e2a412a455e7cc942ad72466924baee497cba04f8877753655fa77507f09

See more details on using hashes here.

File details

Details for the file kernelguard-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: kernelguard-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 58.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.9.10 {"installer":{"name":"uv","version":"0.9.10"},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for kernelguard-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 4a61c7fab1dabaf3eca52e1e6750ec7b355ab4e8b5a3e305035a3eae51d9c020
MD5 672e8c5c7c8cd7ad312f86be10ac6ca3
BLAKE2b-256 2c2a48294dbbf165386771aa2d72de462e4cfc41b2ec761c33492602b5d86bce

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page