QUIET COYOTE — AI Agent Compliance Scanner by KlynxAI
Project description
QUIET COYOTE — AI Agent Compliance Scanner
klynx-comply is an open-source CLI that scans AI agent codebases for security,
governance, and safety issues before deployment. Built by KlynxAI.
Install
pip install klynx-comply
Or from source:
git clone https://github.com/klynx-ai/klynxai-assistant
cd tools/klynx-comply
pip install -e .
Quick Start
# Scan current directory
klynx-comply scan
# Scan a specific path
klynx-comply scan ./my-agent-app
# Output as JSON (for CI/CD)
klynx-comply scan --format json --output report.json
# Output as SARIF (GitHub Code Scanning, VS Code, Azure DevOps)
klynx-comply scan --format sarif --output results.sarif
# Only report HIGH and above
klynx-comply scan --severity HIGH
# Fail CI only on CRITICAL
klynx-comply scan --fail-on critical
# Run specific checks only
klynx-comply scan --checks SC-001 --checks AT-001
# List all checks
klynx-comply checks
Checks
| ID | Category | Name | Severity |
|---|---|---|---|
| SC-001 | Security | Hardcoded Secrets | CRITICAL |
| AT-001 | Governance | Audit Trail Coverage | HIGH |
| AG-001 | Security | Auth Gating on Endpoints | HIGH |
| PII-001 | Privacy | PII Handling Safety | HIGH |
| AP-001 | Governance | Agent Policy Envelope | HIGH |
| HO-001 | Safety | Human Oversight Gates | HIGH |
| PI-001 | Security | Prompt Injection Vulnerability | HIGH |
| IV-001 | Security | Input Validation at Boundaries | MEDIUM |
CI/CD Integration
GitHub Actions
- name: Agent compliance scan
run: |
pip install klynx-comply
klynx-comply scan --format sarif --output results.sarif --fail-on high
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: results.sarif
GitLab CI
comply:
script:
- pip install klynx-comply
- klynx-comply scan --format json --output gl-sast-report.json
artifacts:
reports:
sast: gl-sast-report.json
Suppression
Add # comply:ignore to a line to suppress all findings on that line:
api_key = "test-key-for-unit-tests-only" # comply:ignore
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Compliant — no findings at or above --fail-on severity |
| 1 | Non-compliant — blocking findings found |
| 2 | Scan error |
KlynxAI Integration
When run inside a KlynxAI-managed environment, klynx-comply integrates with:
- Dragon Policy Engine — auto-validates PolicyEnvelope usage
- KlynxScan — feeds findings into vulnerability dashboard
- WarRoom AI — compliance gate before deployment
License
Apache 2.0 — free to use, modify, and distribute.
Built with by KlynxAI
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file klynx_comply-0.1.0.tar.gz.
File metadata
- Download URL: klynx_comply-0.1.0.tar.gz
- Upload date:
- Size: 23.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6a91b5021e98e724775211544b75dd8eb0326c208d959701cb5b6507edb2705d
|
|
| MD5 |
265b9d354577d6345a164d3df3744b00
|
|
| BLAKE2b-256 |
0d981948441eafd5e9f7b24fe7e5abb448fc770bd7ac62549ed6cd831c460e1c
|
File details
Details for the file klynx_comply-0.1.0-py3-none-any.whl.
File metadata
- Download URL: klynx_comply-0.1.0-py3-none-any.whl
- Upload date:
- Size: 29.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.0
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d1ea77f09316e00c9d2f798b59bcae2b364996506ea7e6c050aed4c0397a32e9
|
|
| MD5 |
095c4f9eb07ddfd28064a9f1f7171873
|
|
| BLAKE2b-256 |
b2dc722365d78ea4cd5fdac01acfa6709881ecaf23c859c3a5dcd59422af9786
|
