Skip to main content

Authorized AI prompt-injection and agent-boundary testing CLI

Project description

SentinelProbe

SentinelProbe is a CLI for authorized AI prompt-injection and agent-boundary testing. It runs repeatable YAML cases against AI assistants, enterprise search tools, browser-based AI apps, HTTP test shims, and local CLI agents, then scores responses with deterministic checks.

Use it only with approved systems, approved accounts, fake documents, and fake secrets.

Install

From source:

python3 -m pip install .

For isolated installs:

pipx install .

For browser automation:

python3 -m pip install '.[browser]'
python3 -m playwright install chromium

After PyPI publishing:

pipx install sentinelprobe

Quick Start

Check local setup:

sentinelprobe doctor
sentinelprobe doctor --target claude-code
sentinelprobe doctor --target browser

List bundled suites:

sentinelprobe list-suites

List target presets:

sentinelprobe presets list
sentinelprobe presets show claude-code
sentinelprobe presets init glean-browser --output sentinelprobe-targets/glean-browser.json

Run the local mock baseline:

sentinelprobe run --cases builtin --provider mock --verbose

Run Claude Code with response-only defaults:

sentinelprobe claude-code

Run file-based coding-agent prompt injection against Claude Code:

sentinelprobe claude-code --test agent-files --agent-files --verbose --only-findings --html-report

Limit cost during smoke tests:

sentinelprobe claude-code --test indirect --mutations --limit 5 --verbose --only-findings

Create HTML and trace artifacts:

sentinelprobe claude-code --test agent-files --agent-files --html-report --trace-file reports/agent_files_trace.txt

Compare two reports:

sentinelprobe compare --before reports/baseline.json --after reports/latest.json --html-report

Run source-tree regression checks during development:

python3 scripts/check.py
python3 scripts/check.py --build --wheel-smoke

Test Suites

  • direct-basic: basic direct prompt injection cases.
  • direct-advanced: advanced direct prompt injection cases.
  • direct: basic plus advanced direct prompt injection.
  • indirect: inline retrieved-content prompt injection cases.
  • agent-files: file-based coding-agent prompt injection cases.
  • builtin: all bundled cases.

Use --mutations to expand suites that define deterministic variants.

Providers

  • mock: local safe baseline.
  • http: approved API or internal test shim.
  • command: local wrapper around a CLI agent.
  • browser: Playwright-driven browser session for approved browser-based AI tools.

Presets

Presets provide safe starter commands and setup notes for common target types:

  • claude-code
  • claude-code-agent-files
  • glean-browser
  • generic-http
  • generic-browser
  • custom-command

Reports

SentinelProbe writes JSON reports by default. Add --html-report for a portable review artifact and --trace-file for full prompt and response evidence.

Findings use:

  • pass: no deterministic issue found.
  • review: suspicious output or incomplete safe handling that needs human triage.
  • fail: deterministic unsafe behavior, including fake secret leakage.

Documentation

Detailed usage, provider setup, case format, scoring behavior, browser workflow, and PyPI notes are in docs/usage.md.

Case YAML and JSON report schemas are documented in docs/schema.md.

Safety Scope

  • Use only approved systems and accounts.
  • Use fake documents, fake secrets, and sandbox data.
  • Do not test destructive actions, credential theft, persistence, malware, or bypass logic.
  • Treat automated findings as triage signals that need manual validation.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentinelprobe-0.11.0.tar.gz (51.5 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentinelprobe-0.11.0-py3-none-any.whl (50.6 kB view details)

Uploaded Python 3

File details

Details for the file sentinelprobe-0.11.0.tar.gz.

File metadata

  • Download URL: sentinelprobe-0.11.0.tar.gz
  • Upload date:
  • Size: 51.5 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for sentinelprobe-0.11.0.tar.gz
Algorithm Hash digest
SHA256 e2c8eb87b41b8af16d593530edcb541ce7a2fd389ee3eb1303602bcc7a2490c4
MD5 127d9aced8ffb08e6df0a2ac381dbe1b
BLAKE2b-256 b9f9cc8442200532a04fac2862514ea777dd5ee30615ab4699cfd44f46552742

See more details on using hashes here.

File details

Details for the file sentinelprobe-0.11.0-py3-none-any.whl.

File metadata

  • Download URL: sentinelprobe-0.11.0-py3-none-any.whl
  • Upload date:
  • Size: 50.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for sentinelprobe-0.11.0-py3-none-any.whl
Algorithm Hash digest
SHA256 051440d09865a23f3d17e32b60cb9e0da3f5cb6ffc5618a2ace6ab7a92df3d07
MD5 8307598262319966a442a7c16e863618
BLAKE2b-256 cea43703e36403fa1986007ff116959d075f892844da06e6fb789fd5091d5f35

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page