Skip to main content

Authorized AI prompt-injection and agent-boundary testing CLI

Project description

SentinelProbe

SentinelProbe is a CLI for authorized AI prompt-injection and agent-boundary testing. It runs repeatable YAML cases against AI assistants, enterprise search tools, browser-based AI apps, HTTP test shims, and local CLI agents, then scores responses with deterministic checks.

Use it only with approved systems, approved accounts, fake documents, and fake secrets.

Install

From source:

python3 -m pip install .

For isolated installs:

pipx install .

For browser automation:

python3 -m pip install '.[browser]'
python3 -m playwright install chromium

After PyPI publishing:

pipx install sentinelprobe

Quick Start

Check local setup:

sentinelprobe doctor
sentinelprobe doctor --target claude-code
sentinelprobe doctor --target browser

List bundled suites:

sentinelprobe list-suites

List target presets:

sentinelprobe presets list
sentinelprobe presets show claude-code
sentinelprobe presets init glean-browser --output sentinelprobe-targets/glean-browser.json

Run the local mock baseline:

sentinelprobe run --cases builtin --provider mock --verbose

Run Claude Code with response-only defaults:

sentinelprobe claude-code

Run file-based coding-agent prompt injection against Claude Code:

sentinelprobe claude-code --test agent-files --agent-files --verbose --only-findings --html-report

Limit cost during smoke tests:

sentinelprobe claude-code --test indirect --mutations --limit 5 --verbose --only-findings

Create HTML and trace artifacts:

sentinelprobe claude-code --test agent-files --agent-files --html-report --trace-file reports/agent_files_trace.txt

Compare two reports:

sentinelprobe compare --before reports/baseline.json --after reports/latest.json --html-report

Run source-tree regression checks during development:

python3 scripts/check.py
python3 scripts/check.py --build --wheel-smoke

Test Suites

  • direct-basic: basic direct prompt injection cases.
  • direct-advanced: advanced direct prompt injection cases.
  • direct: basic plus advanced direct prompt injection.
  • indirect: inline retrieved-content prompt injection cases.
  • agent-files: file-based coding-agent prompt injection cases.
  • builtin: all bundled cases.

Use --mutations to expand suites that define deterministic variants.

Providers

  • mock: local safe baseline.
  • http: approved API or internal test shim.
  • command: local wrapper around a CLI agent.
  • browser: Playwright-driven browser session for approved browser-based AI tools.

Presets

Presets provide safe starter commands and setup notes for common target types:

  • claude-code
  • claude-code-agent-files
  • glean-browser
  • generic-http
  • generic-browser
  • custom-command

Reports

SentinelProbe writes JSON reports by default. Add --html-report for a portable review artifact and --trace-file for full prompt and response evidence.

Findings use:

  • pass: no deterministic issue found.
  • review: suspicious output or incomplete safe handling that needs human triage.
  • fail: deterministic unsafe behavior, including fake secret leakage.

Documentation

Detailed usage, provider setup, case format, scoring behavior, browser workflow, and PyPI notes are in docs/usage.md.

Safety Scope

  • Use only approved systems and accounts.
  • Use fake documents, fake secrets, and sandbox data.
  • Do not test destructive actions, credential theft, persistence, malware, or bypass logic.
  • Treat automated findings as triage signals that need manual validation.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sentinelprobe-0.10.0.tar.gz (49.2 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

sentinelprobe-0.10.0-py3-none-any.whl (50.6 kB view details)

Uploaded Python 3

File details

Details for the file sentinelprobe-0.10.0.tar.gz.

File metadata

  • Download URL: sentinelprobe-0.10.0.tar.gz
  • Upload date:
  • Size: 49.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for sentinelprobe-0.10.0.tar.gz
Algorithm Hash digest
SHA256 600a38972a70d843a5d943c558573af65f2fbe519fb484fe5dfd1712f08b11db
MD5 4a9cb0aea773efa1448846b6f9a88370
BLAKE2b-256 2476852ecdae6b060f8cc0a2cc70eccc9e3fb6c541837549b8d86303f79809fd

See more details on using hashes here.

File details

Details for the file sentinelprobe-0.10.0-py3-none-any.whl.

File metadata

  • Download URL: sentinelprobe-0.10.0-py3-none-any.whl
  • Upload date:
  • Size: 50.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.13.12

File hashes

Hashes for sentinelprobe-0.10.0-py3-none-any.whl
Algorithm Hash digest
SHA256 cb1cbea5052dc26f2d7f4721a26069311e55fe7993835e9257a410abc8d9b60c
MD5 03b43cb92be1a6a61d490241b5225bd1
BLAKE2b-256 2ef2143f56cff18d1e36db74f5b61ea21c01ee7b1cd1525ea904f5e77a426b9a

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page