Skip to main content

Scan an AI-agent repo and emit runtime-supervisor wrappers, policies, and combo playbooks.

Project description

supervisor-discover

CLI scanner for AI-agent repos. Walks the source tree, finds the unsafe call-sites your LLM can fire (Stripe refunds, DB DELETEs, shell exec, file writes, agent orchestrator chokepoints, prompt injection vectors), and emits a runtime-supervisor/ directory with the diagnosis + ready-to-paste guard wrappers + base policies.

This is the same scanner that powers the public scan flow at vibefixing.me/scan. The CLI runs locally so your code never leaves your machine.

Install

pipx install supervisor-discover     # recommended — keeps it isolated
# or
pip install supervisor-discover

Use

supervisor-discover scan --path /path/to/your/repo

This drops a runtime-supervisor/ directory next to your code:

runtime-supervisor/
├── SUMMARY.md                    Human-readable diagnosis: stack, top risks, agent map
├── report.md                     Per-tier finding tables (money / real-world / data / LLM)
├── ROLLOUT.md                    Step-by-step plan: shadow → sample → enforce
├── findings.json                 Raw findings (machine-readable; same shape the web shows)
├── combos/                       Multi-step attack paths detected (e.g. LLM → fs-write)
│   ├── llm-shell-exec.md
│   └── ...
├── policies/                     Base YAML policies you can promote to production
│   ├── payment.base.v1.yaml
│   └── ...
└── stubs/                        Copy-paste wrapper code per finding family
    └── ...

What it scans

Six tiers, ordered by blast radius:

Tier What Examples
Money movement Direct charges / refunds / payouts stripe.refunds.create, paypal.payouts.create
Real-world actions Side effects an LLM can fire twilio.messages.create, smtplib.SMTP.send, subprocess.run, fs.unlink
Customer data Mutations on tables that contain humans UPDATE users SET ..., DELETE FROM customers
Business data Mutations on operational tables UPDATE orders SET ..., DELETE FROM trades
LLM tool-use Agent calls + framework chokepoints LangChain executors, MCP tool dispatchers, Anthropic/OpenAI clients
General HTTP routes + cron schedules (informational) FastAPI routers, Celery beat

Combos: multi-step attack paths

Beyond single findings, the scanner detects pairs that together are dangerous:

  • LLM + filesystem write — your agent can rewrite its own prompt or your config files
  • Voice clone + outbound call — ElevenLabs + Twilio = social-engineering by phone
  • LLM + shell-exec — RCE through prompt injection
  • Agent orchestrator + tool registration — the choke point: one wrap covers all tools

Each combo gets its own playbook in runtime-supervisor/combos/ with the minimum guard and the ideal guard.

How this fits with the rest of the product

supervisor-discover (this CLI)        ← diagnoses your repo, free, runs locally
        ↓
@runtime-supervisor/guards (npm)      ← drops 5 lines of wrappers into your code
supervisor-guards (PyPI)
        ↓
runtime-supervisor backend            ← evaluates each call against policies + threats
(self-host or vibefixing.me hosted)
        ↓
dashboard at vibefixing.me/dashboard  ← shadow / sample / enforce, review queue, audit chain

The CLI is open-source (Apache-2.0). The hosted backend + dashboard are at vibefixing.meBuilder ($29/mo) unlocks private repo scans, scan history, and CI integration. Pro ($99/workspace/mo) adds team workflows, SSO, and org controls.

Self-host

If you'd rather not point your shadow events at our hosted supervisor, you can run the whole stack locally with Docker (see the main repo). The SDK accepts SUPERVISOR_BASE_URL=http://localhost:8000 and the same wrapper code keeps working.

License

Apache-2.0. Copyright 2026 Ariel San Martín.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

supervisor_discover-0.4.2.tar.gz (311.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

supervisor_discover-0.4.2-py3-none-any.whl (253.6 kB view details)

Uploaded Python 3

File details

Details for the file supervisor_discover-0.4.2.tar.gz.

File metadata

  • Download URL: supervisor_discover-0.4.2.tar.gz
  • Upload date:
  • Size: 311.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for supervisor_discover-0.4.2.tar.gz
Algorithm Hash digest
SHA256 b9cb0451c98475e433a459228b5b03f9a88743d6a8df36d719096431061d8d90
MD5 47e4725b8b5941236a07cefdfa43a788
BLAKE2b-256 28f3f4c2e3ec2f2ee0b01225ba5f85183ed89be7943565195149ced3f1cd5678

See more details on using hashes here.

Provenance

The following attestation bundles were made for supervisor_discover-0.4.2.tar.gz:

Publisher: release-supervisor-discover.yml on ArielSanroj/runtime-supervisor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file supervisor_discover-0.4.2-py3-none-any.whl.

File metadata

File hashes

Hashes for supervisor_discover-0.4.2-py3-none-any.whl
Algorithm Hash digest
SHA256 19519d69d6e70dafd90e181998340bc2b4b6ae0eed5ef806baeece6392756d88
MD5 e465c5abe14458451525c87eb0bdeba5
BLAKE2b-256 2d793e036980597c417824abbd9c0570b88a8fe2196b683e8c0f77821b79657d

See more details on using hashes here.

Provenance

The following attestation bundles were made for supervisor_discover-0.4.2-py3-none-any.whl:

Publisher: release-supervisor-discover.yml on ArielSanroj/runtime-supervisor

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page