Enterprise-oriented Security Agent for AI-driven development lifecycle (AIDLC) workflows. It is designed to reduce security issues introduced by vibe coding, review pull requests before CI/CD deployment, ingest CVE data from application MCPs, and enforce human-in-the-loop approval for high-risk work.
- Extensible MCP integration: register GitHub, Prisma, or any future MCP through
MCPRegistryor JSON config. - PR review flow: combines local repository scanning with optional GitHub MCP findings.
- CI/CD gate: fails deployment gates on high or critical findings until fixed or explicitly approved.
- CVE backtracking: maps CVE records returned by MCPs to local dependency manifests and plans upgrades.
- Controlled remediation: high-risk CVE changes require human approval before code or manifest modification.
- LLM-assisted left shift: uses OpenAI-compatible or Anthropic-compatible APIs to turn findings into prioritized AIDLC security work.
- Admin console: built-in web UI for command output streaming, task scheduling, agent assignment, skill install/configuration, and approvals.
- Offline testability: static MCP connectors make policy and CI behavior reproducible without external services.
security_agent/
agent.py High-level orchestration API
approvals.py Human-in-the-loop approval store and enforcement
cli.py CLI for review, gate, CVE planning, CVE apply, approvals
cve.py CVE parsing, dependency mapping, remediation planning/apply
llm.py OpenAI-compatible and Anthropic-compatible HTTP adapters
left_shift.py LLM-backed AIDLC left-shift analysis
admin.py Built-in web admin server with realtime task output
mcp/ MCP connector abstraction and stdio/static adapters
pipeline.py CI/CD gate evaluation
policy.py Enterprise blocking and approval policy
reviewer.py PR/local/MCP review orchestration
scanners.py Local secret, unsafe code, and dependency scanning
python -m pip install -e .
security-agent init-config --path security-agent.json
security-agent review-pr --repo . --output security-report.json
security-agent gate --report security-report.json
security-agent admin --repo . --host 127.0.0.1 --port 8765Exit codes:
0: review/gate passed or command succeeded.1: review/gate found blocking security issues.2: remediation requires human approval.3: remediation was rejected.
Connectors implement a narrow call_tool(tool_name, arguments) interface. The included adapters are:
StdioMCPConnector: calls MCP servers over JSON-RPC stdio.StaticMCPConnector: deterministic test/dry-run connector.
Example config:
{
"approvals_path": ".security-agent/approvals.json",
"policy": {
"block_on": ["high", "critical"],
"require_approval_for": ["high"],
"fail_on_missing_fixed_version": true
},
"mcp_connectors": [
{"name": "github", "type": "stdio", "command": ["github-mcp-server"]},
{"name": "prisma", "type": "stdio", "command": ["prisma-mcp-server"]}
]
}To add a new MCP later, add a config entry or implement MCPConnector for custom auth, transport, or enterprise sandboxing.
The agent supports two API payload formats without requiring provider SDKs:
type: "openai": OpenAI-compatible/chat/completionsAPIs.type: "anthropic": Anthropic-compatible/v1/messagesAPIs.
Example:
{
"default_llm_provider": "openai-main",
"llm_providers": [
{
"name": "openai-main",
"type": "openai",
"model": "openai-compatible-security-model",
"base_url": "https://api.openai.com/v1",
"api_key_env": "OPENAI_API_KEY"
},
{
"name": "anthropic-main",
"type": "anthropic",
"model": "anthropic-compatible-security-model",
"base_url": "https://api.anthropic.com",
"api_key_env": "ANTHROPIC_API_KEY"
}
]
}Run left-shift analysis after a review:
security-agent --config examples/security-agent.json advise --report security-report.json --provider openai-mainThe model is used for prioritization and remediation planning. It does not bypass the deterministic policy gate or human approval checks.
High-risk actions are blocked at execution time by ApprovalStore.ensure_allowed. For example, applying a high or critical CVE upgrade first creates an approval request:
security-agent cve --repo . --payload examples/cve-payload.json --apply
security-agent approvals list
security-agent approvals approve <approval-id> --by alice@example.com --reason "Reviewed patch and test scope"
security-agent cve --repo . --payload examples/cve-payload.json --applyThis keeps high-risk code modifications, deployment unblocking, and risk acceptance under human control.
For PR findings that require explicit risk acceptance before deployment:
security-agent approvals request --report security-report.json --requester ci-security-gate
security-agent approvals approve <approval-id> --by security-lead@example.com --reason "Accepted for this deployment window"
security-agent gate --report security-report.jsonThe included workflow in .github/workflows/security-agent.yml installs the package, reviews the repository, writes security-report.json, and enforces the deployment gate before later pipeline stages. In production, provide a GitHub MCP connector with repository and PR context so MCP findings are merged with local scanner results.
Start the built-in management system:
security-agent --config examples/security-agent.json admin --repo . --host 127.0.0.1 --port 8765Open http://127.0.0.1:8765.
The console provides:
- Realtime command output using Server-Sent Events.
- Task scheduling and execution for review, gate, CVE, and custom commands.
- Agent records with role, LLM provider, MCP connector, and skill assignments.
- Skill installation/configuration. Local skill folders or files are copied into
.security-agent/skills; external/manual skills can be recorded as configuration-only entries. - Human approval list with approve/reject actions.
Third-party MCPs can return:
{
"cves": [
{
"cve_id": "CVE-2026-0001",
"package": "example-lib",
"affected_versions": "<2.0.0",
"fixed_version": "2.0.0",
"severity": "critical",
"description": "Example vulnerability"
}
]
}The agent maps package names to package.json, requirements*.txt, and pyproject.toml dependencies. If a fixed version is present, it plans an upgrade. If no fixed version exists, it creates a high-risk manual mitigation action.
python -m unittest discover -s tests面向企业的 AIDLC(AI 驱动开发生命周期)安全代理。它用于降低 vibe coding 或 AI 生成代码带来的安全风险,在 CI/CD 部署前审查 pull request,从应用 MCP 中接收 CVE 数据,并对高风险操作执行人工审批。
- 可扩展的 MCP 集成:可通过
MCPRegistry或 JSON 配置注册 GitHub、Prisma 或后续任意 MCP。 - PR 审查流程:结合本地仓库扫描和可选的 GitHub MCP 发现结果。
- CI/CD 安全门禁:当存在 high 或 critical 级别问题时阻止部署,直到问题修复或明确批准。
- CVE 回溯:把 MCP 返回的 CVE 记录映射到本地依赖清单,并生成升级计划。
- 受控修复:高风险 CVE 变更在修改代码或依赖清单前需要人工批准。
- LLM 辅助左移:使用 OpenAI 兼容或 Anthropic 兼容 API,把安全发现转化为有优先级的 AIDLC 安全工作项。
- 管理控制台:内置 Web UI,支持命令输出流、任务调度、代理分配、技能安装/配置和审批处理。
- 离线可测试:静态 MCP 连接器让策略和 CI 行为可以在无外部服务环境中复现。
security_agent/
agent.py 高层编排 API
approvals.py 人工审批存储和执行控制
cli.py 用于审查、门禁、CVE 计划、CVE 应用和审批的 CLI
cve.py CVE 解析、依赖映射、修复计划和应用
llm.py OpenAI 兼容与 Anthropic 兼容 HTTP 适配器
left_shift.py 基于 LLM 的 AIDLC 左移分析
admin.py 内置 Web 管理服务,支持实时任务输出
mcp/ MCP 连接器抽象,以及 stdio/static 适配器
pipeline.py CI/CD 门禁评估
policy.py 企业阻断和审批策略
reviewer.py PR、本地和 MCP 审查编排
scanners.py 本地密钥、危险代码模式和依赖扫描
python -m pip install -e .
security-agent init-config --path security-agent.json
security-agent review-pr --repo . --output security-report.json
security-agent gate --report security-report.json
security-agent admin --repo . --host 127.0.0.1 --port 8765退出码:
0:审查/门禁通过,或命令成功。1:审查/门禁发现阻断性安全问题。2:修复操作需要人工审批。3:修复操作被拒绝。
连接器实现一个很窄的 call_tool(tool_name, arguments) 接口。内置适配器包括:
StdioMCPConnector:通过 JSON-RPC stdio 调用 MCP 服务。StaticMCPConnector:用于测试和 dry-run 的确定性连接器。
示例配置:
{
"approvals_path": ".security-agent/approvals.json",
"policy": {
"block_on": ["high", "critical"],
"require_approval_for": ["high"],
"fail_on_missing_fixed_version": true
},
"mcp_connectors": [
{"name": "github", "type": "stdio", "command": ["github-mcp-server"]},
{"name": "prisma", "type": "stdio", "command": ["prisma-mcp-server"]}
]
}后续添加新的 MCP 时,可以增加配置项,也可以实现 MCPConnector 来处理自定义认证、传输或企业沙箱策略。
代理支持两种 API 请求格式,不需要安装提供方 SDK:
type: "openai":OpenAI 兼容的/chat/completionsAPI。type: "anthropic":Anthropic 兼容的/v1/messagesAPI。
示例:
{
"default_llm_provider": "openai-main",
"llm_providers": [
{
"name": "openai-main",
"type": "openai",
"model": "openai-compatible-security-model",
"base_url": "https://api.openai.com/v1",
"api_key_env": "OPENAI_API_KEY"
},
{
"name": "anthropic-main",
"type": "anthropic",
"model": "anthropic-compatible-security-model",
"base_url": "https://api.anthropic.com",
"api_key_env": "ANTHROPIC_API_KEY"
}
]
}审查完成后运行左移分析:
security-agent --config examples/security-agent.json advise --report security-report.json --provider openai-main模型只用于优先级排序和修复规划建议。它不会绕过确定性的策略门禁或人工审批检查。
高风险操作会在执行时被 ApprovalStore.ensure_allowed 阻断。例如,应用 high 或 critical 级别的 CVE 升级时会先创建审批请求:
security-agent cve --repo . --payload examples/cve-payload.json --apply
security-agent approvals list
security-agent approvals approve <approval-id> --by alice@example.com --reason "Reviewed patch and test scope"
security-agent cve --repo . --payload examples/cve-payload.json --apply这让高风险代码修改、部署放行和风险接受始终处于人工控制之下。
如果 PR 发现项需要在部署前显式接受风险:
security-agent approvals request --report security-report.json --requester ci-security-gate
security-agent approvals approve <approval-id> --by security-lead@example.com --reason "Accepted for this deployment window"
security-agent gate --report security-report.json.github/workflows/security-agent.yml 中的工作流会安装本包、审查仓库、写入 security-report.json,并在后续流水线阶段前执行部署门禁。生产环境中,应提供带有仓库和 PR 上下文的 GitHub MCP 连接器,使 MCP 发现项可以与本地扫描结果合并。
启动内置管理系统:
security-agent --config examples/security-agent.json admin --repo . --host 127.0.0.1 --port 8765打开 http://127.0.0.1:8765。
控制台提供:
- 基于 Server-Sent Events 的实时命令输出。
- 审查、门禁、CVE 和自定义命令的任务调度与执行。
- 包含角色、LLM 提供方、MCP 连接器和技能分配的代理记录。
- 技能安装/配置。本地技能目录或文件会复制到
.security-agent/skills;外部或手工技能可作为仅配置项记录。 - 人工审批列表,以及批准/拒绝操作。
第三方 MCP 可以返回:
{
"cves": [
{
"cve_id": "CVE-2026-0001",
"package": "example-lib",
"affected_versions": "<2.0.0",
"fixed_version": "2.0.0",
"severity": "critical",
"description": "Example vulnerability"
}
]
}代理会把包名映射到 package.json、requirements*.txt 和 pyproject.toml 中的依赖。如果存在 fixed version,它会计划升级;如果没有 fixed version,它会创建高风险的人工缓解操作。
python -m unittest discover -s tests