v1.2.0

What's New

Integrations Layer

• Zeek data source: Feed Zeek JSON logs (conn.log, dns.log, ssl.log) into traffic analyzer and DNS monitor detectors
• nmap enricher: Post-scan service version scanning that boosts, excludes (INFO status), or annotates detected agents
• Both integrations are off by default with lazy imports — no new required dependencies

Expanded Detection Signatures

• ~41 new LLM API domains: Cerebras, OpenRouter, SambaNova, AI21, DeepInfra, plus Chinese providers (DashScope, Moonshot, Zhipu, MiniMax, Baidu/ERNIE, ByteDance/Doubao, StepFun, Baichuan, 01.ai, Tencent/Hunyuan, iFlytek, SenseTime, ModelScope)
• ~28 new framework signatures: IDE agents (Cursor, Copilot, Windsurf, Aider, RooCode, Claude Code, Codex CLI), frameworks (LangGraph, AG2, Haystack, Composio, Letta), observability (Langfuse, Langsmith, Helicone), local inference (llama.cpp, TabbyML, Jan, KoboldCpp)
• ~9 new agent ports: LiteLLM (4000), LangGraph Studio (2024), Letta (8283), Continue.dev (65432), and more
• 6 new domain suffixes: Azure Models, SageMaker, IBM Watson, Volcengine

Other

• New model types: INFO agent status, NMAP_ENRICHER and ZEEK detector types
• CLI flags: --zeek-logs, --nmap, --nmap-args
• Optional dependency: pip install agentsniff[nmap]
• Dashboard screenshots in README