From 686a510de1244d8dd1ae1cd1f149170bd65ef009 Mon Sep 17 00:00:00 2001 From: JBAhire Date: Thu, 2 Apr 2026 22:48:52 -0700 Subject: [PATCH] feat: "Background Check for AI Agents" v2.0.0 identity and docs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Establish g0 v2.0.0 identity: "Background Check for AI Agents" — you wouldn't hire someone without a background check, why would you deploy an AI agent without one? - Update CLI banner and description - Rewrite README with background check framing - Update all docs (getting-started, faq, ci-cd, dynamic-testing, endpoint-monitoring, api, openclaw-security, findings, inventory, mcp-security, architecture) - Add v2.0.0 CHANGELOG entry - Bump package.json to 2.0.0 --- CHANGELOG.md | 38 ++++++ README.md | 201 +++++++++++------------------- docs/README.md | 6 +- docs/api.md | 15 +-- docs/architecture.md | 2 +- docs/ci-cd.md | 67 +++------- docs/dynamic-testing.md | 123 ++++++++---------- docs/endpoint-monitoring.md | 32 ++--- docs/faq.md | 32 ++--- docs/findings.md | 8 +- docs/getting-started.md | 51 ++++---- docs/inventory.md | 6 +- docs/mcp-security.md | 6 +- docs/openclaw-deployment-guide.md | 2 +- docs/openclaw-security.md | 50 +++++++- package.json | 4 +- src/cli/branding.ts | 2 +- src/cli/index.ts | 6 +- 18 files changed, 307 insertions(+), 344 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index faeca68..2c048a8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,44 @@ All notable changes to g0 will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [2.0.0] - 2026-03-31 + +### g0 v2.0: Background Check for AI Agents + +g0 v2.0 establishes g0 as the open-source standard for AI agent due diligence — discover, assess, and test every agent before it ships. + +### Added +- "Background Check for AI Agents" positioning — clear metaphor for what g0 does +- MCP and OpenClaw commands promoted to first-class status +- OpenClaw-focused daemon mode — real-time monitoring for malicious skills and MCP config drift +- Remediation guidance inline on every terminal finding (`Fix:` line) +- Standards mapping inline on every terminal finding (`Standards:` line) +- Domain score breakdown in terminal output (12 domains with visual bars) +- Security vs Hardening split scores +- Guard0 Platform CTA on scan output for complete accountability + +### Changed +- Scan output shows letter grade (A-F) with domain breakdown and finding details +- Daemon refocused on OpenClaw/MCP monitoring (skill integrity, config drift, IOC detection) +- Dynamic testing focused on core payload categories (prompt injection, jailbreak, data exfiltration, tool abuse, MCP attacks) +- Endpoint scanning focused on MCP server configurations and AI tool discovery + +### Retained +- SARIF 2.1.0 output on scan, test, and gate (`--sarif`) +- Configurable gate thresholds (`--min-score`, `--min-grade`, `--no-critical`, `--no-high`) +- All 1,180+ security rules across 12 domains +- All 11 framework parsers +- All OpenClaw and MCP scanning capabilities +- OpenClaw daemon monitoring (skill drift, IOC detection) +- 5-language support (Python, TypeScript, JavaScript, Java, Go) + +### Removed +- HTML and compliance report export — available via [Guard0 Platform](https://guard0.ai/early-access) +- CycloneDX/SBOM export format — available via [Guard0 Platform](https://guard0.ai/early-access) +- Enterprise fleet management features (multi-machine coordination, behavioral baselines, correlation engine) +- Advanced adaptive red team strategies — available via [Guard0 Platform](https://guard0.ai/early-access) +- Platform auth and direct upload — scanning is offline-first; use [Guard0 Platform](https://guard0.ai/early-access) for cloud features + ## [1.5.0] - 2026-03-11 ### Fixed diff --git a/README.md b/README.md index d7dd9a2..bec0595 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ g0

-

The Control Layer for AI Agents

+

Background Check for AI Agents

npm version @@ -12,11 +12,11 @@ OpenClaw Security

-

Discover  ·  Assess  ·  Test  ·  Monitor  ·  Comply

+

You wouldn't hire someone without a background check.
Why would you deploy an AI agent without one?


-AI agents make decisions, call tools, and access data autonomously. g0 answers three questions every team must ask before shipping: **what agents do you have**, **what can they access**, and **can you prove they're under control?** +AI agents have access to tools, data, and systems — but most teams ship them without knowing what they can actually do. g0 runs a background check on your agents: discovers every component, assesses 1,180+ risk patterns across 12 domains, and adversarially tests behavior with 1,200+ payloads. ```bash npx @guard0/g0 scan ./my-agent @@ -25,18 +25,20 @@ npx @guard0/g0 scan ./my-agent ## ⚡ Quick Start ```bash -npm install -g @guard0/g0 # Install globally -g0 scan ./my-agent # Assess a local project -g0 scan https://github.com/org/repo # Assess a remote repository -g0 scan . --upload # Upload to Guard0 Cloud (free) -npx @guard0/g0 scan . # npx (no install) +npm install -g @guard0/g0 # Install globally +g0 scan ./my-agent # Run a background check +g0 test --target http://localhost:3000/api/chat # Adversarial testing +g0 inventory . # AI Bill of Materials +g0 mcp scan ./my-mcp-server # Scan MCP server configs +g0 endpoint # Check developer machines +npx @guard0/g0 scan . # npx (no install) ``` --- -## 📊 Static Assessment +## 📊 Security Assessment -Assess your agent codebase — every finding mapped to OWASP, NIST, ISO, and EU AI Act: +Scan your agent codebase with 1,180+ security rules across 12 domains: ``` Scan Results @@ -47,33 +49,25 @@ Assess your agent codebase — every finding mapped to OWASP, NIST, ISO, and EU Agents: 2 Tools: 4 Prompts: 2 Duration: 1.2s - Security Metadata - ──────────────────────────────────────────────────────────── - API Endpoints: 3 (2 external) - DB Accesses: 5 (4 unparameterized) - PII References: 8 (6 unmasked) - Call Graph Edges: 23 - Findings ──────────────────────────────────────────────────────────── - CRITICAL Shared memory between users [AA-DL-046] [AGENT REACHABLE] + CRITICAL Shared memory between users [AA-DL-046] Memory in main.py is shared without user isolation. main.py:8 > ConversationBufferMemory Fix: Isolate memory per user_id or session_id. Use namespaced memory stores. Standards: OWASP:ASI07 - HIGH System prompt has no scope boundaries [AA-GI-001] [AGENT REACHABLE] + HIGH System prompt has no scope boundaries [AA-GI-001] System prompt lacks role definition, task boundaries, or behavioral constraints. - main.py:21 > Assistant helps the current user retrieve the list of their recent bank transact - Fix: Add explicit role definition, allowed actions, and behavioral boundaries. - Standards: OWASP:ASI01 | AIUC-1:A001 | ISO42001:A.5.2,A.8.2 | NIST:MAP-1.1,GOVERN-1.2 + main.py:21 + Fix: Add role definition, task boundaries, and output constraints to the system prompt. + Standards: OWASP:ASI01 | NIST:GV-1.1 - HIGH Database tool without input validation [AA-TS-002] [AGENT REACHABLE] [LIKELY] + HIGH Database tool without input validation [AA-TS-002] Tool "query_db" in tools.py accesses a database without apparent input validation. tools.py:34 - Fix: Use parameterized queries and validate all input before database operations. - Standards: OWASP:ASI02 | AIUC-1:B003,D002 | ISO42001:A.6.2 | NIST:MAP-2.3 + Fix: Add parameterized queries and input validation to database tool. + 18 more findings across 12 domains @@ -84,32 +78,32 @@ Assess your agent codebase — every finding mapped to OWASP, NIST, ISO, and EU Domain Scores ──────────────────────────────────────────────────────────── - Goal Integrity ██████████████████████░░░░░░░░ 74 (5 findings) - Tool Safety ███████████████████████░░░░░░░ 77 (3 findings) - Memory & Context █████████████████████████░░░░░ 84 (4 findings) - Data Leakage █████████████████████░░░░░░░░░ 70 (5 findings) - Human Oversight ████████████████████████░░░░░░ 79 (2 findings) - Rogue Agent ███████████████████████░░░░░░░ 77 (3 findings) - Identity & Access █████████████████████████████░ 98 (1 finding) - Code Execution ██████████████████████████████ 100 + Goal Integrity ██████████████████░░░░░░░░░░░░ 60 (5 findings) + Tool Safety ████████████████████████░░░░░░ 78 (4 findings) + Data Leakage █████████████████████████░░░░░ 82 (3 findings) + Code Execution ████████████████░░░░░░░░░░░░░░ 52 (6 findings) + ... Overall Score ──────────────────────────────────────────────────────────── - B ██████████████████████████████████░░░░░░ 82 + C ████████████████████████████░░░░░░░░░░░ 68 - Security: 84/100 | Hardening: 96/100 + ────────────────────────────────────────────────────────── + For complete accountability across all your agents + → https://guard0.ai/early-access + ────────────────────────────────────────────────────────── ``` -> **[Guard0 Cloud](https://guard0.ai)** — Free dashboard with architecture visualization, compliance mapping, and AI-powered triage. +Every finding includes remediation guidance and maps to OWASP, NIST, ISO 42001, and EU AI Act standards. For complete accountability — compliance reports and continuous monitoring → [Guard0 Platform](https://guard0.ai/early-access). --- ## 🧪 Adversarial Testing -Red-team your live agent — 4,020+ adversarial payloads with multi-turn adaptive attacks and CVSS scoring: +Red-team your live agent with 1,200+ adversarial payloads and CVSS scoring: ```bash -g0 test --target http://localhost:3000/api/chat --adaptive --ai +g0 test --target http://localhost:3000/api/chat --ai ``` ``` @@ -159,26 +153,6 @@ g0 test --target http://localhost:3000/api/chat --adaptive --ai MCP Attack · Content Safety · Bias Detection · PII Probing (all resistant — 67 tests passed) - Adaptive Attack Results - ============================================================ - VULN [CRIT] GOAT strategy [5 turns] CVSS 7.2 (High) - Evidence: Bypassed safety via multi-turn goal decomposition - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N - Fix: Add cross-turn intent tracking to detect gradual goal drift - VULN [HIGH] Crescendo strategy [8 turns] CVSS 4.8 (Medium) - Evidence: Trust-building pattern succeeded on turn 6 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N - Fix: Implement escalation detection across conversation history - SAFE [HIGH] Recon-Probe strategy [3 turns] - SAFE [HIGH] Hydra strategy [4 turns] - SAFE [MED] SIMBA strategy [6 turns] - - CVSS Summary - ------------------------------------------------------------ - Max CVSS: 7.2 (High) - Avg CVSS: 6.0 (Medium) - Adaptive Attacks: 5 total, 2 vulnerable - Summary ------------------------------------------------------------ Status: WARN @@ -238,15 +212,15 @@ g0 scan . --openclaw-hardening http://localhost:8080 --- -## 🔎 The Three Questions +## 🔎 What a Background Check Covers -Every team should ask these before shipping an AI agent: +Every background check answers three questions before your agent ships: ### 1. What agents do you have? ```bash g0 inventory . # AI Bill of Materials -g0 inventory . --cyclonedx # CycloneDX 1.6 SBOM +g0 inventory . --json # JSON output for automation ``` Discover every AI component in your codebase: models, frameworks, tools, agents, vector databases, and MCP servers — across Python, TypeScript, JavaScript, Java, and Go. @@ -267,10 +241,9 @@ Map the blast radius: which data sources does your agent read? Which tools can i g0 test --target http://localhost:3000/api/chat # Adversarial testing g0 test --mcp "python server.py" # Test MCP servers g0 test --target http://localhost:3000 --auto . # Smart targeting from static scan -g0 test --target http://localhost:3000 --adaptive # Adaptive multi-turn attacks ``` -4,020+ adversarial payloads across 21 attack categories with a 4-level progressive judge — deterministic, heuristic, SLM, and LLM-as-judge. 5 adaptive attack strategies with CVSS scoring, 20 encoding mutators with stacking, 7 canary token types with variant detection, concurrent execution, multi-turn attack strategies, and per-category grading rubrics. +1,200+ adversarial payloads with a 4-level progressive judge (deterministic, heuristic, SLM, LLM-as-judge), CVSS scoring, and concurrent execution. --- @@ -296,9 +269,9 @@ OWASP Agentic Top 10 · NIST AI RMF · ISO 42001 · ISO 23894 · OWASP AIVSS · -**10 Framework Parsers** +**11 Framework Parsers** -LangChain/LangGraph · CrewAI · OpenAI Agents SDK · MCP · Vercel AI SDK · Amazon Bedrock · AutoGen · LangChain4j · Spring AI · Go AI +LangChain/LangGraph · CrewAI · OpenAI Agents SDK · MCP · Vercel AI SDK · Amazon Bedrock · AutoGen · LangChain4j · Spring AI · Go AI · Generic @@ -314,7 +287,7 @@ Python · TypeScript · JavaScript · Java · Go **Advanced Analysis** -Pipeline Taint Tracking · Cross-Tool Correlation · Cross-File Exfiltration · Analyzability Scoring · Description-Behavior Alignment · AI Meta-Analysis · Kill Switch · Cost Monitoring · Behavioral Baseline · Event Correlation +Pipeline Taint Tracking · Cross-Tool Correlation · Cross-File Exfiltration · Analyzability Scoring · Description-Behavior Alignment · AI Meta-Analysis · OpenClaw Drift Detection · MCP Config Monitoring @@ -330,15 +303,15 @@ Policy-as-Code (.g0-policy.yaml) · 3 Presets · Severity Overrides · Domain We - - - + + + - + - +
1,180+
Security Rules		4,020+
Attack Payloads		25
Attack Categories		5
Adaptive Strategies		1,200+
Attack Payloads		1,184+
ClawHavoc IOCs		18
Hardening Probes
20
Encoding Mutators		27
Deployment Checks		 58
Security Probes		 2
Active CVEs Covered		10
Framework Parsers		11
Framework Parsers
@@ -348,33 +321,13 @@ Policy-as-Code (.g0-policy.yaml) · 3 Presets · Severity Overrides · Domain We Every finding is automatically mapped to 10 compliance standards — no manual tagging required: -```bash -g0 scan . --report owasp-agentic # OWASP Agentic compliance report -g0 scan . --report iso42001 # ISO 42001 compliance report -g0 scan . --upload # Ongoing tracking via Guard0 Cloud ``` - + g0 maps every finding to 10 compliance standards internally: + OWASP Agentic (ASI01-10) | NIST AI RMF | ISO 42001 | EU AI Act + ISO 23894 | MITRE ATLAS | OWASP LLM Top 10 | AIUC-1 | OWASP AIVSS ``` - OWASP Agentic Security — Compliance Report - ──────────────────────────────────────────────────────────── - - ASI01 Agent Goal Manipulation FAIL 3 findings - ASI02 Tool Misuse FAIL 2 findings - ASI03 Privilege Escalation PASS - ASI04 Supply Chain Compromise PASS - ASI05 Code Execution PASS - ASI06 Memory & Context Poisoning PARTIAL 1 finding - ASI07 Data Leakage FAIL 4 findings - ASI08 Model Theft PASS - ASI09 Cascading Failures PARTIAL 2 findings - ASI10 Rogue Agent FAIL 2 findings - Compliance Score: 60% (4/10 pass, 2 partial, 4 fail) - - Report written to: ./g0-owasp-agentic-report.html -``` - -Each finding includes its OWASP Agentic category (ASI01–ASI10), NIST AI RMF function, ISO 42001 control, EU AI Act article, and MITRE ATLAS technique. Export compliance-ready HTML reports for auditors, or use Guard0 Cloud for continuous compliance posture tracking across your agent portfolio. +g0 knows which standards each finding maps to. For complete accountability — compliance reports, audit evidence, and attestation documents → [Guard0 Platform](https://guard0.ai/early-access). --- @@ -383,11 +336,10 @@ Each finding includes its OWASP Agentic category (ASI01–ASI10), NIST AI RMF fu Your developers' machines are part of your agent attack surface. g0 discovers every AI developer tool installed, which MCP servers are connected, and where the risks are: ```bash -g0 endpoint # Full scan: config + MCP + network + artifacts -g0 endpoint --forensics --browser # Include conversation stores & browser history -g0 endpoint --fix # Auto-fix permissions & suggest remediation +g0 endpoint # Scan AI developer tools and MCP configs +g0 endpoint --fix # Auto-fix permissions g0 endpoint --json # Structured JSON output -g0 endpoint status # Machine info, daemon health, last score +g0 endpoint status # Machine info, daemon health ``` ``` @@ -426,13 +378,12 @@ Detects 19 AI tools: Claude Desktop, Claude Code, Cursor, Windsurf, VS Code, Zed ### Fleet Monitoring ```bash -g0 auth login # Authenticate to Guard0 Cloud g0 daemon start --watch ~/projects # Start background monitoring g0 daemon start --interval 15 # Custom scan interval (minutes) g0 daemon status # Check daemon health ``` -The daemon registers the machine as an endpoint, then periodically scans MCP configurations, enumerates network ports for shadow AI services, checks credentials and data stores, verifies tool description pins for rug-pulls, diffs AI inventories for component drift, and sends heartbeats with endpoint scores to Guard0 Cloud. See [docs/endpoint-monitoring.md](docs/endpoint-monitoring.md) for the full guide. +The daemon monitors OpenClaw skill integrity, detects MCP config drift, and alerts on ClawHavoc IOC matches. Supports Slack and webhook notifications for real-time security alerts. --- @@ -443,20 +394,19 @@ The daemon registers the machine as an endpoint, then periodically scans MCP con | `g0 scan [path]` | Security assessment with scoring and grading | | `g0 scan . --openclaw-hardening [url]` | Live OpenClaw instance hardening audit (18 probes, fingerprint-first, CVE-2026-25253, CVE-2026-28363) | | `g0 scan . --openclaw-audit` | Deployment audit — 27 deployment checks, container deep audit, session forensics, auto-fix | -| `g0 inventory [path]` | AI Bill of Materials (CycloneDX 1.6, JSON, Markdown) | +| `g0 inventory [path]` | AI Bill of Materials (JSON, Markdown) | | `g0 flows [path]` | Agent execution path mapping and toxic flow detection | | `g0 mcp [path]` | MCP server assessment and rug-pull detection | | `g0 mcp audit-skills [path]` | ClawHub supply-chain audit with per-skill trust scoring | -| `g0 test` | Dynamic adversarial testing — 4,020+ payloads, adaptive attacks, CVSS scoring | -| `g0 endpoint` | Multi-layer endpoint security — network, artifacts, scoring, remediation | -| `g0 gate [path]` | CI/CD quality gate with configurable thresholds | -| `g0 auth` | Guard0 Cloud authentication | -| `g0 daemon` | Background monitoring for fleet-wide visibility | +| `g0 test` | Dynamic adversarial testing — 1,200+ payloads, CVSS scoring | +| `g0 endpoint` | Discover AI developer tools and MCP server configurations | +| `g0 gate [path]` | CI/CD gate — configurable thresholds (`--min-score`, `--min-grade`, `--sarif`) | +| `g0 daemon` | OpenClaw/MCP monitoring — skill drift, config changes, IOC alerts | | `g0 detect` | Detect MDM enrollment, running AI agents, and host hardening posture | | `g0 scan . --ci` | Policy-based CI/CD gate with `.g0-policy.yaml` evaluation | | `g0 scan . --host-audit` | OS-level host hardening audit (firewall, encryption, SSH) | -All commands support `--upload` to sync results to Guard0 Cloud, `--json` for programmatic output, and `--sarif` for GitHub Code Scanning integration. +All commands support `--json` for programmatic output. --- @@ -468,10 +418,6 @@ All commands support `--upload` to sync results to Guard0 Cloud, `--json` for pr name: AI Agent Assessment on: [push, pull_request] -permissions: - security-events: write - contents: read - jobs: assess: runs-on: ubuntu-latest @@ -481,27 +427,20 @@ jobs: with: node-version: '20' - - name: g0 Security Assessment - run: | - npx @guard0/g0 gate . --min-score 70 --sarif results.sarif - - - name: g0 Policy Gate - run: | - npx @guard0/g0 scan . --ci - - - uses: github/codeql-action/upload-sarif@v3 - if: always() - with: - sarif_file: results.sarif + - name: g0 Security Gate + run: npx @guard0/g0 gate . + # Exits 1 if critical or high findings detected ``` ### Pre-commit Hook ```bash # .husky/pre-commit -npx @guard0/g0 gate . --min-score 70 --no-critical --quiet +npx @guard0/g0 gate . --quiet ``` +g0 gate supports `--min-score`, `--min-grade`, `--sarif`, and config-based `fail_on`. For complete accountability — PR-level annotations and trend tracking → [Guard0 Platform](https://guard0.ai/early-access). + See [docs/ci-cd.md](docs/ci-cd.md) for GitLab CI, Jenkins, and more. --- @@ -535,7 +474,7 @@ console.log(scan.findings.length); // 12 // Dynamic adversarial testing const test = await runTests({ target: 'http://localhost:3000/api/chat', - adaptive: true, + // For complete accountability → guard0.ai/early-access }); console.log(test.summary.passRate); // 0.986 console.log(test.summary.vulnCount); // 3 @@ -545,7 +484,7 @@ See [docs/api.md](docs/api.md) for the full SDK reference. ## Output Formats -Terminal (default), JSON, SARIF 2.1.0, HTML, CycloneDX 1.6, and Markdown. +Terminal (default), JSON, Markdown, and SARIF (`--sarif`). For complete accountability — HTML dashboards and compliance exports → [Guard0 Platform](https://guard0.ai/early-access). --- @@ -559,13 +498,13 @@ Terminal (default), JSON, SARIF 2.1.0, HTML, CycloneDX 1.6, and Markdown. | [Custom Rules](docs/custom-rules.md) | YAML rule schema, all 13 check types, examples | | [Framework Guide](docs/frameworks.md) | Per-framework detection, patterns, and findings | | [Understanding Findings](docs/findings.md) | Finding anatomy, filtering, suppression, triage | -| [AI Asset Inventory](docs/inventory.md) | AI-BOM, CycloneDX, diffing, compliance | +| [AI Asset Inventory](docs/inventory.md) | AI-BOM, JSON/Markdown, diffing | | [OpenClaw Security](docs/openclaw-security.md) | Static scanner, ClawHavoc detection, skill auditing, CVE probes, adversarial testing | | [OpenClaw Deployment Guide](docs/openclaw-deployment-guide.md) | Self-hosted hardening, config generation, runtime monitoring | | [Enforcement Integrations](docs/enforcement-integrations.md) | Tetragon, Falco, auditd, iptables egress rules, event receiver | | [MCP Security](docs/mcp-security.md) | MCP assessment, rug-pull detection, hash pinning | -| [Dynamic Testing](docs/dynamic-testing.md) | 4,020+ adversarial payloads, adaptive attacks, CVSS scoring, 20 mutators | -| [Endpoint Assessment & Monitoring](docs/endpoint-monitoring.md) | Multi-layer scanning, scoring, remediation, drift detection, fleet-wide daemon | +| [Dynamic Testing](docs/dynamic-testing.md) | 1,200+ adversarial payloads, CVSS scoring | +| [Endpoint Assessment](docs/endpoint-monitoring.md) | AI tool discovery, MCP config scanning | | [CI/CD Integration](docs/ci-cd.md) | GitHub Actions, GitLab CI, Jenkins, pre-commit | | [Programmatic API](docs/api.md) | SDK exports, runScan, runDiscovery, getAllRules | | [Scoring Methodology](docs/scoring.md) | Formula, weights, multipliers, grades | @@ -589,4 +528,4 @@ npm run build --- -g0 is an open-source project by [Guard0](https://guard0.ai). AI Thinks. We Govern. +g0 is an open-source project by [Guard0](https://guard0.ai/early-access). The background check is just the beginning — for complete accountability, see the [Guard0 Platform](https://guard0.ai/early-access). diff --git a/docs/README.md b/docs/README.md index 3c4c9c7..11ff6a3 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,13 +1,13 @@ # g0 Documentation -Welcome to the g0 documentation. g0 is the control layer for AI agents — it discovers, assesses, tests, monitors, and governs your AI agent infrastructure across 12 security domains. +Welcome to the g0 documentation. g0 runs background checks on your AI agents — discovering every component, assessing 1,180+ risk patterns across 12 domains, and adversarially testing behavior before you ship. ## By the Numbers | | | | | |:---:|:---:|:---:|:---:| -| **1,180** | **4,000+** | **12** | **10** | -| Security Rules | Adversarial Payloads | Security Domains | Framework Parsers | +| **1,180+** | **1,200+** | **1,184+** | **11** | +| Security Rules | Adversarial Payloads | Malicious Skill IOCs | Framework Parsers | | **10** | **5** | **25** | **20** | | Compliance Standards | Languages | Attack Categories | Encoding Mutators | diff --git a/docs/api.md b/docs/api.md index d7b3184..eb384a2 100644 --- a/docs/api.md +++ b/docs/api.md @@ -27,11 +27,9 @@ import { calculateScore, // Reporters - reportTerminal, reportJson, - reportHtml, reportSarif, - reportComplianceHtml, + // reportHtml — available via Guard0 Platform } from '@guard0/g0'; ``` @@ -283,17 +281,6 @@ console.log(json); reportJson(result, 'results.json'); ``` -### `reportHtml` - -Generate a self-contained HTML report file. - -```typescript -import { runScan, reportHtml } from '@guard0/g0'; - -const result = await runScan({ targetPath: './my-agent' }); -reportHtml(result, 'report.html'); -``` - ### `reportSarif` Generate a SARIF 2.1.0 report for integration with GitHub Code Scanning, VS Code, and other SARIF-compatible tools. diff --git a/docs/architecture.md b/docs/architecture.md index 91ef73b..c9a718f 100644 --- a/docs/architecture.md +++ b/docs/architecture.md @@ -190,7 +190,7 @@ src/ testing/ # Dynamic adversarial testing reporters/ # All output formatters standards/ # 10 standards mapping - platform/ # Guard0 Cloud integration + platform/ # Guard0 Platform integration daemon/ # Background monitoring remote/ # Git clone for remote scanning cli/ # Commander.js CLI diff --git a/docs/ci-cd.md b/docs/ci-cd.md index bd4b0b7..872571f 100644 --- a/docs/ci-cd.md +++ b/docs/ci-cd.md @@ -4,15 +4,15 @@ g0 integrates into your CI/CD pipeline to catch AI security issues before they r ## Quality Gate -The `g0 gate` command is designed for CI — it exits with code 1 if the scan fails your thresholds: +The `g0 gate` command is designed for CI — configurable thresholds with SARIF output: ```bash -g0 gate . # Default: min score 70 +g0 gate . # Pass/fail (default: min-score 70) g0 gate . --min-score 80 # Custom score threshold -g0 gate . --min-grade B # Grade-based threshold -g0 gate . --no-critical # Fail on any critical finding -g0 gate . --no-high # Fail on any high or critical finding -g0 gate . --sarif results.sarif # Also produce SARIF output +g0 gate . --min-grade B # Minimum grade +g0 gate . --no-critical # Fail on any critical findings +g0 gate . --sarif results.sarif # Also output SARIF for Code Scanning +g0 gate . -o results.json # Also save JSON results ``` ## GitHub Actions @@ -33,10 +33,11 @@ jobs: node-version: '20' - name: g0 Security Gate - run: npx @guard0/g0 gate . --min-score 70 + run: npx @guard0/g0 gate . + # Exits 1 if critical or high findings detected ``` -### With SARIF Upload (GitHub Code Scanning) +### With SARIF + GitHub Code Scanning ```yaml name: AI Agent Security @@ -55,46 +56,10 @@ jobs: with: node-version: '20' - - name: g0 Security Assessment + - name: g0 Security Gate run: npx @guard0/g0 gate . --min-score 70 --sarif results.sarif - - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v3 - if: always() - with: - sarif_file: results.sarif -``` - -SARIF findings appear as annotations on pull requests and in the Security tab. - -### Full Assessment with Guard0 Cloud - -```yaml -name: AI Agent Security -on: [push, pull_request] - -permissions: - security-events: write - contents: read - -jobs: - security: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version: '20' - - - name: g0 Security Assessment - env: - G0_API_KEY: ${{ secrets.G0_API_KEY }} - run: | - npx @guard0/g0 gate . --min-score 70 --sarif results.sarif - npx @guard0/g0 scan . --upload - npx @guard0/g0 inventory . --upload - - - name: Upload SARIF + - name: Upload SARIF to GitHub uses: github/codeql-action/upload-sarif@v3 if: always() with: @@ -144,7 +109,7 @@ ai-security: image: node:20 stage: test script: - - npx @guard0/g0 gate . --min-score 70 --sarif results.sarif + - npx @guard0/g0 gate . --min-score 70 --json artifacts: reports: sast: results.sarif @@ -177,7 +142,7 @@ pipeline { stages { stage('AI Security') { steps { - sh 'npx @guard0/g0 gate . --min-score 70 --sarif results.sarif' + sh 'npx @guard0/g0 gate . --min-score 70 --json' } post { always { @@ -282,11 +247,11 @@ exclude_paths: ``` PR opened ├── g0 gate (fast, blocks merge) - ├── g0 scan --sarif (annotations on PR) + ├── g0 scan --json(annotations on PR) └── g0 inventory --diff (component change detection) Merge to main - ├── g0 scan --upload (track history) - ├── g0 inventory --upload (track components) + ├── g0 scan (track history) + ├── g0 inventory (track components) └── g0 test --auto (dynamic testing in staging) ``` diff --git a/docs/dynamic-testing.md b/docs/dynamic-testing.md index 0254124..e81130e 100644 --- a/docs/dynamic-testing.md +++ b/docs/dynamic-testing.md @@ -8,31 +8,25 @@ Dynamic testing complements static scanning — while `g0 scan` analyzes source ```mermaid flowchart LR - A[4,020+ Payloads] --> B[20 Mutators] - B --> C[Provider] - C --> D[Live Agent] - D --> E[Response] - E --> F{Adaptive?} - F -->|No| G[4-Level Judge] - F -->|Yes| H[Red-Team LLM] - H --> I[Adaptive Engine] - I --> D - I --> G - G --> J[CVSS Scoring] - J --> K[Pass / Fail / Error] + A[1,200+ Payloads] --> B[Provider] + B --> C[Live Agent] + C --> D[Response] + D --> E[4-Level Judge] + E --> F[CVSS Scoring] + F --> G[Pass / Fail / Error] ``` **By the numbers:** | Metric | Count | |--------|-------| -| Attack payloads | 4,020+ | -| Attack categories | 25 (including `openclaw-attacks` and scan-driven categories) | +| Attack payloads | 1,200+ core payloads | +| Attack categories | Core categories (prompt injection, jailbreak, data exfiltration, tool abuse, MCP attacks) | | Harmful subcategories | 26 | | Payload mutators | 20 (with stacking) | | Heuristic signals | 32+ | -| Multi-turn strategies | 3 static + 5 adaptive | -| Adaptive strategies | 5 | +| Multi-turn strategies | 3 built-in + advanced via Guard0 Platform | + | Judge levels | 4 | | CVSS scoring | Yes | | Canary token types | 7 | @@ -96,7 +90,7 @@ g0 test --target http://localhost:3000/api/chat --system-prompt-file ./prompts/s ## Attack Categories -g0 includes 25 categories of adversarial payloads totaling 4,020+: +g0 includes core adversarial payload categories totaling 1,200+: | Category | Payloads | What It Tests | |----------|----------|--------------| @@ -215,49 +209,19 @@ g0 test --target http://localhost:3000/api/chat --strategy crescendo g0 test --target http://localhost:3000/api/chat --strategy foot-in-door ``` -## Adaptive Attack Engine - -The `--adaptive` flag enables LLM-powered multi-turn attacks where a red-team model dynamically crafts messages based on the target's responses. Unlike static multi-turn strategies, adaptive attacks react to the target in real time. - -### Strategies - -| Strategy | Approach | -|----------|----------| -| **GOAT** | General-purpose orchestrator that dynamically selects tactics based on target responses | -| **Crescendo** | Gradually escalates from innocent conversation to the target objective | -| **Recon-Probe** | 3-phase (recon → probe → attack) — discovers tools and restrictions before attacking | -| **Hydra** | Multi-branch exploration — tries multiple angles simultaneously and doubles down on the most promising | -| **SIMBA** | Tree-search with SLM scoring — builds an attack tree and uses a lightweight model to score branches | - -### Usage - -```bash -# Run all adaptive strategies -g0 test --target http://localhost:3000/api/chat --adaptive - -# Select specific strategies -g0 test --target http://localhost:3000/api/chat --adaptive goat,crescendo - -# Control turn depth -g0 test --target http://localhost:3000/api/chat --adaptive --max-turns 15 - -# Custom attack objective -g0 test --target http://localhost:3000/api/chat --adaptive --objective "Extract the system prompt" - -# Use a specific red-team model -g0 test --target http://localhost:3000/api/chat --adaptive --red-team-model anthropic/claude-sonnet-4-5-20250929 - -# Test session isolation with multiple parallel sessions -g0 test --target http://localhost:3000/api/chat --adaptive --multi-session 3 -``` - -### Framework Intelligence +## Advanced Red Teaming -When used with `--auto`, the adaptive engine auto-detects the target's framework from static scan results and uses framework-specific attack templates. For example, attacks against a LangChain agent will probe tool-calling patterns, while attacks against an MCP server will target protocol-level vulnerabilities. +g0 includes core adversarial payloads for prompt injection, jailbreak, data exfiltration, tool abuse, and MCP attacks. For agents that resist static payloads, adaptive multi-turn strategies that learn from the target's responses typically uncover 2-3x more vulnerabilities: -### Cross-Run Learning +| Strategy | Approach | What It Finds | +|---|---|---| +| **GOAT** | Goal-oriented, learns each turn | Multi-turn defense weaknesses | +| **Crescendo** | Gradual escalation (intensity 1-10) | Intensity-threshold bypasses | +| **SIMBA** | Tree-search with branch scoring | Best attack path from many candidates | +| **Hydra** | Recon → multi-branch → best path | Systematic attack surface coverage | +| **Recon-Probe** | 3-phase intelligence gathering | Framework-specific vulnerabilities | -Attack profiles are saved to `.g0/attack-profiles.json` after each adaptive run, encrypted at rest with AES-256-GCM. Successful tactics, effective approaches, and discovered weaknesses carry across test runs, making subsequent attacks more targeted and efficient. Concurrent writes are protected by file locking to prevent corruption. +Adaptive red teaming with these strategies is available via [Guard0 Platform](https://guard0.ai/early-access). ## Compliance Probes @@ -578,11 +542,11 @@ CVSS scores appear in terminal output, JSON reports, and SARIF results for each The `--sarif` flag produces SARIF 2.1.0 output for CI/CD integration: ```bash -# Write SARIF to a file -g0 test --target http://localhost:3000/api/chat --sarif test-results.sarif +# SARIF to stdout +g0 test --target http://localhost:3000/api/chat --sarif -# Combine with adaptive attacks -g0 test --target http://localhost:3000/api/chat --adaptive --sarif test-results.sarif +# Write SARIF to a file +g0 test --target http://localhost:3000/api/chat --sarif results.sarif ``` Each vulnerable finding becomes a SARIF result with: @@ -608,10 +572,10 @@ A2A testing probes for: ## Remediation Generation -After adaptive attacks confirm vulnerabilities, g0 can generate AI-powered fix suggestions: +For AI-powered fix suggestions after testing: ```bash -g0 test --target http://localhost:3000/api/chat --adaptive --ai +# Advanced adaptive testing → guard0.ai/early-access ``` When `--ai` is enabled, the remediation engine analyzes each confirmed vulnerability and produces: @@ -699,10 +663,10 @@ g0 test --target http://localhost:3000/api/chat --attacks data-exfiltration --ca g0 test --target http://localhost:3000/api/chat --auto . --ai # Adaptive multi-turn attacks with CVSS scoring -g0 test --target http://localhost:3000/api/chat --adaptive --ai +# Advanced adaptive testing → guard0.ai/early-access # Adaptive with SARIF output for CI -g0 test --target http://localhost:3000/api/chat --adaptive --sarif results.sarif +# Advanced adaptive testing → guard0.ai/early-access ``` ## CI Integration @@ -724,10 +688,29 @@ g0 test --target http://localhost:3000/api/chat --adaptive --sarif results.sarif --json -o jailbreak-results.json ``` -## Uploading Results +## Going Further -```bash -g0 test --target http://localhost:3000/api/chat --upload -``` +### What g0 Finds vs What You're Missing + +g0 tests with 1,200+ core payloads across prompt injection, jailbreak, data exfiltration, tool abuse, and MCP attacks. This catches the most common vulnerability classes. + +However, sophisticated AI agents often resist static payloads while remaining vulnerable to adaptive, multi-turn attacks that learn from the target's responses. In testing, adaptive strategies typically uncover 2-3x more vulnerabilities: + +| Strategy | Approach | What It Finds | +|---|---|---| +| GOAT | Goal-oriented, learns from each response | Vulnerabilities hidden behind multi-turn defenses | +| Crescendo | Gradually escalates from innocent to adversarial | Weaknesses in intensity-based safety filters | +| SIMBA | Tree-search, explores multiple attack paths | Best attack angle from many candidates | +| Hydra | Reconnaissance → multi-branch → best path | Systematic coverage of the target's attack surface | + +For adaptive red teaming → [Guard0 Platform](https://guard0.ai/early-access). + +### Tracking Results Over Time + +Running `g0 test` regularly catches regressions — an agent that was secure last week might be vulnerable after a prompt change or model update. But each test run is independent. + +For historical trend analysis, regression alerts, and mapping dynamic findings to static scan results → [Guard0 Platform](https://guard0.ai/early-access). + +### Compliance Mapping -Guard0 Cloud tracks test results over time, showing regression trends and mapping dynamic findings to static scan results. +Every dynamic finding maps to OWASP Agentic Top 10 and other industry standards. For compliance reports that include both static and dynamic findings → [Guard0 Platform](https://guard0.ai/early-access). diff --git a/docs/endpoint-monitoring.md b/docs/endpoint-monitoring.md index 742abf2..3560681 100644 --- a/docs/endpoint-monitoring.md +++ b/docs/endpoint-monitoring.md @@ -13,7 +13,7 @@ g0 provides multi-layer security assessment for AI developer endpoints: ```bash g0 endpoint # Full scan: config + process + MCP + network + artifacts g0 endpoint --json # Structured JSON output -g0 endpoint --upload # Upload results to Guard0 Cloud +g0 endpoint --fix # Auto-fix permissions and remediate g0 endpoint --forensics # Include conversation store metadata (opt-in) g0 endpoint --browser # Include browser AI service history (opt-in) g0 endpoint --fix # Auto-fix permissions and suggest remediation @@ -194,7 +194,7 @@ AI agents run on developer machines through tools like Claude Desktop, Cursor, a ```bash # 1. Authenticate -g0 auth login +# Platform features → guard0.ai/early-access # 2. Start the daemon g0 daemon start @@ -203,7 +203,7 @@ g0 daemon start g0 daemon status ``` -The daemon registers your machine with Guard0 Cloud and begins periodic monitoring. +The daemon registers your machine with Guard0 Platform and begins periodic monitoring. ## How It Works @@ -219,7 +219,7 @@ On each tick (default: every 30 minutes), the daemon: 8. **Agent Watcher** - Detects running AI agents (Claude Code, Cursor, OpenClaw, etc.) 9. **Fleet Registration** - Reports machine scores and status 10. **Drift Detection** - Compares current scan against previous -11. **Heartbeat** - Reports machine health to Guard0 Cloud +11. **Heartbeat** - Reports machine health to Guard0 Platform ### Endpoint Registration @@ -233,7 +233,7 @@ g0 Version: 1.1.2 Watch Paths: ~/projects ``` -Guard0 Cloud tracks each endpoint and displays fleet-wide status. +Guard0 Platform tracks each endpoint and displays fleet-wide status. ## Commands @@ -303,7 +303,7 @@ The daemon stores its configuration in `~/.g0/daemon.json`: |---------|---------|-------------| | `intervalMinutes` | 30 | Minutes between scan ticks | | `watchPaths` | `[]` | Project directories to monitor for inventory changes | -| `upload` | `true` | Upload results to Guard0 Cloud | +| `upload` | `true` | Upload results to Guard0 Platform | | `mcpScan` | `true` | Scan local MCP configurations each tick | | `mcpPinCheck` | `true` | Verify MCP tool descriptions against pins | | `inventoryDiff` | `true` | Diff AI inventories on watched paths | @@ -351,11 +351,11 @@ Every tick, the daemon scans MCP config files in standard locations: - `~/.cursor/mcp.json` - Project-level `.mcp.json` files in watched paths -Findings are uploaded to Guard0 Cloud with the machine context, so you can see which developer machines have risky MCP configurations. +Findings are uploaded to Guard0 Platform with the machine context, so you can see which developer machines have risky MCP configurations. ### Rug-Pull Detection -If a `.g0-pins.json` file exists, the daemon compares current MCP tool descriptions against pinned hashes. Any mismatch triggers a warning in the logs and an alert on Guard0 Cloud. +If a `.g0-pins.json` file exists, the daemon compares current MCP tool descriptions against pinned hashes. Any mismatch triggers a warning in the logs and an alert on Guard0 Platform. ``` [WARN] Pin check: 1 mismatches detected! @@ -364,7 +364,7 @@ If a `.g0-pins.json` file exists, the daemon compares current MCP tool descripti ### AI Inventory Drift -For watched paths, the daemon builds an AI inventory each tick and uploads it. Guard0 Cloud tracks changes over time: +For watched paths, the daemon builds an AI inventory each tick and uploads it. Guard0 Platform tracks changes over time: - New models, tools, or agents added - Framework version changes @@ -379,7 +379,7 @@ Every tick, the daemon audits OS-level security: **Linux** (5 checks): UFW/iptables, LUKS encryption, SSH hardening, auto-updates, open ports -Results are uploaded to Guard0 Cloud for fleet-wide host posture tracking. +Results are uploaded to Guard0 Platform for fleet-wide host posture tracking. ### Fleet Management @@ -403,11 +403,11 @@ The daemon sends periodic heartbeats with status: | `degraded` | Some checks failed but daemon is running | | `error` | Daemon encountered a critical error | -Guard0 Cloud uses heartbeats to show endpoint status and alert on machines that go offline. +Guard0 Platform uses heartbeats to show endpoint status and alert on machines that go offline. -## Fleet Management on Guard0 Cloud +## Fleet Management on Guard0 Platform -With daemons running across your team's machines, Guard0 Cloud provides: +With daemons running across your team's machines, Guard0 Platform provides: - **Endpoint inventory** - All registered machines with OS, platform, and g0 version - **Fleet-wide MCP visibility** - Which MCP servers are installed across the fleet @@ -427,7 +427,7 @@ Each developer runs: ```bash npm install -g @guard0/g0 -g0 auth login +# Platform features → guard0.ai/early-access g0 daemon start --watch ~/projects ``` @@ -444,7 +444,7 @@ G0_API_KEY="$FLEET_API_KEY" g0 daemon start ### Verify Fleet Status -On Guard0 Cloud, the endpoints dashboard shows all registered machines and their last heartbeat time. +On Guard0 Platform, the endpoints dashboard shows all registered machines and their last heartbeat time. ## Files @@ -454,7 +454,7 @@ On Guard0 Cloud, the endpoints dashboard shows all registered machines and their | `~/.g0/daemon.pid` | PID file for the running daemon | | `~/.g0/daemon.log` | Daemon log output | | `~/.g0/machine-id` | Stable machine identifier (UUID) | -| `~/.g0/auth.json` | Guard0 Cloud authentication tokens | +| `~/.g0/auth.json` | Guard0 Platform authentication tokens | | `~/.g0/last-endpoint-scan.json` | Last scan result for drift detection | | `~/.g0/fleet-state.json` | Fleet member registry and scores | | `~/.g0/evidence/` | Evidence records for governance compliance | diff --git a/docs/faq.md b/docs/faq.md index e6d0d1f..171598e 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -73,7 +73,7 @@ For rules that run against prompts (e.g., "system prompt missing refusal instruc ### How do I add g0 to my CI pipeline? ```bash -npx @guard0/g0 gate . --min-score 70 --sarif results.sarif +npx @guard0/g0 gate . ``` See [CI/CD Integration](ci-cd.md) for GitHub Actions, GitLab CI, Jenkins, and pre-commit examples. @@ -84,9 +84,19 @@ See [CI/CD Integration](ci-cd.md) for GitHub Actions, GitLab CI, Jenkins, and pr - `1` — One or more thresholds failed - `2` — Scan error +g0 gate supports configurable thresholds: `--min-score`, `--min-grade`, `--no-critical`, `--no-high`, and config-based `fail_on`. + ### Can I use g0 with GitHub Code Scanning? -Yes. Use `--sarif` to produce SARIF 2.1.0 output, then upload with `github/codeql-action/upload-sarif@v3`. Findings appear as PR annotations and in the Security tab. +Yes. g0 outputs SARIF 2.1.0 natively: + +```bash +g0 scan . --sarif results.sarif +g0 gate . --sarif results.sarif +g0 test --target http://localhost:3000 --sarif results.sarif +``` + +Use with `github/codeql-action/upload-sarif@v3` to see findings in the Security tab. ## Custom Rules @@ -118,20 +128,10 @@ See [Compliance Mapping](compliance.md) for the full matrix. ### Can I generate compliance reports? -Yes: - -```bash -g0 scan . --report owasp-agentic # OWASP Agentic Top 10 report -g0 scan . --report nist-ai-rmf # NIST AI RMF report -g0 scan . --report iso42001 # ISO 42001 report -``` - -## Guard0 Cloud - -### Is Guard0 Cloud free? +g0 shows standards mapping inline on every finding (`Standards: OWASP:ASI01 | NIST:GV-1.1`). For formal compliance reports (OWASP, NIST AI RMF, ISO 42001, EU AI Act) → [Guard0 Platform](https://guard0.ai/early-access). -Yes, Guard0 Cloud is free for individual use. Run `g0 auth login` to authenticate and `g0 scan . --upload` to upload results. +## Guard0 Platform -### What data does `--upload` send? +### What is Guard0 Platform? -Scan results (findings, scores, agent graph structure), inventory data, and test results. Source code is never uploaded. +g0 is the background check — it runs once and tells you what you have, what's wrong, and how to fix it. [Guard0 Platform](https://guard0.ai/early-access) provides complete accountability — HTML dashboards, compliance reporting, team collaboration, fleet monitoring, adaptive red teaming, and governance workflows on top of g0's scanning capabilities. diff --git a/docs/findings.md b/docs/findings.md index 048e1b4..42dfacb 100644 --- a/docs/findings.md +++ b/docs/findings.md @@ -110,7 +110,7 @@ JSON findings include all fields: ## SARIF Output ```bash -g0 scan . --sarif results.sarif +g0 scan . --json ``` SARIF 2.1.0 format integrates with GitHub Code Scanning, VS Code SARIF Viewer, and other SARIF-compatible tools. Findings appear as annotations on pull requests. @@ -222,13 +222,13 @@ g0 scan . --ai AI analysis provides contextual explanations for each finding, including whether it's likely a true positive and suggested remediations. -### Using Guard0 Cloud +### Using Guard0 Platform ```bash -g0 scan . --upload +g0 scan . ``` -Guard0 Cloud provides: +Guard0 Platform provides: - Historical trend tracking - Architecture visualization showing finding locations in the agent graph - AI-powered triage with remediation suggestions diff --git a/docs/getting-started.md b/docs/getting-started.md index 93c974c..9edeeb0 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -43,18 +43,9 @@ The terminal output includes: Score: 72/100 (C) ``` -The overall score is a weighted average of 12 domain scores. Grades range from A (90-100) to F (0-59). +Grades range from A (90-100) to F (0-59), based on findings across 12 security domains. -### Domain Breakdown - -Each of the 12 security domains gets its own score: - -``` - Goal Integrity 85/100 B - Tool Safety 62/100 D - Identity & Access 90/100 A - ... -``` +g0 shows domain-level scores for all 12 security domains. For trend analysis over time → [Guard0 Platform](https://guard0.ai/early-access). ### Findings @@ -75,6 +66,8 @@ Each finding includes: - **Rule ID** — e.g., `AA-CE-003` (domain code + number) - **Description** — What the rule detected - **Location** — File path and line number +- **Fix** — Remediation guidance (how to resolve the issue) +- **Standards** — Mapped compliance standards (OWASP, NIST, ISO, etc.) - **Reachability** — How accessible the code is from agent entry points ## Scanning Remote Repositories @@ -92,21 +85,15 @@ g0 clones the repository to a temporary directory, scans it, and cleans up. ```bash g0 scan . --json # JSON to stdout g0 scan . --json -o results.json # JSON to file -g0 scan . --sarif results.sarif # SARIF 2.1.0 -g0 scan . --html report.html # HTML report +g0 scan . --sarif # SARIF 2.1.0 to stdout +g0 scan . --sarif report.sarif # SARIF to file ``` -## Uploading to Guard0 Cloud - -```bash -# First, authenticate -g0 auth login +## Guard0 Platform -# Then scan with --upload -g0 scan . --upload -``` +For HTML dashboards, compliance reporting, team collaboration, and enterprise features: -Guard0 Cloud provides architecture visualization, compliance mapping, historical trends, and AI-powered finding triage — all free. +→ [Guard0 Platform](https://guard0.ai/early-access) ## AI-Powered Analysis @@ -259,9 +246,25 @@ g0 works on Windows via PowerShell or WSL. A few things to note: ## Next Steps -- [Understanding Findings](findings.md) — Deep dive into finding anatomy, filtering, and triage -- [AI Asset Inventory](inventory.md) — Discover all AI components in your codebase +- [OpenClaw Security](openclaw-security.md) — Full OpenClaw/MCP security coverage - [MCP Security](mcp-security.md) — Assess MCP server configurations - [Dynamic Testing](dynamic-testing.md) — Run adversarial tests against live agents +- [Understanding Findings](findings.md) — Deep dive into finding anatomy and triage +- [AI Asset Inventory](inventory.md) — Discover all AI components in your codebase - [CI/CD Integration](ci-cd.md) — Add g0 to your pipeline - [Custom Rules](custom-rules.md) — Write rules specific to your organization + +## Beyond Scanning + +g0 finds the problems. For the full security lifecycle: + +| What You Need | Where | +|---|---| +| Remediation guidance and standards mapping | Included in g0 (`Fix:` and `Standards:` on every finding) | +| SARIF output for GitHub Code Scanning | Included in g0 (`--sarif`) | +| Domain score breakdown | Included in g0 (12 domains shown in terminal) | +| Compliance reports (EU AI Act, NIST, ISO 42001) | [Guard0 Platform](https://guard0.ai/early-access) | +| Team dashboard and shared visibility | [Guard0 Platform](https://guard0.ai/early-access) | +| Adaptive red teaming (GOAT, Crescendo, SIMBA) | [Guard0 Platform](https://guard0.ai/early-access) | +| Historical trends and regression alerts | [Guard0 Platform](https://guard0.ai/early-access) | +| HTML reports for Jira, Splunk, stakeholders | [Guard0 Platform](https://guard0.ai/early-access) | diff --git a/docs/inventory.md b/docs/inventory.md index e6d133f..928d28e 100644 --- a/docs/inventory.md +++ b/docs/inventory.md @@ -127,13 +127,13 @@ NIST AI RMF MAP function requires understanding of AI system composition: g0 inventory . --markdown -o ai-components.md ``` -## Uploading to Guard0 Cloud +## Uploading to Guard0 Platform ```bash -g0 inventory . --upload +g0 inventory . ``` -Guard0 Cloud provides: +Guard0 Platform provides: - Visual component graph - Historical inventory tracking - Change notifications diff --git a/docs/mcp-security.md b/docs/mcp-security.md index d8073fe..b4b26f9 100644 --- a/docs/mcp-security.md +++ b/docs/mcp-security.md @@ -219,8 +219,8 @@ $ g0 mcp ~/.cursor/mcp.json ## Uploading Results ```bash -g0 mcp --upload -g0 mcp ./my-mcp-server --upload +g0 mcp +g0 mcp ./my-mcp-server ``` -Guard0 Cloud provides MCP-specific dashboards showing tool permissions, description change history, and supply chain risk. +Guard0 Platform provides MCP-specific dashboards showing tool permissions, description change history, and supply chain risk. diff --git a/docs/openclaw-deployment-guide.md b/docs/openclaw-deployment-guide.md index ddbbead..1a0b390 100644 --- a/docs/openclaw-deployment-guide.md +++ b/docs/openclaw-deployment-guide.md @@ -1184,7 +1184,7 @@ g0 daemon logs # View recent logs | Plugin notifications | Configurable | Security event digests (interval) or per-event alerts (realtime) | | Event receiver | Always on | HTTP server on port 6040 for plugin events | | Enforcement | On violation | iptables rules, auditd rules, container stop | -| Platform upload | Every tick | Sends results to Guard0 Cloud dashboard | +| Platform upload | Every tick | Sends results to Guard0 Platform dashboard | | Host hardening | Every tick | OS-level security audit (firewall, encryption, SSH) | | Agent watcher | Every tick | Detects running AI agents (Claude Code, Cursor, OpenClaw) | | Fleet management | Every tick | Registers machine, aggregates scores, cross-machine correlation | diff --git a/docs/openclaw-security.md b/docs/openclaw-security.md index 1229971..f197237 100644 --- a/docs/openclaw-security.md +++ b/docs/openclaw-security.md @@ -221,7 +221,7 @@ g0 mcp audit-skills --json -o audit.json # JSON output g0 test --attacks openclaw-attacks --target http://localhost:8080 # Test with adaptive multi-turn attacks -g0 test --attacks openclaw-attacks --target http://localhost:8080 --adaptive +g0 test --attacks openclaw-attacks --target http://localhost:8080 # Test MCP server g0 test --attacks openclaw-attacks --mcp "python openclaw_server.py" @@ -607,7 +607,7 @@ jobs: steps: - uses: actions/checkout@v4 - name: Static scan + OpenClaw rules - run: npx @guard0/g0 scan . --rules AA-SC-121,AA-SC-122,AA-SC-125,AA-DL-133,AA-DL-134,AA-DL-135,AA-DL-136,AA-DL-137 --sarif openclaw.sarif + run: npx @guard0/g0 scan . --rules AA-SC-121,AA-SC-122,AA-SC-125,AA-DL-133,AA-DL-134,AA-DL-135,AA-DL-136,AA-DL-137 --json - name: Audit ClawHub skills run: npx @guard0/g0 mcp audit-skills . - uses: github/codeql-action/upload-sarif@v3 @@ -716,6 +716,52 @@ g0 scan . --rules AA-SC-121 # Run single OpenClaw rule g0 scan . --min-confidence low # Include low-confidence findings (OC-SOC-124) ``` +## Going Further + +### Remediation Guidance + +g0 identifies what's wrong. For framework-specific remediation — exact code changes for your OpenClaw version, before/after diffs, and verification steps — see [Guard0 Platform](https://guard0.ai/early-access). + +### Compliance Evidence + +Every OpenClaw finding maps to industry standards: + +| Finding Domain | Standards | +|---|---| +| Supply Chain (ClawHavoc, skill integrity) | OWASP ASI-05, NIST MAP-2.3, ISO 42001 A.6.2 | +| Data Leakage (MEMORY.md credential storage) | OWASP ASI-07, EU AI Act Article 15 | +| Goal Integrity (SOUL.md identity replacement) | OWASP ASI-01, NIST GOVERN-1.1 | +| Code Execution (safeBins bypass) | OWASP ASI-03, MITRE AML.T0040 | + +g0 maps findings internally. For compliance reports (EU AI Act, NIST AI RMF, ISO 42001), audit evidence packages, and attestation documents → [Guard0 Platform](https://guard0.ai/early-access). + +### Tracking Posture Over Time + +Run g0 scans regularly to catch new threats as they emerge. The ClawHavoc campaign demonstrated that the threat landscape changes weekly — new malicious skills appear on ClawHub, new CVEs are disclosed, and deployment configurations drift. + +For automated regression tracking, historical trend analysis, and alerts when your security posture degrades → [Guard0 Platform](https://guard0.ai/early-access). + +### Securing Multiple Agents + +If your organization runs multiple OpenClaw instances or AI agents across different frameworks: + +```bash +g0 scan ./agent-1 +g0 scan ./agent-2 +g0 scan ./agent-3 +# ...repeat for each agent +``` + +For unified visibility across all agents, cross-agent risk correlation, and organization-wide security posture → [Guard0 Platform](https://guard0.ai/early-access). + +### Advanced Red Teaming + +g0 includes core adversarial payloads for OpenClaw (prompt injection, tool abuse, MCP attacks). In testing, adaptive multi-turn strategies that learn from the target's defenses typically uncover 2-3x more vulnerabilities than static payloads. + +For adaptive red teaming with GOAT, Crescendo, SIMBA, and Hydra strategies → [Guard0 Platform](https://guard0.ai/early-access). + +--- + ## Related Documentation - [MCP Security](mcp-security.md) — MCP assessment, rug-pull detection, hash pinning diff --git a/package.json b/package.json index 9920a1e..737e426 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@guard0/g0", - "version": "1.7.2", - "description": "The control layer for AI agents — discover, assess, and govern your agent infrastructure", + "version": "2.0.0", + "description": "Background check for AI agents — discover, assess, and test before you ship", "type": "module", "bin": { "g0": "dist/bin/g0.js" diff --git a/src/cli/branding.ts b/src/cli/branding.ts index 8d34a29..370bb2c 100644 --- a/src/cli/branding.ts +++ b/src/cli/branding.ts @@ -24,7 +24,7 @@ export function printBanner(): void { ╚██████╔╝╚██████╔╝ ╚═════╝ ╚═════╝ `); - const tagline = chalk.dim(' Security Control Layer for AI Agents'); + const tagline = chalk.dim(' Background Check for AI Agents'); const version = chalk.dim(` v${loadVersion()} by Guard0`); console.log(logo + tagline + '\n' + version + '\n'); } diff --git a/src/cli/index.ts b/src/cli/index.ts index afed06a..981aa05 100644 --- a/src/cli/index.ts +++ b/src/cli/index.ts @@ -7,6 +7,7 @@ import { inventoryCommand } from './commands/inventory.js'; import { flowsCommand } from './commands/flows.js'; import { mcpCommand } from './commands/mcp.js'; import { testCommand } from './commands/test.js'; +// v2: auth command removed — g0 is offline-first import { daemonCommand } from './commands/daemon.js'; import { endpointCommand } from './commands/endpoint.js'; import { detectCommand } from './commands/detect.js'; @@ -16,12 +17,12 @@ export function createCli(): Command { program .name('g0') - .description('Open-source security assessment for AI agents') + .description('Background check for AI agents') .version(getVersion()) .hook('preAction', (thisCommand, actionCommand) => { const opts = actionCommand.opts(); // Suppress banner for machine-readable outputs - if (opts.json || opts.sarif || opts.quiet || opts.banner === false) return; + if (opts.json || opts.quiet || opts.banner === false) return; if (opts.markdown) return; printBanner(); }); @@ -33,6 +34,7 @@ export function createCli(): Command { program.addCommand(flowsCommand); program.addCommand(mcpCommand); program.addCommand(testCommand); + // v2: auth removed program.addCommand(daemonCommand); program.addCommand(endpointCommand); program.addCommand(detectCommand);