Feature · One-click scanner
No config file. No annotation. No SDK install. Run one command, AEGIS walks your repo and emits a structured inventory of every agent, every tool, every LLM SDK, every workflow node — ready to drop into a policy bundle.
$ agentguard scan ~/my-agent-repo
Scanned 5,247 source files under ~/my-agent-repo
Repo: acme-bot@2.3.1
CANDIDATES:
KIND CONF FRAMEWORK ENTRY PROT PATH
import high anthropic yes src/copilot.py
import high langchain WF src/orchestrator.py
import high crewai WF agents/crew.py
http medium openai-http yes svc/legacy_proxy.py
mcp high claude-desktop ~/.config/claude-desktop/config.json
SUMMARY: 5 candidates (import:3 http:1 mcp:1)
3 entry-points (2 workflow)
confidence=high:4 medium:1 low:0
WORKFLOW GRAPH (langgraph):
nodes: 12 (1 entry / 9 agent / 1 router / 1 terminal)
edges: 17 (15 control / 2 handoff)
tools: 18 — search_kb, db_query, send_email, http_post, shell, file_write, ...
risk_signals: 2 sensitive-relays (search_kb → send_email, db_query → http_post)
The same JSON output drops into agentguard inject
(auto-instruments the gateway) and the AI policy generator
(below).
Python, JavaScript, TypeScript, TSX — all parsed at AST
level, not regex. The scanner catches dynamic imports,
importlib.import_module("anthropic"),
require("openai"), and SDK constructor calls
that confirm actual usage (not just "we imported it").
Detects: 9 LLM SDKs + 5 agent frameworks.
For LangGraph, CrewAI, AutoGen, Mastra, and Vercel AI SDK the scanner walks the code's structural definition — node registrations, edge connections, handoff targets — and emits a typed graph: nodes, edges, agents, tools, risk signals.
Output schema: { framework, nodes[], edges[], entry_points[], terminals[], risk_signals[] }.
Every @tool decorator, every
function_call spec, every Vercel AI SDK
tools object — extracted with the argument
shape, JSON schema (if present), and description string
the LLM sees.
Feeds the policy generator + capability risk scorer.
Drop a YAML file in rules/ with
id / pattern / severity and the scanner runs
your matchers alongside the built-ins. Regex, AST
predicate, or tool-call shape — your choice.
See /features/customize.
If a file already imports the AEGIS SDK or routes through
the gateway, it's flagged protected so you
don't double-instrument or generate redundant policies.
Idempotent across re-scans + injects.
Confidence buckets — high (workflow entry-point or main.py + LLM import), medium (helper file with imports), low (HTTP-only, no convention). Wizard auto-injects high-confidence candidates; medium gates behind operator review.
No more "AEGIS instrumented test fixture by accident".
| Form | Example | Detected by |
|---|---|---|
| Static import | import anthropic | AST + regex |
| Dynamic import | importlib.import_module("openai") | AST only — regex misses this |
| __import__ | __import__("crewai") | AST only |
| CJS require | const o = require("openai") | AST + regex |
| Dynamic ESM | await import("@anthropic-ai/sdk") | AST only |
| Constructor call | new OpenAI({api_key}) | AST — confirms usage |
| Scoped subpath | @langchain/openai | AST normalisation |
| HTTP-only | fetch("https://api.openai.com/v1/...") | URL classifier |
| MCP config | ~/.config/claude-desktop/config.json | JSON walk |
| Already-protected | agentguard.init(...) | Sentinel scan |
Desktop bundle includes the scanner sidecar. Or run it from
the CLI: npm i -g agentguard-cli && agentguard scan ~/repo.