@omegaengine/agent-scan

Red-team your AI agent's tool-call trajectory — free. Most guardrails check what an agent says; this scores what it does: the sequence of tool calls it makes under attack, against a taxonomy-grounded corpus plus attacks synthesized from your agent's own tool schema.

Quick start

# Zero-key demo — see a vulnerable agent get caught
npx @omegaengine/agent-scan --sample support-vulnerable

# Static — derive the attack SURFACE from your agent's tool schema (no key, nothing runs)
npx @omegaengine/agent-scan --config agent.json

# Live — drive your real agent through the attacks (bring your own LLM key)
OPENAI_API_KEY=sk-... npx @omegaengine/agent-scan --config agent.json

During a scan, tool calls are recorded, never executed — no real side effect can fire. Your LLM key is used for the scan only and is never stored or sent anywhere except your model provider.

Output

• SARIF 2.1.0 — drops straight into GitHub code scanning
• Markdown step summary for CI logs / PR comments
• Findings scored by severity, each tied to the specific tool-call trajectory that triggered it

In CI

A ready-made GitHub Action wraps this same engine — see .github/actions/omega-agent-scan.

What it is part of

The free, open edge of OmegaEngine — the trust & control runtime for AI agents (decide · defend · prove · govern). Scan for free; the hosted control plane adds continuous monitoring, signed audit trails, and offline-verifiable attestation.

Apache-2.0.