Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.agentguardian.io/llms.txt

Use this file to discover all available pages before exploring further.

A target adapter is the boundary between AgentGuardian and whatever you are scanning. Every adapter normalises its target to the same “send one prompt, get one text reply” interface and exposes a static TargetFingerprint describing the surface area the swarm should attack. Source-of-truth: src/agent_guardian/adapters/base.py.

The contract

Every adapter is a subclass of TargetAdapter and must implement exactly two things: 
from agent_guardian.adapters.base import TargetAdapter, TargetFingerprint

class MyAdapter(TargetAdapter):
    def __init__(self, ...):
        # Build a TargetFingerprint describing the static surface area.
        self._fingerprint = TargetFingerprint(
            target_mode="prompt",          # one of TargetMode
            tools=[],                       # tools the target surfaces
            memory_present=False,
            multi_agent=False,
            external_systems=[],
            pii_surface=False,
            description="One-line target description.",
        )

    async def call(self, prompt: str, *, session: str | None = None) -> str:
        """Send one prompt, return one text reply.

        ``session`` is an opaque token that threads conversation state for
        multi-turn agents. Adapters that are stateless ignore it; adapters
        that need conversation memory key off it.
        """
        ...
That is the whole adapter contract. Everything else — fingerprint refinement during recon, parallel attack execution, evaluation, signing, report generation — is the swarm’s responsibility.

The fingerprint

TargetFingerprint is the static attack surface known at adapter-construction time. The recon agent refines it during Phase 1 of the swarm; the swarm’s tiering and applicability logic reads it via TargetFingerprint.to_observed_surface().
FieldWhat it capturesWhat it gates
target_modeprompt, python, http, framework, mcpWhich transport runs the call
toolsNames of tools the target exposesTool Abuse (ASI02), Code Execution (ASI08)
memory_presentTrue if the target keeps state across turnsMemory Poisoning (ASI06)
multi_agentTrue if the target hands off to other agentsCascade Failure (ASI05), Trust Exploit (ASI10)
external_systemsURLs / hosts the target can reachData Exfiltration, Identity Leak
pii_surfaceTrue if the target has access to PIIIdentity Leak (ASI07)
A specialist whose category does not apply to this fingerprint is filtered out before Phase 3 — see Adversarial swarm § Applicability filter.

Bundled adapters

Five adapter families ship in the box. They cover the targets developers hit most often:
AdapterSourceUse it when
Promptadapters/prompt.pyYou only have a system prompt — no live target. The scan runs the prompt through a stub LLM and attacks the resulting agent shape.
Codeadapters/code.pyYou have a Python callable / class — pass module:attr. The adapter introspects the source to refine the fingerprint.
HTTPadapters/http.pyYou have a hosted endpoint — pass --endpoint URL. Uses transports/http.py under the hood.
Frameworkadapters/framework/{langgraph,crewai,autogen,openai_agents,adk,strands}.pyYou have a native framework object — pair --framework KIND with --framework-ref MODULE:ATTR.
MCPtransports/mcp.py (driven through the contract adapter)You have an MCP server — only adapter where Rules-of-Engagement tool blocklists are pre-execution gates.
agent-guardian scan --help lists every flag combination, and the Try AgentGuardian group walks through each target type end-to-end.

Adding a new adapter

Three steps.
  1. Subclass TargetAdapter in a new module under src/agent_guardian/adapters/ and implement __init__ (build the fingerprint) and async def call(prompt, *, session).
  2. Register the entry point in pyproject.toml under [project.entry-points."agent_guardian.adapters"] so the CLI can resolve your adapter by name.
  3. Ship a TargetFingerprint that honestly describes the surface. Setting memory_present=False when memory exists will skip ASI06 specialists and silently under-test the target.
The recon agent will refine your fingerprint at scan time, but it cannot add a capability your adapter never declared. Be honest in the constructor.

Where to go next