selcuksntrk's picture
Add IaC-SecFix agent package
0953e56 verified
Raw
History Blame Contribute Delete
2.85 kB
from __future__ import annotations
import argparse
import json
from pathlib import Path
from .config import RuntimeConfig
from .evaluation import build_submission_summary
from .orchestrator import OrchestratorSettings, RemediationOrchestrator
from .schemas import IngestRequest
from .scanners import detect_iac_type
def cmd_remediate(args: argparse.Namespace) -> int:
path = Path(args.file)
content = path.read_text()
iac_type = args.iac_type or detect_iac_type(path.name, content)
config = RuntimeConfig.from_env()
settings = OrchestratorSettings(
max_retries=args.max_retries,
auto_approve_validated=args.auto_approve,
)
orchestrator = RemediationOrchestrator(config=config, settings=settings)
decision = orchestrator.remediate(
IngestRequest(
file_name=path.name,
file_content=content,
iac_type=iac_type,
user_intent=args.intent,
)
)
print(json.dumps(decision.model_dump(mode="json"), indent=2))
return 0
def cmd_summarize_results(args: argparse.Namespace) -> int:
summary = build_submission_summary(Path(args.eval_dir))
print(json.dumps(summary, indent=2))
return 0
def cmd_self_test(_: argparse.Namespace) -> int:
request = IngestRequest(
file_name="example.tf",
file_content='resource "aws_s3_bucket" "data" { bucket = "demo" }\n',
iac_type="terraform",
user_intent="Fix detected IaC security findings.",
)
assert request.iac_type == "terraform"
print("self-test passed: schemas and imports are available")
return 0
def build_parser() -> argparse.ArgumentParser:
parser = argparse.ArgumentParser(prog="iac-secfix-agents")
subparsers = parser.add_subparsers(dest="command", required=True)
remediate = subparsers.add_parser("remediate", help="Run the multi-agent remediation loop for one file.")
remediate.add_argument("file")
remediate.add_argument("--iac-type", choices=["terraform", "kubernetes", "dockerfile"])
remediate.add_argument("--intent", default="Fix the detected IaC security findings.")
remediate.add_argument("--max-retries", type=int, default=3)
remediate.add_argument("--auto-approve", action="store_true")
remediate.set_defaults(func=cmd_remediate)
summary = subparsers.add_parser("summarize-results", help="Summarize notebook evaluation artifacts.")
summary.add_argument("--eval-dir", default="../eval")
summary.set_defaults(func=cmd_summarize_results)
self_test = subparsers.add_parser("self-test", help="Run a lightweight import/schema check.")
self_test.set_defaults(func=cmd_self_test)
return parser
def main() -> int:
parser = build_parser()
args = parser.parse_args()
return args.func(args)
if __name__ == "__main__":
raise SystemExit(main())