cynative
Health Uyari
- License — License: Apache-2.0
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Basarisiz
- rm -rf — Recursive force deletion command in .github/workflows/pkg-tools.yaml
- rm -rf — Recursive force deletion command in .github/workflows/release.yaml
Permissions Gecti
- Permissions — No dangerous permissions requested
Bu listing icin henuz AI raporu yok.
Agentic security across your code, cloud and runtime. Read-only by default, enforced on every call. Runs locally, BYOM.
Cynative - Agentic Security
Cynative runs frontier models across your code, cloud and runtime - and finds what matters.
Ask it to reason through your infra, trace attack paths, surface overprivileged identities, hunt threats, triage your scanners' findings down to what's real or research anything you'd page an engineer for - each finding cross-checked and traced back to where the risk was introduced.
It codes in an ephemeral sandbox, querying your APIs in parallel so one question spans your whole stack. Every call is classified and gated before a credential is attached - unlike coding agents & MCP servers, it stays read-only however broad your access is.
Point it at production with confidence.
What makes it special
- 🔗 Code-to-runtime: Reasons through GitHub, GitLab, AWS, GCP, Azure and Kubernetes as one system
- 🏠 Sovereign: Runs locally with your own model, entirely in your environment
- 🚦 Action-gate: Authorizes every call against a read-only policy
- 🧪 Sandbox: Generates and runs code to research at scale
- ✅ Evidence-backed: Cross-checks and verifies every finding
How to Install
Homebrew (macOS / Linux - recommended):
brew install cynative/tap/cynative
Install script (macOS / Linux - verifies the download's SHA-256 against the release checksums.txt, failing closed):
curl -fsSL https://raw.githubusercontent.com/cynative/cynative/main/install.sh | sh
Windows (Scoop):
scoop bucket add cynative https://github.com/cynative/scoop-bucket
scoop install cynative
Updating, uninstalling, Windows details, version pinning & manual download
Update / uninstall
| Method | Update | Uninstall |
|---|---|---|
| Homebrew | brew upgrade cynative |
brew uninstall cynative |
| Install script | re-run the one-liner | curl -fsSL https://raw.githubusercontent.com/cynative/cynative/main/install.sh | sh -s -- --uninstall |
| Scoop | scoop update cynative |
scoop uninstall cynative |
Windows (PowerShell script): irm https://raw.githubusercontent.com/cynative/cynative/main/install.ps1 | iex; uninstall with & ([scriptblock]::Create((irm https://raw.githubusercontent.com/cynative/cynative/main/install.ps1))) -Uninstall.
Install-script options: pin a version with CYNATIVE_VERSION=v1.0.0; change the target directory with CYNATIVE_INSTALL_DIR (default ~/.local/bin, no sudo). The script checks the GitHub release attestation when gh is installed (advisory by default); set CYNATIVE_REQUIRE_ATTESTATION=1 to make a failed check fatal. For a high-integrity install, fetch the script from an immutable tag instead of main.
macOS (manual): download cynative_Darwin_arm64.pkg (Apple Silicon) or cynative_Darwin_x86_64.pkg (Intel) from the releases page and install with sudo installer -pkg <file> -target / (or double-click). These are signed, notarized and stapled — no first-run Gatekeeper prompt. The raw cynative_Darwin_*.tar.gz archives remain for scripting/CI; a quarantined tarball binary's first GUI launch needs internet for the online notarization check (terminal/install.sh/Homebrew use is unaffected).
Linux / Windows (manual): download a prebuilt binary and checksums.txt from the releases page, verify the SHA-256, and put the binary on your PATH. Single static binary, no dependencies.
How to Run
Set your provider, model and an API key. For example:
export CYNATIVE_LLM_PROVIDER=vertex
export CYNATIVE_LLM_MODEL=gemini-3.1-pro-preview
export CYNATIVE_LLM_VERTEX_PROJECT_ID=my-gcp-project
export CYNATIVE_LLM_VERTEX_REGION=global
# CI / no gcloud: export GOOGLE_APPLICATION_CREDENTIALS=/path/to/sa.json
Use a different LLM provider
Cynative talks to LLMs through the embedded Bifrost SDK and supports 23+ AI providers out of the box (OpenAI, Anthropic, Azure OpenAI, Amazon Bedrock, Google Vertex/Gemini, Cohere, Mistral, Groq, Ollama, vLLM and more). Pick one from docs/providers/README.md and follow that provider's guide.
Quick examples:
# Anthropic
export CYNATIVE_LLM_PROVIDER=anthropic
export CYNATIVE_LLM_MODEL=claude-opus-4-8
export ANTHROPIC_API_KEY=...
# OpenAI
export CYNATIVE_LLM_PROVIDER=openai
export CYNATIVE_LLM_MODEL=gpt-5.5
export OPENAI_API_KEY=sk-...
# Amazon Bedrock - AWS credential chain
export CYNATIVE_LLM_PROVIDER=bedrock
export CYNATIVE_LLM_MODEL=anthropic.claude-opus-4-8
export CYNATIVE_LLM_BEDROCK_REGION=us-east-1
# Azure OpenAI - endpoint via env, no YAML needed
export CYNATIVE_LLM_PROVIDER=azure
export CYNATIVE_LLM_MODEL=my-gpt-5.5-prod-deployment
export AZURE_OPENAI_API_KEY=...
export CYNATIVE_LLM_AZURE_ENDPOINT=https://my-resource.openai.azure.com
# Local Ollama
export CYNATIVE_LLM_PROVIDER=ollama
export CYNATIVE_LLM_MODEL=nemotron-cascade-2
export CYNATIVE_LLM_OLLAMA_URL=http://localhost:11434
Advanced YAML
For multi-key load balancing, custom retry behaviour, proxy configuration,
or any other Bifrost feature, write a YAML file:
llm:
provider: openai
model: gpt-5.5
api_key: env.OPENAI_API_KEY
network_config: # common fields shown; see schemas.NetworkConfig for the full set
base_url: https://my-proxy.example.com/v1
default_request_timeout_in_seconds: 60
max_retries: 3
extra_headers:
x-tenant: prod
See docs/providers/ for every supported provider's
configuration reference.
Run cynative with no arguments for an interactive session, or seed it with a task:
cynative # interactive session
cynative "audit my S3 buckets" # interactive, runs the task first
Use -p / --print to run a single task non-interactively and exit - for scripts and pipes:
cynative -p "attack paths that lead to cloud admin access"
cynative -p "high-risk cloud permissions, trace each to the PR where it was granted"
cynative -p "leaked cloud credentials and their current blast radius"
cynative -p "shadow infra - live cloud resources with no IaC trace"
cynative -p "CI workflows that can assume privileged cloud roles"
cat main.tf | cynative -p "review this Terraform for misconfigurations"
Always provide the least-privileged, read-only credential needed: Cynative reaches AWS, GCP, Azure, EKS/GKE/AKS, self-managed Kubernetes, GitHub and GitLab using the credentials already in your shell - it keeps no separate credential store.
Interactive session: the > prompt has full line editing and history - arrow keys move the cursor and recall earlier questions.
Stopping mid-task: while a task is running, press Esc or Ctrl-C once to gracefully stop it (the agent finishes any already-running call, then stops and prints ⏸ Stopped).
Auto-stop: when the agent hits repeated tool errors or rejections it stops automatically, summarizes what it is blocked on, and asks for the missing information (e.g. an account ID, region, or credential). The threshold is configurable: max_consecutive_failures (default 5; 0 disables; env CYNATIVE_MAX_CONSECUTIVE_FAILURES).
Resource & cost controls: for unattended, scheduled or long-horizon runs - wired into cron, CI or any trigger - bound the work explicitly. The key knobs (config keys / env vars):
| Config key / env var | Default | Effect |
|---|---|---|
max_total_tokensCYNATIVE_MAX_TOTAL_TOKENS |
0 (unbounded) | Per-session token ceiling, shared across the main loop, task sub-agents, the always-on verifier and interactive follow-ups. |
max_iterationsCYNATIVE_MAX_ITERATIONS |
32 | Max main-loop tool-calling iterations per turn. |
max_subagent_iterationsCYNATIVE_MAX_SUBAGENT_ITERATIONS |
10 | Max iterations inside a task sub-agent. |
max_consecutive_failuresCYNATIVE_MAX_CONSECUTIVE_FAILURES |
5 | Consecutive no-progress tool calls before a halt-and-summarize (0 disables). |
sandbox_max_concurrencyCYNATIVE_SANDBOX_MAX_CONCURRENCY |
16 | Max concurrent in-sandbox tool calls. |
Finding verification (verify_findings tool) makes extra model calls, budget for them on any run that produces findings.
Approvals: each tool call waits for a single keystroke: y runs it once, a clears every later call to that tool for the session (scripts still print before running), any other key denies. With no controlling terminal, use --auto-approve.
Cynative prints a short operational footer (timing, token usage) to stderr - redirecting stdout (cynative -p "..." > out.txt) keeps the captured answer clean.
--version Prints version, commit, build date, Go version, and platform.
Connectors
On top of the credentials in your shell, Cynative enforces read-only at three layers:
- Network - every request host is pinned to its mapped service and region
and the resolved IP is verified before connect, your agent can reach
your infrastructure and nothing else. - Action gate - every operation is resolved to its required IAM actions,
derived from the providers' own API definitions, then authorized against a
read-only policy before any credential is attached:SecurityAudit(AWS),roles/viewer(GCP),Reader(Azure). Coverage tracks the cloud APIs as
they grow, and the gate fails closed on anything it classifies as a write.
For Kubernetes the policy is the cluster's own liveviewRBAC role, fetched
at runtime and enforced per request. GitHub and GitLab are read-only by
default; aconnectors.{github,gitlab}.permissionssetting can allow write on
specific categories where a workflow needs it, enforced per request before the
token is attached. Even in read-only mode, GitHub's secret-scanning endpoints
stay blocked and GitLab's GraphQL API is denied. - Credential (AWS) - for assumed-role identities, credentials are re-vended
via STSAssumeRole, scoped to a managed policy (SecurityAuditby default),
so AWS IAM enforces the boundary too. IAM-user and root identities run with
their base credentials, gated by the action gate above.
Cynative connects AWS, GCP, Azure, EKS/GKE/AKS, self-managed Kubernetes, GitHub and GitLab. See docs/connectors/README.md for credential
discovery, hardening, limitations and connector-specific examples.
Code execution & tool orchestration
For bulk work - "check every public S3 bucket", "list EKS clusters in every
region" - Cynative can write and run JavaScript in a sandbox instead of issuing
one tool call at a time. The agent's tools (e.g. http_request) are exposed as
async JavaScript functions, so it loops, filters and chains calls in
code - and runs independent calls concurrently with the built-inmapConcurrent(items, fn, limit) helper (or await Promise.all([...]) for
small fixed sets).
Only what the script console.logs returns to the model, keeping research
fast and token-efficient.
// Discover regions, then list EKS clusters in every region concurrently,
// following pagination - only the summary returns to the model.
const r = await http_request({
method: "GET",
url: "https://ec2.us-east-1.amazonaws.com/?Action=DescribeRegions&Version=2016-11-15",
auth_provider: "aws", aws_auth: { service: "ec2", region: "us-east-1" },
});
const regions = [...r.body.matchAll(/<regionName>([^<]+)<\/regionName>/g)].map((m) => m[1]);
const all = await mapConcurrent(regions, async (region) => {
const clusters = [];
let token = null;
do {
const url = `https://eks.${region}.amazonaws.com/clusters` +
(token ? `?nextToken=${encodeURIComponent(token)}` : "");
const resp = await http_request({
method: "GET", url,
auth_provider: "aws", aws_auth: { service: "eks", region },
});
const body = JSON.parse(resp.body);
clusters.push(...body.clusters);
token = body.nextToken;
} while (token);
return { region, clusters };
});
console.log(JSON.stringify(all.filter((x) => x.clusters.length > 0), null, 2));
- Async & concurrent: tool functions return Promises -
awaitthem, fan out
over many resources withmapConcurrent(items, fn, limit)(bounded,
order-preserving), or useawait Promise.all([...])for small fixed sets. - Structured responses:
http_requestresolves to{ status, statusText, headers, body };bodyis the raw string -JSON.parse(resp.body)for JSON
APIs or read it directly for XML. - Sandboxed: a script can only call the tools Cynative exposes - it has no
network, filesystem or package access of its own. - You see the whole script: each
code_executioncall is shown in full for
approval before it runs (skip with--auto-approve; stream each inner call
with-v). - Stateful within a session: values saved on
globalThispersist across
calls during an interactive session; top-levellet/const/var/functionare scoped to a single call. - Bounded: scripts run under a timeout (default 120s) and a capped output
size.
Audit Log
Every tool call is recorded to a persistent JSONL audit log (~/.cynative/audit.log, on by default). The log is fail-closed: if a call can't be recorded, the run aborts.
Tool results are redacted before they're written but approval-prompt arguments are stored verbatim - the log can hold sensitive values. It's readable only by the user who ran Cynative. Rotation and retention are configurable.
Configure under audit: in ~/.cynative/config.yaml, or via env:
| Key | Env | Default |
|---|---|---|
audit.enabled |
CYNATIVE_AUDIT_ENABLED |
true |
audit.path |
CYNATIVE_AUDIT_PATH |
~/.cynative/audit.log |
audit.max_size_mb |
CYNATIVE_AUDIT_MAX_SIZE_MB |
100 |
audit.retention_days |
CYNATIVE_AUDIT_RETENTION_DAYS |
30 |
audit.compress |
CYNATIVE_AUDIT_COMPRESS |
false |
Contributing
Contributions welcome - new connectors, providers, evaluation datasets, and
improvements across the board. See CONTRIBUTING.md for dev
setup, the make check gate, and PR conventions, and SECURITY.md
for reporting vulnerabilities.
License
Apache-2.0 License. See LICENSE for the full text.
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi