{"id":51477640,"url":"https://github.com/cynative/cynative","last_synced_at":"2026-07-07T16:00:40.251Z","repository":{"id":367147880,"uuid":"1279470595","full_name":"cynative/cynative","owner":"cynative","description":"Agentic security across your code, cloud and runtime. Read-only by default, enforced on every call. Runs locally, BYOM.","archived":false,"fork":false,"pushed_at":"2026-07-02T04:56:16.000Z","size":1507,"stargazers_count":7,"open_issues_count":23,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-07-02T06:26:06.767Z","etag":null,"topics":["agentic-security","ai-agent","application-security","aws-security","azure-security","cli-tool","cloud-security","container-security","cybersecurity","devsecops","gcp-security","product-security","read-only","runtime-security","security-automation","security-tools","sovereign-ai","threat-hunting","vulnerability-management"],"latest_commit_sha":null,"homepage":"https://github.com/cynative/cynative","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cynative.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-06-24T18:06:26.000Z","updated_at":"2026-07-02T04:56:01.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/cynative/cynative","commit_stats":null,"previous_names":["cynative/cynative"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/cynative/cynative","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cynative%2Fcynative","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cynative%2Fcynative/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cynative%2Fcynative/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cynative%2Fcynative/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cynative","download_url":"https://codeload.github.com/cynative/cynative/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cynative%2Fcynative/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":35234127,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-07-07T02:00:07.222Z","response_time":90,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic-security","ai-agent","application-security","aws-security","azure-security","cli-tool","cloud-security","container-security","cybersecurity","devsecops","gcp-security","product-security","read-only","runtime-security","security-automation","security-tools","sovereign-ai","threat-hunting","vulnerability-management"],"created_at":"2026-07-06T23:00:21.944Z","updated_at":"2026-07-07T16:00:40.241Z","avatar_url":"https://github.com/cynative.png","language":"Go","funding_links":[],"categories":["Security Agents","Applications"],"sub_categories":["Autonomous Agents","Tools"],"readme":"# Cynative - deep research agent for your infrastructure\n\n[![CI](https://github.com/cynative/cynative/actions/workflows/ci.yaml/badge.svg)](https://github.com/cynative/cynative/actions/workflows/ci.yaml)\n[![Release](https://img.shields.io/github/v/release/cynative/cynative)](https://github.com/cynative/cynative/releases/latest)\n[![License: Apache-2.0](https://img.shields.io/github/license/cynative/cynative)](LICENSE)\n\n\u003c!-- BEGIN agent-about --\u003e\n**Ask your infrastructure anything.** Cynative runs frontier models across your code, cloud and runtime - reasoning through GitHub, GitLab, AWS, GCP, Azure and Kubernetes as one system - and comes back with verified answers.\n\n```bash\ncynative \"what in my cloud is publicly exposed that shouldn't be?\"\n```\n\nIt writes and runs code in an ephemeral sandbox, querying your APIs in parallel, so one question fans out across your whole stack. Every finding is cross-checked and traced back to its origin.\n\nUnlike coding agents and MCP servers, it's **read-only by construction**: every call is gated and authorized *before* a credential is attached - point it at production with confidence.\n\u003c!-- END agent-about --\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"docs/assets/demo-col1.svg\"\u003e\u003cimg width=\"32%\" alt=\"cynative auditing a repo's CI for privilege escalation: connectors, the typed question, and a code_execution that fans out over the GitHub Actions workflows with mapConcurrent\" src=\"docs/assets/demo-col1.svg\"\u003e\u003c/a\u003e\n  \u003ca href=\"docs/assets/demo-col2.svg\"\u003e\u003cimg width=\"32%\" alt=\"cynative fanning out across the AWS roles those workflows assume via OIDC and spotting the over-privileged one\" src=\"docs/assets/demo-col2.svg\"\u003e\u003c/a\u003e\n  \u003ca href=\"docs/assets/demo-col3.svg\"\u003e\u003cimg width=\"32%\" alt=\"cynative's verification panel marking the IAMFullAccess-via-OIDC full-account-takeover finding VERIFIED, with a per-role contrast table and remediation\" src=\"docs/assets/demo-col3.svg\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n## Quickstart\n\nInstall and set an LLM:\n\n\u003c!-- BEGIN quickstart-example --\u003e\n```bash\nbrew install cynative/tap/cynative\n\nexport CYNATIVE_LLM_PROVIDER=anthropic\nexport CYNATIVE_LLM_MODEL=claude-opus-4-8\nexport ANTHROPIC_API_KEY=...\n\n```\n\u003c!-- END quickstart-example --\u003e\n\nThen give it any research task - it picks up the credentials already in your shell:\n\n```bash\ncynative -p \"which IAM roles can escalate to admin?\" \ncynative -p \"high-risk cloud permissions, trace each to the PR where it was granted\"\ncynative -p \"cloud credentials leaked in source code and their current blast radius\"\ncynative \"live cloud resources absent from IaC - drift\" # starts an interactive session\n```\n\n## What makes it special\n\n- **🔗 Code-to-runtime**: Reasons through GitHub, GitLab, AWS, GCP, Azure and Kubernetes as one system\n- **🏠 Sovereign**: Runs locally with your own model, entirely in your environment\n- **🚦 Action-gate**: Authorizes every call against a read-only policy\n- **🧪 Sandbox**: Generates and runs code to research at scale\n- **✅ Evidence-backed**: Cross-checks and verifies every finding\n\n## Can't a coding agent with MCPs do this?\n\n| | Coding agent + MCPs | Cynative |\n|---|---|---|\n| Throughput | One action per call | Writes sandboxed code that fans out calls concurrently - fewer tokens, faster answers |\n| Findings | Unverified output | Verifier cross-checks every finding against live evidence |\n| Read-only | Opt-in read filter | On by default, fails closed - required IAM actions checked against a security-audit policy. `secretsmanager:GetSecretValue` is an IAM *Read*: a filter allows it, `SecurityAudit` blocks it |\n| Credentials | Ambient, unchanged | STS session scoped to read-only - AWS enforces the boundary too |\n| Blast radius | Your shell, any network | Research code runs in a sandbox with no host access, network pinned to your mapped services |\n| Secrets | Sent to the model as-is | Redacted from tool output before it's sent to the model |\n| Supply chain | Third-party MCPs and skills running with your creds | One open-source binary, connectors built in |\n| Audit trail | Scattered session logs, best effort | Fail-closed JSONL log of every tool call - if it can't record, it aborts |\n\n## How to install\n\n**Homebrew** (macOS / Linux - recommended):\n```bash\nbrew install cynative/tap/cynative\n```\n**Install script** (macOS / Linux - verifies the download's SHA-256 against the release `checksums.txt`, failing closed):\n```bash\ncurl -fsSL https://raw.githubusercontent.com/cynative/cynative/main/install.sh | sh\n```\n**Windows** (Scoop):\n```powershell\nscoop bucket add cynative https://github.com/cynative/scoop-bucket\nscoop install cynative\n```\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eUpdating, uninstalling, Windows details, version pinning \u0026amp; manual download\u003c/strong\u003e\u003c/summary\u003e\n\n**Update / uninstall**\n\n| Method | Update | Uninstall |\n|---|---|---|\n| Homebrew | `brew upgrade cynative` | `brew uninstall cynative` |\n| Install script | re-run the one-liner | `curl -fsSL https://raw.githubusercontent.com/cynative/cynative/main/install.sh \\| sh -s -- --uninstall` |\n| Scoop | `scoop update cynative` | `scoop uninstall cynative` |\n\n**Windows (PowerShell script):** `irm https://raw.githubusercontent.com/cynative/cynative/main/install.ps1 | iex`; uninstall with `\u0026 ([scriptblock]::Create((irm https://raw.githubusercontent.com/cynative/cynative/main/install.ps1))) -Uninstall`.\n\n**Install-script options:** pin a version with `CYNATIVE_VERSION=v1.0.0`; change the target directory with `CYNATIVE_INSTALL_DIR` (default `~/.local/bin`, no `sudo`). The script checks the GitHub release attestation when `gh` is installed (advisory by default); set `CYNATIVE_REQUIRE_ATTESTATION=1` to make a failed check fatal. For a high-integrity install, fetch the script from an immutable tag instead of `main`.\n\n**macOS (manual):** download `cynative_Darwin_arm64.pkg` (Apple Silicon) or `cynative_Darwin_x86_64.pkg` (Intel) from the [releases page](https://github.com/cynative/cynative/releases) and install with `sudo installer -pkg \u003cfile\u003e -target /` (or double-click). These are signed, notarized and **stapled** - no first-run Gatekeeper prompt. The raw `cynative_Darwin_*.tar.gz` archives remain for scripting/CI; a quarantined tarball binary's first GUI launch needs internet for the online notarization check (terminal/`install.sh`/Homebrew use is unaffected).\n\n**Linux / Windows (manual):** download a prebuilt binary and `checksums.txt` from the [releases page](https://github.com/cynative/cynative/releases), verify the SHA-256, and put the binary on your `PATH`. Single static binary, no dependencies.\n\u003c/details\u003e\n\n## LLM providers\n\nCynative talks to LLMs through the embedded [Bifrost](https://github.com/maximhq/bifrost) SDK and supports 23+ AI providers out of the box (OpenAI, Anthropic, Azure OpenAI, Amazon Bedrock, Google Vertex/Gemini, Cohere, Mistral, Groq, Ollama, vLLM and more). Pick one from [docs/providers/README.md](docs/providers/README.md) and follow that provider's guide.\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eQuick examples\u003c/strong\u003e\u003c/summary\u003e\n\n```bash\n# Google Vertex\nexport CYNATIVE_LLM_PROVIDER=vertex\nexport CYNATIVE_LLM_MODEL=gemini-3.1-pro-preview\nexport CYNATIVE_LLM_VERTEX_PROJECT_ID=my-gcp-project\nexport CYNATIVE_LLM_VERTEX_REGION=global\n# CI / no gcloud: export GOOGLE_APPLICATION_CREDENTIALS=/path/to/sa.json\n\n# OpenAI\nexport CYNATIVE_LLM_PROVIDER=openai\nexport CYNATIVE_LLM_MODEL=gpt-5.5\nexport OPENAI_API_KEY=sk-...\n\n# Amazon Bedrock - AWS credential chain\nexport CYNATIVE_LLM_PROVIDER=bedrock\nexport CYNATIVE_LLM_MODEL=anthropic.claude-opus-4-8\nexport CYNATIVE_LLM_BEDROCK_REGION=us-east-1\n\n# Azure OpenAI - endpoint via env, no YAML needed\nexport CYNATIVE_LLM_PROVIDER=azure\nexport CYNATIVE_LLM_MODEL=my-gpt-5.5-prod-deployment\nexport AZURE_OPENAI_API_KEY=...\nexport CYNATIVE_LLM_AZURE_ENDPOINT=https://my-resource.openai.azure.com\n\n# Local Ollama\nexport CYNATIVE_LLM_PROVIDER=ollama\nexport CYNATIVE_LLM_MODEL=nemotron-cascade-2\nexport CYNATIVE_LLM_OLLAMA_URL=http://localhost:11434\n```\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eAdvanced YAML\u003c/strong\u003e\u003c/summary\u003e\n\nFor multi-key load balancing, custom retry behavior, proxy configuration,\nor any other Bifrost feature, write a YAML file:\n\n```yaml\nllm:\n  provider: openai\n  model: gpt-5.5\n  api_key: env.OPENAI_API_KEY\n  network_config:                 # common fields shown; see schemas.NetworkConfig for the full set\n    base_url: https://my-proxy.example.com/v1\n    default_request_timeout_in_seconds: 60\n    max_retries: 3\n    extra_headers:\n      x-tenant: prod\n```\n\nSee [docs/providers/](docs/providers/) for every supported provider's\nconfiguration reference.\n\n\u003c/details\u003e\n\n\n## How to run\n\n`cynative` with no arguments opens an interactive session (full line editing and history with arrow keys); `cynative \"task\"` runs the task then stays interactive; `-p` / `--print` runs a single task non-interactively and exits - for scripts and pipes (e.g. `cat main.tf | cynative -p \"review this Terraform for misconfigurations\"`).\n\nCynative calls your stack using the credentials already in your shell - it keeps no separate credential store. **Always provide the least-privileged, read-only credential needed**.\n\n**Approvals:** each tool call waits for a single keystroke: `y` runs it once, `a` clears every later call to *that tool* for the session (scripts still print before running), any other key denies. With no controlling terminal, use `--auto-approve`.\n\n**Stopping mid-task:** while a task is running, press **Esc** or **Ctrl-C** once to gracefully stop it (the agent finishes any already-running call, then stops and prints `⏸ Stopped`). When the agent hits repeated tool errors or rejections it stops automatically, summarizes what it is blocked on, and asks for the missing information.\n\nCynative prints a short operational footer (timing, token usage) to **stderr** - redirecting stdout (`cynative -p \"...\" \u003e out.txt`) keeps the captured answer clean. `--version` prints version, commit, build date, Go version, and platform.\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eResource \u0026amp; cost controls for unattended runs\u003c/strong\u003e\u003c/summary\u003e\n\n**Resource \u0026 cost controls:** for unattended, scheduled or long-horizon runs - wired into cron, CI or any trigger - bound the work explicitly. The key knobs (config keys / env vars):\n\n| Config key / env var | Default | Effect |\n| --- | --- | --- |\n| `max_total_tokens`\u003cbr\u003e`CYNATIVE_MAX_TOTAL_TOKENS` | 0 (unbounded) | Per-session token ceiling, shared across the main loop, task sub-agents, the always-on verifier and interactive follow-ups. |\n| `max_iterations`\u003cbr\u003e`CYNATIVE_MAX_ITERATIONS` | 32 | Max main-loop tool-calling iterations per turn. |\n| `max_subagent_iterations`\u003cbr\u003e`CYNATIVE_MAX_SUBAGENT_ITERATIONS` | 10 | Max iterations inside a task sub-agent. |\n| `max_consecutive_failures`\u003cbr\u003e`CYNATIVE_MAX_CONSECUTIVE_FAILURES` | 5 | Consecutive no-progress tool calls before a halt-and-summarize (0 disables). |\n| `sandbox_max_concurrency`\u003cbr\u003e`CYNATIVE_SANDBOX_MAX_CONCURRENCY` | 16 | Max concurrent in-sandbox tool calls. |\n\nFinding verification (`verify_findings` tool) makes extra model calls - budget for them on any run that produces findings.\n\u003c/details\u003e\n\n## Connectors\n\nOn top of the credentials in your shell, Cynative enforces read-only at three layers:\n- **Network** - every request host is pinned to its mapped service and region\n  and the resolved IP is verified before connecting - your agent can reach\n  your infrastructure and nothing else.\n- **Action gate** - every operation is resolved to its required IAM actions,\n  derived from the providers' own API definitions, then authorized against a\n  read-only policy before any credential is attached: `SecurityAudit` (AWS),\n  `roles/viewer` (GCP), `Reader` (Azure). Coverage tracks the cloud APIs as\n  they grow, and the gate fails closed on anything it classifies as a write.\n  For Kubernetes the policy is the cluster's own live `view` RBAC role, fetched\n  at runtime and enforced per request. GitHub and GitLab are read-only by\n  default; a `connectors.{github,gitlab}.permissions` setting can allow write on\n  specific categories where a workflow needs it, enforced per request before the\n  token is attached. Even in read-only mode, GitHub's secret-scanning endpoints\n  stay blocked and GitLab's GraphQL API is denied.\n- **Credential (AWS)** - for assumed-role identities, credentials are re-vended\n  via STS `AssumeRole`, scoped to a managed policy (`SecurityAudit` by default),\n  so AWS IAM enforces the boundary too. IAM-user and root identities run with\n  their base credentials, gated by the action gate above.\n\nCynative connects AWS, GCP, Azure, EKS/GKE/AKS, self-managed Kubernetes, GitHub and GitLab. See [docs/connectors/README.md](docs/connectors/README.md) for credential\ndiscovery, hardening, limitations and connector-specific examples.\n\n## Code execution \u0026 tool orchestration\nFor bulk work - \"check every public S3 bucket\", \"list EKS clusters in every\nregion\" - Cynative can write and run JavaScript in a sandbox instead of issuing\none tool call at a time. The agent's tools (e.g. `http_request`) are exposed as\n**async** JavaScript functions, so it loops, filters and chains calls in\ncode - and runs independent calls concurrently with the built-in\n`mapConcurrent(items, fn, limit)` helper (or `await Promise.all([...])` for\nsmall fixed sets).\nOnly what the script `console.log`s returns to the model, keeping research\nfast and token-efficient.\n\n```js\n// Discover regions, then list EKS clusters in every region concurrently,\n// following pagination - only the summary returns to the model.\nconst r = await http_request({\n  method: \"GET\",\n  url: \"https://ec2.us-east-1.amazonaws.com/?Action=DescribeRegions\u0026Version=2016-11-15\",\n  auth_provider: \"aws\", aws_auth: { service: \"ec2\", region: \"us-east-1\" },\n});\nconst regions = [...r.body.matchAll(/\u003cregionName\u003e([^\u003c]+)\u003c\\/regionName\u003e/g)].map((m) =\u003e m[1]);\n\nconst all = await mapConcurrent(regions, async (region) =\u003e {\n  const clusters = [];\n  let token = null;\n  do {\n    const url = `https://eks.${region}.amazonaws.com/clusters` +\n      (token ? `?nextToken=${encodeURIComponent(token)}` : \"\");\n    const resp = await http_request({\n      method: \"GET\", url,\n      auth_provider: \"aws\", aws_auth: { service: \"eks\", region },\n    });\n    const body = JSON.parse(resp.body);\n    clusters.push(...body.clusters);\n    token = body.nextToken;\n  } while (token);\n  return { region, clusters };\n});\n\nconsole.log(JSON.stringify(all.filter((x) =\u003e x.clusters.length \u003e 0), null, 2));\n```\n\n- **Async \u0026 concurrent**: tool functions return Promises - `await` them, fan out\n  over many resources with `mapConcurrent(items, fn, limit)` (bounded,\n  order-preserving), or use `await Promise.all([...])` for small fixed sets.\n- **Structured responses**: `http_request` resolves to `{ status, statusText,\n  headers, body }`; `body` is the raw string - `JSON.parse(resp.body)` for JSON\n  APIs or read it directly for XML.\n- **Sandboxed**: a script can only call the tools Cynative exposes - it has no\n  network, filesystem or package access of its own.\n- **You see the whole script**: each `code_execution` call is shown in full for\n  approval before it runs (skip with `--auto-approve`; stream each inner call\n  with `-v`).\n- **Stateful within a session**: values saved on `globalThis` persist across\n  calls during an interactive session; top-level `let`/`const`/`var`/\n  `function` are scoped to a single call.\n- **Bounded**: scripts run under a timeout (default 120s) and a capped output\n  size.\n\n## Audit Log\n\nEvery tool call is recorded to a persistent JSONL audit log (`~/.cynative/audit.log`, on by default). The log is fail-closed: if a call can't be recorded, the run aborts.\n \nTool results are redacted before they're written but approval-prompt arguments are stored verbatim - the log can hold sensitive values. It's readable only by the user who ran Cynative. Rotation and retention are configurable.\n\nConfigure under `audit:` in `~/.cynative/config.yaml`, or via env:\n\n| Key | Env | Default |\n|---|---|---|\n| `audit.enabled` | `CYNATIVE_AUDIT_ENABLED` | `true` |\n| `audit.path` | `CYNATIVE_AUDIT_PATH` | `~/.cynative/audit.log` |\n| `audit.max_size_mb` | `CYNATIVE_AUDIT_MAX_SIZE_MB` | `100` |\n| `audit.retention_days` | `CYNATIVE_AUDIT_RETENTION_DAYS` | `30` |\n| `audit.compress` | `CYNATIVE_AUDIT_COMPRESS` | `false` |\n\n## Contributing\n\nContributions welcome - new connectors, providers, evaluation datasets, and\nimprovements across the board. See [CONTRIBUTING.md](CONTRIBUTING.md) for dev\nsetup, the `make check` gate, and PR conventions, and [SECURITY.md](SECURITY.md)\nfor reporting vulnerabilities.\n\n## License\n\nApache-2.0 License. See [LICENSE](LICENSE) for the full text.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcynative%2Fcynative","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcynative%2Fcynative","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcynative%2Fcynative/lists"}