Skip to content

feat: aguara check and aguara clean commands#39

Merged
garagon merged 1 commit intomainfrom
feature/incident-response-commands
Mar 24, 2026
Merged

feat: aguara check and aguara clean commands#39
garagon merged 1 commit intomainfrom
feature/incident-response-commands

Conversation

@garagon
Copy link
Copy Markdown
Owner

@garagon garagon commented Mar 24, 2026

Summary

Two new incident response commands for detecting and cleaning compromised Python packages.

Built in response to the litellm supply chain attack (March 24, 2026). Detection rules alone aren't enough - users need to check if they're affected and clean up.

aguara check

Scans installed Python environments for compromised packages and persistence artifacts.

aguara check                          # auto-discover Python env
aguara check --path /opt/venv/lib/python3.12/site-packages/
aguara check --include-caches         # also check pip/uv caches
aguara check --format json            # machine-readable output

Detects:

  • Known compromised package versions (embedded database, currently litellm 1.82.7/1.82.8)
  • .pth files with executable content (import, subprocess, exec, eval)
  • Persistence artifacts (systemd services, sysmon backdoor)
  • Reports which credential files exist and need rotation

aguara clean

Removes compromised packages and quarantines malicious files.

aguara clean --dry-run                # preview without changes
aguara clean                          # interactive confirmation
aguara clean --yes                    # skip confirmation
aguara clean --purge-caches           # also purge pip/uv caches

Actions:

  • Uninstalls compromised packages via pip/uv
  • Quarantines .pth files to /tmp/aguara-quarantine/ (forensic evidence)
  • Disables systemd persistence services
  • Prints credential rotation checklist

Files added

  • cmd/aguara/commands/check.go - check command (terminal + JSON output)
  • cmd/aguara/commands/clean.go - clean command (dry-run, quarantine, confirmation)
  • internal/incident/compromised.go - embedded known-bad package list
  • internal/incident/checker.go - package detection, .pth scanning, persistence check
  • internal/incident/cleaner.go - removal, quarantine, cache purge
  • internal/incident/checker_test.go - 9 tests
  • internal/incident/cleaner_test.go - 5 tests

Test plan

  • 14 new tests, all passing with -race
  • Full test suite: 574 tests, 0 lint issues
  • Detects compromised litellm in fake site-packages
  • Detects malicious .pth files
  • Does not flag legitimate .pth files (path-only content)
  • Dry run shows actions without executing
  • Quarantine moves files, doesn't delete
  • Clean environment produces clean result
  • JSON output works for both commands

@garagon
feat: add aguara check and aguara clean commands
ea17011 
Incident response commands for compromised Python packages.

aguara check:
- Discovers Python site-packages (virtualenv, system, or --path)
- Detects known compromised package versions (litellm 1.82.7/1.82.8)
- Scans .pth files for executable content
- Checks for persistence artifacts (systemd, sysmon backdoor)
- Reports credential files at risk with rotation guidance
- JSON and terminal output

aguara clean:
- Uninstalls compromised packages (pip/uv)
- Quarantines malicious .pth files to /tmp/aguara-quarantine/
- Disables systemd persistence services
- Supports --dry-run and --purge-caches
- Requires confirmation (--yes to skip)
- Prints credential rotation checklist

574 tests, 0 lint issues.
@garagon garagon merged commit 1a95114 into main Mar 24, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@garagon