Architecture¶

Overview¶

┌──────────────────────────────────────────────────┐
│                 AgentSniff CLI                   │
│         agentsniff scan | serve                  │
├──────────┬───────────────────────┬───────────────┤
│ REST API │    Scanner Engine     │  Web Dashboard│
│ (FastAPI)│                       │  (HTML/JS/CSS)│
├──────────┴───────────┬───────────┴───────────────┤
│              Signal Correlator                   │
│     Groups signals by host, calculates scores    │
├─────┬─────┬─────┬─────┬─────┬─────┬─────┬────────┤
│ DNS │Port │Agent│ MCP │ EP  │ TLS │Traf.│  SSE   │
│ Mon │Scan │Pin  │ Det │Probe│ FP  │Anlz │  Det   │
├─────┴─────┴─────┴─────┴─────┴─────┴─────┴────────┤
│         Integrations (optional)                  │
│      Zeek DataSource │ nmap Enricher             │
├──────────────────────┴───────────────────────────┤
│              Target Network                      │
└──────────────────────────────────────────────────┘

Scan Pipeline¶

Target resolution — CIDR expanded to host IPs, DNS resolution
Detector setup — Each detector initializes (e.g., traffic analyzer resolves LLM API IPs)
Concurrent detection — All detectors run in parallel via asyncio.create_task
Signal correlation — Signals grouped by host IP, agents enriched as signals arrive
Fusion rules — Cross-module rules applied (e.g., banner corroboration)
nmap enrichment (optional) — Post-scan service identification
Result assembly — Agents sorted by confidence, status assigned

Signal Correlation¶

Signals from all detectors are grouped by source host IP. Each host with at least one signal becomes a DetectedAgent.

Confidence Scoring¶

Confidence is calculated using noisy-OR probability fusion:

P = 1 - ∏(1 - p_i)

Where p_i is the confidence weight of each signal:

Level	Weight
LOW	0.2
MEDIUM	0.5
HIGH	0.8
CONFIRMED	1.0

Example: A host with one HIGH signal (0.8) and one MEDIUM signal (0.5) gets:

P = 1 - (1 - 0.8) × (1 - 0.5) = 1 - 0.1 = 0.90

Status Assignment¶

Score	Requirement	Status
>= 0.9	At least one HIGH/CONFIRMED signal	VERIFIED
>= 0.5	—	DETECTED
>= 0.2	—	SUSPECTED
< 0.2	—	(filtered out)

Fusion Rules¶

Cross-module rules that adjust confidence based on signal combinations:

Banner corroboration — Port scanner banner matches an agent framework → boost port scanner signal from LOW to MEDIUM
nmap exclusion — Non-agent service identified → downgrade to INFO (only if port scanner is the sole signal)
nmap boost — Agent-like service confirmed → add corroborating NMAP_ENRICHER signal

Integration Patterns¶

DataSource (Zeek)¶

Replaces "how we observe" without changing "what we look for":

ZeekDataSource → load_traffic() → TrafficRecord list → TrafficAnalyzer
ZeekDataSource → load_dns()     → DnsRecord list     → DnsMonitor
ZeekDataSource → load_tls()     → TlsRecord list     → TlsFingerprint

Enricher (nmap)¶

Post-processing step after detection and correlation:

Detectors → Signals → Correlation → Fusion → nmap Enricher → Final Result

Key Files¶

File	Purpose
`agentsniff/scanner.py`	Scan orchestrator, signal correlation
`agentsniff/fusion.py`	Cross-module fusion rules
`agentsniff/models.py`	Data models (DetectedAgent, DetectionSignal, ScanResult)
`agentsniff/config.py`	Configuration, known domains/ports/signatures
`agentsniff/server.py`	FastAPI REST API and SSE streaming
`agentsniff/storage.py`	SQLite persistence
`agentsniff/notifier.py`	Webhook and email alerting
`agentsniff/detectors/`	All eight detection modules
`agentsniff/integrations/`	Zeek and nmap integration

ThirdKey Trust Stack¶

AgentSniff complements the ThirdKey trust infrastructure:

AgentPin — Cooperative agent discovery via cryptographic identity documents
SchemaPin — Verified tools detected on MCP servers can be cross-checked against SchemaPin signatures
Symbiont — AgentSniff can run as a Symbiont agent with policy-enforced scanning boundaries
AgentNull — Detection evasion research feeds back into scanner improvements