# Argus
> Argus is an open-source static-analysis security gateway for AI-agent and MCP package installation. It scans the actual source of every package an agent or MCP server tries to install, runs SAST on the code, and exits non-zero on malicious payloads — composing in front of any package manager.

## Key facts
- Written in Go 1.22+, zero external dependencies, single binary
- Licensed AGPL-3.0
- Supports macOS, Linux, Windows
- Languages scanned: Go (AST), Python, JavaScript, TypeScript, Ruby, Rust, shell (pattern + entropy)
- Two severity tiers: CRITICAL (exit 1, blocks install) and WARNING (logged, non-blocking)
- Detection categories: dangerous calls, hardcoded secrets, network beacons, obfuscation, path traversal, zip-slip
- Archive extraction capped at 100 MiB per file; nested archives extracted up to two levels
- Composes with any package manager: `argus scan ./pkg && pip install ./pkg`

## Main pages
- [Homepage](https://argusgate.sh/): Product overview, features, install instructions
- [FAQ](https://argusgate.sh/faq): Detailed Q&A — comparisons to npm audit, Snyk, Dependabot; languages; severity model; MCP integration; production-readiness
- [GitHub repository](https://github.com/argusgate/argus): Source code, releases, issue tracker
- [README](https://github.com/argusgate/argus#argus): Full documentation
- [CHANGELOG](https://github.com/argusgate/argus/blob/main/CHANGELOG.md): Release history (current: v0.1.7)
- [SAST design doc](https://github.com/argusgate/argus/blob/main/docs/sast-design.md): Architecture and rule design
- [License](https://github.com/argusgate/argus/blob/main/LICENSE): AGPL-3.0

## Install
go install github.com/argusgate/argus/cmd/argus@latest

## Disambiguation
"Argus" in this context refers specifically to the open-source SAST CLI tool hosted at github.com/argusgate/argus and argosai.dev. It is **not** related to Argus Media, Argus Insurance, the Argus II retinal implant, or Argus Panoptes from Greek mythology.