v1.3.0

Externalized Detection Signatures with SchemaPin Verification

Detection signatures are now stored as external JSON files with ECDSA-P256-SHA256 signature verification via SchemaPin.

New Features

• Externalized signatures: All detection lists (LLM domains, agent infra domains, framework fingerprints, ports, TLS fingerprints, MCP methods, domain suffixes) moved from hardcoded Python to JSON files in agentsniff/signatures/
• SchemaPin signature verification: Each JSON file has a companion .sig file for tamper detection. CLI shows verification status on startup, dashboard displays a signature badge
• agentsniff update-signatures command: Download latest signatures from GitHub with optional --verify/--no-verify flags
• Expanded detection coverage (69 frameworks, 63 LLM domains, 45 agent infra domains, 16 domain suffixes):
  • MCP registries: Smithery, mcphub.tools, mcp.run, PulseMCP, OpenTools
  • Observability: Langfuse, Braintrust, AgentOps, Arize Phoenix, LlamaTrace
  • IDE backends: Cursor, GitHub Copilot, Windsurf
  • New frameworks: Anthropic SDK, Google GenAI SDK, Claude Desktop, Strands Agents, Google ADK, Vercel AI SDK, E2B, AgentOps, MCP Inspector
  • Expanded header detection: x-stainless-, x-cursor-, Helicone-, x-portkey-, x-bt-*
  • MCP client fingerprinting via mcp_client_name in initialize handshake
• MCP streamable HTTP transport: Detects MCP-Protocol-Version response header as definitive MCP indicator
• Public key published at agentsniff.org/.well-known/schemapin.json

Bug Fixes

• Fix dashboard showing duplicate agents for same host IP
• Fix SchemaPin API method names for signature verification
• Fix .sig file key field lookup (public_key vs public_key_pem)

Custom Rules

Users can still add custom domains, ports, and framework signatures via YAML config, environment variables, or programmatic ScanConfig fields. Custom rules merge with (not replace) the signed signature files.