Skip to main content
Drako scans your codebase entirely offline using AST-based static analysis. No account, no API key, and no network connection required for scanning.
1

Install Drako

Install Drako from PyPI. Python 3.10 or later is required.
pip install drako
Verify the installation:
drako --version
2

Run your first scan

Navigate to your AI agent project and run:
drako scan .
Drako analyzes your project’s Python files using AST-based static analysis and prints a report:
┌─ Drako Scan ─────────────────────────────────────────────┐
│ my-project  │  crewai 0.86.0  │  0.4s                    │
└──────────────────────────────────────────────────────────┘

  Agent BOM: 3 agents │ 12 tools │ 2 models │ 4 prompts

  GOVERNANCE:  42/100 [D] ▰▰▰▰▰▰▰▰▱▱▱▱▱▱▱▱▱▱▱▱  42%
  DETERMINISM: 34/100 [F] ▰▰▰▰▰▰▰▱▱▱▱▱▱▱▱▱▱▱▱▱  34%

  Better than 28% of scanned projects

  CRITICAL  3  │  HIGH  5  │  MEDIUM  4  │  LOW  2

  SEC-001  API key hardcoded in source           (src/main.py)
           ⚠ REACHABLE — used by agent 'researcher'
           Related: DRAKO-ABSS-2026-003
           Impact: Attacker inherits all agent permissions
           Ref: CWE-798, OWASP LLM06

  SEC-005  Arbitrary code execution in tool      (tools/runner.py)
           ○ UNREACHABLE — no agent references this tool

  DET-001  LLM temperature not set               (agents/writer.py)
           Impact: Non-deterministic outputs between runs
3

Review your findings

Every scan produces two scores and a ranked finding list.Governance score — answers the security question: are your agents safe to run in production? It covers hardcoded secrets, prompt injection risks, missing audit logging, absent human-in-the-loop controls, and more.Determinism score — answers the engineering question: will your agents behave the same way twice? It flags missing temperature settings, absent timeouts, no retry limits, and other sources of non-deterministic behavior.Grades run from A (90–100) down to F (0–39). Each project starts at 100 and loses points per finding, with caps per rule category so a single misconfiguration cannot zero out your score.Reachability separates real risks from theoretical ones. A finding marked ⚠ REACHABLE means the dangerous code path is actively used by at least one agent. A finding marked ○ UNREACHABLE means no agent currently references that tool or code path — it is dimmed in the output, not removed, so you remain aware of it.
Run drako scan --details to include code snippets and auto-fix suggestions inline with each finding.
4

Generate a config

Once you have reviewed your findings, generate a .drako.yaml config pre-filled with your project’s agents, tools, and recommended policies:
drako init
This produces a .drako.yaml in your project root:
# .drako.yaml — pre-filled with YOUR agents and tools
governance_level: autopilot        # autopilot | balanced | strict

agents:
  researcher:
    source: agents/researcher.py
tools:
  web_search:
    type: read
  code_runner:
    type: execute                  # ⚠ flagged CRITICAL by scan

policies:
  odd:
    researcher:
      permitted_tools: [web_search, file_reader]
      forbidden_tools: [code_runner]
  dlp:
    mode: enforce
  circuit_breaker:
    failure_threshold: 5
  hitl:
    triggers:
      tool_types: [write, execute, payment]
      spend_above_usd: 100.00
By default, drako init uses autopilot mode: it reads your scan results, generates the config, and starts in audit mode so nothing is blocked yet. When you are ready to enforce, run drako upgrade --balanced.
5

Add runtime enforcement

To enforce your policies at runtime, wrap your agent with govern:
from drako import govern

crew = govern(crew)    # every tool call passes through enforcement
govern auto-detects the framework (CrewAI, LangGraph, AutoGen) from the object you pass in. Every tool call then passes through a 13-stage pipeline — DLP scanning, ODD boundary checks, circuit breakers, HITL triggers, spend caps, and more — before it executes.

Next steps

Scanning overview

Understand the full scan pipeline, all 97 rules, and how reachability analysis works.

Runtime enforcement

Learn about the 13-stage enforcement pipeline and all 20 runtime capabilities.

Configuration reference

Full reference for every field in .drako.yaml, policy templates, and autopilot modes.

CLI reference

Every flag and option for drako scan, including SARIF output, CI gates, and diff mode.

Build docs developers (and LLMs) love

Get started for freeTalk to us