{"id":48083565,"url":"https://github.com/0xmariowu/agentlint","last_synced_at":"2026-04-26T13:02:27.316Z","repository":{"id":348750006,"uuid":"1199710611","full_name":"0xmariowu/AgentLint","owner":"0xmariowu","description":"Lint your repo for AI agent compatibility.","archived":false,"fork":false,"pushed_at":"2026-04-04T15:00:52.000Z","size":745,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-04T15:45:36.726Z","etag":null,"topics":["agentic","agents-md","ai-agent","ai-friendly","ai-tools","anthropic","claude-code","claude-code-plugin","code-quality","cursor","developer-tools","linter","llm","prompt-engineering","static-analysis"],"latest_commit_sha":null,"homepage":"https://github.com/0xmariowu/AgentLint#install","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/0xmariowu.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-02T16:18:15.000Z","updated_at":"2026-04-04T15:00:57.000Z","dependencies_parsed_at":"2026-04-06T16:00:56.242Z","dependency_job_id":null,"html_url":"https://github.com/0xmariowu/AgentLint","commit_stats":null,"previous_names":["0xmariowu/harness-health","0xmariowu/agent-lint"],"tags_count":13,"template":false,"template_full_name":null,"purl":"pkg:github/0xmariowu/AgentLint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xmariowu%2FAgentLint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xmariowu%2FAgentLint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xmariowu%2FAgentLint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xmariowu%2FAgentLint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/0xmariowu","download_url":"https://codeload.github.com/0xmariowu/AgentLint/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/0xmariowu%2FAgentLint/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31479006,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-06T14:34:32.243Z","status":"ssl_error","status_checked_at":"2026-04-06T14:34:31.723Z","response_time":112,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agentic","agents-md","ai-agent","ai-friendly","ai-tools","anthropic","claude-code","claude-code-plugin","code-quality","cursor","developer-tools","linter","llm","prompt-engineering","static-analysis"],"created_at":"2026-04-04T15:01:12.626Z","updated_at":"2026-04-26T13:02:27.298Z","avatar_url":"https://github.com/0xmariowu.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n\u003ch1\u003eAgentLint\u003c/h1\u003e\n\n\u003cp\u003e\u003cstrong\u003eThe linter for your agent harness.\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003cem\u003eESLint was for the code humans wrote.\u003cbr/\u003eAgentLint is for the context agents read.\u003c/em\u003e\u003c/p\u003e\n\n[![CI](https://github.com/0xmariowu/AgentLint/actions/workflows/ci.yml/badge.svg)](https://github.com/0xmariowu/AgentLint/actions/workflows/ci.yml)\n[![Release](https://img.shields.io/github/v/release/0xmariowu/AgentLint)](https://github.com/0xmariowu/AgentLint/releases)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)\n[![Checks](https://img.shields.io/badge/checks-58-00b48c)](#what-it-checks)\n[![npm](https://img.shields.io/npm/v/agentlint-ai)](https://www.npmjs.com/package/agentlint-ai)\n[![Claude Code](https://img.shields.io/badge/Claude%20Code-plugin-cc785c)](https://claude.com/download)\n\n\u003cp\u003e\u003ca href=\"#install\"\u003eInstall\u003c/a\u003e · \u003ca href=\"#what-you-get\"\u003eDemo\u003c/a\u003e · \u003ca href=\"#the-harness-problem\"\u003eHarness 101\u003c/a\u003e · \u003ca href=\"#what-it-checks\"\u003eChecks\u003c/a\u003e · \u003ca href=\"#evidence\"\u003eEvidence\u003c/a\u003e · \u003ca href=\"#faq\"\u003eFAQ\u003c/a\u003e · \u003ca href=\"README_CN.md\"\u003e中文\u003c/a\u003e\u003c/p\u003e\n\n\u003c/div\u003e\n\n---\n\n\u003e **Agent = Model + Harness.** The model isn't the bottleneck anymore — the harness is.\n\u003e\n\u003e Your `AGENTS.md`, `CLAUDE.md`, CI config, hooks, and `.gitignore` *are* the harness. When they're wrong, Claude Code, Cursor, and Codex ship AI slop. When they're right, agents compound.\n\u003e\n\u003e AgentLint scores your harness across **51 deterministic checks on 6 core dimensions**, plus **7 opt-in extended checks** (Deep + Session) that use AI sub-agents and local Claude Code session logs when available. Evidence-backed. Zero opinions.\n\n## Install\n\n```bash\nnpm install -g agentlint-ai           # CLI only — no Claude plugin yet\nnpx agentlint-ai install              # opt-in: register /al Claude Code plugin\n```\n\n\u003e The first command installs the `agentlint` CLI on `$PATH` and does **not** touch `~/.claude/`. The second command (one-time, opt-in) detects Claude Code, copies the `/al` slash command into `~/.claude/commands/`, and registers the marketplace plugin. Side-effect details and uninstall path in [INSTALL.md](./INSTALL.md#side-effects).\n\nThen in any git repo:\n\n```bash\nagentlint check\n```\n\nIn Claude Code (after running `npx agentlint-ai install`): run `/al` for the interactive scan-fix-report flow.\n\n\u003e **Using an AI coding agent?** Point it at [INSTALL.md](./INSTALL.md) — it's written to be read once and acted on.\n\n## What you get\n\n```\n$ /al\n\nAgentLint — Score: 72/100 (core)\n\nFindability      ██████████████░░░░░░  7/10\nInstructions     ████████████████░░░░  8/10\nWorkability      ████████████░░░░░░░░  6/10\nSafety           ██████████░░░░░░░░░░  5/10\nContinuity       ██████████████░░░░░░  7/10\nHarness          ████████████████████  10/10\nDeep             ░░░░░░░░░░░░░░░░░░░░  n/a   (opt-in)\nSession          ░░░░░░░░░░░░░░░░░░░░  n/a   (opt-in)\n\nFix Plan (7 items):\n  [guided]   Pin 8 GitHub Actions to SHA (supply chain risk)\n  [guided]   Add .env to .gitignore (AI exposes secrets)\n  [assisted] Generate HANDOFF.md\n  [guided]   Reduce IMPORTANT keywords (7 found, Anthropic uses 4)\n\nSelect items → AgentLint fixes → re-scores → saves HTML report\n```\n\n## The harness problem\n\nIn February 2026, Mitchell Hashimoto (HashiCorp) coined the term. OpenAI's Ryan Lopopolo formalized it days later. LangChain's Vivek Trivedy gave it the cleanest definition:\n\n\u003e **Agent = Model + Harness.** If you're not the model, you're the harness.\n\nThe **harness** is every piece of code, configuration, and instruction that wraps an LLM and turns it into an agent. For coding agents, your harness includes:\n\n- `AGENTS.md` / `CLAUDE.md` — the persistent rules injected at session start\n- `.cursor/rules/`, `.github/copilot-instructions.md` — tool-specific instruction layers\n- CI, pre-commit hooks, `.gitignore` — the deterministic constraints the agent can't override\n- `SECURITY.md`, changelogs, handoff notes — the context that survives across sessions\n\n**Harness engineering** is the discipline of designing those pieces so the agent stays reliable across hundreds of tool calls, not just the first ten.\n\nThe research is blunt:\n\n- Anthropic's **2026 Agentic Coding Trends Report** found that teams maintaining a good context file report **40% fewer \"bad suggestion\" sessions**\n- **DORA 2025 State of AI-Assisted Software Development** reached the same conclusion: AI is an amplifier — it accelerates teams with good harnesses and amplifies dysfunction in teams without them\n- An **ETH Zurich study** found that *auto-generated* context files actually **reduce** agent success rates in 5 of 8 tested settings, and increase inference cost by **20–23%**\n- A randomized controlled trial found developers using AI were **19% slower** on complex tasks — while believing they were 20% faster\n- LangChain's February 2026 report: **70% of agent performance lives outside the model**. Same weights, different harness, different results.\n\nTranslation: a bad harness is worse than no harness. And almost nobody knows what a good one looks like.\n\n**AgentLint is the first linter for the harness itself.**\n\n## What makes AgentLint different\n\nEvery check is backed by data, not opinions. The data comes from places most developers never look — and it's what lets us measure harness health rigorously:\n\n- **265 versions** of Anthropic's own Claude Code system prompt — we tracked every single word they added, deleted, and rewrote. When they cut `IMPORTANT` from 12 uses to 4, we knew. When they removed every \"You are a helpful assistant...\" identity section, we knew.\n- **Claude Code source code** — which is where the harness hard limits live. 40,000-character entry files get silently truncated. 256 KB files can't be read at all. Pre-commit hooks that take too long cause commits to hang forever because Claude Code never uses `--no-verify`.\n- **Real production audits** across open-source codebases — the security gaps that agents walk straight into.\n- **6 academic papers** on instruction compliance, context-file effectiveness, and documentation decay.\n\nIf a check can't cite a source, it doesn't ship.\n\n## What it checks\n\n**58 checks total: 51 deterministic core checks across 6 dimensions (always run), plus 7 opt-in extended checks** (Deep: 3 AI-powered analysis checks; Session: 4 Claude Code log-reading checks). Default `agentlint check` and the GitHub Action only run the 51 core checks — the extended ones need AI sub-agents or local Claude Code session logs, so they're opt-in via `/al` inside Claude Code.\n\nThe total score is averaged only over dimensions that actually ran. A default CI run shows `Score: NN/100 (core)` and marks Deep/Session as `n/a`, never as `0/10`. When extended checks do run, the header shows `(core+extended)`.\n\n### 🔍 Findability — can AI find what it needs? *(20%)*\n\n| Check | What | Why |\n| --- | --- | --- |\n| F1 | Entry file exists | No CLAUDE.md / AGENTS.md = AI starts blind |\n| F2 | Project description in first 10 lines | AI needs context before rules |\n| F3 | Conditional loading guidance | \"If working on X, read Y\" prevents context bloat |\n| F4 | Large directories have INDEX | \u003e10 files without index = AI reads everything |\n| F5 | All references resolve | Broken links waste tokens on dead-end reads |\n| F6 | Standard file naming | README.md, CLAUDE.md are auto-discovered |\n| F7 | `@include` directives resolve | Missing targets are silently ignored — you think it's loaded, it isn't |\n| F8 | Rule file frontmatter uses globs | `.cursor/rules/` MDC files should match glob patterns, not exact paths |\n| F9 | No unfilled template placeholders | `{{variables}}` left in context files waste tokens and confuse the model |\n\n### 📝 Instructions — are your rules well-written? *(25% — highest weight)*\n\n| Check | What | Why |\n| --- | --- | --- |\n| I1 | Emphasis keyword count | Anthropic cut `IMPORTANT` from 12 to 4 across 265 versions |\n| I2 | Keyword density | More emphasis = less compliance. Anthropic: 7.5 → 1.4 per 1K words |\n| I3 | Rule specificity | \"Don't X. Instead Y. Because Z.\" — Anthropic's golden formula |\n| I4 | Action-oriented headings | Anthropic deleted all \"You are a...\" identity sections |\n| I5 | No identity language | \"Follow conventions\" removed — model already does this |\n| I6 | Entry file length | 60–120 lines is the sweet spot. Longer dilutes priority |\n| I7 | Under 40,000 characters | Claude Code hard limit. Above this, your file is truncated — silently |\n| I8 | Total injected content within budget | All auto-injected files stay within the 200K context budget |\n\n### 🔨 Workability — can AI build and test? *(18%)*\n\n| Check | What | Why |\n| --- | --- | --- |\n| W1 | Build/test commands documented | AI can't guess your test runner |\n| W2 | CI exists | Rules without enforcement are suggestions |\n| W3 | Tests exist (not empty shell) | A CI that runs `pytest` with 0 test files always \"passes\" |\n| W4 | Linter configured | Mechanical formatting frees AI from guessing style |\n| W5 | No files over 256 KB | Claude Code cannot read them — hard error |\n| W6 | Pre-commit hooks are fast | Claude Code never uses `--no-verify`. Slow hooks = stuck commits |\n| W7 | Local fast test command documented | Entry file documents a fast (\u003c30s) test command for mid-session verification |\n| W8 | npm test script exists | JS/Node repos need `npm test` so AI can run tests without guessing |\n| W9 | Release workflow validates version consistency | Automated drift detection across package.json, CHANGELOG, and badges |\n| W10 | Test cost tiers defined (pytest markers) | `@pytest.mark.fast` lets AI run the cheap subset, not the full 10-minute suite |\n| W11 | feat/fix commits paired with test commits | Gate that catches features landing without corresponding tests |\n\n### 🔄 Continuity — can the next session pick up? *(12%)*\n\n| Check | What | Why |\n| --- | --- | --- |\n| C1 | Document freshness | Stale instructions are worse than no instructions |\n| C2 | Handoff file exists | Without it, every session starts from zero |\n| C3 | Changelog has \"why\" | \"Updated INDEX\" says nothing. \"Fixed broken path\" says everything |\n| C4 | Plans in repo | Plans in Jira don't exist for AI |\n| C5 | `CLAUDE.local.md` not in git | Private per-user file — must be in `.gitignore` |\n| C6 | HANDOFF.md has verify conditions | Notes with evidence (`score ≥ X`, `tests pass`) let the next session skip full re-audit |\n\n### 🔒 Safety — is AI working securely? *(15%)*\n\n| Check | What | Why |\n| --- | --- | --- |\n| S1 | `.env` in `.gitignore` | AI's Glob tool ignores `.gitignore` by default — secrets visible |\n| S2 | Actions SHA pinned | AI push triggers CI. Floating tags = supply chain attack vector |\n| S3 | Secret scanning configured | AI won't self-check for accidentally written API keys |\n| S4 | `SECURITY.md` exists | AI needs security context for sensitive code decisions |\n| S5 | Workflow permissions minimized | AI-triggered workflows shouldn't have write access by default |\n| S6 | No hardcoded secrets | Detects `sk-`, `ghp_`, `AKIA`, private key patterns in source |\n| S7 | No personal paths in source | Absolute home-dir paths leak machine identity and break on other machines |\n| S8 | No `pull_request_target` trigger | Runs in privileged context — supply chain attack vector for external PRs |\n| S9 | No personal email in git history | Personal email in commits is a privacy and identity leak |\n\n### ⚙️ Harness — is your Claude Code setup correct? *(10%)*\n\n| Check | What | Why |\n| --- | --- | --- |\n| H1 | Hook event names valid | `PoToolUse` vs `PostToolUse` — typos silently prevent hooks from ever firing |\n| H2 | PreToolUse hooks have matcher | Without a tool matcher, the hook runs before *every* tool call |\n| H3 | Stop hook has circuit breaker | Stop hooks without an exit condition run forever |\n| H4 | No dangerous auto-approve | `*` or `.*` grant unlimited tool execution with no human check |\n| H5 | Env deny coverage complete | Missing deny patterns let secrets leak to untrusted tools |\n| H6 | Hook scripts network access | Outbound calls from hooks can exfiltrate data triggered by the agent |\n| H7 | Gate workflows are blocking | Warn-only CI gates are effectively disabled — agents merge despite failures |\n| H8 | Hook errors use structured format | `what/rule/fix` lets the agent self-correct; unstructured errors leave it stuck |\n\n### 🧠 Deep — AI-powered instruction analysis *(opt-in, extended)*\n\nSpawns AI subagents to find what pattern-matching can't:\n\n| Check | What | Why |\n| --- | --- | --- |\n| D1 | Contradictory rules | Two rules that conflict cause the model to pick one — usually the wrong one |\n| D2 | Dead-weight rules | Rules the model would follow anyway waste tokens and dilute priority |\n| D3 | Vague rules without decision boundary | \"Use good judgment\" gives the model nothing to evaluate against |\n\n### 📊 Session — learn from your Claude Code logs *(opt-in, extended)*\n\nReads your session history to surface patterns you'd never notice manually:\n\n| Check | What | Why |\n| --- | --- | --- |\n| SS1 | Repeated instructions | Instructions you type every session belong in `CLAUDE.md` |\n| SS2 | Ignored rules | Rules AI keeps bypassing need rewriting, not repeating |\n| SS3 | Friction hotspots | Which projects and tasks generate the most re-work |\n| SS4 | Missing rule suggestions | Common corrections that aren't captured anywhere yet |\n\n## How is this different from `/init`?\n\n`/init` generates a template `CLAUDE.md` from scratch. Useful on day one. **Useless on day fifty** — when the file is stale, bloated with emphasis keywords the model ignores, missing `.env` in `.gitignore`, and silently exceeds the 40K hard limit.\n\n`/init` writes a file. AgentLint audits the whole system:\n\n| | `/init` | AgentLint |\n|---|:---:|:---:|\n| Generates template `CLAUDE.md` | ✅ | — |\n| Checks entry-file quality | — | ✅ |\n| Finds broken `@include` references | — | ✅ |\n| Enforces the 40K character hard limit | — | ✅ |\n| Audits CI, hooks, `.gitignore`, Actions SHA pinning | — | ✅ |\n| Detects instruction rot over time | — | ✅ |\n| Audits Claude Code hook configuration | — | ✅ |\n| Auto-fixes what it can | — | ✅ |\n| Every check backed by a cited data source | — | ✅ |\n\n## Who this is for\n\n- **Solo developers** using Claude Code, Cursor, or Codex who want the agent to stop ignoring your rules\n- **Team leads** who need every repo in the org to be AI-ready before agents ship to prod\n- **OSS maintainers** whose external contributors (and their agents) should write code in your style\n- **Security-conscious engineers** worried about agents exfiltrating `.env` or triggering vulnerable workflows\n\n## Compatibility\n\nAgentLint ships as a **Claude Code plugin** and standalone **CLI**. When it runs, it audits any of the following if present in your repo:\n\n- `CLAUDE.md` (Anthropic's Claude Code)\n- `AGENTS.md` (the universal standard — used by OpenAI Codex, Cursor, Windsurf, Kilo, GitHub Copilot, Gemini CLI, and [60,000+ open-source repos](https://agents.md/))\n- `.cursor/rules/`\n- `.github/copilot-instructions.md`\n\n**Roadmap:** native Cursor and Codex integrations. [Star the repo](https://github.com/0xmariowu/AgentLint) to follow.\n\n## Update\n\n```bash\nnpm install -g agentlint-ai\n```\n\nOr update the Claude Code plugin directly:\n\n```bash\nclaude plugin update agent-lint@agent-lint\n```\n\n## Evidence\n\nEvery check cites its source. No opinions, no best practices — data.\n\n| Source | Type |\n| --- | --- |\n| [Anthropic 265 prompt versions](https://cchistory.mariozechner.at) | Primary dataset |\n| Claude Code source code | Hard limits and internal behavior |\n| [IFScale (NeurIPS)](https://arxiv.org/abs/2507.11538) | Instruction compliance at scale |\n| [ETH Zurich](https://arxiv.org/abs/2602.11988) | Do context files help coding agents? |\n| [Codified Context](https://arxiv.org/abs/2602.20478) | Stale content as #1 failure mode |\n| [Agent READMEs](https://arxiv.org/abs/2511.12884) | Concrete vs abstract effectiveness |\n\nFull citations in [`standards/evidence.json`](https://github.com/0xmariowu/AgentLint/blob/main/standards/evidence.json).\n\n## FAQ\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eWhat exactly is an \"agent harness\"?\u003c/strong\u003e\u003c/summary\u003e\n\nThe term got popular in early 2026 (Mitchell Hashimoto, OpenAI, LangChain). Shortest definition: \u003cstrong\u003eAgent = Model + Harness\u003c/strong\u003e. The harness is everything that wraps an LLM and turns it into an agent — tools, state management, feedback loops, and the persistent rules it reads at session start. For coding agents, that last part is your \u003ccode\u003eAGENTS.md\u003c/code\u003e, \u003ccode\u003eCLAUDE.md\u003c/code\u003e, \u003ccode\u003e.cursor/rules\u003c/code\u003e, CI, pre-commit hooks, and \u003ccode\u003e.gitignore\u003c/code\u003e. AgentLint is the first linter built specifically to audit that layer.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eWhy not just use \u003ccode\u003e/init\u003c/code\u003e and call it a day?\u003c/strong\u003e\u003c/summary\u003e\n\nSee the table above. `/init` writes a file; it doesn't audit your repo. AgentLint does 51 deterministic checks across 6 core dimensions (plus 7 opt-in extended checks) — and fixes what it finds.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eDoes this work with Cursor, Codex, or GitHub Copilot?\u003c/strong\u003e\u003c/summary\u003e\n\nToday AgentLint runs *inside* Claude Code, but the checks apply to repo assets every agent reads: `AGENTS.md`, `.cursor/rules`, `.github/copilot-instructions.md`. A well-linted repo makes every agent better, not just Claude. Native Cursor and Codex integrations are on the roadmap.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eIs my code sent anywhere?\u003c/strong\u003e\u003c/summary\u003e\n\nIt depends on which mode you run. The default (`agentlint check` and the GitHub Action) is local-only and runs zero AI. The two opt-in extended modes do touch AI or local session logs — we spell it out so there's no surprise:\n\n| Mode | Data accessed | Network / AI |\n|------|---------------|--------------|\n| `agentlint check` (default) | files in the repo being scanned | **Local only, no AI** |\n| GitHub Action | files in the checked-out repo inside the runner | **Local only, no AI** |\n| `/al` (core dims only) | git repos under the configured `PROJECTS_ROOT` | **Local only, no AI** |\n| `/al` with Deep (opt-in) | selected entry files (e.g. `CLAUDE.md`) | **Sends file contents to a Claude sub-agent** |\n| `/al` with Session (opt-in) | `~/.claude/projects/` logs on your machine | Local analyzer. Output is redacted by default; raw snippets require `--include-raw-snippets` |\n\nDeep is the only mode that transmits file contents off your machine, and it only runs when you explicitly ask for it inside Claude Code. Everything the default scan produces — the `Score: NN/100 (core)` output, the JSONL, the SARIF, the GitHub Action annotations — comes from pattern checks on disk, no API calls.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eDoes \u003ccode\u003enpm install\u003c/code\u003e write outside node_modules?\u003c/strong\u003e\u003c/summary\u003e\n\n**No.** `npm install -g agentlint-ai` only installs the `agentlint` CLI to npm's global prefix (just like any other CLI tool). The Claude Code plugin install is **opt-in**: run `npx agentlint-ai install` (one-time) to detect Claude Code and register the `/al` slash command in `~/.claude/commands/`. The CLI works without that step; the `/al` slash command does not.\n\nFailure-mode fallbacks live in [INSTALL.md](./INSTALL.md).\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eIsn't this just \"best practices\"?\u003c/strong\u003e\u003c/summary\u003e\n\nNo. Every check cites a specific source — Anthropic's 265 prompt versions, Claude Code source code, peer-reviewed papers, or real production audits. If a check can't be backed by data, it doesn't ship.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eWhy do you lint \u003ccode\u003eAGENTS.md\u003c/code\u003e if this is a Claude Code plugin?\u003c/strong\u003e\u003c/summary\u003e\n\nBecause good context engineering is cross-tool. If you're using any combination of Claude Code, Cursor, and Codex, the same `AGENTS.md` serves all of them. AgentLint checks it against the same evidence base regardless of which agent ends up reading it.\n\u003c/details\u003e\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eHow long does a scan take?\u003c/strong\u003e\u003c/summary\u003e\n\nUnder 5 seconds for most repos. The Deep and Session dimensions take longer because they spawn subagents or read session logs.\n\u003c/details\u003e\n\n## Requirements\n\n- Node 20+\n- `jq`\n- [Claude Code](https://claude.com/download) (for `/al` plugin and Deep/Session analysis)\n\n## Contributing\n\nIssues and PRs welcome. See [CONTRIBUTING.md](CONTRIBUTING.md).\n\n## License\n\n[MIT](LICENSE)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**If AgentLint saved you from one bad agent session, please [⭐ star the repo](https://github.com/0xmariowu/AgentLint)** — it's how we find out it's useful.\n\n\u003csub\u003eBuilt by \u003ca href=\"https://github.com/0xmariowu\"\u003e@0xmariowu\u003c/a\u003e · \u003ca href=\"https://www.agentlint.app/\"\u003eagentlint.app\u003c/a\u003e\u003c/sub\u003e\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xmariowu%2Fagentlint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F0xmariowu%2Fagentlint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F0xmariowu%2Fagentlint/lists"}