SkillAgentSearch skills...

Agentlint

Real-time guardrails for AI coding agents — code quality, security, and infrastructure safety. 57 rules across 8 packs for Claude Code.

GenerateConvertImprove

Install / Use

/learn @mauhpr/Agentlint
About this skill

Quality Score

0/100

Supported Platforms

Claude Code
Claude Desktop

README

agentlint

CI codecov PyPI Python License: MIT

Real-time guardrails for AI coding agents — code quality, security, and infrastructure safety.

AI coding agents drift during long sessions — they introduce API keys into source, skip tests, force-push to main, and leave debug statements behind. AgentLint catches these problems as they happen, not at review time.

Vision

The short-term problem is code quality: secrets, broken tests, force-pushes, debug artifacts. AgentLint solves that today with 63 rules that run locally in milliseconds.

The longer-term question is harder: what does it mean for an agent to operate safely on real infrastructure? When an agent can run gcloud, kubectl, terraform, or iptables, the blast radius is no longer a bad commit — it's a production outage or a deleted database.

We don't have a mature answer to that yet. Nobody does. The autopilot pack is our first experiment in that direction — explicit, opt-in, and clearly labeled as such. The goal is to start building the intuition and tooling for autonomous agent safety at the infrastructure level, and to do it in the open.

What it catches

AgentLint ships with 63 rules across 8 packs, covering all 17 Claude Code hook events. The 17 universal rules and 4 quality rules work with any tech stack; 4 additional packs auto-activate based on your project files; the security pack is opt-in; and the autopilot pack is opt-in and experimental:

| Rule | Severity | What it does | |------|----------|-------------| | no-secrets | ERROR | Blocks writes containing API keys, tokens, passwords, private keys, JWTs | | no-env-commit | ERROR | Blocks writing .env files (including via Bash) | | no-force-push | ERROR | Blocks git push --force to main/master | | no-push-to-main | WARNING | Warns on direct push to main/master | | no-skip-hooks | WARNING | Warns on git commit --no-verify | | no-destructive-commands | WARNING | Warns on rm -rf, DROP TABLE, chmod 777, mkfs, and more | | no-test-weakening | WARNING | Detects skipped tests, assert True, commented-out assertions | | dependency-hygiene | WARNING | Warns on ad-hoc pip install / npm install | | max-file-size | WARNING | Warns when a file exceeds 500 lines | | drift-detector | WARNING | Warns after many edits without running tests | | no-debug-artifacts | WARNING | Detects console.log, print(), debugger left in code | | test-with-changes | WARNING | Warns if source changed but no tests were updated | | token-budget | WARNING | Tracks session activity and warns on excessive tool usage | | git-checkpoint | INFO | Creates git stash before destructive ops (opt-in, disabled by default) | | no-todo-left | INFO | Reports TODO/FIXME comments in changed files |

ERROR rules block the agent's action. WARNING rules inject advice into the agent's context. INFO rules appear in the session report.

<details> <summary><strong>Quality pack</strong> (4 rules) — always active alongside universal</summary>

| Rule | Severity | What it does | |------|----------|-------------| | commit-message-format | WARNING | Validates commit messages follow conventional format | | no-error-handling-removal | WARNING | Warns when try/except or .catch() blocks are removed | | no-dead-imports | INFO | Detects unused imports in Python and JS/TS files | | self-review-prompt | INFO | Injects adversarial self-review prompt at session end |

</details> <details> <summary><strong>Python pack</strong> (6 rules) — auto-activates when <code>pyproject.toml</code> or <code>setup.py</code> exists</summary>

| Rule | Severity | What it does | |------|----------|-------------| | no-bare-except | WARNING | Prevents bare except: clauses that swallow all exceptions | | no-unsafe-shell | ERROR | Blocks unsafe shell execution via subprocess or os module | | no-dangerous-migration | WARNING | Warns on risky Alembic migration operations | | no-wildcard-import | WARNING | Prevents from module import * | | no-unnecessary-async | INFO | Flags async functions that never use await | | no-sql-injection | ERROR | Blocks SQL via string interpolation (f-strings, .format()) |

</details> <details> <summary><strong>Frontend pack</strong> (8 rules) — auto-activates when <code>package.json</code> exists</summary>

| Rule | Severity | What it does | |------|----------|-------------| | a11y-image-alt | WARNING | Ensures images have alt text (WCAG 1.1.1) | | a11y-form-labels | WARNING | Ensures form inputs have labels or aria-label | | a11y-interactive-elements | WARNING | Checks ARIA attributes and link anti-patterns | | a11y-heading-hierarchy | INFO | Ensures no skipped heading levels or multiple h1s | | mobile-touch-targets | WARNING | Ensures 44x44px minimum touch targets (WCAG 2.5.5) | | mobile-responsive-patterns | INFO | Warns about desktop-only layout patterns | | style-no-arbitrary-values | INFO | Warns about arbitrary Tailwind values bypassing tokens | | style-focus-visible | WARNING | Ensures focus indicators are not removed (WCAG 2.4.7) |

</details> <details> <summary><strong>React pack</strong> (3 rules) — auto-activates when <code>react</code> is in <code>package.json</code> dependencies</summary>

| Rule | Severity | What it does | |------|----------|-------------| | react-query-loading-state | WARNING | Ensures useQuery results handle loading and error states | | react-empty-state | INFO | Suggests empty state handling for array.map() in JSX | | react-lazy-loading | INFO | Suggests lazy loading for heavy components in page files |

</details> <details> <summary><strong>SEO pack</strong> (4 rules) — auto-activates when an SSR/SSG framework (Next.js, Nuxt, Gatsby, Astro, etc.) is detected</summary>

| Rule | Severity | What it does | |------|----------|-------------| | seo-page-metadata | WARNING | Ensures page files include title and description | | seo-open-graph | INFO | Ensures pages with metadata include Open Graph tags | | seo-semantic-html | INFO | Encourages semantic HTML over excessive divs | | seo-structured-data | INFO | Suggests JSON-LD structured data for content pages |

</details> <details> <summary><strong>Security pack</strong> (3 rules) — opt-in, add <code>security</code> to your packs list</summary>

| Rule | Severity | What it does | |------|----------|-------------| | no-bash-file-write | ERROR | Blocks file writes via Bash (cat >, tee, sed -i, cp, heredocs, etc.) | | no-network-exfil | ERROR | Blocks data exfiltration via curl POST, nc, scp, wget --post-file | | env-credential-reference | WARNING | Warns when *_FILE env vars reference local paths (credential leakage risk) |

The security pack addresses the most common agent escape hatch: bypassing Write/Edit guardrails via the Bash tool. Enable it by adding security to your packs list:

packs:
  - universal
  - security  # Blocks Bash file writes and network exfiltration

Configure allowlists for legitimate use cases:

rules:
  no-bash-file-write:
    allow_patterns: ["echo.*>>.*\\.log"]  # Allow appending to logs
    allow_paths: ["*.log", "/tmp/*"]       # Allow writes to temp/log
  no-network-exfil:
    allowed_hosts: ["internal.corp.com"]   # Allow specific hosts
</details> <details> <summary><strong>Autopilot pack</strong> (18 rules) — ⚠️ experimental, opt-in</summary>

Alpha quality. The autopilot pack is an early experiment in agent safety guardrails for cloud and infrastructure operations. Regex-based heuristics will produce false positives and false negatives — a mature framework for this problem doesn't exist yet. Enable it, experiment with it, report what breaks. Use at your own risk in production environments.

| Rule | Severity | What it does | |------|----------|-------------| | production-guard | ERROR | Blocks Bash commands targeting production databases, gcloud projects, or AWS accounts | | destructive-confirmation-gate | ERROR | Blocks DROP DATABASE, terraform destroy, kubectl delete namespace, etc. without explicit acknowledgment | | dry-run-required | WARNING | Requires --dry-run/--check/plan preview before terraform apply, kubectl apply, ansible-playbook, helm upgrade/install, and pulumi up | | bash-rate-limiter | WARNING | Circuit-breaks after N destructive commands within a time window (default: 5 ops / 300s) | | cross-account-guard | WARNING | Warns when the agent switches between gcloud projects or AWS profiles mid-session | | operation-journal | INFO | Records every Bash and file-write operation to an in-session audit log; emits a summary at Stop | | cloud-resource-deletion | ERROR | Blocks AWS/GCP/Azure resource deletion without session confirmation | | cloud-infra-mutation | ERROR | Blocks NAT, firewall, VPC, IAM, and load balancer mutations across AWS/GCP/Azure | | cloud-paid-resource-creation | WARNING | Warns when creating paid cloud resources (VMs, DBs, static IPs) | | system-scheduler-guard | WARNING | Warns on crontab, systemctl enable, launchctl, scheduler file writes | | network-firewall-guard | ERROR | Blocks iptables flush, ufw disable, firewalld permanent rules, and default route changes | | docker-volume-guard | WARNING/ERROR | Blocks privileged containers (ERROR); warns on volume deletion and force-remove (WARNING) | | ssh-destructive-command-guard | WARNING/ERROR | Detects destr

mauhpr

View profile

View on GitHub
GitHub Stars14
CategoryDevelopment
Updated5d ago
Forks0
mauhpr/agentlint

Languages

Python

Security Score

95/100

Audited on Mar 17, 2026

No findings