Skip to content

Agent Gate v0.1.0

Pre-release
Pre-release

Choose a tag to compare

View all tags
@sjh9714 sjh9714 released this 14 Jun 02:23
· 16 commits to main since this release
v0.1.0
0bebf68
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Agent Gate v0.1.0

No AI PR gets merged without proof.

Agent Gate v0.1.0 is a pre-release of a deterministic CI firewall for AI-generated pull requests. It focuses on explainable checks for PR contracts, risky file changes, agent control-plane drift, workflow permission escalation, and missing test-change evidence.

What works today

  • Deterministic core analyzer and JSON/Markdown reports
  • agent-gate.yml config parsing
  • PR body contract parsing
  • Contract scope checks for allowed and blocked paths
  • High-risk path detection
  • Agent control-plane drift detection
  • Missing test evidence detection
  • GitHub Actions workflow permission escalation detection
  • Dangerous workflow pattern detection
  • CLI replay for deterministic fixtures
  • Unsafe PR zoo fixtures for local demos
  • Root GitHub Action for uses: sjh9714/Agent-Gate@<ref>
  • PR report comment upsert
  • Self-dogfooding Agent Gate workflow
  • Repository CI

Security model

Agent Gate is API-only at runtime. The Action loads policy from the PR base ref, reads PR metadata and changed-file data through GitHub APIs, and does not checkout PR code.

Runtime analysis does not call LLMs, execute repository scripts, install packages from the target PR, or execute MCP servers.

Demo

Run the unsafe workflow fixture locally:

pnpm --filter agent-gate build
node packages/cli/dist/main.js replay fixtures/unsafe-pr-zoo/workflow-permission-escalation

Expected headline findings:

Agent Gate: BLOCKED
ERROR workflow/permission-escalation
ERROR workflow/dangerous-pattern
Path: .github/workflows/release.yml

Install

Use the root Action from a pull request workflow:

permissions:
  contents: read
  pull-requests: read

jobs:
  agent-gate:
    runs-on: ubuntu-latest
    steps:
      - uses: sjh9714/Agent-Gate@v0.1.0
        with:
          github-token: ${{ secrets.GITHUB_TOKEN }}
          mode: warn
          fail-on-block: false

To enable PR report comments, add issues: write and set comment: true.

Start with mode: warn and fail-on-block: false. After policy findings are tuned, move toward mode: block and fail-on-block: true.

Known limitations

  • Agent Gate is pre-release; APIs and rule names may change in later pre-releases.
  • CODEOWNERS and reviewer evidence are not implemented yet.
  • Package and dependency drift rules are not implemented yet.
  • GitHub Actions job-level permission escalation comparison is limited.
  • Test evidence checks are file-pattern based; they do not prove semantic coverage.
  • PR comment upsert requires issues: write and may warn on fork PRs with read-only tokens.

Stability note

For this pre-release, prefer @v0.1.0 or a pinned commit SHA. Expect early rule names, report details, and configuration options to change as the pre-release matures.

Assets 2
Loading