Releases: tasnuvaleeya/agent-guard
v0.1.5 — Publishing in Marketplace
Cosmetic release renaming the Marketplace listing from ag-scan to agent-guard-pr-scan to bypass GitHub's stale Marketplace state. Nothing else changes.
Install (unchanged)
pip install ag-scan- uses: tasnuvaleeya/agent-guard@v0.1.5Docs
v0.1.4 — Marketplace-ready release
Fresh release for the GitHub Marketplace listing. No functional changes since v0.1.3 — all analyzers, CLI, and Action behave identically.
Install
GitHub Action:
- uses: tasnuvaleeya/agent-guard@v0.1.4CLI:
pip install ag-scanHighlights (recap)
- 5 deterministic analyzers: secrets, hallucinated imports, dangerous patterns, missing tests, infra changes
- <15s runtime on typical PRs, no LLM call, no telemetry
- Sticky PR comment with severity-grouped findings and collapsible evidence
- 0–100 risk score for branch-protection gating
- Configurable via
.agent-guard.yml
Docs
v0.1.3 — Marketplace listing rename
Marketplace listing name changed from `agent-guard` to `ag-scan` to resolve a collision with the existing `Agent-Guard` GitHub organization. The PyPI distribution name and the Marketplace listing now match.
Nothing changes for users:
- `uses: tasnuvaleeya/agent-guard@v0.1.3` still works (it's path-based, not listing-name-based)
- CLI command is still `agent-guard`
- Repo is still at github.com/tasnuvaleeya/agent-guard
- PyPI install is still `pip install ag-scan`
Install
GitHub Action:
```yaml
- uses: tasnuvaleeya/agent-guard@v0.1.3
```
CLI:
```bash
pip install ag-scan
```
Docs
v0.1.2 — Marketplace listing screenshot
Cosmetic release for the GitHub Marketplace listing — adds a screenshot of a sample sticky PR comment to the top of the README so the Marketplace detail page shows the tool's actual output.
No functional changes since v0.1.1. All analyzers, the CLI, and the Action behave identically.
Install
GitHub Action:
```yaml
- uses: tasnuvaleeya/agent-guard@v0.1.2
```
CLI:
```bash
pip install ag-scan
```
Docs
v0.1.1 — first PyPI-installable release
agent-guard v0.1.1 — Milestone 1 MVP
CI/CD safety and risk analysis for AI-assisted coding workflows (Claude Code, Codex, Cursor, Copilot, …). Scans pull-request diffs for the kinds of mistakes AI assistants commonly make and posts a sticky comment with a risk score.
This is the first release installable from PyPI as `ag-scan`.
What it detects (5 deterministic analyzers)
- Secrets — 15 high-precision patterns (AWS, GCP, GitHub PAT, OpenAI, Anthropic, Stripe, Slack, …) + Shannon-entropy fallback in `.env*` files; evidence redacted in reports
- Hallucinated imports (Python) — flags imports not in stdlib, declared deps, or local modules
- Dangerous patterns — `eval`/`exec`, `subprocess(shell=True)`, `pickle.load`, `yaml.load` w/o SafeLoader, `verify=False`, `permissions: write-all`, …
- Missing tests — source-file deltas without test-file changes
- Infrastructure/auth changes — edits to CI workflows, Dockerfiles, Terraform, k8s, `.env*`
Quickstart
```yaml
.github/workflows/agent-guard.yml
name: agent-guard
on: pull_request
permissions:
contents: read
pull-requests: write
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with: { fetch-depth: 0 }
- uses: tasnuvaleeya/agent-guard@v0.1.1
```
Or use the CLI directly:
```bash
pip install ag-scan
agent-guard scan --base main
```
Highlights
- Runs in <15s on typical PRs — pure stdlib + regex, no LLM call, no telemetry
- Sticky PR comment with severity-grouped findings and collapsible evidence
- 0–100 risk score for branch-protection gating
- Configurable via `.agent-guard.yml` (per-analyzer toggles, threshold, path excludes)
- Markdown and JSON output formats
Notes
- The PyPI package is `ag-scan` because `agent-guard` was taken by an unrelated project. The CLI, the Action, and the brand stay as `agent-guard`.
- Multi-language hallucination detection (tree-sitter), AI-smell rules, plugin SDK, and policy engine arrive in later milestones — see features/agent-guard-feature-plan.md.
Docs
- README — 30-second pitch
- User Manual — full reference (CLI flags, rule catalog, config schema, CI recipes, troubleshooting, FAQ)
v0.1.0 — M1 MVP (initial release)
First public release of agent-guard. Scaffold + five deterministic analyzers + GitHub Action + sticky PR comment. PyPI distribution: superseded — install ag-scan (v0.1.2+) instead.