Skip to content

v0.1.1 — first PyPI-installable release

Choose a tag to compare

View all tags
@tasnuvaleeya tasnuvaleeya released this 26 May 11:04
· 8 commits to main since this release
v0.1.1
83cc7e0

agent-guard v0.1.1 — Milestone 1 MVP

CI/CD safety and risk analysis for AI-assisted coding workflows (Claude Code, Codex, Cursor, Copilot, …). Scans pull-request diffs for the kinds of mistakes AI assistants commonly make and posts a sticky comment with a risk score.

This is the first release installable from PyPI as `ag-scan`.

What it detects (5 deterministic analyzers)

  • Secrets — 15 high-precision patterns (AWS, GCP, GitHub PAT, OpenAI, Anthropic, Stripe, Slack, …) + Shannon-entropy fallback in `.env*` files; evidence redacted in reports
  • Hallucinated imports (Python) — flags imports not in stdlib, declared deps, or local modules
  • Dangerous patterns — `eval`/`exec`, `subprocess(shell=True)`, `pickle.load`, `yaml.load` w/o SafeLoader, `verify=False`, `permissions: write-all`, …
  • Missing tests — source-file deltas without test-file changes
  • Infrastructure/auth changes — edits to CI workflows, Dockerfiles, Terraform, k8s, `.env*`

Quickstart

```yaml

.github/workflows/agent-guard.yml

name: agent-guard
on: pull_request
permissions:
contents: read
pull-requests: write
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with: { fetch-depth: 0 }
- uses: tasnuvaleeya/agent-guard@v0.1.1
```

Or use the CLI directly:

```bash
pip install ag-scan
agent-guard scan --base main
```

Highlights

  • Runs in <15s on typical PRs — pure stdlib + regex, no LLM call, no telemetry
  • Sticky PR comment with severity-grouped findings and collapsible evidence
  • 0–100 risk score for branch-protection gating
  • Configurable via `.agent-guard.yml` (per-analyzer toggles, threshold, path excludes)
  • Markdown and JSON output formats

Notes

  • The PyPI package is `ag-scan` because `agent-guard` was taken by an unrelated project. The CLI, the Action, and the brand stay as `agent-guard`.
  • Multi-language hallucination detection (tree-sitter), AI-smell rules, plugin SDK, and policy engine arrive in later milestones — see features/agent-guard-feature-plan.md.

Docs

  • README — 30-second pitch
  • User Manual — full reference (CLI flags, rule catalog, config schema, CI recipes, troubleshooting, FAQ)
Assets 2
Loading