AgentLint provides essential real-time guardrails for AI coding agents, preventing issues like API key leaks and destructive commands. With ten universal rules applicable to any tech stack, it ensures that coding agents maintain high standards without disrupting development workflows.
AgentLint is a robust tool designed to enforce real-time quality control for AI coding agents, acting as an ESLint equivalent for agent behavior. As AI coding agents often introduce errors during prolonged sessions—such as embedding API keys in source code, neglecting tests, or leaving debug statements—AgentLint proactively identifies these issues as they occur, rather than waiting for the review phase.
Key Features
AgentLint includes 10 universal rules applicable across any tech stack, categorized by severity to provide immediate feedback on coding practices:
| Rule | Severity | Description |
|---|---|---|
no-secrets | ERROR | Prevents writing sensitive information like API keys and passwords into the codebase. |
no-env-commit | ERROR | Blocks commits of .env and credential files. |
no-force-push | ERROR | Prohibits git push --force to protected branches. |
no-destructive-commands | WARNING | Issues warnings for unsafe commands such as rm -rf or DROP TABLE. |
dependency-hygiene | WARNING | Alerts on ad-hoc installations of packages via pip or npm. |
max-file-size | WARNING | Notifies when a file exceeds a defined line limit, defaulting at 500 lines. |
drift-detector | WARNING | Cautions after numerous edits without running tests. |
no-debug-artifacts | WARNING | Detects and flags remnants of debug code like console.log or print(). |
test-with-changes | WARNING | Flags instances where source code changes are made without corresponding test updates. |
no-todo-left | INFO | Reports any TODO or FIXME comments detected in modified files. |
Error rules will halt the agent's actions, ensuring compliance, while warning rules will provide constructive advice in real-time. Informational rules appear in session reports, enabling developers to maintain clear oversight of potential issues.
Installation and Setup
Installing AgentLint is straightforward. After installation via pip, the following command initializes the necessary configurations:
pip install agentlint
cd your-project
agentlint setup
Upon detection of a risky operation, AgentLint will provide immediate feedback, for example:
⛔ [no-secrets] Possible secret token detected (prefix 'sk_live_')
💡 Use environment variables instead of hard-coded secrets.
AgentLint’s setup command configures hooks within settings.json and generates an agentlint.yml file with the necessary settings. The hooks monitor and control actions to preserve code quality during development.
Configuration and Customization
Users have the flexibility to tailor configurations through agentlint.yml, allowing for adjustments to severity levels and the implementation of custom rules as needed. Custom rules can be crafted by defining Python classes that extend the built-in rule functionality, providing a mechanism for personalized enforcement that fits specific project requirements.
Performance and Compatibility
AgentLint is designed for efficiency, evaluating rules within 10 milliseconds. It operates locally without network dependencies, ensuring a seamless experience that doesn't slow down the coding process. While the primary integration with Claude Code enables real-time blocking of issues, AgentLint can also function as a command-line interface independently, making it versatile for use in various CI pipelines.
Comparison with Alternatives
When compared to similar tools, AgentLint stands out due to its local-first approach and open-source nature, making it a user-friendly choice for development teams looking for effective quality control solutions without external dependencies.
For more information on enhancing coding standards with AgentLint or to contribute to its development, please refer to the documentation in the repository.
No comments yet.
Sign in to be the first to comment.