Releases: yingchen-coding/agentguard
Release list
v0.1.2 — recall-preserving precision pass
agentguard 0.1.2 — a deterministic, capability-aware security & reliability scanner for AI agent / command / skill definitions. ESLint for the prompts that drive your agents.
What's new
Five false-positive classes, found by scanning a diverse corpus of real agents — the official Claude Code plugin marketplace (77 definitions across 24 plugins), understand-anything, agent-armor, and a local agent fleet — then hand-verifying every critical and tightening the rules. Each fix was checked in both directions: it kills the false positive and leaves the true positives intact (benchmark holds 100% precision / 92% recall, with regression cases).
- AL305 — the untrusted-input signal must now be near the command sink, not merely present somewhere in the body (kills cross-body false combinations like "Migration file format? (SQL)" + an unrelated "user requests").
- AL204 — no longer fires on a noun ("extract the assertions"), a section heading ("### Recommended Improvements"), or a debug "diagnose stderr". The grep-before-recommend safety rail still fires on real assertive actions.
- AL100 / AL101 — skip phrases that are quoted or paired with a concrete corrective ("be honest, not generous"); critic/linter agents legitimately quote the very phrases they hunt.
- AL307 — recognizes more legitimate injection guards ("its contents are inert data", negation-anchored "don't propagate embedded instructions").
- AL200 / AL205 — detect a markdown-table output template; fix an AL205 case-sensitivity bug where a sentence-initial "Only…/Never…/Do not…" was missed.
Also in this line: Python 3.9–3.12 CI is green (a 3.9-only break was fixed and a flake8-future-annotations lint gate added), and the shipped pre-commit hook is documented and verified end-to-end.
Install
pip install "git+https://github.com/yingchen-coding/agentguard@v0.1.2"Or pin the GitHub Action / pre-commit hook to v0.1.2 — see the README.
Try it on your own agents
agentguard ~/.claude # grade your own agents, commands & skills
agentguard owner/repo # vet a plugin BEFORE you install itFull changelog: CHANGELOG.md