<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Laith Rastanawi</title>
    <description>The latest articles on DEV Community by Laith Rastanawi (@laisrast).</description>
    <link>https://dev.to/laisrast</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F4011387%2F1bcf9bb0-168b-4492-93e0-9fea8ddb6d2e.png</url>
      <title>DEV Community: Laith Rastanawi</title>
      <link>https://dev.to/laisrast</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/laisrast"/>
    <language>en</language>
    <item>
      <title>AgentAudit: Static security analysis for AI coding agent sessions</title>
      <dc:creator>Laith Rastanawi</dc:creator>
      <pubDate>Wed, 01 Jul 2026 21:09:31 +0000</pubDate>
      <link>https://dev.to/laisrast/agentaudit-static-security-analysis-for-ai-coding-agent-sessions-3n2m</link>
      <guid>https://dev.to/laisrast/agentaudit-static-security-analysis-for-ai-coding-agent-sessions-3n2m</guid>
      <description>&lt;p&gt;AI coding agents can read files, edit code, execute shell commands, and make network requests. After a session finishes, it's often difficult to answer a simple question:&lt;/p&gt;

&lt;blockquote&gt;
&lt;p&gt;What exactly happened, and was any of it risky?&lt;/p&gt;
&lt;/blockquote&gt;

&lt;p&gt;I built &lt;strong&gt;AgentAudit&lt;/strong&gt; to explore this problem. It is an &lt;strong&gt;early prototype&lt;/strong&gt;.&lt;/p&gt;

&lt;p&gt;AgentAudit performs static analysis of AI coding agent sessions by matching rules against the tool calls made during a session. It is fully deterministic (no AI inference), offline, and fast.&lt;/p&gt;

&lt;p&gt;Currently supports &lt;strong&gt;Claude Code&lt;/strong&gt;, with additional adapters planned.&lt;/p&gt;

&lt;h2&gt;
  
  
  Install
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;git clone git@github.com:LaisRast/agent-audit.git
&lt;span class="nb"&gt;cd &lt;/span&gt;agent-audit
make &lt;span class="nb"&gt;install
&lt;/span&gt;make &lt;span class="nb"&gt;link&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Usage
&lt;/h2&gt;



&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight shell"&gt;&lt;code&gt;agentaudit run        &lt;span class="c"&gt;# analyze the latest session&lt;/span&gt;
agentaudit list       &lt;span class="c"&gt;# list available sessions&lt;/span&gt;
agentaudit run &lt;span class="nt"&gt;--all&lt;/span&gt;  &lt;span class="c"&gt;# analyze all sessions&lt;/span&gt;
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Built-in rules cover reading SSH keys or cloud credentials, running destructive commands (&lt;code&gt;rm -rf&lt;/code&gt;, &lt;code&gt;curl | sh&lt;/code&gt;, force-pushes), and making external network requests. Rules can be overridden globally or per project:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight json"&gt;&lt;code&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="nl"&gt;"rules"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"cmd/terraform-apply"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"severity"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"CRITICAL"&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"net/bash-wget"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"disabled"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="kc"&gt;true&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;},&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;{&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"id"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"file/vault-token"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"tool"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="p"&gt;[&lt;/span&gt;&lt;span class="w"&gt;
        &lt;/span&gt;&lt;span class="s2"&gt;"Read"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
        &lt;/span&gt;&lt;span class="s2"&gt;"Edit"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
        &lt;/span&gt;&lt;span class="s2"&gt;"Write"&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="p"&gt;],&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"type"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"glob"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"pattern"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"**/.vault-token"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"severity"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"CRITICAL"&lt;/span&gt;&lt;span class="p"&gt;,&lt;/span&gt;&lt;span class="w"&gt;
      &lt;/span&gt;&lt;span class="nl"&gt;"category"&lt;/span&gt;&lt;span class="p"&gt;:&lt;/span&gt;&lt;span class="w"&gt; &lt;/span&gt;&lt;span class="s2"&gt;"Sensitive file"&lt;/span&gt;&lt;span class="w"&gt;
    &lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
  &lt;/span&gt;&lt;span class="p"&gt;]&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;span class="p"&gt;}&lt;/span&gt;&lt;span class="w"&gt;
&lt;/span&gt;&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  Looking for testers and feedback
&lt;/h2&gt;

&lt;p&gt;If you regularly use AI coding agents, try running it against your sessions and let me know:&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;Testing&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Does it install and run without issues or tweaks?&lt;/li&gt;
&lt;li&gt;Does it accurately surface risky actions from your sessions?&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;&lt;strong&gt;Feedback&lt;/strong&gt;&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;Suggestions on the overall design&lt;/li&gt;
&lt;li&gt;Missing, inaccurate, or overly noisy rules&lt;/li&gt;
&lt;li&gt;Ideas for additional improvements&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;Open an issue or leave a comment: &lt;a href="https://github.com/LaisRast/agent-audit" rel="noopener noreferrer"&gt;https://github.com/LaisRast/agent-audit&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>tooling</category>
      <category>security</category>
      <category>cli</category>
    </item>
  </channel>
</rss>
