DEV Community

Laith Rastanawi
Laith Rastanawi

Posted on

AgentAudit: Static security analysis for AI coding agent sessions

AI coding agents can read files, edit code, execute shell commands, and make network requests. After a session finishes, it's often difficult to answer a simple question:

What exactly happened, and was any of it risky?

I built AgentAudit to explore this problem. It is an early prototype.

AgentAudit performs static analysis of AI coding agent sessions by matching rules against the tool calls made during a session. It is fully deterministic (no AI inference), offline, and fast.

Currently supports Claude Code, with additional adapters planned.

Install

git clone git@github.com:LaisRast/agent-audit.git
cd agent-audit
make install
make link
Enter fullscreen mode Exit fullscreen mode

Usage

agentaudit run        # analyze the latest session
agentaudit list       # list available sessions
agentaudit run --all  # analyze all sessions
Enter fullscreen mode Exit fullscreen mode

Built-in rules cover reading SSH keys or cloud credentials, running destructive commands (rm -rf, curl | sh, force-pushes), and making external network requests. Rules can be overridden globally or per project:

{
  "rules": [
    {
      "id": "cmd/terraform-apply",
      "severity": "CRITICAL"
    },
    {
      "id": "net/bash-wget",
      "disabled": true
    },
    {
      "id": "file/vault-token",
      "tool": [
        "Read",
        "Edit",
        "Write"
      ],
      "type": "glob",
      "pattern": "**/.vault-token",
      "severity": "CRITICAL",
      "category": "Sensitive file"
    }
  ]
}
Enter fullscreen mode Exit fullscreen mode

Looking for testers and feedback

If you regularly use AI coding agents, try running it against your sessions and let me know:

Testing

  • Does it install and run without issues or tweaks?
  • Does it accurately surface risky actions from your sessions?

Feedback

  • Suggestions on the overall design
  • Missing, inaccurate, or overly noisy rules
  • Ideas for additional improvements

Open an issue or leave a comment: https://github.com/LaisRast/agent-audit

Top comments (0)