AI coding agents can read files, edit code, execute shell commands, and make network requests. After a session finishes, it's often difficult to answer a simple question:
What exactly happened, and was any of it risky?
I built AgentAudit to explore this problem. It is an early prototype.
AgentAudit performs static analysis of AI coding agent sessions by matching rules against the tool calls made during a session. It is fully deterministic (no AI inference), offline, and fast.
Currently supports Claude Code, with additional adapters planned.
Install
git clone git@github.com:LaisRast/agent-audit.git
cd agent-audit
make install
make link
Usage
agentaudit run # analyze the latest session
agentaudit list # list available sessions
agentaudit run --all # analyze all sessions
Built-in rules cover reading SSH keys or cloud credentials, running destructive commands (rm -rf, curl | sh, force-pushes), and making external network requests. Rules can be overridden globally or per project:
{
"rules": [
{
"id": "cmd/terraform-apply",
"severity": "CRITICAL"
},
{
"id": "net/bash-wget",
"disabled": true
},
{
"id": "file/vault-token",
"tool": [
"Read",
"Edit",
"Write"
],
"type": "glob",
"pattern": "**/.vault-token",
"severity": "CRITICAL",
"category": "Sensitive file"
}
]
}
Looking for testers and feedback
If you regularly use AI coding agents, try running it against your sessions and let me know:
Testing
- Does it install and run without issues or tweaks?
- Does it accurately surface risky actions from your sessions?
Feedback
- Suggestions on the overall design
- Missing, inaccurate, or overly noisy rules
- Ideas for additional improvements
Open an issue or leave a comment: https://github.com/LaisRast/agent-audit
Top comments (0)