# AgentLint

> Lint your repo for AI agent compatibility.

- **URL**: https://www.freshcrate.ai/projects/AgentLint
- **Author**: 0xmariowu
- **Category**: Testing
- **Latest version**: `v1.1.13` (2026-04-26)
- **License**: MIT
- **Source**: https://github.com/0xmariowu/AgentLint
- **Homepage**: https://agentlint.app
- **Language**: Shell
- **GitHub**: 18 stars
- **Registry**: github
- **Tags**: `agentic`, `agents-md`, `ai-agent`, `ai-friendly`, `ai-tools`, `anthropic`, `claude-code`, `claude-code-plugin`, `javascript`

## Description

Lint your repo for AI agent compatibility.

## Recent releases

| Version | Date | Urgency | Changes |
| --- | --- | --- | --- |
| `v1.1.13` | 2026-04-26 | High | Hotfix: revert v1.1.12 F003 (the branch-protection.yml realignment that re-added `CodeQL` + `check-test-pairing`). The v1.1.12 release.yml run timed out at attempt 20/20 with `Still missing: CodeQL check-test-pairing`, confirming the rationale for re-adding them was wrong.  **Key insight (worth reading)**: - `CodeQL` is a **workflow** name. The check-runs API returns **job** names. The CodeQL workflow's only job is `analyze` — that's what lands as a check-run on every commit. Listing `CodeQL` in |
| `v0.8.6` | 2026-04-23 | High | ### New checks (4)  - **W7** You can now see when `CLAUDE.md` is missing a documented local fast test command — AI agents need a single runnable command (e.g. `pytest tests/unit/` or `npm test`) to verify before pushing. - **W8** You can now detect Node.js projects where `package.json` has no `scripts.test` entry — `npm test` silently fails with "missing script" when agents try to run it. - **H7** You can now detect gate workflows (`test-required`, `*-check`, etc.) that always `exit 0` — warn-on |
| `v0.8.5` | 2026-04-18 | High | ### Infrastructure  - **`scripts/sanitize.sh`** — new read-only pre-release PII audit. Eight checks cover author emails (git log), personal paths (tracked files + commit messages + recent history), Tailscale and mDNS machine hostnames, and optional `.internal-codenames` enforcement across files / commits / branches. Scans tracked-only so untracked test artifacts don't create noise. Mirrors the placeholder filter from `.husky/pre-commit` so documentation examples don't trip it. - **Commit-message |
| `v0.8.4` | 2026-04-18 | High | ### Fixed  - **`docs/ship-boundary.md`** no longer references artifacts that don't exist in this repo. The v0.8.3 import from VibeKit left behind pointers to `standards/ship-boundary.json`, `.ship-boundary-deny.local`, `bootstrap.sh`, `tests/e2b/`, `configs/**`, `hooks/**`, and rule IDs like `SB-L-01` / `SB-N-05`. SHIP / LOCAL / NEVER examples now match agent-lint's actual layout, and a new "How this is enforced today" section points to the real enforcement surface (`.husky/pre-commit`, `hygiene |
| `v0.8.3` | 2026-04-18 | High | ### Infrastructure  - **Public Repo Hygiene workflow.** New `hygiene.yml` enforces codename, personal-path, and container-image-pin checks on every PR — complementing the existing `author-email.yml` commit-identity gate. - **Workflow Sanity workflow.** New `workflow-sanity.yml` runs actionlint (with shellcheck) plus no-tabs and no-conflict-marker checks whenever `.github/workflows/**` changes. - **CodeQL analysis.** New `codeql.yml` runs `javascript-typescript` scans on every PR, push to `main`, |
| `v0.8.2` | 2026-04-16 | High | ### Security  - **Symlink attack protection across scanner, fixer, and analyzers.** A malicious repository could place a symlinked `CLAUDE.md` (or `AGENTS.md`, `.cursorrules`, `.cursor/rules/*.mdc`) pointing to sensitive host files like `~/.ssh/id_rsa` or `/etc/passwd`. Running scanner, fixer, deep-analyzer, or session-analyzer on such a repo would read, leak (to LLM prompts or output), or overwrite the symlink target. All entry-file resolution now uses `lstat`-based checks that reject symlinks. |
| `v0.8.1` | 2026-04-16 | High | ### Fixed  - **S7 personal paths check no longer silently fails on git < 2.40.** The `:!__tests__/*` pathspec exclusion triggered `fatal: Unimplemented pathspec magic '_'` on git 2.39 (Debian 12 default). The error was swallowed by `\|\| true`, causing the check to always report "no personal paths" — even when files contained `/Users/` or `/home/` paths. Fix moves the exclusion from git pathspec to a grep pipe filter. - **I1 emphasis keywords are no longer counted inside code blocks.** `IMPORTANT` |
| `v0.8.0` | 2026-04-16 | High | ### Added  - **You can now get AgentLint findings in GitHub's Security tab and as inline PR annotations.** Enable with `sarif-upload: 'true'` in your workflow. Findings appear alongside CodeQL and Dependabot alerts — persistent, trackable, and integrated with your existing security notification workflow. SARIF upload requires Code scanning enabled (free for public repos, GHAS for private). - **Inline PR annotations now appear on every run** — even without SARIF/Code scanning. AgentLint emits |
| `v0.7.1` | 2026-04-16 | High | ### Added  - **You can now install AgentLint on Windows** from inside Git Bash or WSL (#82). `npm install -g @0xmariowu/agent-lint` previously rejected Windows with `EBADPLATFORM` before the installer could even run; that block is gone. - **Clear guidance when bash is missing on Windows.** Running the installer from `cmd.exe` or PowerShell now exits with a message pointing to Git for Windows or WSL instead of a cryptic shell error.  ### Fixed  - Postinstall detects `claude` cross-platform (`wher |
| `v0.7.0` | 2026-04-15 | High | Audit-driven minor release. Dimension count grows from 6 to 8, check count from 42 to 49 — your repo score will shift, because the scanner is now finally counting checks it had been silently dropping.  ### Added — two new dimensions, seven new checks  `deep-analyzer` and `session-analyzer` were already emitting `D1`-`D3` and `SS1`-`SS4` results, but `weights.json` had no dimension entry for either prefix, so `scorer.js` silently dropped every contribution. The audit caught this and the dimension |

## Dependency audit

- **Score**: 100/100
- **Total deps**: 0
- **Resolved**: 0
- **Unresolved**: 0
- **License conflicts**: 0
- **Warnings**: 0
- **Scanned**: 2026-04-27

## Citation

- HTML: https://www.freshcrate.ai/projects/AgentLint
- Markdown: https://www.freshcrate.ai/projects/AgentLint.md
- Dependencies JSON: https://www.freshcrate.ai/api/projects/AgentLint/deps

_Generated by freshcrate.ai. Indexes github releases for AI-agent ecosystem packages._