agnix
Linter for AI agent configurations. Validates SKILL.md, CLAUDE.md, hooks, MCP, and more.
Why this rank:Strong adoptionRecent releaseHealthy release cadence
Description
Linter for AI agent configurations. Validates SKILL.md, CLAUDE.md, hooks, MCP, and more.
Release History
| Version | Changes | Urgency | Date |
|---|---|---|---|
| v0.30.0 | ### Changed - **Tool baseline**: `codex` bumped `rust-v0.136.0` -> `rust-v0.137.0` (closes #1013). Diffed upstream `codex-rs/core/config.schema.json` and refreshed Codex config allow-lists for new `local_thread_store_compression` / `unified_exec_zsh_fork` feature flags plus per-app `approvals_reviewer`, preventing false positives from `CDX-CFG-011` and `CDX-CFG-006`; `CDX-CFG-024` now accepts `auto_review` and validates app-level reviewer overrides. Added `CDX-PL-015` for non-string `.codex-plu | High | 6/4/2026 |
| v0.29.0 | ### Added - **CC-SK-021: Hardcoded User Directory Path** (closes #832). New MEDIUM/SHOULD `claude-skills` rule flagging hardcoded user-home paths (`/Users/<name>/`, `/home/<name>/`, `C:\Users\<name>\`) in bundled skill content - they leak the author's identity and are non-portable. The `SkillValidator` walks the skill directory and scans the `SKILL.md` body, sibling `.md` bodies (frontmatter skipped), and bundled scripts (`.sh`/`.bash`/`.zsh`/`.fish`/`.py`/`.rb`/`.pl`/`.lua`/`.js`/`.ts`/`.mjs`, | High | 5/30/2026 |
| v0.28.1 | ### Changed - **Codex config allow-list audited against the upstream schema** (closes #969). Audited the Codex top-level allow-list against `codex-rs/core/config.schema.json` (rust-v0.129.0 through rust-v0.134.0-alpha.3); no valid upstream key was missing, so there are no new false positives. - Dropped three keys that appear in no audited schema and are not `[features]` sub-keys: `include_apply_patch_tool` (also removed from the feature-key list), `js_repl_node_path`, and `js_repl_node_module | High | 5/24/2026 |
| v0.27.1 | ### Fixed - **XML-001 false positives inside indented Markdown code blocks** (related to #942). The shared Markdown scanner now skips 4-space and tab-indented code blocks before extracting XML tags, so placeholder syntax such as `<resolved feature dir>` inside indented JSON/YAML examples no longer triggers XML balance diagnostics or safe-fix suggestions. Fenced code blocks and inline code remain skipped as before, and document-level XML is still validated outside code. - **AS-014 false positive | High | 5/18/2026 |
| v0.26.0 | ### Added - **CC-PL-015: Default component folder shadowed by manifest** (closes #905). Claude Code v2.1.140 now warns when default plugin component folders are ignored because `plugin.json` overrides the matching component path. CC-PL-015 mirrors that behavior for `.claude-plugin/plugin.json`: if a root `commands/`, `agents/`, `skills/`, or `hooks/` folder exists and the matching manifest field is set without including `./<component>`, agnix emits a MEDIUM warning. Covered by 6 unit tests for | High | 5/14/2026 |
| v0.25.0 | ### Added - **CC-SET-003: Invalid `worktree.baseRef` value** (closes #883). Claude Code 2.1.133 added the `worktree` nested object with a `baseRef` enum. Allowed values: `"fresh"` (branch from `origin/<default>`, the v2.1.133 default) or `"head"` (branch from local `HEAD`, the pre-v2.1.133 `EnterWorktree` behavior). Any other string value silently falls back to the default with no warning. CC-SET-003 (MEDIUM, WARNING) parses `.claude/settings.json` / `.local.json` / `managed-settings.json`, wal | High | 5/8/2026 |
| v0.24.0 | ### Added - **GM-010: memoryManager without autoMemory after v0.40 split** (#846). Gemini CLI v0.40 (PR google-gemini/gemini-cli#25601) split the combined `experimental.memoryManager` flag. Pre-v0.40 it gated both the Memory Manager subagent and background skill extraction + `/memory inbox`. Post-v0.40 `memoryManager` gates only the subagent; extraction and the inbox move to the new `autoMemory` flag. Users carrying forward only `memoryManager: true` lose the inbox silently. GM-010 (MEDIUM) war | High | 4/30/2026 |
| v0.23.0 | ### Added - **MCP-025: non-boolean `alwaysLoad` in MCP server config** (#836). Claude Code 2.1.121 introduced an `alwaysLoad: boolean` field on MCP server entries - when `true`, every tool from that server skips tool-search deferral and is always available. A typo like `"alwaysLoad": "true"` (quoted string) is a silent footgun: Claude Code treats it as truthy in some code paths and ignores it in others, so the user's intent silently fails. MCP-025 (MEDIUM) flags non-boolean values before they r | High | 4/28/2026 |
| v0.19.0 | ### Added - **Output-style validator (CC-OS-001..006)** - new validator for `.claude/output-styles/*.md` files, surfaced during the Claude Code v2.1.117 triage (#745). The output-style frontmatter spec was added in v2.1.94 with the `keep-coding-instructions` field. New rules: CC-OS-001 missing description (LOW), CC-OS-002 invalid `keep-coding-instructions` type (HIGH), CC-OS-003 unknown frontmatter key (MEDIUM), CC-OS-004 empty body (MEDIUM), CC-OS-005 name exceeds 64 chars (LOW), CC-OS-006 inv | High | 4/23/2026 |
| 0.17.0 | Imported from npm (0.17.0) | Low | 4/21/2026 |
| v0.18.0 | ### Added - **Codex CLI plugin manifest validation** (CDX-PL-001 to CDX-PL-014) - 14 new rules for `.codex-plugin/plugin.json` manifests introduced in Codex CLI v0.117.0, covering manifest location, name validation, component paths, defaultPrompt constraints, interface URLs, asset paths, and unsupported fields - **New FileType::CodexPlugin** variant with case-insensitive parent directory detection | Medium | 4/1/2026 |
| v0.18.0 | ### Added - **Codex CLI plugin manifest validation** (CDX-PL-001 to CDX-PL-014) - 14 new rules for `.codex-plugin/plugin.json` manifests introduced in Codex CLI v0.117.0, covering manifest location, name validation, component paths, defaultPrompt constraints, interface URLs, asset paths, and unsupported fields - **New FileType::CodexPlugin** variant with case-insensitive parent directory detection | Medium | 4/1/2026 |
| v0.17.0 | ### Added - **44 new validation rules** from March 2026 monthly spec drift review covering Claude Code hooks (CC-HK-020..025), skills (CC-SK-018..020), agents (CC-AG-014..017,019), plugins (CC-PL-011..014), memory (CC-MEM-014), Codex CLI (CDX-CFG-023..027), Cursor (CUR-017..019), Cline workflows/hooks/skills (CLN-005,006,009, CL-SK-002,003), Copilot CLI plugins/skills (COP-019..027), and OpenCode (OC-CFG-013, OC-AG-009, OC-DEP-005,006) - **HTTP hook type support** for Claude Code hooks (`type: | Medium | 3/28/2026 |
| v0.16.6 | Release v0.16.6 | Medium | 3/28/2026 |
| v0.16.5 | Release v0.16.5 | Medium | 3/23/2026 |
| v0.16.2 | ### Fixed - **XML-001 false positives on Rust type references**: Wrap Rust type references in backticks to prevent XML tag misdetection (#646). - **Self-validation build**: Use build-from-source for self-validation in CI to ensure agnix validates itself correctly (#646). ### Changed - **CI self-validation**: Added self-validation step to the CI pipeline so agnix lints its own agent configuration files on every PR/push (#646). | Low | 3/15/2026 |
| v0.16.1 | ### Changed - **MCP server compatibility**: Updated rmcp dependency from 0.16.0 to 1.1.0 and adapted code for non-exhaustive struct construction using `Default::default()` pattern (#636). | Low | 3/7/2026 |
| v0.16.0 | ### Added - **Kiro and Codex S-tier alignment (38 new rules)**: Added 22 Kiro rules: `KIRO-010` through `KIRO-014` (missing inclusion mode, steering doc length, duplicate names, conflicting inclusion modes, markdown structure issues), `KR-AG-008` through `KR-AG-013` (agent missing name, agent missing prompt, duplicate tool entries, empty tools array, `toolAliases` references unknown tool, secrets in agent prompt), `KR-HK-007` through `KR-HK-010` (hook timeout out of range, duplicate event handl | Low | 3/6/2026 |
| v0.15.0 | ### Added - **OpenCode validation rules**: Added validation rules for OpenCode configuration (#601). - **Kiro target support**: Added `Kiro` to `TargetTool` and CLI `--target kiro` handling across CLI, core config, MCP, and LSP target parsing. - **Kiro config validation parity**: `.agnix.toml` validation now accepts `tools = ["kiro"]` and Kiro-specific disabled rule prefixes (`KIRO-*`, `KR-SK-*`). - **README supported tools update**: Added a Kiro row to the Supported Tools table with current ru | Low | 3/3/2026 |
| v0.14.0 | ### Added - **`.clinerules/*.txt` file support**: agnix now detects and validates `.clinerules/*.txt` files as `ClineRulesFolder` file type. Rules CLN-001 through CLN-004 now apply to `.txt` files in addition to `.md` files, matching Cline's actual behavior. - **CDX-006 rule**: Validates `project_doc_fallback_filenames` semantics in Codex CLI configuration (#569). ### Fixed - **OC-004 config key allowlist expanded**: Added 9 missing top-level keys (`autoshare`, `enterprise`, `layout`, `logLeve | Low | 2/27/2026 |
| v0.13.0 | ### Added - **XP-008 rule**: New MEDIUM-severity cross-platform rule that warns when CLAUDE.md contains Claude-specific directives (context:fork, agent fields, allowed-tools, hooks, @import) outside a guarded `## Claude Code` section, helping users targeting Cursor avoid silently-ignored configuration | Low | 2/21/2026 |
| v0.12.4 | ### Security - **Fix minimatch ReDoS vulnerability**: Added npm `overrides` in `website/package.json` to force `minimatch@^10.2.1`, resolving Dependabot alert #75 (ReDoS via repeated wildcards in `serve-handler`'s transitive `minimatch@3.1.2` dependency) - **Update wasm-bindgen**: Bumped `wasm-bindgen` from 0.2.109 (yanked) to 0.2.110 along with related crates (`js-sys`, `web-sys`, `wasm-bindgen-test`, etc.) ### Performance - **WASM conversion optimization**: Refactored `WasmDiagnostic::from_d | Low | 2/21/2026 |
| v0.12.3 | Release v0.12.3 | Low | 2/21/2026 |
| v0.12.2 | Release v0.12.2 | Low | 2/15/2026 |
| v0.12.1 | Release v0.12.1 | Low | 2/15/2026 |
| v0.12.0 | Release v0.12.0 | Low | 2/15/2026 |
| v0.11.1 | ### Fixed - **CI**: Release workflow now explicitly builds binary crates (`-p agnix-cli -p agnix-lsp -p agnix-mcp`) to prevent cache-related build skips - **CI**: Release version check now reads from `[workspace.package]` instead of root `[package]` section | Low | 2/11/2026 |
| v0.11.0 | ### Added - **Builder pattern for LintConfig**: `LintConfig::builder()` with validation on `build()`. All serializable fields are now private with getter/setter methods. `ConfigError` enum for build-time validation failures. Runtime state (`root_dir`, `import_cache`) moved into `RuntimeContext` - **RUSTSEC advisory tracking** - Documented process for reviewing ignored security advisories with `docs/RUSTSEC-ADVISORIES.md` tracking document, monthly review checklist in `MONTHLY-REVIEW.md`, and pr | Low | 2/11/2026 |
| v0.10.4 | Release v0.10.4 | Low | 2/9/2026 |
| v0.10.3 | Release v0.10.3 | Low | 2/9/2026 |
| v0.10.2 | ### Fixed - VS Code extension version was out of sync with release binaries, causing download failures for agnix-lsp | Low | 2/8/2026 |
| v0.10.1 | ### Added - **Per-client skill validation** - 10 new rules detect when SKILL.md files in client-specific directories use unsupported frontmatter fields: CR-SK-001 (Cursor), CL-SK-001 (Cline), CP-SK-001 (Copilot), CX-SK-001 (Codex), OC-SK-001 (OpenCode), WS-SK-001 (Windsurf), KR-SK-001 (Kiro), AMP-SK-001 (Amp), RC-SK-001 (Roo Code), XP-SK-001 (cross-platform portability) ### Fixed - Markdown structure validation now skips headers inside fenced code blocks - Flaky telemetry env-dependent tests s | Low | 2/7/2026 |
| v0.10.0 | ### Performance - **Auto-fix span finding** - Replaced 8 dynamic `Regex::new()` calls with byte-level scanning in auto-fix helpers, eliminating regex compilation overhead entirely (closes #325) ### Added - **Website automation** - `generate-docs-rules.py` now generates `website/src/data/siteData.json` with dynamic stats (rule count, category count, autofix count, tool list); landing page and JSON-LD import generated data instead of hardcoding; `release.yml` `version-docs` job auto-cuts version | Low | 2/7/2026 |
| v0.9.3 | Release v0.9.3 | Low | 2/6/2026 |
| v0.9.2 | Release v0.9.2 | Low | 2/6/2026 |
| v0.9.1 | ### Fixed - CC-MEM-006: Detect positive alternatives after negatives ("NEVER X - always Y" no longer false positive) - PE-004: Skip ambiguous terms inside parentheses (descriptive text no longer flagged) - CC-AG-007: Humanize YAML parse errors ("expected a YAML list" instead of "expected a sequence") - MCP-002: Suggest `parameters` -> `inputSchema` when field exists under wrong name - VS Code marketplace image now bundled in extension package - Exclude DEVELOPER.md and 11 other developer-focuse | Low | 2/6/2026 |
| v0.9.0 | ### Changed - Validated against 1,200+ real-world repositories with 71 rules triggered - Exclude non-agent markdown files (README.md, docs/, wiki/) from validation - Restrict REF-002 broken link detection to agent config files only - Skip HTML5 void elements and markdown-safe elements in XML balance checking - Resolve @imports relative to project root when file-relative fails - Apply prompt quality rules (CC-MEM-005/006, PE-*) to Cursor rule files - Detect .cursorrules.md as Cursor rules varian | Low | 2/6/2026 |
| v0.8.1 | ### Added - Authoring metadata and completion system (`authoring` module) with context-aware suggestions and hover docs for all config file types - LSP completion provider with intelligent key/value/snippet suggestions - Auto-fix support across validators: skills (AS-005, AS-006, CC-SK-001, CC-SK-003, CC-SK-005), agents (CC-AG-003, CC-AG-004), hooks (CC-HK-011), plugins (CC-PL-005), MCP (MCP-001) - Safety tagging for all auto-fixes (safe vs unsafe) ### Changed - LSP hover provider simplified b | Low | 2/6/2026 |
| v0.8.0 | ### Added - Real-world validation harness (`scripts/real-world-validate.py`) with 121 curated repos (`tests/real-world/repos.yaml`) (#184) - XP-001: detect `@import` syntax in AGENTS.md files (Claude Code specific) - XP-003: detect OS-specific absolute paths (`/Users/`, `/home/`, `~/Library/`, `~/.config/`) - CC-MEM-005: detect role-play preambles and generic programming principles ### Changed - Exclude non-agent markdown files from validation (README.md, CONTRIBUTING.md, docs/, wiki/, etc.) t | Low | 2/6/2026 |
| v0.7.2 | ### Fixed - npm package wrapper script now preserved during binary installation - Fixes "command not found" error when running `agnix` from npm install - Postinstall script backs up and restores wrapper script | Low | 2/5/2026 |
| v0.7.1 | ### Fixed - VS Code extension LSP installation - now downloads LSP-specific archives (`agnix-lsp-*.tar.gz`) - Fixes "chmod: No such file or directory" error on macOS ARM64 and Linux ARM64 - Added binary existence check before chmod for better error messages - CC-MEM-006 rule now correctly recognizes positive alternatives before negatives - Pattern "DO X, don't do Y" now accepted (previously incorrectly flagged) - Example: "Fetch web resources fresh, don't rely on cached data" â ### Cha | Low | 2/5/2026 |
| v0.7.0 | Release v0.7.0 | Low | 2/5/2026 |
| v0.6.0 | Release v0.6.0 | Low | 2/5/2026 |
| v0.5.0 | Release v0.5.0 | Low | 2/5/2026 |
| v0.4.1 | Release v0.4.1 | Low | 2/5/2026 |
| v0.4.0 | Release v0.4.0 | Low | 2/5/2026 |
| v0.3.0 | ### Added - Comprehensive config file tests (30+ new tests) - Performance benchmarks for validation pipeline - Support for partial config files (only specify fields you need) ### Fixed - Config now allows partial files - users can specify only `disabled_rules` without all other fields - Windows path false positives - regex patterns (`\n`, `\s`, `\d`) no longer flagged as Windows paths - Comma-separated tool parsing - both `Read, Grep` and `Read Write` formats now work - Git ref depth check - ` | Low | 2/5/2026 |
| v0.2.0 | ### Added - crates.io publishing support (#20) - New `agnix-rules` crate for independent rule updates without CLI republish - LICENSE-MIT and LICENSE-APACHE files for dual licensing - Crate-level READMEs for crates.io pages - Automatic crates.io publish on release tags via CI workflow - Parity test ensures rules.json stays in sync between knowledge-base and crate - Input validation in build.rs for secure code generation - Language Server Protocol (LSP) implementation for real-time e | Low | 2/5/2026 |
| v0.1.0 | Release v0.1.0 | Low | 2/4/2026 |
Dependencies & License Audit
Loading dependencies...
Similar Packages
@claude-flow/cliRuflo CLI - Enterprise AI agent orchestration with 60+ specialized agents, swarm coordination, MCP server, self-learning hooks, and vector memory for Claude Codev3.10.31
mofloMoFlo â AI agent orchestration for Claude Code. Forked from ruflo/claude-flow with patches applied to source, plus feature-level orchestration.main@2026-05-28
automagik-genieSelf-evolving AI agent orchestration framework with Model Context Protocol supportv4.260522.20
council-mcpThree-tier AI agent MCP orchestration system: Chancellor (Opus), Executor (Sonnet), Aide (Haiku)v0.8.0
@senso-ai/shipablesCLI for installing, managing, and publishing AI agent skills from the Shipables registry0.1.2
More in MCP Servers
AstrBotAgentic IM Chatbot infrastructure that integrates lots of IM platforms, LLMs, plugins and AI feature, and can be your openclaw alternative. â¨
agentscopeBuild and run agents you can see, understand and trust.
claude-plugins-officialOfficial, Anthropic-managed directory of high quality Claude Code Plugins.
langchain4jLangChain4j is an open-source Java library that simplifies the integration of LLMs into Java applications through a unified API, providing access to popular LLMs and vector databases. It makes impleme