Audit the architecture and health of any AI agent system or LLM-integrated project
Project description
agchk
Audit the architecture and health of any AI agent system or LLM-integrated project.
The base model rarely fails. The wrapper architecture corrupts good answers into bad behavior.
pip install agchk
agchk /path/to/your/agent/project
What It Does
agchk scans any Python/TypeScript/JavaScript codebase for 7 categories of agent architecture failures:
| # | Scanner | Severity | What It Catches |
|---|---|---|---|
| 1 | Hardcoded Secrets | critical | API keys, tokens, credentials in source code |
| 2 | Tool Enforcement Gap | high | "Must use tool X" in prompt but no code validation |
| 3 | Hidden LLM Calls | high | Secret second-pass LLM calls in fallback/repair loops |
| 4 | Unrestricted Code Execution | critical | exec(), eval(), subprocess(shell=True) without sandbox |
| 5 | Memory Pattern Issues | medium | Unbounded context growth, missing TTL, no retention policy |
| 6 | Output Pipeline Mutation | medium | Response transformation corrupting correct answers |
| 7 | Missing Observability | medium | No tracing, logging, or cost tracking |
Quick Start
# Install
pip install agchk
# Audit any agent project
agchk /path/to/your/langchain/project
# Generate human-readable report
agchk --report audit_results.json
Python API
from agchk import run_audit, generate_report
# Run full audit
results = run_audit("/path/to/your/agent/project")
# Generate markdown report
markdown = generate_report(results)
# Save to file
generate_report(results, output_file="audit_report.md")
# Validate results against JSON schema
from agchk.schema import validate_report
errors = validate_report(results)
Programmatic Scanner Access
from agchk.scanners import scan_secrets, scan_code_execution
from pathlib import Path
findings = scan_secrets(Path("/path/to/project"))
for f in findings:
print(f"[{f['severity'].upper()}] {f['title']} at {f['evidence_refs']}")
Example Output
๐ Agent Architecture Audit
Target: /Users/me/projects/my-agent
Started: 2026-04-24 14:32:01
Scanning: Hardcoded Secrets...
Scanning: Tool Enforcement Gap...
Scanning: Hidden LLM Calls...
Scanning: Unrestricted Code Execution...
Scanning: Memory Pattern Issues...
Scanning: Output Pipeline Mutation...
Scanning: Missing Observability...
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ
Audit complete. Found 5 issues in 0.3s:
CRITICAL: 1
HIGH: 2
MEDIUM: 2
LOW: 0
Overall: critical_risk
๐ Results: audit_results.json
๐ Report: audit_report.md
The 12-Layer Stack
Every agent system has these layers. agchk audits all of them:
| # | Layer | What Goes Wrong |
|---|---|---|
| 1 | System prompt | Conflicting instructions, instruction bloat |
| 2 | Session history | Stale context from previous turns |
| 3 | Long-term memory | Pollution across sessions |
| 4 | Distillation | Compressed artifacts re-entering as pseudo-facts |
| 5 | Active recall | Redundant re-summary layers wasting context |
| 6 | Tool selection | Wrong tool routing, model skips required tools |
| 7 | Tool execution | Hallucinated execution โ claims to call but doesn't |
| 8 | Tool interpretation | Misread or ignored tool output |
| 9 | Answer shaping | Format corruption in final response |
| 10 | Platform rendering | UI/API/CLI mutates valid answers |
| 11 | Hidden repair loops | Silent fallback/retry agents running second LLM pass |
| 12 | Persistence | Expired state or cached artifacts reused as live evidence |
Fix Strategy
Default fix order (code-first, not prompt-first):
- Code-gate tool requirements โ enforce in code, not just prompt text
- Remove or narrow hidden repair agents โ make fallback explicit with contracts
- Reduce context duplication โ same info through prompt + history + memory + distillation
- Tighten memory admission โ user corrections > agent assertions
- Tighten distillation triggers โ don't compress what shouldn't be compressed
- Reduce rendering mutation โ pass-through, don't transform
- Convert to typed JSON envelopes โ structured internal flow, not freeform prose
Anti-Patterns to Avoid
- โ Saying "the model is weak" without falsifying the wrapper first
- โ Saying "memory is bad" without showing the contamination path
- โ Letting a clean current state erase a dirty historical incident
- โ Treating markdown prose as a trustworthy internal protocol
- โ Accepting "must use tool" in prompt text when code never enforces it
License
Apache-2.0
Related
- Full production skill: oh-my-agent-check
- Integrated into: Langflow, GenericAgent, superpowers, Everything Claude Code, OpenCode, Anthropic Skills
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
agchk-0.1.1.tar.gz
(16.4 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
agchk-0.1.1-py3-none-any.whl
(20.6 kB
view details)
File details
Details for the file agchk-0.1.1.tar.gz.
File metadata
- Download URL: agchk-0.1.1.tar.gz
- Upload date:
- Size: 16.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ada1b0ba3283585c22c2c28a21ae4e7412c1ccaf9c0ec5b38862773766524a69
|
|
| MD5 |
d218e894ad64d5c755e63b1a32349d3e
|
|
| BLAKE2b-256 |
547640907e68c2bac82aa33e5b98f3f609cc1b6646fcd1154a97abdb1e0cdb0f
|
File details
Details for the file agchk-0.1.1-py3-none-any.whl.
File metadata
- Download URL: agchk-0.1.1-py3-none-any.whl
- Upload date:
- Size: 20.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
cde3d5cac4926e3efda08308d10c20679269f17f9b3324e01e18a454f299fe9b
|
|
| MD5 |
39f0483e6e274c1182ace7884120ebe6
|
|
| BLAKE2b-256 |
32518e89ebbafdc7450e59c6a268ad2488504a9c803a00467114958ccda89173
|
