CI/CD verification pipeline for AI agent outputs — fact check, schema validation, diff verification
Project description
agent-ci-verify
CI/CD verification pipeline for AI agent outputs.
Don't trust your agent's output — verify it.
Why agent-ci-verify?
AI agents are entering production, but no one can answer "can I trust this output?"
Existing tools are all "eval libraries" — you import them and write tests yourself. That's self-review, not independent verification.
agent-ci-verify is your agent's CI/CD pipeline — plug it in, and every agent output goes through an independent verification layer before it reaches your users.
Quick Start
pip install agent-ci-verify
agent-ci ./agent-output/
agent-ci v0.1.0
Output dir: ./agent-output/
Checkers: schema, fact, diff
📋 Schema Checker
┏━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ ✅ │ json_valid │ ┃
┃ ✅ │ yaml_valid │ ┃
┃ ✅ │ security_scan │ No secrets detected ┃
┗━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
🔍 Fact Checker
┏━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ ✅ │ fact:file_count │ 1 files for '*.json' ┃
┃ ✅ │ fact:content_contains│ 'success' found in result.json ┃
┗━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
╭────────────────────────────────── Verdict ────────────────────────────────╮
│ ✅ PASS │
╰───────────────────────────────────────────────────────────────────────────╯
Three Verification Layers
| Layer | What it checks | Example |
|---|---|---|
| Schema | Format, structure, security | Valid JSON? API key leaked? Required files present? |
| Fact | File existence, API reconciliation, LLM judging | Agent claimed result.json exists — does it? API returned 200? |
| Diff | Regression detection, semantic drift | Output changed vs baseline? Similarity below threshold? |
Configuration
Drop .agent-ci.yaml in your agent project root:
pipeline:
enabled_checkers: [schema, fact, diff]
fail_fast: false
schema:
security:
enabled: true
required_files:
- "output/result.json"
json_schemas:
schemas/output.schema.json: "output/**/*.json"
fact:
files:
- pattern: "output/**/*.json"
expected_count: 1
min_size_bytes: 10
content_checks:
- type: contains
value: "success"
- type: not_contains
value: "error"
api:
- endpoint: "https://api.example.com/health"
expected_status: 200
llm_judge:
- file: "output/answer.md"
rubric: "Is the answer factually correct?"
model: "gpt-4o-mini"
diff:
baseline: "./baseline-output/"
semantic_threshold: 0.7
max_changed_files: 5
Security Scanning
Built-in patterns detect:
- AWS Access Keys (
AKIA...) - GitHub Tokens (
ghp_...) - OpenAI API Keys (
sk-proj-...) - JWT Tokens
- Private Keys (RSA, EC, DSA, OpenSSH)
- Password/Secret assignments
CI Integration
# JSON output for programmatic parsing
agent-ci --json ./output/ | jq .verdict
# "PASS"
# .github/workflows/agent-check.yml
- name: Verify agent output
run: |
pip install agent-ci-verify
agent-ci --json ./output/ | tee result.json
Audit Reports & History
# Generate a self-contained HTML audit report
agent-ci --report ./output/
# ✅ Report saved: ./output/agent-ci-report-20260507-120000.html
# View verification history
agent-ci --history
# 📋 Verification History (42 runs)
# PASS 20260507-120000 5✅ 0⚠️ 0❌ → ./output/prod/
# REJECT 20260507-115500 2✅ 1⚠️ 2❌ → ./output/staging/
Reports are self-contained HTML with dark theme, suitable for auditors and compliance.
Plugins
Write custom checkers in any .py file:
from agent_ci.checkers import BaseChecker
from agent_ci.types import CheckResult, CheckerReport, Severity
class SizeChecker(BaseChecker):
name = "size"
async def verify(self, output_dir):
report = CheckerReport(checker_name=self.name)
total = sum(f.stat().st_size for f in output_dir.rglob("*") if f.is_file())
limit = self.config.get("size", {}).get("max_bytes", 10_000_000)
severity = Severity.FAIL if total > limit else Severity.PASS
report.checks.append(CheckResult(
checker=self.name, check_name="size_limit",
severity=severity,
message=f"Output size: {total:,} bytes (limit: {limit:,})",
))
return report
Configure in .agent-ci.yaml:
plugins:
paths:
- ./checks/
pipeline:
enabled_checkers: [schema, fact, size]
parallel: true # Run all checkers concurrently
size:
max_bytes: 5000000
Development
git clone https://github.com/Lewis-404/agent-ci-verify.git
cd agent-ci-verify
python -m venv .venv
source .venv/bin/activate
pip install -e ".[dev]"
pytest tests/ -v
License
MIT — see LICENSE
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agent_ci_verify-0.5.0.tar.gz.
File metadata
- Download URL: agent_ci_verify-0.5.0.tar.gz
- Upload date:
- Size: 25.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0eb3acb99b026e7589035ebc05db2afbd1df1290c0289e6cbd1440b9a7e73d82
|
|
| MD5 |
7d8df0fb59fe9afacb9d2e75aeb9c48b
|
|
| BLAKE2b-256 |
c56380edc9d5462737c1f92c703c00109aaa867898066c80c0f78c4b88efa787
|
File details
Details for the file agent_ci_verify-0.5.0-py3-none-any.whl.
File metadata
- Download URL: agent_ci_verify-0.5.0-py3-none-any.whl
- Upload date:
- Size: 24.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.15
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
274321e15154ca97ea9edf9b4fbe03951b6b2c862e9a550799d0746005fc3646
|
|
| MD5 |
63b685ee0e94b9c87a43d97e4e26a1ad
|
|
| BLAKE2b-256 |
d3282cee4359958098cc1b191ea56b32333fab09580e43920fbe684da21ae8cc
|
