Skip to main content

AgentGuard — AI Code Security Scanner + Auto-Fixer

Project description

AgentGuard

The first productized security tool powered by GLM-5.2.

Scan → GLM-5.2 verifies → GLM-5.2 fixes → self-validates. One command.

PyPI License: MIT Python 3.10+ Powered by GLM-5.2


Why AgentGuard

SAST tools flood you with false positives and leave you to fix everything by hand. AgentGuard is different:

Rules find suspects. GLM-5.2 confirms, fixes, and verifies.

Bandit Semgrep AgentGuard
Python rules 100+ Multi-lang 36 + Bandit 100+
JavaScript/TS - Multi-lang 14 rules
FP filtering - - GLM-5.2 review
Auto-fix - - GLM-5.2 AI fix (bring your own API key)
Self-validation - - Re-scan after fix
Pricing Free Free/$40 Free + Pro $29/mo

GLM-5.2 Security Benchmark

Model F1 Score Cost per finding
Claude Code 32-37% ~$1.02
GLM-5.2 39% $0.17

GLM-5.2 outperforms Claude Code in security vulnerability detection at 1/6 the cost. AgentGuard is the first tool to productize this capability.


Quick Start

# Install
pip install agentguardp

# Scan a project (Python + JavaScript)
agentguard scan ./my-project

# Full pipeline: scan → GLM-5.2 verify → fix → validate
agentguard pipeline ./src --mode dry-run

# JSON output for CI/CD
agentguard scan ./src --format json -o report.json

# SARIF for GitHub Code Scanning
agentguard scan ./src --format sarif -o report.sarif

14-day Pro trial included. Full GLM-5.2 AI fix (bring your own API key) activates automatically.


Live Demo

$ agentguard pipeline ./vulnerable.py --mode dry-run

[1/4] Scanning...
      Engine: AgentGuard 36 rules + GLM-5.2
      6 findings (4 critical, 1 high, 1 medium)

[2/4] GLM-5.2 reviewing 6 findings...
      CONFIRMED: 6  REJECTED: 0  ERR: 0

[3/4] Fixing 6 findings (mode=dry-run)...
      Fixed: 4  Manual: 2  Files: 1

--- a/vulnerable.py
+++ b/vulnerable.py
@@ -9,7 +9,7 @@
 def run_user_command(user_input):
-    os.system(user_input)
+    subprocess.run(["echo", user_input], check=True)

@@ -15,7 +15,7 @@
 def get_user(username):
-    query = "SELECT * FROM users WHERE name = '" + username + "'"
+    query = "SELECT * FROM users WHERE name = ?"
  cursor.execute(query, (username,))

@@ -21,7 +21,7 @@
 def load_data(data):
-    return pickle.loads(data)
+    return json.loads(data)

@@ -29,7 +29,7 @@
 def calculate(expression):
-    return eval(expression)
+    return ast.literal_eval(expression)

[4/4] Self-validating 1 fixed files...
      OK: vulnerable.py - no new issues introduced

Fixed: 4  |  Manual: 2  |  Files: 1  |  Mode: dry-run

GLM-5.2 didn't just find the SQL injection — it rewrote the query to parameterized form. Bandit can't do this. Semgrep can't do this.


How It Works

agentguard pipeline ./src
    │
    ├── 1. SCAN — 36 Python rules + 14 JS rules + Bandit 100+ (local, instant)
    │
    ├── 2. VERIFY — GLM-5.2 reviews each finding (cloud, ~2s/finding)
    │              Filters false positives, confirms real threats
    │
    ├── 3. FIX — Regex fixes (instant) + GLM-5.2 AI fix (bring your own API key)es (context-aware)
    │            SQL injection → parameterized queries
    │            Hardcoded passwords → environment variables
    │            eval() → ast.literal_eval()
    │
    └── 4. VALIDATE — Re-scan fixed code, confirm no new issues

Rules find suspects. GLM-5.2 confirms, fixes, and verifies.


Languages

Language Rules Auto-fix
Python 36 built-in + Bandit 100+ Regex + GLM-5.2 cloud
JavaScript/TypeScript 14 built-in Regex + GLM-5.2 cloud

Supported vulnerabilities: eval/exec, command injection, SQL injection, XSS, path traversal, hardcoded secrets, weak crypto (MD5/SHA1), SSRF, SSL bypass, prototype pollution, pickle deserialization, prompt injection, and more.


Pricing

Plan Price Features
Free $0 20 rules + regex fix (offline)
Pro Trial $0 (14 days) Full Pro, auto-activated on install
Pro $29/mo or $149/yr All rules + Bandit + GLM-5.2 AI fix (bring your own API key)

Upgrade at agentguard.com


GitHub Actions

Add AgentGuard to your CI/CD in 5 lines:

- uses: difcn2026/agentguard@main
  with:
    path: .
    format: sarif

SARIF output integrates directly with GitHub Code Scanning.


Install

pip install agentguardp

Windows Desktop App: Download from GitHub Releases

SmartScreen warning? Click More infoRun anyway. Normal for unsigned apps.


Links


License

MIT — Copyright (c) 2026 XHLS Team


Rules find suspects. GLM-5.2 confirms, fixes, and verifies.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

agentguardp-0.8.1.tar.gz (85.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

agentguardp-0.8.1-py3-none-any.whl (95.6 kB view details)

Uploaded Python 3

File details

Details for the file agentguardp-0.8.1.tar.gz.

File metadata

  • Download URL: agentguardp-0.8.1.tar.gz
  • Upload date:
  • Size: 85.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.9

File hashes

Hashes for agentguardp-0.8.1.tar.gz
Algorithm Hash digest
SHA256 6d2cf39ad4afcf4b0df6a9fd3fc61d7795a67073c80b42a7d6a9014eaaac18ce
MD5 72036e7683cab660ebef882bcdda3646
BLAKE2b-256 2805bc07f4f8e380d146cd099a49024da3470b31fbf947b0c11ef44a124466e0

See more details on using hashes here.

File details

Details for the file agentguardp-0.8.1-py3-none-any.whl.

File metadata

  • Download URL: agentguardp-0.8.1-py3-none-any.whl
  • Upload date:
  • Size: 95.6 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.9

File hashes

Hashes for agentguardp-0.8.1-py3-none-any.whl
Algorithm Hash digest
SHA256 ae049bd69edb6b44f649f6fee9cb5806c92297dd49c5447f7745bf1685dc19d0
MD5 0ca29fd6ebbc8e3280ce86d8199cf903
BLAKE2b-256 cc936fd8b19036f7f89131dfd79be63e67b6d23cd17a9a253c6d878e89573d2b

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page