A CI linter for AI agent execution traces.
Project description
AgentLint
AgentLint checks recorded agent runs for unsafe tool use, missing approvals, sensitive-data flows, and unsupported claims.
Integrations
| Integration | Workflow |
|---|---|
| OpenAI Agents SDK | Automatic pytest capture or instrument() in any Python runner |
| OpenTelemetry | Import existing OTLP-style JSON |
Install
python -m pip install "agentlint-trace[openai-agents]==0.1.0a2"
AgentLint requires Python 3.12 or newer.
Define a policy
Create agentlint.yaml:
version: 1
policy_id: customer_support
tools:
lookup_status:
permission: allowed
approval: not_required
issue_refund:
permission: allowed
approval: required
rules:
unknown_tool: error
denied_tool_call: error
missing_approval: error
Run
Pytest is optional. Choose the workflow that fits the project.
Pytest
pytest --agentlint --agentlint-policy agentlint.yaml
The command runs the tests, captures their agent traces, and checks the saved run.
Artifacts are written to .agentlint/runs/.
agentlint check-run .agentlint/runs/latest.json
Use a test marker or routing file when tests require different policies.
Any Python runner
from agentlint.integrations.openai_agents import instrument
session = instrument(".agentlint/openai-agents")
# Run the agent.
snapshot_paths = session.close()
Check the capture directory:
agentlint check-capture .agentlint/openai-agents --policy agentlint.yaml
check-capture also accepts one JSON file and detects OpenAI Agents, OpenTelemetry,
and native AgentLint formats.
Sample output
AgentLint Report
traces: 0 passed, 1 failed, 0 not verifiable, 0 invalid
diagnostics: 1 error, 0 warning, 0 info
error[DENIED_TOOL_CALL]: tool call "evt_delete_account" uses tool
"delete_account" denied by trace policy
related events: evt_delete_account
remediation: Remove the call or update the trace policy when this tool
should be permitted.
Documentation
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file agentlint_trace-0.1.0a2.tar.gz.
File metadata
- Download URL: agentlint_trace-0.1.0a2.tar.gz
- Upload date:
- Size: 114.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c0642ab822326cac18914177225ec7030d357b201225335868fc11e7cdadafca
|
|
| MD5 |
fb4044a37ffe607498f16c49ed71cc8f
|
|
| BLAKE2b-256 |
c275e0184a46838367dc6bd25e6b89af48b7efb29995b19479207d993e3a9ca2
|
Provenance
The following attestation bundles were made for agentlint_trace-0.1.0a2.tar.gz:
Publisher:
release.yml on DarrelFW321/AgentLint
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agentlint_trace-0.1.0a2.tar.gz -
Subject digest:
c0642ab822326cac18914177225ec7030d357b201225335868fc11e7cdadafca - Sigstore transparency entry: 2167230700
- Sigstore integration time:
-
Permalink:
DarrelFW321/AgentLint@74977b5306b562660cf4a13e1e667b4a33b05244 -
Branch / Tag:
refs/tags/v0.1.0a2 - Owner: https://github.com/DarrelFW321
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@74977b5306b562660cf4a13e1e667b4a33b05244 -
Trigger Event:
push
-
Statement type:
File details
Details for the file agentlint_trace-0.1.0a2-py3-none-any.whl.
File metadata
- Download URL: agentlint_trace-0.1.0a2-py3-none-any.whl
- Upload date:
- Size: 60.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
c293f157603fa211420775beae5ddb825a6adf8efa2e2c2c6992621ff8359526
|
|
| MD5 |
3bce98aeda2d63c8ce353a6e2cef7909
|
|
| BLAKE2b-256 |
aa053f8835def1a46001e38e28b908c34c1a81f1f880af12feeec599951a2839
|
Provenance
The following attestation bundles were made for agentlint_trace-0.1.0a2-py3-none-any.whl:
Publisher:
release.yml on DarrelFW321/AgentLint
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
agentlint_trace-0.1.0a2-py3-none-any.whl -
Subject digest:
c293f157603fa211420775beae5ddb825a6adf8efa2e2c2c6992621ff8359526 - Sigstore transparency entry: 2167230726
- Sigstore integration time:
-
Permalink:
DarrelFW321/AgentLint@74977b5306b562660cf4a13e1e667b4a33b05244 -
Branch / Tag:
refs/tags/v0.1.0a2 - Owner: https://github.com/DarrelFW321
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@74977b5306b562660cf4a13e1e667b4a33b05244 -
Trigger Event:
push
-
Statement type: