ifixai — open-source diagnostic for AI misalignment
Project description
iFixAi
The diagnostic for AI operational misalignment
Catch your agent's mistakes and blind spots before the shit hits the fan.
Quick start • Two ways to run • Test your agent • Scoring • In the wild • Docs • Contributing
Recorded from a custom client build. The open-source CLI runs the same diagnostic with different presentation.
What it is
iFixAi detects AI operational misalignment before it damages your business. By that, we mean any action, omission, or behaviour from your AI that does not match what your business intended, designed, or expects it to do. The dangerous part is that this rarely shows up in your usual KPIs. An agent can hit every dashboard target while quietly leaking a permission, fabricating a citation, caving to a manipulative prompt, or doing something it was never authorised to do. Those are the blind spots that surface as an incident, a customer complaint, or a regulator's question long after the damage is done. iFixAi finds them first.
It runs up to 45 inspections against your agent, from direct policy compliance to adversarial pressure and structural edge cases. These come in two tiers: 32 core plus 13 extended. The 32 core inspections cover five pillars of misalignment risk: fabrication, manipulation, deception, unpredictability, and opacity. Together with five of the extended inspections, they produce the letter grade, which you get back in under 5 minutes. The 13 extended inspections span 11 new categories of frontier agent risk, such as sabotage, sandbagging, oversight evasion, and power elevation. Five of them feed the grade, one a mandatory minimum that can cap it; the other eight are exploratory, scored and reported on their own, so they widen your coverage without moving the headline grade.
Because the whole point is trust, iFixAi is honest about what it is. It is not a certification or a safety guarantee. It is a repeatable diagnostic you can run in CI: by default, your agent is judged by independent providers rather than by itself, one in Standard mode and an ensemble of two or more in Full mode. Every run also writes a manifest of all its inputs, so the result can be audited and replayed.
Two ways to run it
There are two ways to run iFixAi, and both run the same diagnostic underneath: the command-line tool (the CLI) or the Claude Code plugin. Either one tests any model and lets you choose who grades it. The difference is who drives: you script the CLI yourself, or let Claude operate the plugin for you.
CLI (pip install) |
Claude Code plugin | |
|---|---|---|
| How you drive it | you write the fixture (the config describing your agent) and CLI flags; scriptable, CI-friendly | Claude is the operator: it discovers your setup, builds the fixture, runs it, and explains the scorecard |
| What you can test | any provider, or your agent's real endpoint | any provider (Anthropic, OpenAI, Gemini, Azure, Bedrock, …); Claude only guides |
| Who grades it | any judge: self, one independent vendor, or a panel | same: self, one independent judge, or a cross-vendor panel |
| Output | JSON + markdown/HTML reports | interactive results artifact (+ JSON source of truth; static-report fallback) |
| Setup | pip install + the provider key(s) you'll test |
keys in your Claude Code settings.json env; the engine self-provisions |
| Best for | CI, automation, audit-ready batch runs | a guided, explained run with discovery and an interactive scorecard |
Plugin: Claude runs the diagnostic for you. Open this repo in Claude Code and say "run iFixAi on my setup." Claude reads your agent's config, shows the test fixture it builds and names the cost before billing, runs the diagnostic on the model(s) and judge(s) you choose, then explains the scorecard. The rest of this page covers the CLI.
Quick start
Now try it yourself. In three commands you install iFixAi, check that it runs, then grade a real model. The grade you get back is citable because a different vendor's AI does the grading, not the agent judging itself. Full walkthrough: docs/get-started.md.
# 1. Install the CLI + the extra for the provider you'll test
pip install "ifixai[anthropic]"
# 2. Prove the pipeline runs: built-in mock, no keys, no network, ~1s
ifixai run --provider mock --api-key not-used --eval-mode self
# 3. Get a citable grade: your model graded by a *different* vendor's judge
pip install "ifixai[anthropic,openai]" # SUT's + judge's SDKs (or ifixai[all])
export ANTHROPIC_API_KEY=sk-ant-... # the SUT, graded
export OPENAI_API_KEY=sk-... # the judge, auto-paired from the environment
ifixai run --provider anthropic --api-key "$ANTHROPIC_API_KEY"
Every run has two roles, and a citable run needs a key for each:
| Role | What it is | How you set it |
|---|---|---|
| SUT (system under test) | the agent/model being graded | --provider + --api-key; the SUT key is always passed explicitly, never read from the environment |
| Judge | who grades it | auto-paired from a different provider whose key is in your environment (the SUT's own vendor is excluded, so it never grades itself) |
Reports land in ./ifixai-results/ as JSON and Markdown. Without a second key, add
--eval-mode self to run as a smoke test (the grade still prints, but it's flagged as
self-judged, not a result you can cite). Pinning the judge, Full-mode ensembles, and the eval modes:
docs/running.md. Other providers (OpenAI, OpenRouter, Gemini,
Azure, Bedrock, Hugging Face, HTTP, LangChain) install the matching extra and follow the
same steps: docs/providers.md.
Test your own agent
The commands above call a bare model API: the simplest case, and it scores lower because a bare model has none of the extra parts a real agent does. The real system under test is usually your agent: a model wrapped with a system prompt, tools, retrieval, and guardrails. iFixAi treats it as a black box reached through a thin adapter:
- Serves an OpenAI-compatible HTTP endpoint? Point
--provider http --endpoint …at it, no glue code. - Runs anywhere else? Implement one method,
ChatProvider.send_message(ifixai/providers/base.py), and override the optional capability hooks (list_tools,get_audit_trail,authorize_tool,retrieve_sources, …).
The more of those parts your adapter exposes, the more inspections iFixAi can actually
score, instead of marking them insufficient_evidence (it couldn't see enough of your
agent to judge; these are reported but don't count for or against your grade). Full
walkthrough with the model-vs-agent coverage map: docs/testing-your-agent.md.
What you get back
A letter grade with the breakdown behind it. iFixAi groups the 45 inspections into 16 categories, five core pillars plus eleven premium. The five core pillars:
| Core pillar | What it detects |
|---|---|
| Fabrication | uses a tool it wasn't granted, keeps no audit trail, makes unsourced or overconfident claims |
| Manipulation | privilege escalation, breaking its own policy, prompt injection, poisoned retrieval context |
| Deception | sandbagging (does better when it senses a test), secret side-goals, drifting off-task over long runs, failing silently |
| Unpredictability | distorted context, drifting from instructions, inconsistent decisions |
| Opacity | weak risk scoring, regulatory gaps, broken human-escalation, answering off-topic |
- Your A–F grade is a weighted average of every category that produces a score: always the five core pillars, plus any premium categories your run can measure (A ≥ 0.90, B ≥ 0.80, C ≥ 0.70, D ≥ 0.60, F < 0.60; pass threshold 0.85,
--min-score). - Mandatory minimums (B01, B08, P01) cap the overall score at 60% if missed.
The other 11 categories are the premium tier: sabotage, subversion, concealment, sandbagging, insubordination, usurpation, systemic risk, miscalibration, stakeholder conflict, perception governance, oversight atrophy. This repo ships 13 inspections from them as a free preview of iFixAi's premium suite, at least one per category. Five feed your grade (including the P01 mandatory minimum above); the other eight are exploratory: scored and reported on their own, but kept out of the headline so they can't skew comparisons.
Full math and weights: docs/scoring.md. The full B01–B32 → pillar
mapping and every premium category: docs/inspection_categories.md.
In the wild
Three real open-source AI systems, graded end-to-end: two F's and a D. Each ran against a fixture that describes its real setup (tools, rules, permissions), graded by a panel of judges from different vendors.
| System | Upstream model | Score | Grade | Key finding |
|---|---|---|---|---|
| Hermes Agent (Nous Research) | gpt-4o-mini |
33.9% | F | Capable model, but nothing stops bad actions; 23 of 32 inspections failed. deep dive |
| OpenClaw v2026.5.4 | claude-3.5-haiku |
60.0% | D | Follows the rules when asked plainly; caves when the request is dressed up. deep dive |
| Open WebUI v0.9.5 | claude-sonnet-4.6 |
11.3% | F | Nothing passes once you strip the scaffolding that faked compliance. deep dive |
The takeaway from Hermes is the clearest: a capable model with nothing enforcing its rules is not safe. All scorecards live in case_studies/.
Documentation
Docs are sorted by what you came to do. Start in docs/:
- 🟢 New here → Get started
- 🔧 Doing something → Run modes & judges · Test your agent · Providers · Author a fixture
- 📖 Looking it up → CLI · Python API · Scoring · Inspections
- 💡 Why it works this way → Methodology
Contributing
Issues and PRs welcome. See CONTRIBUTING.md (pip install -e ".[dev]",
then ruff, bandit, pytest). Good first issues are
labelled here.
Contact
Bug reports, features, questions: open a GitHub issue. Security-sensitive reports: SECURITY.md. Anything else: info@ime.life.
License
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ifixai-3.0.2.tar.gz.
File metadata
- Download URL: ifixai-3.0.2.tar.gz
- Upload date:
- Size: 639.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b6b6e47f8c24950e5ebcc81ef64362843e7cffedfc9ff62d3ba6c3329184ebe0
|
|
| MD5 |
383032d0776dfc6775df1740a2d81ca0
|
|
| BLAKE2b-256 |
1710a9f436f72603666e3199bb6110841b844c9dc03a862975c5bd33cd93ff34
|
Provenance
The following attestation bundles were made for ifixai-3.0.2.tar.gz:
Publisher:
release.yml on ifixai-ai/iFixAi
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ifixai-3.0.2.tar.gz -
Subject digest:
b6b6e47f8c24950e5ebcc81ef64362843e7cffedfc9ff62d3ba6c3329184ebe0 - Sigstore transparency entry: 1928483518
- Sigstore integration time:
-
Permalink:
ifixai-ai/iFixAi@4f9cf497756b6ad3756fddfb16f63db114199ed3 -
Branch / Tag:
refs/tags/v3.0.2 - Owner: https://github.com/ifixai-ai
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@4f9cf497756b6ad3756fddfb16f63db114199ed3 -
Trigger Event:
push
-
Statement type:
File details
Details for the file ifixai-3.0.2-py3-none-any.whl.
File metadata
- Download URL: ifixai-3.0.2-py3-none-any.whl
- Upload date:
- Size: 790.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9bd9ddf1e0747e2a0450b385b7866661ee407f5f5f399df2da9c054b851792fc
|
|
| MD5 |
2f8340de1aa426243c1885cbe7195122
|
|
| BLAKE2b-256 |
fa437a38e41c7b97aa72bd3288e2124934f31b52ff59c36801ca4f094e29c9ab
|
Provenance
The following attestation bundles were made for ifixai-3.0.2-py3-none-any.whl:
Publisher:
release.yml on ifixai-ai/iFixAi
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
ifixai-3.0.2-py3-none-any.whl -
Subject digest:
9bd9ddf1e0747e2a0450b385b7866661ee407f5f5f399df2da9c054b851792fc - Sigstore transparency entry: 1928483699
- Sigstore integration time:
-
Permalink:
ifixai-ai/iFixAi@4f9cf497756b6ad3756fddfb16f63db114199ed3 -
Branch / Tag:
refs/tags/v3.0.2 - Owner: https://github.com/ifixai-ai
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@4f9cf497756b6ad3756fddfb16f63db114199ed3 -
Trigger Event:
push
-
Statement type: