AgentOpsSec
HomeProjectsDocsContribute
GitHub Install stack
~projectsagent-review
review

Agent Review

Think of it as: Code review for agent behavior

Review the agent's behavior, not just the code diff.

Detects out-of-scope file changes, sensitive paths, missing tests, suspicious deletions, and added dependencies — then summarizes the risk of merging an agent-generated diff.

betaMITlocal-onlyno telemetry
Install github.com/AgentOpsSec/agent-reviewDocs
quickstart · agent-review
1# install
2npm install -g @agentopssec/agent-review
3 
4# review the current uncommitted diff
5agent-review --from-git-diff
6 
7# review a recorded agent run
8agent-review --from-agent-flight run_001
9 
10# gate a PR
11agent-review --github-pr 123 --ci
01

Why this exists

Traditional code review looks at the final diff. Agent-generated work also needs review of the path the agent took to get there.

Agent Review reads your local git diff (or a recorded run from the Flight Recorder) and grades the behavior — out-of-scope changes, sensitive files, missing tests, suspicious deletions, surprise dependencies.

Designed to fit between the agent and the merge button. It's strict by default and explainable in every finding.

  • Did the agent modify files outside the requested scope?
  • Did it touch auth, security, CI, deployment, or secrets?
  • Did it add dependencies or run risky shell commands?
  • Did it skip tests or hide errors?
  • Where should a human reviewer focus first?
02

Quickstart

One command. No account. No telemetry.

quickstart · agent-review
1# install
2npm install -g @agentopssec/agent-review
3 
4# review the current uncommitted diff
5agent-review --from-git-diff
6 
7# review a recorded agent run
8agent-review --from-agent-flight run_001
9 
10# gate a PR
11agent-review --github-pr 123 --ci
03

A recent review

Real output: a UI prompt that quietly reached into auth.

prompt
Fix the pricing card button alignment.
D
risk
high
highscope
Task appears UI-only, but auth files changed.
auth/session.ts · middleware.ts
highdeps
Added dependency `jose@5.2.4` — not present before.
mediumtests
No test execution detected.
lowshell
rm -rf node_modules · safe but noisy
04

What it checks

Rule-based and explainable. Every finding cites the source.

scope driftrisk
Files outside likely task scope changed.
sensitive pathsrisk
auth, middleware, security, CI, secrets.
dependency churnwarn
package.json or lockfile changes.
missing testswarn
No tests executed during the run.
risky shellrisk
rm, curl | sh, sudo, force pushes.
broad diffwarn
Narrow prompt produced a wide diff.
silent deletionsrisk
Code removed without explanation.
error suppressionwarn
try/catch swallowing errors.
05

CLI reference

latestReview the most recent run.
<run_id>Review a specific recorded run.
--from-git-diffReview the current local git diff.
--from-agent-flight <run_id>Pull context from the Flight Recorder.
--github-pr <n>Review a PR by number.
--ci · --jsonCI-friendly output and exit code.