Adopt AgentSecurity

Get your agent secured in 60 seconds. Three steps, no security expertise required.

Quick Start

pip install agentsec

# Pick your tier: basic, standard, strict, regulated
agentsec init --tier standard --name my-agent

# Edit AGENTSECURITY.md to match your agent's actual tools

# Validate the policy
agentsec validate .

# Scan your codebase for violations
agentsec check .

CI/CD Integration

GitHub Action

name: AgentSecurity Check
on: [pull_request]
jobs:
  agentsec:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install agentsec
        run: pip install agentsec
      - name: Validate policy
        run: agentsec validate .
      - name: Check codebase
        run: agentsec check . --fail-on high
      - name: Generate report
        run: agentsec report . --format json -o agentsec-report.json
      - uses: actions/upload-artifact@v4
        with:
          name: agentsec-report
          path: agentsec-report.json

Pre-commit Hook

# .pre-commit-config.yaml
repos:
  - repo: local
    hooks:
      - id: agentsec-validate
        name: Validate AGENTSECURITY.md
        entry: agentsec validate .
        language: system
        pass_filenames: false

Framework Integration

Agent System Prompt Injection

Use agentsec to-prompt to generate an XML snippet for your agent's system prompt:

agentsec to-prompt .

Output (~50-100 tokens):

<agent_security_policy>
  <name>my-agent</name>
  <tier>standard</tier>
  <enforcement>warn</enforcement>
  <description>Processes support tickets</description>
  <location>./AGENTSECURITY.md</location>
</agent_security_policy>

LangChain

Add the security policy as system context when initializing your agent:

from agentsec.parser import parse_policy

policy = parse_policy(".")
system_context = f"""
You are operating under security tier: {policy.security_tier}
Enforcement mode: {policy.enforcement}
Declared tools: {', '.join(policy.declared_tool_names)}
"""

Claude Code

Place AGENTSECURITY.md in your project root alongside CLAUDE.md. Claude Code will discover it automatically when configured.

CLI Reference

# Validate AGENTSECURITY.md against the spec
agentsec validate [path]

# Scan codebase for violations
agentsec check [path] --fail-on high|medium|low

# Generate security scorecard
agentsec report [path] --format text|json|badge

# Initialize from template
agentsec init --tier basic|standard|strict|regulated

# Output policy properties as JSON
agentsec read-properties [path]

# Generate system prompt XML
agentsec to-prompt [path]

Add the Badge

[![AgentSecurity](https://img.shields.io/badge/AgentSecurity-standard-green)](https://agentsecurity.dev)

Replace standard with your tier. Color options:

• basic — blue
• standard — green
• strict — yellow
• regulated — red

Templates

Pre-built templates are available in the repository:

• Basic — Minimal, ~30 lines
• Standard — Balanced, ~80 lines
• Strict — Maximum enforcement, ~120 lines
• Regulated — Full compliance, ~150 lines

Examples

• LangChain Research Agent — Standard tier, read-only web search
• Claude Code Project — Standard tier, file + shell access
• Financial Processor — Strict tier, Stripe API + PCI scope