Thanks for your interest in contributing to GoPlus AgentGuard! Here's how to get started.
git clone https://github.com/GoPlusSecurity/agentguard.git
cd agentguard
npm install
npm run build
npm testsrc/— TypeScript source codescanner/— Static analysis engine (20 detection rules)action/— Runtime action evaluator (exec, network, file, web3 detectors)registry/— Trust level managementpolicy/— Default policies and capability presetstests/— Test suite (Node.js built-in test runner)
skills/agentguard/— Claude Code skill definition (SKILL.md + reference docs)hooks/— Plugin hooks configuration for auto-guardexamples/— Demo projects for testing
- Fork the repository
- Create a feature branch:
git checkout -b feature/my-change - Make your changes
- Run
npm run build && npm testto verify - Submit a pull request
New scan rules go in src/scanner/rules/. Each rule needs:
- A unique
id(e.g.,MY_NEW_RULE) severity:low|medium|high|criticalpattern: regex to match against file contentfileTypes: array of extensions to scan (e.g.,['.js', '.ts'])
Export the rule from the appropriate category file and add it to the ALL_RULES array in src/scanner/rules/index.ts.
Action detectors go in src/action/detectors/. They evaluate runtime actions and return risk assessments with tags.
- TypeScript strict mode
- Zod for runtime validation
- Minimal dependencies (currently 5 production deps)
- Node.js built-in test runner (no test framework needed)
Please open an issue at https://github.com/GoPlusSecurity/agentguard/issues with:
- What you expected to happen
- What actually happened
- Steps to reproduce
- Your Node.js version and OS