Show HN: AgentLint v0.5 – 42 rules, stack-aware guardrails for AI agents
maupr92 Monday, February 23, 2026Follow-up to my post 3 days ago. AgentLint went from 10 rules to 42 across 7 packs.
The interesting technical bits since last time:
Stack auto-detection. AgentLint inspects project files (pyproject.toml, package.json, framework dependencies) and activates relevant rule packs. Python pack catches bare excepts, unsafe subprocess calls, SQL injection patterns. Frontend pack checks accessibility (alt text, form labels, heading hierarchy). React and SEO packs activate when their dependencies are present. No config needed — drop agentlint.yml if you want to override.
All 17 hook events. Claude Code exposes more lifecycle hooks than most people realize: PreToolUse, PostToolUse, Stop, UserPromptSubmit, SubagentStop, Notification, SessionEnd, and 10 others. AgentLint now handles all of them. The interesting one is UserPromptSubmit — you can validate what the user asks before the agent acts on it.
File content caching for diffs. PreToolUse caches the file's content before an Edit/Write. PostToolUse receives the "before" snapshot so diff-based rules work (e.g., detecting when error handling gets removed from a file).
Binary resolution problem. Claude Code runs hooks via /bin/sh with a minimal PATH. On macOS, pip installs console_scripts to /Library/Frameworks/Python.framework/Versions/3.13/bin/ which isn't on that PATH. shutil.which() fails. The fix was a 5-step probe chain: PATH → ~/.local/bin (pipx) → uv tools dir → sysconfig.get_path("scripts") → python -m fallback. The sysconfig call is the key — it returns exactly where pip put the binary. Also had to add __main__.py since the python -m fallback was broken without it.
Quality pack (always-active). Validates commit messages against conventional commits format. Detects dead imports. Warns when try/except or .catch blocks get removed entirely (not refactored — removed). Injects a self-review prompt at session end. Tracks token budget across the session.
741 tests, 96% coverage. Still Python 3.11+, still no dependencies beyond click and pyyaml.
The custom rules API hasn't changed — subclass Rule, implement evaluate(), drop a .py file. But the engine now provides richer context: file diffs, prompt content, subagent output, notification metadata.