Rulebound
Deterministic guardrails for AI coding agents: policy-as-code that runs the deterministic part of code review (AST checks, regex, diff analysis) against agent plans, diffs, and evidence. Its .rulebound/rules/ and docs/threat-model/ are directly reusable for agent QA.
View source on GitHubKey takeaways
- 01
'Do not trust the agent' - verify plan, diff, and evidence deterministically
- 02
Rule files as review gates make agent policy versionable
- 03
Ships an actual threat model for agentic coding
Flows built on this research
Harness Engineering
Rule-File Code Review Gates
Run deterministic policy checks on everything your agent produces: rule files reviewing plans, diffs, and evidence before anything merges.
4 steps · 60-90 minutes
Agent QA & Security
Threat-Model Your MCP Server
Systematically threat-model an MCP server before it is exploited: assets, entry points, trust boundaries, and mitigations documented and tested.
4 steps · 90-120 minutes
Agent QA & Security
Release Gates for Agent-Generated Code
Put agent output through a real merge gate: automated review, tests, security scans, and human sign-off proportional to risk.
4 steps · 60-90 minutes
Agent QA & Security
Dependency and Supply-Chain Scanning for Agents
Guard against the dependencies your agent adds: vulnerability scanning, hallucinated-package detection, and gated installs.
4 steps · 60-90 minutes
Agent QA & Security
Secrets Hygiene in Agent Logs
Keep credentials out of prompts, tool outputs, logs, and traces: detection, redaction, and safe handling across the whole agent pipeline.
4 steps · 60-90 minutes