probity
Health Pass
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 32 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in package.json
Permissions Pass
- Permissions — No dangerous permissions requested
This tool provides process guardrails for AI coding assistants. It hooks into agent actions to enforce development disciplines like TDD and block undesirable behavior such as over-implementation or disabling linting rules.
Security Assessment
The primary function of this agent involves intercepting and evaluating shell commands and file writes executed by other AI tools, acting as an execution gatekeeper. The automated scan flagged a "FAIL" for an `rm -rf` recursive force deletion command located inside `package.json`. While the documentation explicitly states the tool is designed to catch and block dangerous commands like `rm -rf`, having this command in the package scripts is still a notable risk vector that warrants manual verification. The project does not request overtly dangerous account permissions, and no hardcoded secrets were detected. Overall risk is rated as Medium.
Quality Assessment
The project demonstrates strong health indicators. It is licensed under the permissive and standard MIT license. The repository is highly active, with its most recent push occurring today, and includes automated CI and security testing workflows. Community trust is currently low but growing, represented by 32 GitHub stars.
Verdict
Use with caution. While the tool is actively maintained and well-structured, users should manually inspect the `package.json` scripts to ensure the flagged `rm -rf` command is safely scoped to local build or clean-up tasks before integrating it into their development workflow.
Process discipline for AI coding agents
Probity
Process discipline for AI coding agents.
Probity catches what coding agents do wrong (over-implementing past the failing test, disabling tests instead of fixing them, reaching for rm -rf) using the hook system your agent already exposes.
How it works
Each agent action (file write, shell command) fires a hook. Probity evaluates the action against your configured rules and decides whether it goes through. When it blocks, the agent gets a reason and a path forward:
probity: production code is being added before any failing test was written
or observed.
The next TDD-legal step is to add one focused test in src/cart.test.ts and
run it to a clean assertion failure before implementing only the minimum code
to pass it.
Probity grew out of tdd-guard, built to be the better foundation for the work ahead: rules beyond TDD, agents beyond Claude Code.
Features
- Catches over-implementation and missing tests by reading your agent's session history (works with any test runner, in any language)
- Same config across Claude Code, Codex, GitHub Copilot Chat, and Copilot CLI: one rule set, every agent
- Pattern blocks for commands and content (string or regex) for the deterministic checks
- Custom rules in a few lines of TypeScript
Getting started
Install Probity as a dev dependency, then wire it into your agent:
npm install -D @nizos/probity
Create a probity.config.ts at your project root.
Here's a starter that enforces TDD on src/ and test/, and blocks eslint-disable comments:
import { defineConfig, enforceTdd, forbidContentPattern } from '@nizos/probity'
export default defineConfig({
rules: [
{
files: ['src/**', 'test/**'],
rules: [
enforceTdd(),
forbidContentPattern({
match: 'eslint-disable',
reason: 'Fix the lint violation rather than disabling the rule',
}),
],
},
],
})
Documentation
- Setup: wire probity into your agent
- Configuration: config file shape, path scoping, and custom rules
- Rules: built-in rules and their options
Contributing
Contributions are welcome! See the contributing guidelines to get started.
License
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found