All activity
Josselin Guarnellileft a comment
Hey Product Hunt 👋 I built diplomat-agent after noticing a structural pattern across AI agent codebases. Functions that can charge cards, send emails, and delete data reach production with nothing between the LLM's decision and the real-world consequence. This isn't negligence — framework authors say hard enforcement is the operator's job. In practice, that operator is often nobody. Concrete...
diplomat-agentFind unguarded tool calls in your AI agent code
We scanned 16 AI agent repos (Skyvern, Dify, CrewAI, PraisonAI, Khoj). 76% of tool calls with real-world side effects, payments, emails, DB writes, deletes, had zero runtime protection.
diplomat-agent finds them :
pip install diplomat-agent
diplomat-agent scan .
Zero config. Zero deps (stdlib only). AST, not regex. Outputs: terminal, JSON, SARIF 2.1.0, CSAF 2.0, and toolcalls.yaml — a Behavioral BOM of every side effect your agent can trigger. Maps to OWASP Agentic Top 10. Apache-2.0.
diplomat-agentFind unguarded tool calls in your AI agent code