We scanned 16 AI agent repos (Skyvern, Dify, CrewAI, PraisonAI, Khoj). 76% of tool calls with real-world side effects, payments, emails, DB writes, deletes, had zero runtime protection. diplomat-agent finds them : pip install diplomat-agent diplomat-agent scan Zero config. Zero deps (stdlib only). AST, not regex. Outputs: terminal, JSON, SARIF 2.1.0, CSAF 2.0, and toolcalls.yaml — a Behavioral BOM of every side effect your agent can trigger. Maps to OWASP Agentic Top 10. Apache-2.0.

ElevenAgents by ElevenLabs — Scale conversations without scaling your team

Scale conversations without scaling your team

Hey Product Hunt 👋 I built diplomat-agent after noticing a structural pattern across AI agent codebases. Functions that can charge cards, send emails, and delete data reach production with nothing between the LLM's decision and the real-world consequence. This isn't negligence — framework authors say hard enforcement is the operator's job. In practice, that operator is often nobody. Concrete example from our scan: Khoj's ai_update_memories calls session.delete() + session.add() with no confirmation, no rate limit, no validation. One adversarial prompt wipes a user's memory store. The scanner uses AST (not regex) and is intra-procedural + same-package decorators. Limits are documented — it's a static layer, not a silver bullet. The runtime layer (diplomat-gate) is a separate project. Full methodology and per-repo breakdown in REALITY_CHECK_RESULTS.md. Curious what your agent codebase looks like when you scan it. Happy to dig into specific findings.

ElevenAgents by ElevenLabs — Scale conversations without scaling your team

Scale conversations without scaling your team

diplomat-agent

Find unguarded tool calls in your AI agent code

Find unguarded tool calls in your AI agent code