Harness configuration risk
Review CLAUDE.md, AGENTS.md, rules files, and workflow prompts for unsafe defaults and bad permission boundaries.
Security
AgentShield is the security engine for the harness layer.
ECC is not just a distribution project. Teams also need a credible protection layer. AgentShield covers that surface with an open scanner, deeper adversarial review, and a path into rollout guardrails without hiding the core logic.
102 rules across 5 categories
1282 tests · 98% coverage
Open scanner with automation on top
Risk surfaces
What teams are actually trying to control.
Security issues in agent workflows are usually structural: bad defaults, unsafe permissions, copied context, and tool surfaces that quietly expand what the system can do.
Foreign-data suspicion
Highlight risky copied text, issue content, tool descriptions, and context sources that should not be trusted by default.
Tooling and MCP exposure
Separate legitimate automation from dangerous tool or MCP behavior before it becomes a team-wide standard.
| Layer | Open source | Paid / enterprise |
|---|---|---|
| Scanning engine | AgentShield CLI and repo workflow | Automated PR scanning and historical findings |
| Policy | Community rules and visible checks | Custom rules, team policies, audit reporting |
| Rollout | Self-serve adoption through ECC docs and examples | Hands-on implementation, training, and governance support |
Why keep it open
Security tooling needs trust. Keeping AgentShield open source makes the scanner auditable, improves contributions, and strengthens the commercial surface instead of weakening it.
Why it monetizes anyway
Teams pay for automation, reporting, rollout support, and governance. They do not need the scanner itself to be closed for the business model to work.
Start with ECC
Move from OSS discovery to repo-native rollout.
The ECC model stays additive: open-source distribution first, GitHub App automation when repository workflows matter, and enterprise support when the organization needs policy, rollout help, and governance.
74K+ stars
Public repos free
AgentShield protection layer