The new "autopilot" pack tries to go further: blocking iptables flushes, NAT mutations, cloud resource deletions, privileged Docker containers, crontab edits. All opt-in, all labeled experimental.

Here's the thing: every single rule is a regex heuristic. It will have false positives. It will miss things. A proper framework for this — one that understands intent, context, and blast radius — doesn't exist yet. We're all building the road while driving on it.

I shipped it anyway because I think experimenting publicly is more useful than waiting for the perfect solution.

57 rules, 1071 tests, runs locally.

Repo: https://github.com/mauhpr/agentlint

Curious: how are others handling infrastructure operations in long agent sessions? Are you even letting agents near infra yet?