I've been using Claude Code as my primary coding tool for a few months. In long sessions I kept hitting the same problems: hardcoded API keys in config files, force-pushes to main, 15+ file edits without running tests, .env files with real credentials.

AgentLint hooks into Claude Code's lifecycle events (PreToolUse, PostToolUse, Stop) and evaluates rules against each tool call. PreToolUse rules can block actions (exit code 2), PostToolUse rules inject warnings into context, and Stop rules generate a session report.

It ships with 10 universal rules, YAML config, and a custom rules API if you want project-specific checks. Everything runs locally in a subprocess — no network calls, no external dependencies beyond click and pyyaml.

Architecture is simple: CLI parses stdin JSON from the hook → loads config → engine evaluates matching rules → reporter formats output. Session state persists via JSON files so rules like drift-detector can track cumulative behavior across invocations.

238 tests, 96% coverage. Python 3.11+.

Curious what rules others would want — the custom rules API lets you subclass Rule and drop a .py file in a directory.