Developer experience: CLI, privacy heartbeat, design partners, contribution model#16
Merged
aniketh-maddipati merged 5 commits intoJun 2, 2026
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed
This PR replaces the legacy security-assessment CLI with a new Typer-based AgentMint command surface built around instrumentation, verification, and operator ergonomics. The new entrypoint adds
init,notarise,verify,export,plan, andchain, along with operational commands fordoctor,show,privacy,watch, andactions. It also introduces shared CLI helpers for styling, config discovery, project scanning, and receipt rendering; adds provider and verification modules needed by the new workflow; updates the decorator path so the quickstart flow can emit receipts into the configured sink; and rewrites the top-level docs, examples, and CLI E2E coverage around that new experience.Why this matters for users
Before this change, the repository still centered an older assessment-oriented CLI that did not match the current notary/runtime positioning described in the product direction. That made the first-run experience harder to understand, mixed two different product stories in one package, and left no end-to-end command flow for initializing a project, emitting receipts, inspecting them, checking privacy posture, and packaging evidence. The effect for users was extra onboarding friction and a mismatch between the library's public runtime direction and the CLI/documentation they actually encountered.
Root cause and fix
The root cause was that the repo had evolved its runtime and receipt model faster than its command surface, docs, and examples. This PR brings those pieces back into alignment by removing the legacy assessment stack, wiring the CLI around the current receipt lifecycle, and updating the repository narrative to focus on signed evidence, offline verification, privacy posture, and design-partner positioning. The fix also keeps generated local artifact directories out of the PR so the review stays scoped to source, docs, tests, and workflow changes.
Validation
I validated the rewritten flow with
pip install -e ".[dev,cli]",agentmint --help,pytest,mypy --strict agentmint, andruff check agentmint tests/cli. I also exercised the new CLI path in a temporary workspace:agentmint init --yes, a minimal decorated agent run that emitted a receipt, and follow-upagentmint verify,agentmint doctor,agentmint show, andagentmint privacychecks. The only review step that did not complete cleanly wasvet, because the Codex agentic harness hit its input-size limit before analysis could finish.