This product was not featured by Product Hunt yet. It will not be visible on their landing page and won't be ranked (cannot win product of the day regardless of upvotes).
We scanned 16 AI agent repos (Skyvern, Dify, CrewAI, PraisonAI, Khoj). 76% of tool calls with real-world side effects, payments, emails, DB writes, deletes, had zero runtime protection. diplomat-agent finds them : pip install diplomat-agent diplomat-agent scan Zero config. Zero deps (stdlib only). AST, not regex. Outputs: terminal, JSON, SARIF 2.1.0, CSAF 2.0, and toolcalls.yaml — a Behavioral BOM of every side effect your agent can trigger. Maps to OWASP Agentic Top 10. Apache-2.0.
Hey Product Hunt 👋
I built diplomat-agent after noticing a structural pattern across AI agent codebases.
Functions that can charge cards, send emails, and delete data reach production with nothing between the LLM's decision and the real-world consequence. This isn't negligence — framework authors say hard enforcement is the operator's job. In practice, that operator is often nobody.
Concrete example from our scan: Khoj's ai_update_memories calls session.delete() + session.add() with no confirmation, no rate limit, no validation. One adversarial prompt wipes a user's memory store.
The scanner uses AST (not regex) and is intra-procedural + same-package decorators. Limits are documented — it's a static layer, not a silver bullet. The runtime layer (diplomat-gate) is a separate project.
Full methodology and per-repo breakdown in REALITY_CHECK_RESULTS.md.
Curious what your agent codebase looks like when you scan it. Happy to dig into specific findings.
No comment highlights available yet. Please check back later!
About diplomat-agent on Product Hunt
“Find unguarded tool calls in your AI agent code ”
diplomat-agent was submitted on Product Hunt and earned 3 upvotes and 1 comments, placing #160 on the daily leaderboard. We scanned 16 AI agent repos (Skyvern, Dify, CrewAI, PraisonAI, Khoj). 76% of tool calls with real-world side effects, payments, emails, DB writes, deletes, had zero runtime protection. diplomat-agent finds them : pip install diplomat-agent diplomat-agent scan Zero config. Zero deps (stdlib only). AST, not regex. Outputs: terminal, JSON, SARIF 2.1.0, CSAF 2.0, and toolcalls.yaml — a Behavioral BOM of every side effect your agent can trigger. Maps to OWASP Agentic Top 10. Apache-2.0.
diplomat-agent was featured in Open Source (68.4k followers), Developer Tools (511.7k followers), Artificial Intelligence (467.3k followers) and GitHub (41.2k followers) on Product Hunt. Together, these topics include over 188.4k products, making this a competitive space to launch in.
Who hunted diplomat-agent?
diplomat-agent was hunted by Josselin Guarnelli. A “hunter” on Product Hunt is the community member who submits a product to the platform — uploading the images, the link, and tagging the makers behind it. Hunters typically write the first comment explaining why a product is worth attention, and their followers are notified the moment they post. Around 79% of featured launches on Product Hunt are self-hunted by their makers, but a well-known hunter still acts as a signal of quality to the rest of the community. See the full all-time top hunters leaderboard to discover who is shaping the Product Hunt ecosystem.
Want to see how diplomat-agent stacked up against nearby launches in real time? Check out the live launch dashboard for upvote speed charts, proximity comparisons, and more analytics.
Josselin Guarnelli