Module · Inspect

Audit your agent before it ships

Connect a GitHub repository and we scan the agent's code in depth: secrets, prompt-injection patterns, runaway tool loops, vulnerable dependencies, and per-finding cost estimates.

Request a demo Read the docs
What it does

Static and AI-assisted review on every audit

Inspect connects to your repository through a read-only GitHub App. When you click Analyze, RenLayer pulls the repo at the chosen ref and runs a multi-stage pipeline: tech-stack detection, parallel static security analysis with custom agent-specific rules, and an AI-assisted semantic pass over the most relevant agent files.

Each finding includes a severity, a remediation hint, the file and line, and an estimated monthly cost impact. The audit also detects whether the agent routes its LLM calls through RenLayer or directly to providers.

Capabilities

What Inspect covers

Secret detection

Catches hardcoded API keys, tokens, and credentials across the entire repository, including LLM provider keys instantiated inline in agent code.

Prompt-injection patterns

Flags user input flowing untrusted into LLM prompts through string interpolation or concatenation in Python and JavaScript/TypeScript.

Cost runaway detection

Identifies unbounded tool loops, un-truncated conversation transcripts, and other patterns that can blow up your monthly token bill.

Vulnerable dependencies

Scans manifests and lockfiles for known CVEs, leaked secrets, and insecure configuration across the dependency tree.

AI-assisted semantic review

An AI engine walks the most relevant agent files (prompts, tools, agents, LLM clients) and surfaces issues missed by static analysis, grouped by category: security/info-leak, performance/cost, best-practice.

Proxy routing detection

Reveals whether the agent points its LLM calls at RenLayer or directly at the provider, so you know which agents are governed and which aren't.

What we detect

What we look for

  • Secrets Hardcoded credentials API keys, tokens, and provider keys committed to the repo or instantiated inline in agent code.
  • Security Prompt-injection vectors User-controlled input concatenated or interpolated into prompts sent to the LLM.
  • Cost Unbounded tool loops Agent loops with no max-iteration cap that can run away on token spend.
  • Cost Un-truncated transcripts Conversation history sent in full on every turn, multiplying cost over time.
  • Info leak Server-side data exposure Stack traces, PII, or internal data echoed back to the client or written to logs.
  • Best practice Missing output validation LLM responses consumed without schema validation, leading to brittle agents.
  • Dependencies CVEs, secrets, misconfig Vulnerable packages, leaked credentials, and insecure configuration across all manifest and lockfile ecosystems.
How it works

Connect, scan, review

  1. Install the GitHub App

    Read-only access to Contents and Metadata. Pick the repos you want available to RenLayer.

  2. Attach a repo to your agent

    Select the repo, choose a git ref, and click Analyze. The audit runs in the background.

  3. Review findings in the console

    Risk score, badge, executive summary, full finding list with severity, remediation, and estimated monthly cost impact.

  4. Re-scan when the code changes

    Trigger a new audit on demand. History is preserved per agent and per repo so you can compare runs.

Frequently asked questions

Frequently asked questions

What permissions does the GitHub App require?

Read-only on Contents and Metadata. The app does not write to your repo, does not open PRs, and does not require admin scope.

Where do findings appear?

In the RenLayer console, on the agent's Code Audit view. Each audit shows risk score, badge, executive summary, and the full finding list with severity, remediation, file:line, and estimated monthly cost impact.

What languages and stacks are supported?

Coverage spans the major ecosystems (npm, pip, Cargo, Go modules, Maven, Gradle, and more). The AI-assisted semantic pass focuses on Python and TypeScript/JavaScript files that match agent, prompt, tool, and LLM patterns.

Does the auditor send my code anywhere?

Repos are pulled into ephemeral storage on the audit worker, analyzed, and discarded. The AI-assisted semantic pass sends file contents to an external AI provider; on-prem deployments can disable this pass and still produce a full static report.

Can I re-scan on every commit?

Today audits are triggered on demand from the console (single click). Continuous PR checks are on the immediate roadmap.

Join our Design Program

Join the Design Program View documentation