verification
Agent Verifier
Purpose
Run comprehensive verification on AI agent code. This orchestrator invokes focused verification skills and consolidates results into a unified report. All analysis happens locally—code never leaves your machine.
When to Use
Trigger this skill when the user asks to:
- "verify agent" (primary invocation)
- "verify my agent"
- "audit agent"
- "full verification"
- "verify my code" (when agent patterns are detected)
- "check compliance"
Available Verification Modes
| Command | Skill | What it checks |
|---|---|---|
| "verify agent" | This skill | Full suite (all below) |
| "verify agent security" | verify-security | Secrets, dependencies, input validation |
| "verify agent patterns" | verify-patterns | Loops, retries, tools, context size |
| "verify agent quality" | verify-quality | Naming, organization, documentation |
| "verify agent language" | verify-language | Type hints, idioms, language best practices |
Process
Step 1: Context Discovery
Scan the project to identify:
-
Primary language:
- Check for
pyproject.toml,package.json,go.mod - Look at file extensions in
src/or project root
- Check for
-
Agent framework (if any):
langgraphin imports → LangGraphcrewaiin imports → CrewAIautogenin imports → AutoGenlangchainin imports → LangChain- Direct SDK usage → Custom agent
-
Kahuna integration:
- Check if
.kahuna/directory exists - If yes, read
.kahuna/context-guide.mdfor organizational rules
- Check if
Record the detected context for reporting.
Step 2: Run Security Checks
Load the verify-security skill and execute its process.
This checks for:
- Hardcoded secrets and API keys
- Dependency version pinning
- Input validation patterns
- Error message exposure
- Secure defaults
Record all findings.
Step 3: Run Pattern Checks
Load the verify-patterns skill and execute its process.
This checks for:
- Loop safety (termination conditions)
- Retry limit enforcement
- Tool registry consistency
- Context size awareness
- LangGraph cycle analysis (if applicable)
Record all findings.
Step 4: Run Quality Checks
Load the verify-quality skill and execute its process.
This checks for:
- Naming conventions
- Code organization
- Magic numbers/strings
- Documentation
- Error handling patterns
Record all findings.
Step 5: Run Language-Specific Checks
Based on detected language, load the verify-language skill and execute its process.
Python checks:
- Type hints on public functions
- Docstrings
- Requirements pinning
- Python idioms
TypeScript/JavaScript checks:
- Strict mode enabled
- No
anytypes - Async/await error handling
- Promise handling
Go checks:
- No ignored errors
- Context propagation
- Package structure
- Go idioms
Record all findings.
Step 6: Consolidate Report
Combine all findings from Steps 2-5 into a unified verification report.
Report Format
# Agent Verification Report
**Project:** [project name or path]
**Date:** [current date]
**Mode:** [Kahuna-enhanced | Standalone]
**Language:** [Python | TypeScript | JavaScript | Go]
**Agent framework:** [LangGraph | CrewAI | AutoGen | LangChain | Custom | None]
**Files analyzed:** [count]
## Summary
✅ X checks passed | ⚠️ Y warnings | ❌ Z issues
### By Category
| Category | Pass | Warn | Issue |
|----------|------|------|-------|
| Security | X | X | X |
| Patterns | X | X | X |
| Quality | X | X | X |
| Language | X | X | X |
## Security
*(Summary from verify-security)*
- [x] No hardcoded secrets
- [x] Dependencies pinned
- [ ] ⚠️ [finding]
- [ ] ❌ [finding]
## Agent Patterns
*(Summary from verify-patterns — include only if agent detected)*
### Loop Safety
- [x] All loops have termination conditions
- [ ] ⚠️ Potential unbounded loop at `[file:line]`
### Retry Limits
- [x] All retry mechanisms have explicit limits
- [ ] ❌ Missing retry limit at `[file:line]`
### Tool Consistency
- [x] Tool registry found: X tools defined
- [ ] ❌ Hallucinated tool reference at `[file:line]`
- [ ] ⚠️ Undocumented tool: `[name]`
### Context Size
- [x] System prompt within limits (~X tokens)
- [ ] ⚠️ System prompt exceeds recommended size
## Quality
*(Summary from verify-quality)*
- [x] Naming conventions consistent
- [x] Code well-organized
- [ ] ⚠️ [finding]
## Language ([Python/TypeScript/Go])
*(Summary from verify-language)*
- [x] Type safety enforced
- [ ] ⚠️ [finding]
- [ ] ❌ [finding]
## Detailed Findings
> `[P]` = pattern-matched (structurally reliable) · `[H]` = heuristic (best-effort judgment)
### ✅ Passing
- `[P]` No hardcoded secrets or API keys
- `[P]` All retry decorators have stop conditions
- `[H]` Code organization follows best practices
### ⚠️ Warnings
- `[P|H]` [Check name]: [Description]
- **Location:** [file:line]
- **Category:** [Security | Patterns | Quality | Language]
- **Suggestion:** [How to address]
### ❌ Issues
- `[P|H]` [Check name]: [Description]
- **Location:** [file:line]
- **Category:** [Security | Patterns | Quality | Language]
- **Rule:** [Which rule this violates]
- **Fix:** [Specific remediation steps]
## Recommendations
1. **[Highest priority]** - [Specific action]
2. **[Second priority]** - [Specific action]
3. [Additional improvements]
---
*Report generated by Agent Verifier v1.0.0*
Step 7: Export Report (Optional)
After presenting the report, ask the user:
Would you like to save this verification report to a file?
If confirmed:
-
Create the reports directory if it doesn't exist:
mkdir -p reports/verification -
Generate filename using the current date and time (NOT placeholders):
- Get the actual current timestamp from your environment context
- Format:
reports/verification/{date}_{time}.md - Date format:
YYYY-MM-DD(e.g.,2026-03-17) - Time format:
HH-MM-SS(e.g.,08-15-42for 8:15:42 AM)
IMPORTANT: Use the real current time, not zeros or placeholders. Check your system context for "Current Time" information.
Example: If the current time is March 17, 2026 at 1:05:30 AM PST, the filename should be:
reports/verification/2026-03-17_01-05-30.md -
Save the complete report to that file.
Check Tier Discipline
Throughout all verification steps, maintain tier discipline:
[PATTERN]checks — Apply exactly as written. A rule says "flag X" → flag X. No judgment.[HEURISTIC]checks — Apply with judgment. Mark findings clearly with[H].
Tag every finding in the report with [P] or [H] so readers understand confidence level.
Notes
- Privacy first: All code analysis happens locally. Nothing is sent to external services.
- Kahuna enhances, not requires: The skill works standalone with built-in rules. Kahuna adds organization-specific knowledge.
- Be specific: Include file names and line numbers when reporting issues.
- Explain the "why": Help developers understand why each rule matters.
- Honor existing configs: Respect project's existing lint rules,
.editorconfig, etc.
More from aurite-ai/agent-verifier
verify-quality
Verify code quality including naming conventions, organization, documentation, and general best practices. Use when asked to "verify quality", "check code quality", or "review code organization".
6verify-security
Verify code for security issues including hardcoded secrets, input validation, error exposure, and dependency vulnerabilities. Use when asked to "verify security", "check for secrets", or "scan for vulnerabilities".
6verify-patterns
Verify AI agent patterns including loop safety, retry limits, tool consistency, context size, and graph cycle analysis. Use when asked to "verify agent patterns", "check loops", "verify tools", or "check retry limits".
6verify-language
Language-specific verification for Python, TypeScript/JavaScript, and Go. Checks type safety, language idioms, and best practices. Use when asked to "verify language", "check types", or for language-specific checks.
6