Item detail
github.com

ByteYellow/AgentProvenance

ByteYellow/AgentProvenance is a developer tool in RepoRadar's Security / Governance section, holding Silver tier and a 'worth watch' verdict. Its strongest signal is open-source/build quality, scored 8.4 out of 10.

Score7.7
Popularity1.0
Riskconditional
TierSilver
Score breakdown
Usefulness7.0
Novelty8.0
Momentum5.0
Maturity5.6
Open-source/build8.4
Evidence7.2
Workflow potential8.1
Setup ease4.2

Popularity is tracked separately. Support, ads, sponsorships, and tips never affect these signals.

Why it matters

Useful for security and platform teams that are already experimenting with sandboxed agents and want a stronger answer to evidence, provenance, and post-run review than ordinary logs can provide.

Who should use it

Security teams running sandboxed coding or automation agentsPlatform teams that need replayable evidence after an agent incidentBuilders designing provenance and forensics layers for autonomous systemsDevelopers studying content-addressed evidence storage for agent execution

Who should skip it

Skip ByteYellow/AgentProvenance if the source link, documentation, or setup requirements do not align with your current workflow or stack.

About this signal

ByteYellow/AgentProvenance is tracked by RepoRadar as a developer tool in the Security / Governance section. It was first seen on 2026-07-01 and last updated on 2026-07-01. The current verdict is 'worth watch' with a Silver tier and advanced setup difficulty. ByteYellow/AgentProvenance leads on open-source/build quality (8.4) and workflow potential (8.1); its lowest signal is setup ease (4.2), so factor that in before investing setup time. This page summarizes the evidence RepoRadar has captured from captured source metadata. The score, tier, risk label, and verdict on this page are never influenced by sponsorship, ads, or tips — they reflect only the usefulness, popularity, novelty, momentum, maturity, and evidence signals described in the RepoRadar methodology.

How this item is evaluated

RepoRadar assigned ByteYellow/AgentProvenance a composite score of 7.7 out of 10, placing it in the Silver tier. This score combines weighted sub-signals: usefulness (35%), novelty (18%), momentum (14%), maturity (10%), open-source/build quality (7%), evidence quality (6%), workflow potential (6%), and setup ease (4%). Popularity is tracked separately at 1.0 and never affects the composite score or tier. The risk label of 'conditional' reflects inherent user-impacting hazards, not generic novelty. Items with no risk flag may still require normal code review before production use.

Putting this into practice? Read How to vet an AI agent or MCP server before you wire it in for the checklist behind this score.

Risk explanation

It is designed to capture runtime evidence, file diffs, and telemetry around agent executions, so first evaluation should stay away from sensitive production workloads; Its strongest value depends on a broader sandbox and telemetry stack, so verify the integration fit before you commit to it as your provenance layer.

Evidence links
Closest alternatives / related signals
agent-securityprovenanceauditforensicssandboxed-agentsgoapache-2.0