Agent Environment & Dependency Management

Steps

1. Pin all Python/Node dependencies to exact versions using lockfiles.
2. Enforce hash-based verification for all third-party package installs.
3. Scan dependencies for known CVEs at build time using tools like Snyk or Grype.
4. Isolate agent runtimes using virtual environments (venv/conda) or Nix.
5. Use a private registry for internal 'Agent Skills' or tool-definitions.
6. Audit 'Indirect Dependencies'—the packages your packages depend on.