Skip to content

v0.9.0 — agent guard: enforcement for AI coding agents

Choose a tag to compare

@Mickdownunder Mickdownunder released this 02 Jul 11:40

Added

Agent guard (safeinstall guard install) — the MCP tool is advisory; this is enforcement. SafeInstall registers as a pre-shell-execution hook for Claude Code and Cursor, so every shell command an agent runs is intercepted before execution.

The guard detects package installs — aliases (npm i, bun a), env prefixes, sudo/env/corepack wrappers, chained commands, pipes — and denies them with the exact rewritten command routed through SafeInstall: cd app && npm i axios becomes "run cd app && safeinstall npm install axios instead". A well-behaved agent self-corrects in one step, and the install then runs with full policy evaluation and scripts disabled.

Package runners (npx, pnpm dlx, bunx, npm exec) get a third verdict: ask — they execute registry code without install-time checks, so the user decides. Locally installed binaries are recognized and allowed without a prompt.

Fail-closed where it counts: installs hidden behind command substitution or variable expansion are denied with an explanation; ordinary non-install commands are never touched. No network, answers in milliseconds.

Also new: install-command aliases in the CLI (safeinstall npm i axios now works) and a global --config <path> flag with hard-error semantics for unreadable paths.

Fixed

  • Security: safeinstall npm install -- evil-pkg previously evaluated nothing while npm still installed the package. Post--- tokens are now evaluated like any other spec.
  • GitHub Action config-path input is now actually forwarded to the CLI.
  • Restored the missing scripts/refresh-typo-squat-targets.mjs maintenance script.

Full changelog: https://github.com/Mickdownunder/SafeInstall/blob/main/CHANGELOG.md