v0.9.0 — agent guard: enforcement for AI coding agents
Added
Agent guard (safeinstall guard install) — the MCP tool is advisory; this is enforcement. SafeInstall registers as a pre-shell-execution hook for Claude Code and Cursor, so every shell command an agent runs is intercepted before execution.
The guard detects package installs — aliases (npm i, bun a), env prefixes, sudo/env/corepack wrappers, chained commands, pipes — and denies them with the exact rewritten command routed through SafeInstall: cd app && npm i axios becomes "run cd app && safeinstall npm install axios instead". A well-behaved agent self-corrects in one step, and the install then runs with full policy evaluation and scripts disabled.
Package runners (npx, pnpm dlx, bunx, npm exec) get a third verdict: ask — they execute registry code without install-time checks, so the user decides. Locally installed binaries are recognized and allowed without a prompt.
Fail-closed where it counts: installs hidden behind command substitution or variable expansion are denied with an explanation; ordinary non-install commands are never touched. No network, answers in milliseconds.
Also new: install-command aliases in the CLI (safeinstall npm i axios now works) and a global --config <path> flag with hard-error semantics for unreadable paths.
Fixed
- Security:
safeinstall npm install -- evil-pkgpreviously evaluated nothing while npm still installed the package. Post---tokens are now evaluated like any other spec. - GitHub Action
config-pathinput is now actually forwarded to the CLI. - Restored the missing
scripts/refresh-typo-squat-targets.mjsmaintenance script.
Full changelog: https://github.com/Mickdownunder/SafeInstall/blob/main/CHANGELOG.md