feat(security): PreToolUse guardrail hooks for agent sessions [v0.3.0 — 6/7]#736
Merged
kokevidaurre merged 2 commits intodevelopfrom Apr 14, 2026
Merged
feat(security): PreToolUse guardrail hooks for agent sessions [v0.3.0 — 6/7]#736kokevidaurre merged 2 commits intodevelopfrom
kokevidaurre merged 2 commits intodevelopfrom
Conversation
3 tasks
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces significant enhancements to the squads-cli, including new commands for credentials management, goal tracking, run logging, and cycle reviews. A major architectural shift in the run --org command implements wave-based parallel execution and a structured Plan-Execute-Review-Verify workflow. Additionally, the PR introduces security guardrails for destructive commands, improves context management for agents, and externalizes various prompts and protocols to markdown files. Feedback highlights a critical command injection vulnerability in the credentials command, missing security checks in the guardrail configuration, and inconsistent module imports.
guardrail.json template injected into all spawned Claude sessions. Prevents agents from running destructive commands, force-pushing, publishing packages, or accessing secrets directly. Co-Authored-By: Claude <noreply@anthropic.com>
kokevidaurre
force-pushed
the
v030/security-guardrails
branch
from
15bb8cd to
4c6a333
Compare
kokevidaurre
pushed a commit
that referenced
this pull request
Apr 14, 2026
Tests added: - catalog.test.ts: catalog command tests - dashboard.test.ts: dashboard engine, renderers, loader tests - services.test.ts: services command tests - first-run.e2e.test.ts: updated for demo squad scaffold (requires PR #735) - guardrail.test.ts: guardrail hook tests - init.test.ts: expanded init command tests - telemetry.test.ts: telemetry event tests Docs: - docs/tier2.md: Tier 2 architecture documentation Version: - package.json: bump to 0.3.0 Note: E2E test expects demo squad from init-ux PR #735. Merge #735 and #736 before this PR. Co-Authored-By: Claude <noreply@anthropic.com>
Gemini review caught missing publish checks. Agents should never publish packages — that requires founder approval. Co-Authored-By: Claude <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary — PR 6 of 7 for v0.3.0 release
Security guardrails for spawned agent sessions.
Changes (1 file)
Note: runtime injection logic is in agent-runner.ts (PR #731).
Merge order
Depends on #731-#735. Merge sixth:
Test plan
npm run buildpassesReorganized from 219-commit develop branch for proper review.