failproofai
Health Pass
- License — License: NOASSERTION
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 91 GitHub stars
Code Fail
- execSync — Synchronous shell command execution in .failproofai/policies/block-version-bumps.mjs
- execSync — Synchronous shell command execution in .failproofai/policies/review-policies.mjs
Permissions Pass
- Permissions — No dangerous permissions requested
This tool acts as a reliability and policy enforcement layer for AI agents (specifically Claude Code and the Agents SDK). It intercepts tool calls to block destructive commands, prevent secret leakage, enforce project boundaries, and provides a local dashboard to monitor agent sessions.
Security Assessment
Overall Risk: Medium
The tool inherently requires deep system access to do its job. It executes as a hook inside your Claude settings, meaning it intercepts and reads every tool call your agent makes. The codebase accesses environment variables (specifically found in test files), which is expected for configuration, but users should ensure no production secrets are exposed in testing environments. The documentation claims everything runs locally with no data leaving your machine, which is a strong privacy positive. However, the automated scan returned "NOASSERTION" for the license, while the README claims a "MIT + Commons Clause" license. The Commons Clause restricts selling the software, making it technically source-available rather than truly open-source. No hardcoded secrets or dangerous network requests were detected.
Quality Assessment
Maintenance: Active. The repository received a push today, indicating ongoing development.
License: Conflicts between automated scanning and documentation suggest slight metadata inconsistency, though MIT + Commons Clause is stated in the README.
Community: Very early stage. With only 6 GitHub stars, the project has extremely low visibility and minimal community testing.
CI/CD: Automated testing is integrated and actively running.
Verdict
Use with caution — the concept is highly useful for agent safety, but the low community adoption and deep system hook integration mean you should thoroughly audit its behavior before deploying it in sensitive environments.
Runtime failure resolution for coding agents. Hooks into Claude Code and Codex. Catches loops, dangerous actions, and secret leaks before they become incidents. Zero latency. Runs locally.
Translations: 简体中文 · 日本語 · 한국어 · Español · Português · Deutsch · Français · Русский · हिन्दी · Türkçe · Tiếng Việt · Italiano · العربية · עברית
Runtime failure resolution for coding agents.
Hooks into Claude Code and Codex. Catches loops, dangerous actions, and secret leaks
before they become incidents. Zero latency. Runs locally.
Supported agent CLIs
Install hooks for one or any combination:
failproofai policies --install --cli opencode pi gemini(or--cli claude codex copilot cursor opencode pi gemini). Omit--clito auto-detect installed CLIs and prompt.
Install
npm install -g failproofai
failproofai policies --install
failproofai
30 built-in policies activate immediately. Dashboard at localhost:8020.
What it stops
| Policy | What it blocks |
|---|---|
block-push-master |
Direct pushes to main / master |
block-force-push |
git push --force |
block-work-on-main |
Commits, merges, rebases on main / master |
block-rm-rf |
Recursive file deletion |
sanitize-api-keys |
API keys leaking into agent context |
Your own policies
Drop a file into .failproofai/policies/ — it loads automatically, no flags needed.
Commit it and the whole team gets it on next pull.
import { customPolicies, deny, allow } from "failproofai";
customPolicies.add({
name: "no-production-writes",
match: { events: ["PreToolUse"] },
fn: async (ctx) => {
if (ctx.toolInput?.file_path?.includes("production"))
return deny("Writes to production paths are blocked.");
return allow();
},
});
Three decisions available to every policy:
| Decision | Effect |
|---|---|
allow() |
Permit the operation |
deny(message) |
Block it — message goes back to the agent |
instruct(message) |
Let it through, but add context to the agent's next prompt |
Session visibility
Every tool call your agent makes is logged locally. The dashboard shows what ran,
what was blocked, and what the policy told the agent — so you're not guessing
when something goes wrong. → Dashboard guide
Documentation
| Getting Started | Installation and first steps |
| Built-in Policies | All 30 policies with parameters |
| Custom Policies | Write your own |
| Configuration | Config scopes and merge rules |
| Dashboard | Session monitor and policy activity |
| Architecture | How the hook system works |
License
MIT with Commons Clause — free for internal and personal use; commercial resale of failproofai itself requires a separate agreement. See LICENSE for the full text.
Contributing
See CONTRIBUTING.md. New policies, edge cases, and translations all welcome.
Built by Nivedit Jain and Nikita Agarwal.
befailproof.ai
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found