guard-and-guide
Health Uyari
- License — License: MIT
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 5 GitHub stars
Code Gecti
- Code scan — Scanned 8 files during light audit, no dangerous patterns found
Permissions Gecti
- Permissions — No dangerous permissions requested
This agent acts as a hook for AI coding assistants like Claude Code and Gemini CLI. It intercepts and blocks dangerous operations (like executing specific shell commands or reading sensitive files) while instructing the AI on safer alternatives.
Security Assessment
Overall Risk: Low. The tool is specifically designed to enhance security by restricting what an AI can do. It operates by reading a local rules configuration file and processing standard input from the AI's hook system. It does not make external network requests, contains no hardcoded secrets, and does not perform any autonomous shell execution. A light code scan confirmed no dangerous patterns across its 8 files.
Quality Assessment
The project is written in Rust, which is an excellent choice for a fast, memory-safe security tool. It is actively maintained, with the most recent code push happening today. It also benefits from an MIT license, ensuring clear and permissive usage terms. However, it currently has low community visibility with only 5 GitHub stars. This means it has not been extensively battle-tested or broadly reviewed by the open-source community yet.
Verdict
Safe to use, though you should review the custom blocking rules you configure to ensure they fit your specific security needs.
🛡️ Guard coding agents from dangerous operations, and 🧭 Guide them to safer alternatives.
guard-and-guide
🛡️ Guard coding agents from dangerous operations, and 🧭 Guide them to safer alternatives.
Motivation
You tell your AI coding agent: "Don't run git push."
The agent gets blocked — and tries harder:
🧑 deny(git push)
🤖 Got it! I'll use /usr/bin/git push instead.
🧑 NOOO!!!
AI agents don't give up when simply denied. They try absolute paths, alternative commands, and creative workarounds to get the job done.
guard-and-guide solves this by not only blocking dangerous operations, but also telling the agent why it was blocked and what to do instead. When given clear guidance, agents are much more likely to comply.
Install
nix
nix profile install github:kawarimidoll/guard-and-guide
cargo
cargo install --git https://github.com/kawarimidoll/guard-and-guide
Setup
1. Create rules
Create ~/.config/guard-and-guide/rules.toml with your rules.
See rules.example.toml for a full example.
Rules use canonical tool names (Bash, File) and regex patterns:
version = 1
[[rules]]
matcher = "File"
regex = '\.env$'
message = "Access to .env files is prohibited. Ask the user to check or provide the values you need."
[[rules]]
matcher = "Bash"
regex = '\bgit\s+push\b'
message = "Use of 'git push' is prohibited. Ask the user to execute it."
File is an alias for Read|Write|Edit.
2. Register hook
Claude Code
Add to ~/.claude/settings.json:
{
"hooks": {
"PreToolUse": [
{
"matcher": "",
"hooks": [{ "type": "command", "command": "guard-and-guide" }]
}
]
}
}
Gemini CLI
Add to ~/.gemini/settings.json:
{
"hooks": {
"BeforeTool": [
{
"matcher": "",
"hooks": [{ "type": "command", "command": "guard-and-guide --agent gemini-cli" }]
}
]
}
}
Copilot CLI support is planned.
Usage
stdin (hook JSON) | guard-and-guide [OPTIONS]
| Option | Description |
|---|---|
--agent <AGENT> |
claude-code (default), gemini-cli |
--config <PATH> |
Rules file path (default: ~/.config/guard-and-guide/rules.toml) |
How it works
Hook stdin → Parse JSON → Resolve tool name → Match rules → Deny or pass
- Agent hook pipes JSON to stdin
- Parse and extract tool name + input (format depends on
--agent) - Resolve agent-specific tool name to canonical name (
Bash,Read,Write,Edit) - Check each rule: does the canonical name match? Does the regex match the relevant field?
- First match → output deny JSON to stdout. No match → silent exit 0.
Tool name mapping
| Canonical | Claude Code | Gemini CLI |
|---|---|---|
Bash |
Bash |
run_shell_command |
Read |
Read |
read_file |
Write |
Write |
write_file |
Edit |
Edit |
replace |
License
MIT
Yorumlar (0)
Yorum birakmak icin giris yap.
Yorum birakSonuc bulunamadi