agent-guardrails

For indie devs & small teams running Claude Code / Cursor

Stop drowning in “Allow Y/N?” prompts.

agent-guardrails is a config-driven policy layer that auto-approves the safe stuff and only escalates genuinely risky actions — deletes, force-push, external calls. Keep the speed of an autonomous agent without the blind trust.

Start free — 1 agent, 50 rulesInstall in 60 seconds

No credit card. MIT-licensed core. Your code stays local.

~ agent-guardrails live
  • allowReadsrc/server/auth.tsRead-only — cannot mutate state
  • allowEditsrc/components/Button.tsxEdit inside the project source tree
  • allowBashpnpm run buildRecognized safe developer command
  • askBashgit push --force origin mainDestructive or irreversible git operation
  • denyRead.env.productionTouches a secrets/credentials file

Trust your agent. Just not blindly.

Auto-approve the safe 90%

Reads, scoped edits, builds, tests, git status — they just run. The rules engine clears the noise so you stop hammering 'y'.

Escalate only what's risky

Force-push, rm -rf, .env reads, npm publish, outbound curl — these still stop and ask. You stay in the loop where it counts.

Framework-agnostic

It wraps any agent's tool calls via standard hooks. Claude Code today, Cursor next, your own MCP agent after that. One policy, every tool.

Audit trail that explains itself

Every decision is logged with the rule that made it and why. Dashboard shows what was auto-approved — proof, not vibes.

Team-shared policies

Define the policy once, share it across the team. New devs inherit the guardrails on day one. No more per-machine config drift.

Open-source core

The engine and CLI are MIT-licensed and run locally. Your code never leaves your machine unless you opt into the cloud dashboard.

Wired in under a minute

# 1. write a starter policy + get the hook snippet

$ npx agent-guardrails init

# 2. paste the printed snippet into .claude/settings.json

# 3. run Claude Code as usual — the noise is gone

$ agent-guardrails check '{"tool_name":"Bash","tool_input":{"command":"git push --force"}}'

-> ASK (Destructive or irreversible git operation)

As seen on Hacker News & r/ChatGPTCoding

“The permission fatigue is real. I just middle-click ‘allow’ on everything now, which defeats the point.” — the exact complaint this fixes.

Get your prompts back under control.

Free forever for solo devs. $19/mo when your team needs shared policies and audit logs.

See pricing