sh-guard

# sh-guard

[![crates.io](https://img.shields.io/crates/v/sh-guard-core?color=orange&label=crates.io)](https://crates.io/crates/sh-guard-core)
[![npm](https://img.shields.io/npm/v/sh-guard?color=blue&label=npm)](https://www.npmjs.com/package/sh-guard)
[![PyPI](https://img.shields.io/pypi/v/sh-guard?color=blue&label=pypi)](https://pypi.org/project/sh-guard/)
[![CI](https://github.com/aryanbhosale/sh-guard/actions/workflows/ci.yml/badge.svg)](https://github.com/aryanbhosale/sh-guard/actions/workflows/ci.yml)
[![License: GPLv3](https://img.shields.io/badge/license-GPLv3-blue)](LICENSE)
[![Docker](https://img.shields.io/badge/docker-ghcr.io-blue)](https://github.com/aryanbhosale/sh-guard/pkgs/container/sh-guard)

Semantic shell command safety classifier for AI coding agents. Parses commands into ASTs, analyzes data flow through pipelines, and scores risk in under 100 microseconds.

```
$ sh-guard "rm -rf /"
CRITICAL (100): File deletion: targeting filesystem root, recursive deletion
  Risk factors: recursivedelete
  MITRE ATT&CK: T1485

$ sh-guard "ls -la"
SAFE (0): Information command
```

## The Problem

AI coding agents (Claude Code, Codex, Cursor, etc.) execute shell commands on your behalf. Real incidents include:

- `rm -rf ~/` deleting a developer's entire home directory
- A production database dropped by an AI agent during a code freeze
- 70+ git-tracked files deleted after explicit "don't run anything" instructions
- 43% of MCP server implementations containing command injection flaws

**sh-guard catches these before execution.**

## Install

```bash
# Homebrew (macOS / Linux)
brew install aryanbhosale/tap/sh-guard

# Cargo (Rust)
cargo install sh-guard-cli

# npm (CLI)
npm install -g sh-guard-cli

# PyPI
pip install sh-guard

# Docker
docker run --rm ghcr.io/aryanbhosale/sh-guard "rm -rf /"

# Or: Snap, Chocolatey, WinGet, GitHub Releases
# See full install options below
```

## Quick Start

### 1. Protect all your AI agents in one command

```bash
sh-guard --