guardrail 0.1.0

Defensive guardrails for AI coding agents — block destructive commands via hooks
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

# Process/system destructive operations

- name: kill-9
  pattern: 'kill\s+-9\s'
  severity: warn
  message: "kill -9 sends SIGKILL — no graceful shutdown"
  category: process
  test_block: "kill -9 1234"
  test_allow: "kill -15 1234"

- name: killall
  pattern: 'killall\s'
  severity: warn
  message: "killall sends signal to all processes matching name"
  category: process
  test_block: "killall nginx"
  test_allow: "kill -15 1234"

- name: pkill-broad
  pattern: 'pkill\s+-9\s'
  severity: warn
  message: "pkill -9 sends SIGKILL to matching processes"
  category: process
  test_block: "pkill -9 nginx"
  test_allow: "pkill -15 nginx"

- name: shutdown
  pattern: '\b(shutdown|poweroff|halt|reboot)\b'
  severity: block
  message: "System shutdown/reboot command"
  category: process
  test_block: "shutdown -h now"
  test_allow: "uptime"

- name: systemctl-stop-critical
  pattern: 'systemctl\s+stop\s+(sshd|networking|docker|k3s|kubelet)'
  severity: block
  message: "Stopping critical system service"
  category: process
  test_block: "systemctl stop docker"
  test_allow: "systemctl status docker"

- name: launchctl-unload
  pattern: 'launchctl\s+(unload|bootout)\s'
  severity: warn
  message: "macOS service unload"
  category: process
  test_block: "launchctl unload /Library/LaunchDaemons/com.example.plist"
  test_allow: "launchctl list"