AI IDE security hook: blocks directories, scans secrets, and protects AI interactions

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for itdove from gravatar.com itdove

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: itdove team
  • Tags ai , claude , cursor , gitleaks , hooks , secrets , security
  • Requires: Python >=3.9
  • Provides-Extra: skill-discovery
Classifiers
Report project as malware

Project description

AI Guardian

AI Guardian Logo

AI IDE security hook: controls MCP/skill permissions, blocks directories, detects prompt injection, scans secrets

License Python 3.9+ PyPI version

AI Guardian provides comprehensive protection for AI IDE interactions through multiple security layers. It is not a silver bullet — use it as one layer in a defense-in-depth strategy. See Security Design for limitations and architecture.

Quick Start

pip install ai-guardian
ai-guardian setup --install-scanner --ide claude
ai-guardian scanner list

You're done! ai-guardian now protects against secrets, prompt injection, SSRF, and config exfiltration.

Features

Feature Description Docs
Secret Scanning Multi-layered detection of API keys, tokens, passwords docs/security/SECRET_SCANNING.md
PII Detection Detect personally identifiable information docs/security/SECRET_SCANNING.md
Prompt Injection Heuristic detection with configurable sensitivity docs/security/PROMPT_INJECTION.md
Unicode Attack Detection Zero-width chars, bidi override, homoglyphs docs/security/UNICODE_ATTACKS.md
SSRF Protection Block private IPs, cloud metadata, dangerous schemes docs/security/SSRF_PROTECTION.md
Config File Scanning Detect exfiltration of sensitive config files docs/security/CREDENTIAL_EXFILTRATION.md
Directory Blocking .ai-read-deny markers + config-based rules docs/security/DIRECTORY_RULES.md
Tool Permissions Allow/deny lists for Skills, MCP, Bash, Write docs/TOOL_POLICY.md
Violation Logging JSON audit trail of all blocked operations docs/VIOLATION_LOGGING.md
Sanitize Command Clean sensitive data from files docs/security/SECRET_REDACTION.md
Interactive Console TUI for managing configuration visually docs/CONSOLE.md
Scanner Management Install and manage 7 scanner engines docs/SCANNER_INSTALLATION.md
Self-Protection Prevents AI from disabling its own security controls docs/SECURITY_DESIGN.md

Default Behavior (No Configuration File)

ai-guardian provides protection immediately with zero configuration:

Feature Default Notes
Secret scanning Enabled Requires gitleaks/scanner installed
Prompt injection detection Enabled Heuristic detector
Config file scanning Enabled Detects exfiltration patterns
SSRF protection Enabled Blocks private IPs, metadata endpoints
Immutable file protection Enabled Cannot be disabled
.ai-read-deny markers Enabled Always respected
Violation logging Enabled Logs to ~/.local/state/ai-guardian/violations.jsonl
Tool/Skill permissions Allow all Configure permissions to restrict
Directory rules Allow all Configure directory_rules to restrict

Configuration

Config file: ~/.config/ai-guardian/ai-guardian.json (or $XDG_CONFIG_HOME/ai-guardian/)

ai-guardian setup --create-config              # Secure defaults (Skills/MCP blocked)
ai-guardian setup --create-config --permissive  # Permissive (all tools allowed)
ai-guardian setup --create-config --dry-run     # Preview without creating

Configuration Locations (Precedence Order)

  1. Project config (highest): ./.ai-guardian.json
  2. User config: ~/.config/ai-guardian/ai-guardian.json
  3. Remote configs: Fetched from URLs in remote_configs
  4. Defaults: Built-in defaults

Setup Command

ai-guardian setup                    # Auto-detect IDE
ai-guardian setup --ide claude       # Claude Code
ai-guardian setup --ide cursor       # Cursor IDE
ai-guardian setup --ide copilot      # GitHub Copilot
ai-guardian setup --dry-run          # Preview changes
ai-guardian setup --remote-config-url https://example.com/policy.json

Run ai-guardian setup after upgrading to get the latest hooks. See docs/CONFIGURATION.md for detailed setup options including remote configuration and hook ordering.

Action Modes

Each security policy supports three enforcement levels:

Mode Execution User Warning Use Case
block Blocked Error shown Enforce policy (default)
warn Allowed Warning shown Educate during rollout
log-only Allowed Silent Monitor silently

See docs/CONFIGURATION.md for per-feature action mode configuration.

Integration

IDE Prompt Scanning File Scanning Output Scanning Status
Claude Code CLI Yes Yes PostToolUse (ready) Full support
VS Code Claude Yes Yes PostToolUse (ready) Full support
Cursor IDE Yes Yes Yes Full support
GitHub Copilot Yes Yes Planned Full support
Aider No Yes (commit-time) No Git hook

How It Works

User prompt / Tool use
       |
  [AI Guardian Hook]
       |
  MCP/Skill check --> Not allowed? --> BLOCK
       |
  Directory check --> .ai-read-deny? --> BLOCK
       |
  Prompt injection --> Detected? -----> BLOCK
       |
  Secret scan ------> Found? --------> BLOCK
       |
  ALLOW --> Send to AI / Execute tool

PostToolUse hooks scan tool outputs using the same pipeline. See docs/SECURITY_DESIGN.md for full architecture.

Environment Variables

Variable Description Default
AI_GUARDIAN_CONFIG_DIR Custom config directory ~/.config/ai-guardian
AI_GUARDIAN_STATE_DIR State directory (logs, violations) ~/.local/state/ai-guardian
AI_GUARDIAN_CACHE_DIR Cache directory (patterns) ~/.cache/ai-guardian
AI_GUARDIAN_IDE_TYPE Override IDE auto-detection Auto-detect
AI_GUARDIAN_PATTERN_TOKEN Pattern server auth token None

Requirements

  • Python 3.9+
  • Scanner engine: gitleaks, betterleaks, leaktk, trufflehog, detect-secrets, secretlint, or gitguardian

See docs/SCANNER_INSTALLATION.md for installation instructions.

Installation

pip install ai-guardian                   # Basic
pip install ai-guardian[skill-discovery]  # With auto-discovery from GitHub/GitLab

Or from source:

git clone https://github.com/itdove/ai-guardian.git
cd ai-guardian && pip install -e .

Testing

pytest                                          # Run all tests
pytest --cov=ai_guardian --cov-report=term      # With coverage

See AGENTS.md for testing guidelines and CI/CD details.

Contributing

We welcome contributions via a fork-based workflow:

gh repo fork itdove/ai-guardian --clone
cd ai-guardian
git checkout -b feature-name
# Make changes, commit, push
gh pr create --web

See CONTRIBUTING.md for complete guidelines.

Documentation

Full documentation is available in the docs/ folder:

FAQ

Q: Why no prompt injection examples in the docs? Publishing attack patterns makes them easier to misuse and would cause ai-guardian to block its own documentation. Use test: prefixed strings for testing. See OWASP LLM Top 10 for research.

Q: What's permissions vs permissions_directories vs directory_rules? permissions = which tools can run. permissions_directories = auto-discover tool permissions from repos. directory_rules = which paths can be accessed. See docs/TOOL_POLICY.md and docs/security/DIRECTORY_RULES.md.

License

Apache 2.0 - see LICENSE file for details.

Acknowledgments

Private Repository - Will be made public after testing

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for itdove from gravatar.com itdove

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache-2.0)
  • Author: itdove team
  • Tags ai , claude , cursor , gitleaks , hooks , secrets , security
  • Requires: Python >=3.9
  • Provides-Extra: skill-discovery
Classifiers

Release history Release notifications | RSS feed

1.8.0

1.7.0

1.6.3

1.6.2

This version

1.6.1

1.6.0

1.5.1

1.5.0

1.4.2

1.4.1

1.4.0

1.3.0

1.2.0

1.1.1

1.1.0

1.0.1

1.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ai_guardian-1.6.1.tar.gz (8.3 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ai_guardian-1.6.1-py3-none-any.whl (7.9 MB view details)

Uploaded Python 3

File details

Details for the file ai_guardian-1.6.1.tar.gz.

File metadata

  • Download URL: ai_guardian-1.6.1.tar.gz
  • Upload date:
  • Size: 8.3 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for ai_guardian-1.6.1.tar.gz
Algorithm Hash digest
SHA256 5de906008895b2b4f9dcb4440506b2b82cfa3661807aa1c391bf25e34e6f1058
MD5 b1e792bc0a6ded0a46d258332752d8a4
BLAKE2b-256 3a3359e2fcbc9eb876174990864810812b0e2b7827327151a99ebddbcb66d3cc

See more details on using hashes here.

Provenance

The following attestation bundles were made for ai_guardian-1.6.1.tar.gz:

Publisher: publish.yml on itdove/ai-guardian

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file ai_guardian-1.6.1-py3-none-any.whl.

File metadata

  • Download URL: ai_guardian-1.6.1-py3-none-any.whl
  • Upload date:
  • Size: 7.9 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for ai_guardian-1.6.1-py3-none-any.whl
Algorithm Hash digest
SHA256 dabb0a1ca4652b5ce112152144400baef220e6eb829aeb6c558758ba67f09595
MD5 5ede86cf6f5ceb61873c517bbb593722
BLAKE2b-256 e91d6baa1cdc363d298c2067322f3df4caa4815ab0cb640e6595393a7d7917e3

See more details on using hashes here.

Provenance

The following attestation bundles were made for ai_guardian-1.6.1-py3-none-any.whl:

Publisher: publish.yml on itdove/ai-guardian

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page