Claude Code security guard - an alternative Claude Code permission framework
Project description
claudeguard
claudeguard enhances Claude Code with automated security decisions using pattern matching and team-shareable profiles.
Why claudeguard?
Claude Code's permission prompts are great for security but repetitive for routine tasks. claudeguard automates common decisions while keeping you in control of sensitive operations.
How it works
claudeguard uses the PreToolUse Claude Code hook to intercept tool calls and override Claude Code's builtin permission logic
Features
- Pattern matching:
Edit(src/**),Bash(/git status/),Bash(rm -rf*) - Team sharing: Profiles stored in
.claudeguard/profiles/ - Zero config: Works immediately with sensible rules
Quick Start
# Install
uv tool install claudeguard
# Setup in your project
cd your-claude-code-project
claudeguard install
# Use Claude Code normally - claudeguard works in the background
claude
How It Works
claudeguard matches tool calls against rules in .claudeguard/profiles/default.yaml:
rules:
- pattern: "Read(*)"
action: allow
- pattern: "Edit(*.md)"
action: allow
- pattern: "Bash(/git (status|diff)/)"
action: allow
- pattern: "Edit(src/**)"
action: ask
- pattern: "Bash(rm -rf*)"
action: deny
- pattern: "*"
action: ask
First matching rule wins. Actions: allow, ask, deny.
Commands
claudeguard install- Setup in current projectclaudeguard status- Show configurationclaudeguard create-profile- Create new profileclaudeguard list-profiles- List profilesclaudeguard switch-profile- Switch profileclaudeguard delete-profile- Delete profileclaudeguard uninstall- Remove from project
Pattern Examples
| Pattern | Matches | Action |
|---|---|---|
Read(*) |
All file reads | allow |
Edit(*.md) |
Markdown files | allow |
Bash(/git (status|diff)/) |
Safe git commands | allow |
Edit(src/**) |
Code files | ask |
Bash(rm -rf*) |
Destructive commands | deny |
Custom Profiles
Create profiles for different security levels:
# .claudeguard/profiles/strict.yaml
name: "strict-policy"
description: "Strict security for production"
rules:
- pattern: "Read(*)"
action: allow
- pattern: "Edit(docs/**)"
action: allow
- pattern: "Edit(*)"
action: ask
- pattern: "Bash(/git (status|diff|log)/)"
action: allow
- pattern: "Bash(*)"
action: deny
- pattern: "*"
action: deny
Development
git clone https://github.com/tarovard/claudeguard
cd claudeguard
uv sync # Install dependencies
uv run pre-commit install # Setup git hooks
# Test and lint
uv run pytest # Run tests
uv run mypy src tests # Type checking
uv run ruff check --fix . # Format and lint
License
MIT - see LICENSE file.
Contributing
Bug reports and feature requests welcome at GitHub Issues.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file claudeguard-0.1.2.tar.gz.
File metadata
- Download URL: claudeguard-0.1.2.tar.gz
- Upload date:
- Size: 136.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
fb75e78d9b5425bb609a0256e7989240341eab102f7214547301467de7113bd2
|
|
| MD5 |
a6337f7f80f069ee828ac47f0fe8fd66
|
|
| BLAKE2b-256 |
4d93331223912e46a35a559b258fa9e1f9e05035bc16f263b1ffccf950595d84
|
File details
Details for the file claudeguard-0.1.2-py3-none-any.whl.
File metadata
- Download URL: claudeguard-0.1.2-py3-none-any.whl
- Upload date:
- Size: 19.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d7c284c418bf42b683094f9ca5c72b6bc497bf257a2c0a6d539740622bb10385
|
|
| MD5 |
3570a41cc51b7d5ccdadc73b398db668
|
|
| BLAKE2b-256 |
5786263a47a466aeaf9192bd9b646f7167af7c9ce0f3c4e8f862e459736f50d6
|
