Simulate, Verify, Execute — a safety layer for coding agents
Project description
svx — Simulate, Verify, Execute
A safety layer for coding agents. Before any action touches your codebase, svx simulates the outcome, verifies it against safety policies, and gives a clear verdict.
Core principle: simulation is for proposal; verification is for commitment.
Why
Coding agents (Claude Code, Copilot, Cursor, Aider) make mistakes — destructive commands, wrong git operations, irreversible changes. Current safety is either "human watches everything" (doesn't scale) or static blocklists (no context). svx adds intelligent, context-aware simulation.
Install
pip install -e .
Usage
Check a command before running it
svx check "git push --force origin main"
svx ~ git push --force origin main
────────────────────────────────────────────────────────
Verdict: BLOCK
Risk: CRITICAL
Force-push to main — rewrites remote history
Effects:
→ Remote branch 'main' will be overwritten
→ Commits on remote not in local will become unreachable
Reasons:
! BLOCKED: Force push to main/master is not allowed
Suggestions:
> Do not run this command.
> Consider a safer alternative.
Safe commands pass through
svx check "git status"
svx ~ git status
────────────────────────────────────────────────────────
Verdict: ALLOW
Risk: NONE
git status: read-only or low-risk operation
Chained commands — each one analyzed
svx check "git add . && git commit -m 'fix' && git push --force origin master"
svx analyzes each command in the chain independently. If any step is blocked, the whole chain is blocked.
JSON output for programmatic use
svx check "git reset --hard HEAD" --json
Claude Code hook integration
svx can run as a pre-tool hook for Claude Code, automatically intercepting every shell command:
svx hook # reads tool input from stdin
View audit log
svx audit --tail 20
What it catches
| Command | Verdict | Why |
|---|---|---|
git push --force origin main |
BLOCK | Force push to main — irreversible, rewrites history |
git reset --hard HEAD~3 |
CONFIRM | Destroys uncommitted changes |
git clean -fd |
CONFIRM | Permanently deletes untracked files |
git branch -D feature |
CONFIRM | Force-deletes branch, may lose unmerged work |
rm -rf build/ |
CONFIRM | Recursive delete, untracked files unrecoverable |
kill -9 1234 |
CONFIRM | Force-kills process, unsaved state lost |
git push origin feature |
ALLOW | Normal push, reversible |
git status |
ALLOW | Read-only |
npm install lodash |
ALLOW | Reversible package install |
How it works
Command → Parse → Snapshot world state → Simulate outcome → Verify safety → Verdict
- Parse: Break the command into program, subcommand, flags, targets
- Snapshot: Capture current git state, file existence, sizes, tracking status
- Simulate: Predict effects using dry-run flags and heuristic analysis (no LLM calls)
- Verify: Score risk based on reversibility, blast radius, data loss, and policies
- Verdict: ALLOW, CONFIRM, or BLOCK — with reasons and suggestions
- Audit: Log every decision with full provenance
Policies
Safety rules are defined in policies/default.yaml:
blocks:
force_push_to_main: true
delete_root: true
confirmations:
irreversible_actions: true
data_loss: true
force_flags: true
thresholds:
max_blast_radius_without_confirm: 5
Project Scoping
SVX only guards projects you opt into — like git only works inside a .git/ repo:
cd my-project
svx init # creates .svx/ directory
svx init --mode strict # confirm risky ops
svx init --mode vibe # only block catastrophic (default)
Operations outside .svx/ projects are auto-allowed.
Modes
- vibe (default): Only BLOCK verdicts deny. CONFIRM verdicts auto-allow with logging. For when you trust the agent but want catastrophic-only protection.
- strict: Both BLOCK and CONFIRM verdicts require approval. For sensitive repositories.
Exit codes
0— ALLOW1— CONFIRM (needs user approval)2— BLOCK (should not run)
Architecture
- No LLM calls — pure deterministic analysis in v0.1
- Uses real data — git dry-runs, file stats, not guesswork
- Fast — runs in <100ms for most commands
- Provenance — every decision logged with full context
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file svx-0.3.0.tar.gz.
File metadata
- Download URL: svx-0.3.0.tar.gz
- Upload date:
- Size: 33.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
46df8153caa79a7581d83f9c4c58560b0bb64cbf5cfe5f31b75bce0b2dda1ac8
|
|
| MD5 |
6b3c264410f2927f98b638b76231c649
|
|
| BLAKE2b-256 |
7ceb261fa2ab6799558040496e99d4c2a5c4f4e8bee04c605303b7eba1a70d48
|
File details
Details for the file svx-0.3.0-py3-none-any.whl.
File metadata
- Download URL: svx-0.3.0-py3-none-any.whl
- Upload date:
- Size: 30.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.2
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
92aba87475a329ce1125fdf45033f1990670934570b36738eeca1f4b4413618a
|
|
| MD5 |
70fcbedc8896a4704a304fc1f8d6cfef
|
|
| BLAKE2b-256 |
b2f12e96b7c41705151059ba6ec684fbce8a2f74e8e9c66089a392efedef4ae5
|
