random1st/secguard

87 stars · Last commit 2026-07-08

3-level security toolkit for AI agents: regex patterns, heuristic rules, ML classification. Claude Code hooks, git pre-commit, CI/CD scanner.

README preview

> ⚠️ **Synced from Diana monolith — do not edit here.** Canonical sources live at https://github.com/random1st/diana under `rust/crates/diana-{guard,secrets,secguard-brain}/`. Published via `tools/release-secguard.sh` from the monolith. PRs against this repo for code changes will be redirected upstream.
>
> Active hardening: [RAN-411 secguard v2](https://linear.app/random1st/issue/RAN-411).
# secguard

3-level security guard for AI coding agents. Catches leaked credentials and blocks destructive shell commands before they execute.

Built for [Claude Code](https://claude.ai/code), Gemini CLI, and Codex workflows. Also works anywhere: CI pipelines, git pre-commit, standalone CLI.

## What it does

Two guards, three levels of detection each.

**Secrets scanning.** Catches credentials before they leak into logs, tool output, or cloud APIs. 150+ regex patterns: AWS access keys (`AKIA*`), Stripe (`sk_live_*`, `pk_live_*`), GitHub PATs (`ghp_*`, `github_pat_*`), Anthropic/OpenAI API keys, Slack tokens, JWTs, private key blocks, database connection strings (postgres, mysql, mongodb, redis), SendGrid, Twilio, npm/PyPI tokens, generic `password=`/`secret=` assignments. Keyword pre-filter skips regex when no relevant substring exists (fast on large inputs). High-entropy token detection (Shannon entropy >= 3.5 bits/char, 16+ chars) picks up things regex misses. Optional ML classifier as final pass.

**Destructive command guard.** Blocks commands that delete data, rewrite history, or bypass safety checks. Three phases run in order; first match wins:

*Phase 0: Policy allowlist.* Some operations are always safe. Configured process cleanup (`pkill`/`killall` targets from `safe_kill_targets`), `git push` without `--force`, and read-only kubectl (`get`, `describe`, `logs`) can pass here. Compound commands (`&&`, `||`, `;`, `|`) are split and every part must pass independently.

*Phase 1: Heuristic rules.* 40+ patterns, zero latency:

View full repository on GitHub →