Stop an AI coding agent from accidentally running a destructive command like rm -rf on the wrong path.
Require confirmation before an agent runs risky actions such as a forced git push or a piped-in remote script.
Add a project-only safety rule that an agent's configuration cannot silently weaken or disable.
| alvi-uiu/runward | abhay-pratapsingh-ctrl/chaptr | abhishek-akkal/finova | |
|---|---|---|---|
| Stars | 0 | 0 | 0 |
| Language | JavaScript | JavaScript | JavaScript |
| Setup difficulty | easy | hard | easy |
| Complexity | 2/5 | 5/5 | 1/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
Focused on Unix, macOS, and Linux shells, Windows and PowerShell are not yet covered.
Runward is a safety tool that sits between an AI coding agent, such as Claude Code or Codex, and the shell commands that agent tries to run on your computer. Before a command actually executes, Runward checks it against a set of rules and either allows it, blocks it, or asks you to confirm first, along with a short explanation of why. The author is upfront that this is described as a seatbelt, not a sandbox. It is meant to catch honest mistakes and accidents, like an agent running a command that deletes your entire home folder, downloading and running a script straight from the internet, or force pushing over your main branch. It is not designed to stop a determined attacker who deliberately disguises a dangerous command, since a text pattern filter can always be worked around if someone tries hard enough. For real protection against a hostile actor, the author recommends running the agent inside a container or as a restricted user instead. Installing it requires Node version 18 or higher and has no external dependencies. For Claude Code specifically, running one setup command registers Runward so it automatically checks every shell command the agent tries to run from then on, and a second command lets you verify the check is actually working rather than silently doing nothing. Because it is a plain command line tool under the hood, any other AI agent can also call it directly and act on its response. The rules it checks for cover things like deleting large parts of the filesystem, downloading and running remote scripts, leaking files such as environment variables or SSH keys over the network, wiping disks, granting overly broad permissions, and destructive git operations like a forced push or a hard reset. Project-level configuration files can only make the rules stricter, not weaker, so a compromised project cannot quietly turn the protection off. Everything can also be tuned or extended through a configuration file.
A command line safety check that inspects shell commands from AI coding agents like Claude Code before they run, blocking or asking about clearly dangerous ones.
Mainly JavaScript. The stack also includes Node.js, JavaScript, CLI.
MIT license: free to use, modify, and share, including for commercial purposes, as long as the copyright notice is kept.
Setup difficulty is rated easy, with roughly 5min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.