Skip to content

feat(plugin): live AI guardrails — real-time rule violation interception#1455

Merged
JeremyDev87 merged 1 commit into
masterfrom
feat/live-guardrails-1439
Apr 10, 2026
Merged

feat(plugin): live AI guardrails — real-time rule violation interception#1455
JeremyDev87 merged 1 commit into
masterfrom
feat/live-guardrails-1439

Conversation

@JeremyDev87

@JeremyDev87 JeremyDev87 commented Apr 9, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add RuleChecker module that intercepts Edit/Write tool calls in PreToolUse hook and detects security violations before code lands in the codebase
  • Detects SQL injection (f-string, %-format, concatenation), XSS (innerHTML, document.write, dangerouslySetInnerHTML), hardcoded secrets (API keys, passwords, AWS credentials), and dangerous eval/exec calls
  • Strict mode adds shell injection detection (subprocess shell=True, os.system)
  • Add ViolationRenderer with unicode box-drawing output and compact hook format
  • Configurable via CODINGBUDDY_GUARDRAIL_LEVEL env var: strict, normal (default), off
  • False-positive filtering: skips comments, env var references, placeholder values
  • 50 comprehensive tests covering all patterns and edge cases

Test plan

  • python3 -m pytest packages/claude-code-plugin/hooks/tests/test_rule_checker.py -v — 39 tests pass
  • python3 -m pytest packages/claude-code-plugin/hooks/tests/test_violation_renderer.py -v — 11 tests pass
  • Plugin CI: lint, format:check, typecheck, test:coverage, circular, build — all pass
  • Security audit: all 3 workspaces clean
  • Verify guardrail triggers on actual Edit with SQL injection content
  • Verify CODINGBUDDY_GUARDRAIL_LEVEL=off disables all checks

Closes #1439

@JeremyDev87
feat(plugin): add live AI guardrails for real-time rule violation int…
e661b66 
…erception

- Add RuleChecker with pattern detection for SQL injection, XSS,
  hardcoded secrets, eval/exec, and shell injection (strict mode)
- Add ViolationRenderer with unicode box formatting and hook output
- Wire guardrails into PreToolUse hook for Edit/Write tool calls
- Configurable via CODINGBUDDY_GUARDRAIL_LEVEL (strict/normal/off)
- False-positive filtering: skip comments, env var refs, placeholders
- 50 tests covering all detection patterns and edge cases

Closes #1439
@JeremyDev87 JeremyDev87 added feat plugin packages/claude-code-plugin wow-experience Plugin Wow Experience Design P1 Priority 1: First Impression labels Apr 9, 2026
@vercel

vercel Bot commented Apr 9, 2026
edited
Loading

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
codingbuddy-landing Ready Ready Preview, Comment Apr 9, 2026 5:35pm

@JeremyDev87 JeremyDev87 self-assigned this Apr 10, 2026
@JeremyDev87 JeremyDev87 merged commit bd033cc into master Apr 10, 2026
29 checks passed
@JeremyDev87 JeremyDev87 deleted the feat/live-guardrails-1439 branch April 10, 2026 01:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@JeremyDev87 JeremyDev87

Labels

feat P1 Priority 1: First Impression plugin packages/claude-code-plugin wow-experience Plugin Wow Experience Design

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat(plugin): Live AI Guardrails — real-time rule violation interception in PreToolUse

1 participant

@JeremyDev87