How to Secure Your AI Coding Assistant
AI coding assistants like Cursor, Claude Code, and GitHub Copilot agent mode can write files, execute shell commands, and push code to production — all without explicit approval unless you gate them. SafeClaw by Authensor is an open-source safety layer that enforces deny-by-default policies on every action your coding assistant attempts, evaluating each request against your rules before execution. With 446 tests, sub-millisecond evaluation, and a hash-chained audit trail, it gives you precise control over what your AI coding agent can and cannot do.
Quick Start
Install SafeClaw in under 60 seconds:
npx @authensor/safeclawThis scaffolds a .safeclaw/ directory with a default deny-all policy. Every action your AI agent attempts will be blocked until you explicitly allow it.
The Three Attack Surfaces of AI Coding Assistants
1. File Write Gating
AI coding agents routinely write to your filesystem. Without gating, they can overwrite .env files, modify package.json dependencies, or alter CI configurations. SafeClaw lets you specify exactly which paths are writable:
# .safeclaw/policies/coding-assistant.yaml
rules:
- id: allow-src-writes
action: file.write
effect: allow
conditions:
path:
pattern: "src/*/.{ts,js,tsx,jsx}"
reason: "Agent may only write to source directories"
- id: block-config-writes
action: file.write
effect: deny
conditions:
path:
pattern: "{.env,.safeclaw/,package.json,.lock}"
reason: "Configuration and lock files are off-limits"
- id: block-all-writes
action: file.write
effect: deny
reason: "Default deny for all other file writes"
2. Shell Command Blocking
Shell access is the most dangerous capability an AI agent can have. A single rm -rf / or curl | bash can be catastrophic. SafeClaw gates every shell execution:
rules:
- id: allow-test-commands
action: shell.execute
effect: allow
conditions:
command:
pattern: "npm test*"
reason: "Allow running test suite"
- id: allow-lint
action: shell.execute
effect: allow
conditions:
command:
pattern: "npm run lint*"
reason: "Allow linting"
- id: block-destructive-commands
action: shell.execute
effect: deny
conditions:
command:
pattern: "{rm -rf,curl|bash,wget|sh,sudo}"
reason: "Block destructive or piped-execution commands"
- id: deny-all-shell
action: shell.execute
effect: deny
reason: "Default deny all shell commands"
3. Git Push Prevention
An AI agent that can push to main can deploy untested code to production. Gate git operations to enforce your team's branch protection at the agent level:
rules:
- id: allow-feature-branch-push
action: shell.execute
effect: allow
conditions:
command:
pattern: "git push origin feature/*"
reason: "Allow pushes to feature branches only"
- id: block-main-push
action: shell.execute
effect: deny
conditions:
command:
pattern: "git pushmain"
reason: "Never allow direct push to main"
- id: block-force-push
action: shell.execute
effect: deny
conditions:
command:
pattern: "git push--force"
reason: "Force push is always blocked"
Why SafeClaw
- 446 tests covering every policy evaluation path
- Deny-by-default — nothing executes unless your policy explicitly permits it
- Sub-millisecond evaluation — no perceptible latency in your coding workflow
- Hash-chained audit trail — every action attempt is logged with tamper-proof integrity
- Works with Claude AND OpenAI — provider-agnostic; one policy set for any LLM backend
Real-World Protection
When an AI coding assistant encounters a prompt injection hidden in a dependency's README that instructs it to exfiltrate your .env file, SafeClaw's file read policy blocks the access, logs the attempt, and continues execution. Your secrets stay secret, and the audit trail captures evidence for investigation.
Cross-References
- Deny-by-Default Explained
- How to Prevent AI Agents from Accessing .env Files
- How to Run Claude Code Safely
- Safe Cursor Agent Setup
Try SafeClaw
Action-level gating for AI agents. Set it up in your browser in 60 seconds.
$ npx @authensor/safeclaw