{"id":49301069,"url":"https://github.com/harikrishnareddyl/cato","last_synced_at":"2026-04-29T02:15:05.741Z","repository":{"id":353894626,"uuid":"1221323294","full_name":"Harikrishnareddyl/cato","owner":"Harikrishnareddyl","description":"Universal AI agent safety layer — protect files and commands with configurable rules","archived":false,"fork":false,"pushed_at":"2026-04-26T07:08:12.000Z","size":196,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-26T07:25:50.310Z","etag":null,"topics":["ai","claude-code","cli","developer-tools","rust","safety","security"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Harikrishnareddyl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-26T03:35:38.000Z","updated_at":"2026-04-26T07:08:15.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/Harikrishnareddyl/cato","commit_stats":null,"previous_names":["harikrishnareddyl/cato"],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/Harikrishnareddyl/cato","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Harikrishnareddyl%2Fcato","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Harikrishnareddyl%2Fcato/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Harikrishnareddyl%2Fcato/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Harikrishnareddyl%2Fcato/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Harikrishnareddyl","download_url":"https://codeload.github.com/Harikrishnareddyl/cato/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Harikrishnareddyl%2Fcato/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32407278,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-28T19:38:08.556Z","status":"online","status_checked_at":"2026-04-29T02:00:06.602Z","response_time":110,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai","claude-code","cli","developer-tools","rust","safety","security"],"created_at":"2026-04-26T07:01:19.547Z","updated_at":"2026-04-29T02:15:05.712Z","avatar_url":"https://github.com/Harikrishnareddyl.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cato\n\nUniversal AI agent safety layer. Drop a `.cato.toml` in your project, and it protects your files and commands from any AI coding agent.\n\n```\nnpm install -g cato-cli # coming soon\npip install cato-cli # coming soon\nbrew install cato # coming soon\ncargo install cato # from source\n```\n\n## Quick start\n\n```bash\n# In your project\ncato init # creates .cato.toml with default rules\ncato adapt claude-code # sets up Claude Code hooks\ncato check .env # test: denied\ncato check main.rs # test: allowed\n```\n\nThat's it. Any AI agent with hooks configured will now respect your rules.\n\n## How it works\n\n```\nAI agent tries to read .env\n |\n v\nAgent hook → cato hook claude-code (reads stdin JSON)\n |\n v\nWalks up from cwd, finds .cato.toml\n |\n v\nEvaluates rules: .env matches \"*.env\" → deny\n |\n v\nReturns {\"permissionDecision\": \"deny\"} → agent blocked\n```\n\nSingle binary. No daemon. No background process. Just reads config, evaluates rules, exits. Under 5ms.\n\n## .cato.toml\n\nDrop this in your project root. Commit to git. Your whole team gets the same protection.\n\n```toml\n# .cato.toml\n\n[[rules]]\nname = \"protect-env\"\nfile_match = [\"*.env\", \"*.env.*\"]\naction = \"deny\"\nmessage = \"Environment files are protected\"\n\n[[rules]]\nname = \"protect-keys\"\nfile_match = [\"*.pem\", \"*.key\", \"*.p12\"]\naction = \"deny\"\nmessage = \"Key files are protected\"\n\n[[rules]]\nname = \"no-force-push\"\ncommand = \"git\"\nargs_contain = [\"push\", \"--force\"]\naction = \"deny\"\nmessage = \"Force push is not allowed\"\n```\n\n### Rule fields\n\n| Field | Description |\n|-------|-------------|\n| `name` | Rule identifier |\n| `group` | Optional grouping |\n| `description` | Optional description |\n| `command` | Command to match (string or array) |\n| `args_contain` | Required substrings in command args |\n| `args_match` | Glob patterns for args |\n| `file_match` | Glob patterns for file paths |\n| `path_in` | Only apply in these directories |\n| `path_not` | Don't apply in these directories |\n| `action` | `\"allow\"` or `\"deny\"` |\n| `message` | Shown when blocked |\n| `enabled` | Toggle without deleting |\n\nFirst match wins. File rules always checked even when a command is allowed (catches `cat .env`).\n\n## CLI\n\n```bash\ncato init # Create .cato.toml with defaults\ncato check \u003ctarget\u003e # Test if file/command is allowed\ncato adapt \u003cagent\u003e # Set up agent hooks (claude-code, all)\ncato audit # View audit log\ncato audit -f # Follow new entries\ncato audit -q denied # Filter entries\ncato hook claude-code # Hook mode (called by agents)\ncato hook check --op read --target .env # Generic hook\n```\n\n## Supported agents\n\n| Agent | Status | Setup |\n|-------|--------|-------|\n| Claude Code | Supported | `cato adapt claude-code` |\n| Cursor | Planned | Extension |\n| VS Code Copilot | Planned | Extension |\n| Aider | Planned | Config |\n| Open Interpreter | Planned | Plugin |\n\n### Adding your own adapter\n\nAny tool that can run a command before executing can use Cato:\n\n```bash\n# Generic hook — exit 0 = allow, exit 1 = deny\ncato hook check --op read --target /path/to/file\necho $?\n\n# Or pipe JSON\necho '{\"tool_name\":\"Read\",\"tool_input\":{\"file_path\":\".env\"}}' | cato hook claude-code\n```\n\n## Global rules\n\nRules in `~/.cato/config.toml` apply everywhere. Project `.cato.toml` rules are merged after (global deny can't be overridden by project allow).\n\n## Audit log\n\nEvery check is logged to `~/.cato/audit.jsonl` as structured JSON:\n\n```json\n{\"ts\":\"2026-04-26T00:00:00Z\",\"op\":\"file\",\"target\":\".env\",\"cwd\":\"/project\",\"agent\":\"claude-code\",\"rule\":\"protect-env\",\"decision\":\"denied\",\"message\":\"Environment files are protected\"}\n```\n\nPipe to `jq`, send to Datadog, tail with `cato audit -f`.\n\n## Building from source\n\n```bash\ngit clone https://github.com/Harikrishnareddyl/cato.git\ncd cato\ncargo build --release\n./target/release/cato init\n./target/release/cato adapt claude-code\n```\n\n## Requirements\n\n- macOS, Linux, or Windows (anywhere Rust compiles)\n- For Claude Code: hooks support (built-in)\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharikrishnareddyl%2Fcato","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fharikrishnareddyl%2Fcato","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fharikrishnareddyl%2Fcato/lists"}