{"id":13648582,"url":"https://github.com/kaplanelad/shellfirm","last_synced_at":"2026-03-12T07:04:59.447Z","repository":{"id":41581165,"uuid":"441537080","full_name":"kaplanelad/shellfirm","owner":"kaplanelad","description":"Safety guardrails for ai coding agents and human terminal commands","archived":false,"fork":false,"pushed_at":"2026-03-06T06:41:21.000Z","size":1341,"stargazers_count":882,"open_issues_count":0,"forks_count":28,"subscribers_count":4,"default_branch":"main","last_synced_at":"2026-03-06T09:53:31.009Z","etag":null,"topics":["agent","ai","captcha","devops","devops-tools","mcp","prompt","rust","shell","terminal","zsh"],"latest_commit_sha":null,"homepage":"https://shellfirm.vercel.app/","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kaplanelad.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":"kaplanelad"}},"created_at":"2021-12-24T19:00:12.000Z","updated_at":"2026-03-06T07:47:06.000Z","dependencies_parsed_at":"2024-01-23T21:17:06.629Z","dependency_job_id":"d610d32e-8ccb-42e8-95d5-6be8b574f6f3","html_url":"https://github.com/kaplanelad/shellfirm","commit_stats":{"total_commits":230,"total_committers":11,"mean_commits":20.90909090909091,"dds":0.4304347826086956,"last_synced_commit":"280b67e51e1dc1f7ff502905d3a26453d4045a8a"},"previous_names":[],"tags_count":25,"template":false,"template_full_name":null,"purl":"pkg:github/kaplanelad/shellfirm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaplanelad%2Fshellfirm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaplanelad%2Fshellfirm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaplanelad%2Fshellfirm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaplanelad%2Fshellfirm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kaplanelad","download_url":"https://codeload.github.com/kaplanelad/shellfirm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kaplanelad%2Fshellfirm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30417686,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T06:40:58.731Z","status":"ssl_error","status_checked_at":"2026-03-12T06:40:40.296Z","response_time":114,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["agent","ai","captcha","devops","devops-tools","mcp","prompt","rust","shell","terminal","zsh"],"created_at":"2024-08-02T01:04:22.050Z","updated_at":"2026-03-12T07:04:59.429Z","avatar_url":"https://github.com/kaplanelad.png","language":"Rust","readme":"\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github.com/kaplanelad/shellfirm/actions/workflows/ci.yaml/badge.svg\"/\u003e\n\u003cimg src=\"https://github.com/kaplanelad/shellfirm/actions/workflows/release.yml/badge.svg\"/\u003e\n\u003c/p\u003e\n\n# shellfirm\n\n**Think before you execute.**\n\nHumans make mistakes. AI agents make them faster. shellfirm intercepts dangerous shell commands before the damage is done — for both.\n\n```\n$ rm -rf ./src\n============ RISKY COMMAND DETECTED ============\nSeverity: Critical\nBlast radius: [PROJECT] — Deletes 347 files (12.4 MB) in ./src\nDescription: You are going to delete everything in the path.\n\nSolve the challenge: 8 + 0 = ? (^C to cancel)\n```\n\n```\n$ git push origin main --force\n============ RISKY COMMAND DETECTED ============\nSeverity: High\nBlast radius: [RESOURCE] — Force-pushes branch main (3 commits behind remote)\nDescription: This command will force push and overwrite remote history.\nAlternative: git push --force-with-lease\n  (Checks that your local ref is up-to-date before force pushing, preventing accidental overwrites of others' work.)\n\nSolve the challenge: 3 + 5 = ? (^C to cancel)\n```\n\n---\n\n## Features\n\n- **100+ patterns** across 9 ecosystems (filesystem, git, Kubernetes, Terraform, Docker, AWS, GCP/Azure, Heroku, databases)\n- **8 shells** — Zsh, Bash, Fish, Nushell, PowerShell, Elvish, Xonsh, Oils\n- **Context-aware escalation** — harder challenges when connected via SSH, running as root, on protected git branches, or in production Kubernetes clusters\n- **Safe alternative suggestions** — actionable safer commands shown alongside every warning\n- **Severity levels** with configurable thresholds (`Critical`, `High`, `Medium`, `Low`, `Info`)\n- **Project policies** — share team safety rules via `.shellfirm.yaml` (additive-only, never weakens)\n- **Audit trail** — every intercepted command and decision logged as JSON-lines\n- **Blast radius detection** — runtime context signals feed into risk scoring\n- **MCP server** — expose shellfirm as an AI tool for Claude Code, Cursor, and other agents\n\n---\n\n## AI Agent Integration\n\nshellfirm ships as an [MCP](https://modelcontextprotocol.io/) server so AI coding agents can check commands before running them.\n\n### MCP Tools\n\n| Tool | Description |\n|------|-------------|\n| `check_command` | Check if a command is risky — returns severity, matched rules, and alternatives |\n| `suggest_alternative` | Get safer replacement commands |\n| `explain_risk` | Detailed explanation of why a command is dangerous |\n| `get_policy` | Read the active shellfirm configuration and project policy |\n\n### MCP Setup\n\n#### Claude Code\n\nAdd to `~/.claude.json` (global) or `.claude.json` (per-project):\n\n```json\n{\n  \"mcpServers\": {\n    \"shellfirm\": {\n      \"command\": \"shellfirm\",\n      \"args\": [\"mcp\"]\n    }\n  }\n}\n```\n\nFor Cursor, Windsurf, Zed, Cline, Continue, Amazon Q, and other MCP-compatible tools, see the [integration guides](https://shellfirm.vercel.app/docs/agents-and-automation/cursor-and-others).\n\n---\n\n## Installation\n\n### npm\n\n```bash\nnpm install -g @shellfirm/cli\n```\n\n### Homebrew\n\n```bash\nbrew tap kaplanelad/tap \u0026\u0026 brew install shellfirm\n```\n\n### Cargo\n\n```bash\ncargo install shellfirm\n```\n\nOr download the binary from the [releases page](https://github.com/kaplanelad/shellfirm/releases).\n\n---\n\n## Quick Start\n\n**1. Install the shell hook** (auto-detects your shell):\n\n```bash\nshellfirm init --install\n```\n\n**2. Restart your shell** (or `source` your rc file).\n\n**3. Try it:**\n\n```bash\ngit reset --hard  # Should trigger shellfirm!\n```\n\nFor manual setup, shell-specific instructions, and Oh My Zsh plugin, see the [shell setup docs](https://shellfirm.dev/docs/getting-started/shell-setup).\n\n---\n\n## Documentation\n\nFull documentation is available at **[shellfirm.dev](https://shellfirm.dev)**:\n\n- [Configuration](https://shellfirm.dev/docs/configuration) — challenge types, severity thresholds, custom checks\n- [Context-Aware Protection](https://shellfirm.dev/docs/context-aware) — SSH, root, git branches, Kubernetes, environment variables\n- [Team Policies](https://shellfirm.dev/docs/team-policies) — `.shellfirm.yaml` project-level rules\n- [AI Agents \u0026 Automation](https://shellfirm.vercel.app/docs/agents-and-automation) — MCP server, LLM analysis, agent mode\n\n---\n\n## Contributing\n\nContributions are welcome! Please open an issue or pull request on [GitHub](https://github.com/kaplanelad/shellfirm).\n\n## License\n\n[Apache-2.0](LICENSE)\n","funding_links":["https://github.com/sponsors/kaplanelad"],"categories":["Terminal","Plugins","Rust","🚀 AI Tools for Vim, Neovim, and Terminal","agent"],"sub_categories":["Development","ZSH on Windows"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaplanelad%2Fshellfirm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkaplanelad%2Fshellfirm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkaplanelad%2Fshellfirm/lists"}