Skip to content

efij/secure-claude-code

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

64 Commits
.claude-plugin
.claude-plugin
 
 
.codex-plugin
.codex-plugin
 
 
.github/workflows
.github/workflows
 
 
bin
bin
 
 
config
config
 
 
hooks
hooks
 
 
modules
modules
 
 
packaging
packaging
 
 
profiles
profiles
 
 
rules/common
rules/common
 
 
runtimes
runtimes
 
 
scripts
scripts
 
 
skills
skills
 
 
tests
tests
 
 
web/gateway
web/gateway
 
 
.gitignore
.gitignore
 
 
.mcp.json
.mcp.json
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
GUARDS.md
GUARDS.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
ROADMAP.md
ROADMAP.md
 
 
RUNTIMES.md
RUNTIMES.md
 
 
SECURITY.md
SECURITY.md
 
 
SECURITY_MODEL.md
SECURITY_MODEL.md
 
 
SIGNATURES.md
SIGNATURES.md
 
 
VERSION
VERSION
 
 
install.ps1
install.ps1
 
 
install.sh
install.sh
 
 
uninstall.ps1
uninstall.ps1
 
 
uninstall.sh
uninstall.sh
 
 
update.ps1
update.ps1
 
 
update.sh
update.sh
 
 

Repository files navigation

Runwall

Runtime security guardrails for Claude Code, Codex, and MCP-based coding setups.

Runwall sits between the agent and risky actions so you can:

  • block obvious bad shell, git, MCP, and exfiltration flows
  • scan a repo or runtime setup before enabling it
  • keep a practical security baseline without turning normal coding into sludge

CI Release License

Why Use It

Coding agents can:

  • run shell commands
  • edit files
  • push git changes
  • call MCP tools
  • touch secrets, browsers, databases, and local services

That is useful, but it is also enough to leak data or damage a machine fast.

Runwall helps reduce that risk with:

  • preflight checks before risky actions run
  • output inspection after tools return untrusted content
  • local trust tracking for tools, hooks, data stores, IPC targets, and approvals
  • installable profiles: minimal, balanced, and strict

Fast Start

Claude Code

claude plugin marketplace add efij/secure-claude-code
claude plugin install runwall@runwall
claude plugin list

Expected result:

  • runwall@runwall
  • Status: enabled

Codex

If your Codex supports local bundle install, install this repo as a plugin bundle.

Fallback:

./bin/runwall generate-runtime-config codex balanced

Local CLI Install

git clone https://github.com/efij/secure-claude-code.git
cd secure-claude-code
./bin/runwall install balanced
./bin/runwall doctor

Profiles

  • minimal: lowest friction
  • balanced: sensible default
  • strict: strongest blocking and review prompts

What It Protects

  • shell execution
  • git and repo actions
  • MCP requests and responses
  • plugin and skill trust boundaries
  • secrets and local credential stores
  • local services, IPC, and browser sessions
  • destructive actions and production access
Protection families
  • Secrets & Identity
  • Supply Chain & Dependencies
  • Git & Source Control
  • MCP, Plugins & Skills
  • Runtime, Network & Egress
  • Infra & Production Access
  • Trust, Persistence & Evasion
  • Quality & Workflow
  • Memory & Knowledge
  • SaaS & Control Planes
  • Fileless & Inline Execution
  • Remote Content Promotion
  • Local Data Stores
  • Local IPC & Helpers
  • Publish, Release & Supply Chain
  • Destructive Actions & Blast Radius

Full guard inventory: GUARDS.md

Common Commands

./bin/runwall install balanced
./bin/runwall doctor
./bin/runwall audit .
./bin/runwall list protections
./bin/runwall list runtimes
./bin/runwall generate-runtime-config codex balanced
./bin/runwall generate-runtime-config cursor balanced
./bin/runwall generate-runtime-config windsurf balanced
./bin/runwall generate-runtime-config claude-desktop balanced
Advanced trust-plane commands 
./bin/runwall tools list --json
./bin/runwall tools approve <name-or-path>
./bin/runwall hooks list --json
./bin/runwall hooks diff <path-or-key>
./bin/runwall approvals list --json
./bin/runwall services list --json
./bin/runwall data list --json
./bin/runwall ipc list --json
./bin/runwall browser sessions --json
./bin/runwall flow list --json
./bin/runwall agents graph --json
./bin/runwall memory list --json
./bin/runwall knowledge list --json
./bin/runwall review list --json
./bin/runwall artifacts list --json
./bin/runwall release list --json
./bin/runwall destructive list --json
./bin/runwall handoff graph --json
./bin/runwall auth list --json
./bin/runwall apps list --json
./bin/runwall safety list --json

Supported Runtimes

Runtime Status How
Claude Code First-class native plugin hooks
Codex Supported plugin bundle or generated MCP config
Cursor Supported generated mcp.json
Windsurf Supported generated mcp_config.json
Claude Desktop Supported generated claude_desktop_config.json
Generic MCP clients Supported inline MCP gateway
CI Supported CLI policy checks

More detail: RUNTIMES.md

Audit First

If you want to inspect before enabling:

./bin/runwall audit .
./bin/runwall audit . --format html --output runwall-audit.html
./bin/runwall audit . --format sarif --output runwall-audit.sarif

Troubleshooting

Claude plugin says failed to load

Run:

claude plugin uninstall runwall@runwall
claude plugin marketplace remove runwall
claude plugin marketplace add efij/secure-claude-code
claude plugin install runwall@runwall
claude plugin list

You want:

  • Status: enabled

If GitHub still serves an older broken marketplace state, install from a local checkout until the fix is pushed:

cd ..
git clone https://github.com/efij/secure-claude-code.git
claude plugin marketplace add ./secure-claude-code
claude plugin install runwall@runwall

CI is failing

Run the local smoke checks:

bash tests/smoke.sh

If you only want the quick sanity path:

bash -n bin/shield install.sh update.sh uninstall.sh hooks/lib/patterns.sh tests/smoke.sh
python3 -m py_compile scripts/runwall_tools.py
./bin/runwall generate-plugin-hooks balanced /tmp/runwall-hooks.json
claude plugin validate .

Install Methods

More install options

macOS / Linux bootstrap

curl -fsSL https://raw.githubusercontent.com/efij/secure-claude-code/main/scripts/bootstrap.sh | bash -s -- --repo efij/secure-claude-code --ref main --profile balanced

Windows bootstrap

irm https://raw.githubusercontent.com/efij/secure-claude-code/main/scripts/bootstrap.ps1 | iex; Install-Runwall -Repo "efij/secure-claude-code" -Ref "main" -Profile "balanced"

Thin compatibility wrappers

  • install.sh
  • update.sh
  • uninstall.sh

They forward to ./bin/runwall.

Project Docs

  • GUARDS.md: guard inventory
  • RUNTIMES.md: runtime adapters
  • SECURITY_MODEL.md: model and assumptions
  • CHANGELOG.md: release notes
  • CONTRIBUTING.md: contributor notes

License

MIT

About

Security guardrails for Claude Code, MCP tools, and Claude cowork workflows. Local-first modular YARA-style guard packs for secrets, exfiltration, prompt injection, MCP abuse, and risky agent actions.

github.com/efij/secure-claude-code

Topics

mcp security-automation devsecops claude ai-security guardrails local-first git-security prompt-injection agent-security secrets-scanning claude-code mcp-security claude-cowork exfiltration-detection

Resources

Readme

License

MIT license

Contributing

Contributing

Security policy

Security policy
Activity

Stars

88 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 37

v15.0.0 Latest
Apr 9, 2026
+ 36 releases

Packages

 
 
 

Contributors

Languages