Show HN: Leash – Security guardrails for AI coding agents
(github.com)1 point by melihmucuk 6 hours ago
AI coding agents like Claude Code can hallucinate dangerous commands. Wrong paths, wrong directories, and suddenly you're running "rm -rf ~/" instead of "rm -rf ./". I built Leash to catch these mistakes before they execute.
It's a simple hook that runs before each tool call. Blocks dangerous commands outside the working directory, protects sensitive files like .env and .git even inside the project, and stops destructive git operations like reset --hard or push --force.
Some things it handles that weren't obvious at first: agents doing "cd ~/Downloads && rm -rf folder" to escape the sandbox, compound patterns like "find -delete" or "xargs rm" targeting paths outside the project, and symlink-based escapes.
Works with Claude Code, OpenCode, Pi, and Factory Droid. Setup is just "npm install -g @melihmucuk/leash" followed by "leash --setup claude-code".
Not a full sandbox. If you need real isolation, use containers. This just catches the common hallucination patterns that cause accidental damage.