NebGuard
NebGuard is policy-driven guardrails for AI coding agents. When an agent like Claude Code works on your code or infrastructure, it takes real actions: it runs shell commands, edits files, pushes to git, applies changes. NebGuard sits between the agent and those actions, checks each one against a library of rules at the moments that matter, and decides whether to let it through, flag it, stop it, or steer the agent back on course. The same engine and the same rules run on a developer laptop and inside an agent pod in a cluster.
Why use it
AI coding agents are fast and mostly correct, but a single bad action (a force-push to a protected branch, a deleted production resource, a committed secret) can be expensive, and a drifting agent quietly burns time repeating itself or skipping verification. NebGuard catches the dangerous actions before they run and keeps the agent pointed at the task, without slowing down the normal ones. Think of it as a seatbelt and a co-pilot for your agent: it prevents the crash, and it keeps you headed toward the destination.
The four responses
Every time the agent is about to act, and at key moments such as finishing a turn, NebGuard responds in one of four ways:
| Response | What happens |
|---|---|
| Allow | The action is fine. Nothing happens and the agent proceeds. |
| Warn | The action is risky. NebGuard adds a note so the agent and the human can reconsider. |
| Block | The action is dangerous. NebGuard stops it before it runs. |
| Guide | NebGuard injects context to keep the agent on track (reminders, a missing step) and re-states key constraints after the agent trims its own context. |
NebGuard also records each decision, so your team gets an audit trail you can use for compliance and security reviews.
Rule domains
Rules are organized into seven domains:
security, infrastructure, development, operations, ai-governance, business, global.
Which domains are active depends on your license tier and your environment. See Concepts for the full model.
Fail-safe by design
NebGuard is built so that the guardrails stay trustworthy even when something goes wrong:
- A high-stakes block cannot be talked around. The agent cannot disable that class of guard by writing its own justification.
- High-stakes guards fail closed. If a critical guard's own check errors out, it becomes a block rather than silently letting the action through.
Supported assistants
NebGuard works with hook-capable AI coding assistants and behaves the same across all of them.
| Assistant | Vendor | Status | Setup command | Configure |
|---|---|---|---|---|
| Claude Code | Anthropic | Supported | nebguard setup claude-code | None |
| Codex CLI | OpenAI | Supported | nebguard setup codex-cli | One-time hook trust |
More hook-capable assistants are planned, in rough order of popularity: GitHub Copilot CLI, Cursor, Gemini CLI, opencode, Continue, Amazon Q Developer CLI, and Qwen Code. See Setup for per-assistant install and configuration.
What you can do
- Install NebGuard for Claude Code or Codex CLI in one command. See Setup.
- Understand the safety model, licensing, and telemetry. See Concepts.
- See what a block, a warning, and a guidance note look like in practice. See Examples.