Public alpha · Windows amd64

Review the evidence.
Question the scope.

AgentGuard records available evidence from an autonomous coding session and produces an early, deterministic signal for human scope review.

A local experiment for Claude Code—not a complete security product, semantic task understanding, or a production team dashboard.

Pre-release for Windows amd64. Verify the SHA-256 checksum before running. Release notes and checksum

SESSION REVIEW LOCAL
DECLARED TASK Update session review docs docs/scope
  1. docs/scopeIN_SCOPE
  2. internal/sessionEVIDENCE_SUPPORTED_EXPANSION
  3. scriptsUNEXPLAINED_EXPANSION
RESULT REVIEW_REQUIRED

Illustration of the deterministic path-and-order rules—not a live product result.

Local firstEvidence stays on your machine
Content freeNo commands, file contents, or diffs stored
Human finalThe review signal never makes the decision

THE EXPERIMENT

Can narrow evidence make agent scope easier to review?

AgentGuard tests that question with a deliberately small, inspectable workflow. It observes a documented subset of events and makes only the claims those events support.

01

Declare intent

Start a local session with a plain-language task and explicit project-relative component roots.

02

Record a subset

Capture redacted policy decisions and supported file or test observations from Claude Code hooks.

03

Review the signal

Compare paths and event order with declared components, then put unexplained expansion in a human queue.

TRUST BOUNDARIES

Useful only when its limits stay visible.

What the alpha does

  • Runs locally as a standalone Windows amd64 binary
  • Records a redacted timeline of supported hook evidence
  • Flags path-and-order scope expansion for human review
  • Exports the same redacted evidence as stable JSON

What it cannot prove

  • That the observed timeline is a complete account
  • That a change is semantically necessary or correct
  • That unsupported, shell, MCP, or network actions are safe
  • That the narrow destructive-command pattern catches every variant

Invalid hook input fails open to Claude Code's native permission flow. An allow decision bypasses the native prompt only for a strict routine rule. Event authenticity and process integrity are not verified in this alpha. There is no telemetry, cloud sync, automatic updater, authentication, billing, or background process.

EARLY TESTERS

Try the smallest honest version.

Use a disposable project, verify the download, run the guided safe checks, and tell us where the evidence or explanation falls short.