Show HN: Railguard – A safer –dangerously-skip-permissions for Claude Code(github.com)
github.com
Show HN: Railguard – A safer –dangerously-skip-permissions for Claude Code
https://github.com/railyard-dev/railguard
3 comments
I'm the author, AMA!
The memory write classification is interesting – how does it detect behavioral instructions like "skip safety checks"? Is it rule-based pattern matching, or does it use an LLM to classify? If the latter, wouldn't that itself be vulnerable to prompt injection?
Railguard is really meant for preventing CC from running unsafe commands, and be really good at that. There probably needs to be a separate reviewer / LLM-as-a-judge to catch behavioral issues.
It’s rule based. We don’t use LLM-based checks precisely because of what you said.
It’s rule based. We don’t use LLM-based checks precisely because of what you said.
Railguard hooks into Claude Code and intercepts every tool call and decides in under 2ms: allow, block, or ask.
It comes with sane configs preinstalled. You keep using Claude exactly as before. 99% of commands flow through instantly. You only see Railguard when it matters.
What it actually does beyond pattern matching and sandboxing:
It won't close every vector of attack. But it covers the gap between "no protection" and "approve everything manually" without changing your workflow.
Rust, MIT, single YAML config file. Happy to talk architecture or trade-offs.