Skip to content
BlastShield

BlastShield is in beta and may contain bugs. Validate it in a non-production environment before relying on it for safety-critical workflows.

BlastShield

Shrink the blast radius of your agentic engineering.
Get Started GitHub

Read-Only by Default

Section titled “Read-Only by Default”

BlastShield enforces a default-deny posture for cloud CLIs and package managers. Read operations such as list, describe, get, and plan pass through automatically. Mutating commands such as terraform apply, gcloud deploy, npm install, and pip install are blocked or forced back to the user.

The agent inspects and plans. You execute.

Two Layers of Defense

Section titled “Two Layers of Defense”

Layer 1: sandbox-exec profiles

Section titled “Layer 1: sandbox-exec profiles”

Kernel-level filesystem restrictions keep agents away from credential files, state, and protected paths.

Layer 2: command-argument guard

Section titled “Layer 2: command-argument guard”

Runtime guard wrappers intercept dangerous subcommands before they reach Terraform, gcloud, kubectl, npm, pip, and other CLIs.

Quick Start

Section titled “Quick Start”
Terminal window
brew install cdrxyz/tap/blastshield
blastshield claude --dangerously-skip-permissions

For manual installation, see Getting Started.