I built security guardrails for Claude Code after it almost leaked my credentials.

Claude Code is powerful. It has full access to your file system, your shell, and everything in between. That's also what makes it dangerous. The problem nobody is talking about When you run Claude Code, you're giving an AI agent the ability to: Read your .env files and credentials Run rm -rf on your project directory Execute git push --force without asking curl your files to external servers Install packages from untrusted sources Access your SSH keys, AWS credentials, database configs None of this requires the AI to be malicious. One hallucination, one misunderstood instruction, one edge case — and your secrets are in a log file somewhere. I discovered this while running AI coding agents on production intelligence pipelines. Credential leaks aren't theoretical in that environment. I needed something deterministic, not advisory. So I built AgentGuard. How it works — three enforcement layers The core insight is defense-in-depth. No single layer is enough. Layer 1 — Behavioral rules (CLA