An AI coding agent security scanner.

Three problems your agent is
creating right now.

SessionGuard is a local-only CLI that reads Claude Code session transcripts and surfaces what your agent actually did: secrets it touched, shell commands it ran, files it modified, hooks it bypassed.

Scans 6,883 events in ~350ms. Runs entirely on your machine. Nothing uploaded. MIT licence.

Copied!
Get early access →

v0.3.1 · 135 unit tests · Claude Code · Cursor + Windsurf on roadmap

01 /

What it finds

terminal
$ sessionguard audit --min high

Scanned 15 sessions / 6,883 events — 6 findings (severity ≥ high)
critical: 5  high: 1

CRITICAL  rm -rf targeting root, home, or a system path
2026-06-25T11:12:22Z
Agent ran a shell command matching "rm -rf targeting root, home, or a
system path". Review whether this was intended.
→ rm -rf /home/vpc/brain/projects/dosh/config/sweep

HIGH      Edit on .env file
2026-06-24T13:51:41Z
Agent used Edit to modify /home/vpc/brain/.env
This target is a known sensitive path — confirm the change was intended.
→ /home/vpc/brain/projects/dosh/.env

These are real findings from the developer's own Claude Code sessions, run on 2026-06-25. The rm -rf commands targeted a data directory inside an active project. The .env edit modified a secrets file. Neither was flagged by Claude Code itself.

02 /

Detection rules

Rule Severity
secrets.in-user-prompt CRITICAL
secrets.in-tool-result HIGH
bash.risky-command CRITICAL–LOW
fs.sensitive-path-write CRITICAL–MED
git.hook-bypass MEDIUM

Patterns are deliberately conservative. False positives erode trust.
Localhost curl calls are exempt. Interpreter eval is suppressed.

03 /

Install

bash
# Install
$ npm install -g @sessionguard/cli

# Run your first audit
$ sessionguard audit

# Token usage by project
$ sessionguard report --since 7d

# Only show critical and high
$ sessionguard audit --min high

Requires Node 22+. Reads ~/.claude/projects/**/*.jsonl by default.

Pass explicit paths to scan specific sessions.

Exit code reflects highest severity: 30 (critical), 20 (high), 10 (medium).

04 /

Privacy

Local only

Reads files on your disk. Prints to stdout. Nothing leaves the box.

No telemetry

Zero network calls. No config to opt out of. Nothing phoned home.

Open source

MIT licence. Read every line on GitHub. github.com/sessionguard/sessionguard

05 /

Early access

SessionGuard Pro is in development.

What's coming:

  • Team dashboard — shared findings across your engineering org
  • Compliance report — map findings to EU AI Act obligations
  • Cursor + Windsurf adapters — same audit across all agents
  • Dollar-cost estimation — token counts with current pricing

Leave your email and we'll reach out when Pro is ready.