An AI coding agent security scanner.
Three problems your agent is
creating right now.
SessionGuard is a local-only CLI that reads Claude Code session transcripts and surfaces what your agent actually did: secrets it touched, shell commands it ran, files it modified, hooks it bypassed.
Scans 6,883 events in ~350ms. Runs entirely on your machine. Nothing uploaded. MIT licence.
v0.3.1 · 135 unit tests · Claude Code · Cursor + Windsurf on roadmap
01 /
What it finds
$ sessionguard audit --min high
Scanned 15 sessions / 6,883 events — 6 findings (severity ≥ high)
critical: 5 high: 1
CRITICAL rm -rf targeting root, home, or a system path
2026-06-25T11:12:22Z
Agent ran a shell command matching "rm -rf targeting root, home, or a
system path". Review whether this was intended.
→ rm -rf /home/vpc/brain/projects/dosh/config/sweep
HIGH Edit on .env file
2026-06-24T13:51:41Z
Agent used Edit to modify /home/vpc/brain/.env
This target is a known sensitive path — confirm the change was intended.
→ /home/vpc/brain/projects/dosh/.env
These are real findings from the developer's own Claude Code sessions,
run on 2026-06-25. The rm -rf commands targeted a data directory inside
an active project. The .env edit modified a secrets file. Neither was
flagged by Claude Code itself.
02 /
Detection rules
| Rule | Severity |
|---|---|
secrets.in-user-prompt | CRITICAL |
secrets.in-tool-result | HIGH |
bash.risky-command | CRITICAL–LOW |
fs.sensitive-path-write | CRITICAL–MED |
git.hook-bypass | MEDIUM |
Patterns are deliberately conservative. False positives erode trust.
Localhost curl calls are exempt. Interpreter eval is suppressed.
03 /
Install
# Install
$ npm install -g @sessionguard/cli
# Run your first audit
$ sessionguard audit
# Token usage by project
$ sessionguard report --since 7d
# Only show critical and high
$ sessionguard audit --min high Requires Node 22+. Reads ~/.claude/projects/**/*.jsonl by default.
Pass explicit paths to scan specific sessions.
Exit code reflects highest severity: 30 (critical), 20 (high), 10 (medium).
04 /
Privacy
Local only
Reads files on your disk. Prints to stdout. Nothing leaves the box.
No telemetry
Zero network calls. No config to opt out of. Nothing phoned home.
Open source
MIT licence. Read every line on GitHub. github.com/sessionguard/sessionguard
05 /
Early access
SessionGuard Pro is in development.
What's coming:
- → Team dashboard — shared findings across your engineering org
- → Compliance report — map findings to EU AI Act obligations
- → Cursor + Windsurf adapters — same audit across all agents
- → Dollar-cost estimation — token counts with current pricing
Leave your email and we'll reach out when Pro is ready.
You're on the list.
We'll be in touch when Pro is ready.