A structural pattern matcher that sits between Claude and code execution tools like rlm_exec. It parses code into syntax trees via tree-sitter, normalizes away identifiers and literals to expose the underlying structure, embeds the result through Ollama, then checks similarity against a ChromaDB blacklist of known-bad patterns. The idea is that os.system("rm -rf /") and os.system("ls") have identical structure, so you can catch dangerous patterns regardless of specific arguments. You'd use this when giving Claude access to shell or exec tools and want a secondary filter beyond the model's own judgment. Ships with setup tools for Ollama, blacklist management via firewall_blacklist, and both file and string checking methods. Threshold defaults to 0.85 similarity but you can tune it.
claude mcp add --transport stdio egoughnour-code-firewall-mcp -- uvx code-firewall-mcp