A defensive layer for AI coding agents that vets shell commands before execution. Runs 26 destructive-pattern rules across 8 families: catches `rm -rf` buried in command chains, package-manager glob removal like `apt remove '*nvidia*'`, filesystem wipes via `dd`/`mkfs`/`wipefs`, privilege escalations through `chmod 777` and `chown -R`, network exfiltration via `curl | bash`, and chained shutdown commands. Built to pair with MCPShell, mcp-shell, or Claude Code's native Bash tool. The agent calls `vet_command` or `vet_chain` inline before asking for approval, gets back a verdict (CLEAN/CAUTION/BLOCK), risk score, and specific rule violations with recommendations. Pure Python using bashlex AST parsing. Sub-second, local, no API costs. Designed for the production failure mode where operators pattern-match the start of a command and miss the destructive fragment three pipes deep.
claude mcp add --transport stdio temurkhan13-bash-vet-mcp uvx bash-vet-mcp