Skip to content

FailproofAI/failproofai

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

433 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

failproof ai

npm CI Supply Chain Discord Docs License

Translations: 简体中文 · 日本語 · 한국어 · Español · Português · Deutsch · Français · Русский · हिन्दी · Türkçe · Tiếng Việt · Italiano · العربية · עברית

Runtime failure resolution for coding agents. Hooks into Claude Code and Codex. Catches loops, dangerous actions, and secret leaks before they become incidents. Zero latency. Runs locally.

Failproof AI in action


Supported agent CLIs

Claude Code OpenAI Codex GitHub Copilot Cursor Agent OpenCode Pi
Hermes OpenClaw Factory Droid Devin CLI Antigravity CLI Goose

Install hooks for one or any combination: failproofai policies --install --cli opencode pi (or --cli claude codex copilot cursor opencode pi hermes openclaw factory devin antigravity goose). Omit --cli to auto-detect installed CLIs and prompt.

Hermes (hermes-agent, a Slack/Telegram gateway) is supported for both live-hook enforcement (--cli hermes — one install intercepts tool calls from every platform and subagent) and offline audit replay of its gateway sessions from the single ~/.hermes/state.db.

OpenClaw (openclaw gateway, a self-hosted multi-channel assistant) is supported for both live-hook enforcement (--cli openclaw, user-scope) and offline audit replay of its JSONL sessions (~/.openclaw/agents/<id>/sessions/*.jsonl). Enforcement uses OpenClaw's in-process plugin hooks (a shipped openclaw-plugin/ that async-spawns failproofai — its file-based internal hooks are observation-only and can't block): before_tool_call blocks a tool, and before_agent_finalize is a real turn-end gate, so the require-*-before-stop builtins enforce.

Factory Droid (droid) is supported for both live-hook enforcement (--cli factory, user + project scope) and offline audit replay of its on-disk JSONL sessions. droid blocks tool calls off hook exit code 2 (not a JSON decision) and honors {decision:"block"} only on the turn-end Stop event — failproofai emits the right shape per event automatically.

Devin CLI (devin, Cognition) is supported for both live-hook enforcement (--cli devin, user + project scope) and offline audit replay of its SQLite sessions (~/.local/share/devin/cli/sessions.db). Devin is a pure Claude-clone — same event names, same snake_case payload, same "hooks"-wrapper config (~/.config/devin/config.json / <cwd>/.devin/config.json) — blocking via {decision:"block"} JSON on every event.

Antigravity CLI (agy) is supported for both live-hook enforcement (--cli antigravity, user + project scope) and offline audit replay of its plain-JSONL sessions (~/.gemini/antigravity-cli/brain/<id>/…/transcript_full.jsonl). Antigravity has its own contract (not a Claude-clone): a named-hook hooks.json schema (~/.gemini/config/hooks.json / <cwd>/.agents/hooks.json), a camelCase stdin payload that failproofai normalizes, and its own response shapes — {decision:"deny"} to block a tool, {decision:"continue"} to force another turn at Stop, {injectSteps} to inject a reminder before the model runs.

Goose (codename goose, Block) is supported for both live-hook enforcement (--cli goose, user + project scope) and offline audit replay of its SQLite sessions (~/.local/share/goose/sessions/sessions.db). Enforcement uses Goose's hooks system (the cross-agent Open Plugins spec) — the installer just drops a plugin dir at ~/.agents/plugins/failproofai/ and Goose auto-discovers it. Blocking is {"decision":"block"} JSON on the PreToolUse event (which fires for the shell tool and inside delegated subagents), verified live against goose v1.43.0; Goose has no turn-end Stop event, so the require-*-before-stop builtins don't apply (as with Hermes).


Install

npm install -g failproofai
failproofai policies --install   # or just run `failproofai` and accept the first-run prompt
failproofai

30 built-in policies activate immediately. Dashboard at localhost:8020. Disable the first-run prompt with FAILPROOFAI_NO_FIRST_RUN=1.


What it stops

Policy What it blocks
block-push-master Direct pushes to main / master
block-force-push git push --force
block-work-on-main Commits, merges, rebases on main / master
block-rm-rf Recursive file deletion
sanitize-api-keys API keys leaking into agent context

All 30 built-in policies


Your own policies

Drop a file into .failproofai/policies/ — it loads automatically, no flags needed. Commit it and the whole team gets it on next pull.

import { customPolicies, deny, allow } from "failproofai";

customPolicies.add({
  name: "no-production-writes",
  match: { events: ["PreToolUse"] },
  fn: async (ctx) => {
    if (ctx.toolInput?.file_path?.includes("production"))
      return deny("Writes to production paths are blocked.");
    return allow();
  },
});

Three decisions available to every policy:

Decision Effect
allow() Permit the operation
deny(message) Block it — message goes back to the agent
instruct(message) Let it through, but add context to the agent's next prompt

Custom policies guide


Session visibility

Every tool call your agent makes is logged locally. The dashboard shows what ran, what was blocked, and what the policy told the agent — so you're not guessing when something goes wrong. → Dashboard guide


Documentation

Getting Started Installation and first steps
Built-in Policies All 30 policies with parameters
Custom Policies Write your own
Configuration Config scopes and merge rules
Dashboard Session monitor and policy activity
Architecture How the hook system works

License

MIT with Commons Clause — free for internal and personal use; commercial resale of failproofai itself requires a separate agreement. See LICENSE for the full text.


Contributing

See CONTRIBUTING.md. New policies, edge cases, and translations all welcome.

Build before you start. Run bun install && bun run build first. This repo runs failproofai's own hooks on itself, and they resolve the failproofai import against the compiled dist/ bundle — without a build you'll hit Cannot find package 'failproofai' hook errors. Rebuild after changing src/. See Build before the in-repo dev hooks will work.


Built by Nivedit Jain and Nikita Agarwal. befailproof.ai

About

Runtime failure resolution for coding agents. Hooks into Claude Code, Codex & your favourite harnesses. Catches loops, dangerous actions, and secret leaks before they become incidents. Zero latency. Runs locally.

Topics

Resources

License

Contributing

Security policy

Stars

137 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors