Translations: 简体中文 · 日本語 · 한국어 · Español · Português · Deutsch · Français · Русский · हिन्दी · Türkçe · Tiếng Việt · Italiano · العربية · עברית
Runtime failure resolution for coding agents. Hooks into Claude Code and Codex. Catches loops, dangerous actions, and secret leaks before they become incidents. Zero latency. Runs locally.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Install hooks for one or any combination:
failproofai policies --install --cli opencode pi(or--cli claude codex copilot cursor opencode pi hermes openclaw factory devin antigravity goose). Omit--clito auto-detect installed CLIs and prompt.Hermes (hermes-agent, a Slack/Telegram gateway) is supported for both live-hook enforcement (
--cli hermes— one install intercepts tool calls from every platform and subagent) and offline audit replay of its gateway sessions from the single~/.hermes/state.db.OpenClaw (openclaw gateway, a self-hosted multi-channel assistant) is supported for both live-hook enforcement (
--cli openclaw, user-scope) and offline audit replay of its JSONL sessions (~/.openclaw/agents/<id>/sessions/*.jsonl). Enforcement uses OpenClaw's in-process plugin hooks (a shippedopenclaw-plugin/that async-spawns failproofai — its file-based internal hooks are observation-only and can't block):before_tool_callblocks a tool, andbefore_agent_finalizeis a real turn-end gate, so therequire-*-before-stopbuiltins enforce.Factory Droid (
droid) is supported for both live-hook enforcement (--cli factory, user + project scope) and offline audit replay of its on-disk JSONL sessions. droid blocks tool calls off hook exit code 2 (not a JSON decision) and honors{decision:"block"}only on the turn-endStopevent — failproofai emits the right shape per event automatically.Devin CLI (
devin, Cognition) is supported for both live-hook enforcement (--cli devin, user + project scope) and offline audit replay of its SQLite sessions (~/.local/share/devin/cli/sessions.db). Devin is a pure Claude-clone — same event names, same snake_case payload, same"hooks"-wrapper config (~/.config/devin/config.json/<cwd>/.devin/config.json) — blocking via{decision:"block"}JSON on every event.Antigravity CLI (
agy) is supported for both live-hook enforcement (--cli antigravity, user + project scope) and offline audit replay of its plain-JSONL sessions (~/.gemini/antigravity-cli/brain/<id>/…/transcript_full.jsonl). Antigravity has its own contract (not a Claude-clone): a named-hookhooks.jsonschema (~/.gemini/config/hooks.json/<cwd>/.agents/hooks.json), a camelCase stdin payload that failproofai normalizes, and its own response shapes —{decision:"deny"}to block a tool,{decision:"continue"}to force another turn atStop,{injectSteps}to inject a reminder before the model runs.Goose (codename goose, Block) is supported for both live-hook enforcement (
--cli goose, user + project scope) and offline audit replay of its SQLite sessions (~/.local/share/goose/sessions/sessions.db). Enforcement uses Goose's hooks system (the cross-agent Open Plugins spec) — the installer just drops a plugin dir at~/.agents/plugins/failproofai/and Goose auto-discovers it. Blocking is{"decision":"block"}JSON on thePreToolUseevent (which fires for the shell tool and inside delegated subagents), verified live against goose v1.43.0; Goose has no turn-endStopevent, so therequire-*-before-stopbuiltins don't apply (as with Hermes).
npm install -g failproofai
failproofai policies --install # or just run `failproofai` and accept the first-run prompt
failproofai30 built-in policies activate immediately. Dashboard at localhost:8020. Disable the first-run prompt with FAILPROOFAI_NO_FIRST_RUN=1.
| Policy | What it blocks |
|---|---|
block-push-master |
Direct pushes to main / master |
block-force-push |
git push --force |
block-work-on-main |
Commits, merges, rebases on main / master |
block-rm-rf |
Recursive file deletion |
sanitize-api-keys |
API keys leaking into agent context |
Drop a file into .failproofai/policies/ — it loads automatically, no flags needed.
Commit it and the whole team gets it on next pull.
import { customPolicies, deny, allow } from "failproofai";
customPolicies.add({
name: "no-production-writes",
match: { events: ["PreToolUse"] },
fn: async (ctx) => {
if (ctx.toolInput?.file_path?.includes("production"))
return deny("Writes to production paths are blocked.");
return allow();
},
});Three decisions available to every policy:
| Decision | Effect |
|---|---|
allow() |
Permit the operation |
deny(message) |
Block it — message goes back to the agent |
instruct(message) |
Let it through, but add context to the agent's next prompt |
Every tool call your agent makes is logged locally. The dashboard shows what ran, what was blocked, and what the policy told the agent — so you're not guessing when something goes wrong. → Dashboard guide
| Getting Started | Installation and first steps |
| Built-in Policies | All 30 policies with parameters |
| Custom Policies | Write your own |
| Configuration | Config scopes and merge rules |
| Dashboard | Session monitor and policy activity |
| Architecture | How the hook system works |
MIT with Commons Clause — free for internal and personal use; commercial resale of failproofai itself requires a separate agreement. See LICENSE for the full text.
See CONTRIBUTING.md. New policies, edge cases, and translations all welcome.
Build before you start. Run
bun install && bun run buildfirst. This repo runs failproofai's own hooks on itself, and they resolve thefailproofaiimport against the compileddist/bundle — without a build you'll hitCannot find package 'failproofai'hook errors. Rebuild after changingsrc/. See Build before the in-repo dev hooks will work.
Built by Nivedit Jain and Nikita Agarwal. befailproof.ai
