Tool Guardian

Intercepts dangerous tool operations (rm -rf, force pushes, DROP DATABASE) before the AI executes them.

4.9(203 reviews)

67,800 installs

by GitHub

About

Sits in front of every tool call. Blocks ~20 destructive patterns across file operations, git, databases, permissions, and network exfiltration. Suggests safer alternatives for each blocked pattern. Configurable warn-only mode for environments where you want logging without blocking.

Hook Configuration (hooks.json)

{
  "hooks": [
    {
      "event": "preToolUse",
      "matcher": "Bash",
      "command": ".github/hooks/tool-guardian/guard.sh",
      "env": {
        "GUARD_MODE": "block",
        "GUARD_LOG_DIR": ".github/logs/copilot/tool-guardian"
      }
    }
  ]
}

Triggers:preToolUsemode: block

Related Hooks

Hook⭐

workflow

FREE

Session Auto-Commit

Automatically commits and pushes changes when an AI coding session ends so nothing is lost.

gitauto-commitsession

GitHub

4.7(89)

38k

★2.3k

HookNEW

compliance

FREE

Governance Audit

Audit user prompts for prompt injection, exfiltration attempts, and policy violations across the session.

governanceauditcompliance

GitHub

4.7(64)

25k

★1.7k

Install

# Install hook into your project:
mkdir -p .github/hooks/tool-guardian
curl -fsSL "https://raw.githubusercontent.com/github/awesome-copilot/main/hooks/tool-guardian/hooks.json" \
  -o .github/hooks/tool-guardian/hooks.json

View source on GitHub →

GitHub

@github

View on GitHub

Tool Guardian

About

Tags

Hook Configuration (hooks.json)

Related Hooks

Session Auto-Commit

Governance Audit