Aperion Shield: local guardrail that blocks destructive AI coding agent ops
Aperion Shield is a local guardrail designed to enhance the safety of AI coding agents by evaluating calls against over 45 adaptive safety rules. The latest version introduces features like identity verification for high-risk actions and a new behavior-diff mode for better tracking of changes. It also includes improvements in dependency management and testing capabilities.
- ▪Aperion Shield acts as a protective layer between AI coding agents and their underlying systems.
- ▪Version 0.6 introduces a behavior-diff mode to analyze changes in safety rules.
- ▪The system now supports identity verification for certain high-risk operations.
Opening excerpt (first ~120 words) tap to expand
aperion-shield — local MCP guardrail for AI coding agents aperion-shield is a tiny, local MCP server that sits between your AI coding agent (Cursor, Claude Code, …) and the real MCP servers your agent talks to (postgres, github, shell, filesystem, …). On every tools/call it evaluates 45+ adaptive safety rules across eight destructive surfaces — SQL, git, filesystem, secrets exfiltration, supply-chain RCE, reverse shells, sudo / privilege escalation, cloud (AWS/GCP/Azure), Kubernetes, and Docker — and either blocks the call, prompts you for approval, or lets it through with a warning banner. Plus, when you need to prove who approved a destructive call — not just that someone did — Shield can gate selected rules behind biometric identity verification (ID.me, or a pluggable OIDC provider).
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.