ShellWard's 8-layer defense is the strongest open-source agent security middleware I've seen — it covers everything from PII detection to DLP to data exfiltration blocking. One area that would complement the runtime defense is a declarative policy layer for agent governance at the Git/CI boundary.
Why it fits: ShellWard already handles runtime behavior (block dangerous commands, redact secrets, enforce DLP). A policy-as-code file in the repo (e.g. ) would let teams declare pre-deployment rules like:
- "Only the tool may run in CI — never "
- "Agents authored by external contributors must have limited tool scope"
- "Prompt injection detector must be enabled for all PRs touching "
This creates a defense-in-depth chain: policy at Git push → enforcement at runtime, closing the gap where an agent can be injected during development but only caught at execution. ShellWard's existing GitHub Action integration is the natural place to evaluate such a policy before the agent even starts.
ShellWard's 8-layer defense is the strongest open-source agent security middleware I've seen — it covers everything from PII detection to DLP to data exfiltration blocking. One area that would complement the runtime defense is a declarative policy layer for agent governance at the Git/CI boundary.
Why it fits: ShellWard already handles runtime behavior (block dangerous commands, redact secrets, enforce DLP). A policy-as-code file in the repo (e.g. ) would let teams declare pre-deployment rules like:
This creates a defense-in-depth chain: policy at Git push → enforcement at runtime, closing the gap where an agent can be injected during development but only caught at execution. ShellWard's existing GitHub Action integration is the natural place to evaluate such a policy before the agent even starts.