llm-safe-haven
v0.3.0
Published
Harden your AI coding agent in 60 seconds. Security hooks, audit logging, and posture scoring for Claude Code, Cursor, Windsurf, and more.
Maintainers
Readme
LLM Safe Haven
Harden your AI coding agent in 60 seconds.
npx llm-safe-havenWhat It Does
Detects your installed agents, installs security hooks, and scores your setup:
LLM Safe Haven -- Security Scorecard
Detected agents:
+ Claude Code -- Level 3 (hooks + audit + sandbox)
+ Cursor -- Level 1 (ignore files + advice)
. Windsurf -- not installed
Security Level: 2 of 4
+--------------------------------------+
| ##########.......... Level 2: Guarded |
+--------------------------------------+Supported Agents
| Agent | Tier | What It Configures | |-------|------|--------------------| | Claude Code | Full | Hooks (bash-firewall, secret-guard, config-guard, audit-logger), settings.json, sandbox, audit logging | | Cursor | Solid | .cursorignore, workspace trust guidance | | Windsurf | Solid | .codeiumignore, limitation warnings | | Cline | Solid | .clineignore | | Continue.dev | Solid | .continueignore | | Aider | Solid | .aiderignore, .env warnings | | Codex CLI | Solid | .codexignore, sandbox guidance |
Commands
npx llm-safe-haven # Install hooks and harden (default)
npx llm-safe-haven audit # Check security posture (exits 2 if the MCP scan can't complete)
npx llm-safe-haven audit --json # Machine-readable for CI
npx llm-safe-haven scan # Find exposed .env files
npx llm-safe-haven scan --supply-chain # Scan for Miasma/Shai-Hulud IOCs (macOS/Linux)
npx llm-safe-haven scan --mcp # Scan MCP server configs (5 agents) -- the CI gate for MCP findings
npx llm-safe-haven scan --mcp --json # Scan MCP server configs (JSON output)
npx llm-safe-haven scan --mcp --online # Opt in to registry provenance checks
npx llm-safe-haven update # Update hooks to latest
npx llm-safe-haven --dry-run # Preview without changing anythingSecurity Levels
| Level | Name | What It Means | |-------|------|---------------| | 0 | Exposed | No hardening | | 1 | Basic | Hooks installed | | 2 | Guarded | + Audit logging + no .env files | | 3 | Hardened | + Credential proxy + deny rules + clean MCP scan | | 4 | Fortified | + Container isolation + network restrictions |
Go Deeper
- Threat Model -- OWASP Agentic Top 10 for solo devs (30+ real incidents)
- Supply Chain Defense -- npm worm case studies + the
scan --supply-chainIOC scanners - MCP Security -- 8 detectors for MCP server configs, offline-first, honest fidelity limits
- Claude Code Hardening -- Full guide with hooks, sandbox, permissions
- Cursor Hardening -- 7 CVEs documented, hardening steps
- Windsurf Hardening -- Honest assessment of limitations
- Devin Hardening -- Cloud agent security model
- GitHub Copilot Hardening -- 4 modes, 5 CVEs
- Aider Hardening -- No sandbox, but minimal attack surface
- Credential Management -- Why env vars fail, proxy architecture
- Testing & Detection -- Canary tokens, honeypots, incident response
- References -- 64+ curated security resources
Why This Exists
In April 2026, three AI coding agents leaked secrets through a single prompt injection. We hit the same problems, filed issues, built solutions, and documented everything.
Key issues from our investigation:
- anthropics/claude-code#52471 -- Sandbox blocks credential managers
Project Status
Early but active. llm-safe-haven is pre-1.0, published on npm, and under regular
development — adoption is still small and growing. The strength today is depth over
reach: a threat model tracking 30+ real-world incidents against
the AI-agent toolchain, hardening guides for seven agents, and a supply-chain scanner
built against actual attack waves. If you use it, feedback and issues are genuinely
valued and shape the roadmap.
Security
llm-safe-haven is itself a security tool, so its own supply-chain integrity is treated
as safety-critical. Found a vulnerability? Please report it privately — see
SECURITY.md for the coordinated-disclosure process (do not open a
public issue for security problems).
Governance
Maintained by @pleasedodisturb as the sole maintainer and final decision-maker on scope, releases, and security response. Decisions are made in the open via GitHub issues and pull requests; contributions are welcome (see below) and reviewed by the maintainer. As the project grows, governance and additional maintainers will be formalized here.
Contributing
Add a new agent module: create lib/agents/your-agent.js implementing the standard
interface (detect, harden, audit). See lib/agents/cursor.js
for a template.
