bareguard: A Lightweight Safety Gate for AI Agents — Now on npm

The bare suite is now complete with the release of bareguard v1.0 on npm. According to the author, the problem bareguard solves is not about what agents say — it's about what they do: rm -rf on the wrong path, 10,000 jobs queued overnight, fork bombs, reading ~/.ssh, or $400 in tokens burned before anyone notices. Most teams patch this with scattered if-statements and prayer; bareguard provides a single, centralized gate.

Why opinionated

• One gate. Tools never self-check — all safety flows through bareguard.
• Halt ≠ deny. Budget exhaustion asks a human. It never bubbles to the LLM, preventing infinite retry loops.
• Safe defaults ship. DROP TABLE, rm -rf / — denied out of the box.
• One callback for every human escalation. Options: Slack, TUI, PIN — your choice.

Why lightweight

• ~1000 lines of code. One dependency. Twelve small files.
• No daemon. No SaaS. No telemetry. No DSL.
• Audit log is a single JSONL file — grep it like a human.

Also shipping: bareagent v0.9

The loop runner now has:

• spawn — delegate to child agents with rate + depth capped and shared budget.
• defer — queue work now, fire later via cron; revalidated at fire time.
• examples/wake.sh + examples/orchestrator/ — reference wiring.
• MCP calls flow through the same gate as native tools.

The one-line test

If your agent did the worst thing it could in the next 5 minutes — is there a single place that says no, and a single place that writes it down? If not, the author argues you need this layer. Install with npm install bareguard. Licensed under Apache 2.0.

This release is part of a series from the same developer: bareagent (agent brain), barebrowse (real browser), baremobile (Android + iOS), and bareguard (the leash).