{"slug": "aperion-shield-v0-7-guardrails-for-ai-coding-agents-now-run-as-git-hooks", "title": "Aperion Shield v0.7 – guardrails for AI coding agents now run as Git hooks", "summary": "Aperion Shield v0.7.0 now enforces AI coding agent guardrails as Git hooks, closing the loophole where agents bypass MCP-only restrictions by opening a shell. The update introduces `--install-hooks` for pre-commit and pre-push enforcement, `--suggest-rules` for audit-log-driven rule tuning, and four new IDE quickstarts. This release ensures destructive changes are blocked at the Git level regardless of how they were generated, addressing a key security gap in AI-assisted development workflows.", "body_md": "## aperion-shield v0.7.0 — git hooks close the MCP-bypass gap\n\nThe release that closes the most-cited objection to MCP-only enforcement: *\"the agent just opens a shell and reaches around your guardrail.\"* v0.7 runs the same engine on the way to `git`\n\n, regardless of how the destructive change got there.\n\n### Headline features\n\n**1. aperion-shield --install-hooks (git pre-commit + pre-push)**\n\nWrites a managed `pre-commit`\n\nand `pre-push`\n\nhook into `.git/hooks/`\n\n. Same engine, same `shieldset.yaml`\n\n, same severity tiers — now enforced on every `git commit`\n\nand `git push`\n\n. Idempotent (re-runnable). Coexists with husky / pre-commit / lefthook via `--chain-existing`\n\n. Honours `git --no-verify`\n\nand `SHIELD_HOOKS_DISABLE=1`\n\nfor the rare legitimate bypass.\n\n``` php\n$ aperion-shield --install-hooks\n[aperion-shield] writing pre-commit  -> .git/hooks/pre-commit\n[aperion-shield] writing pre-push    -> .git/hooks/pre-push\n[aperion-shield] both hooks installed (managed by APERION-SHIELD-HOOK v1)\n```\n\n**2. aperion-shield --suggest-rules (audit-log → rule tuning)**\n\nReads your local `shield_eval`\n\nJSON-Lines audit log and emits text / markdown / yaml-patch suggestions across three classes — rules that never fire, rules that get consistently demoted by decision memory, and noisy `Warn`\n\nrules that should probably be `Info`\n\n. `--suggest-format yaml-patch`\n\nproduces splice-ready snippets for `shieldset.yaml`\n\nwith `# rationale:`\n\ncomments. Stays local — never reads from a network source, never writes anywhere except the file you ask it to.\n\n``` bash\n$ aperion-shield --suggest-rules \\\n    --audit-log ~/.aperion-shield/audit.jsonl \\\n    --suggest-window-days 14 \\\n    --suggest-format yaml-patch\n```\n\n**3. Four new IDE quickstarts: Cline, Continue, Windsurf, Zed**\n\nJoining Cursor + Claude Code. Per-IDE schema notes in the README (notably Zed uses `context_servers`\n\n, not `mcpServers`\n\n).\n\n### What's under the hood\n\n- New CLI surface:\n`--install-hooks`\n\n,`--uninstall-hooks`\n\n,`--repo <PATH>`\n\n,`--chain-existing`\n\n,`--check-staged`\n\n,`--check-pushed-refs`\n\n,`--suggest-rules`\n\n,`--audit-log <PATH>`\n\n,`--suggest-window-days <N>`\n\n,`--suggest-min-occurrences <N>`\n\n,`--suggest-format <FMT>`\n\n. `--check-staged`\n\nparses`git diff --cached --unified=0`\n\n, classifies files by kind (`.sql`\n\n/ shell / Dockerfile / Makefile / source-code), evaluates each line through the engine, and exits`0`\n\nclean /`1`\n\nblock /`2`\n\napproval-required /`3`\n\noperational-error.`--check-pushed-refs`\n\nreads git's pre-push stdin protocol (`<local-ref> <local-sha> <remote-ref> <remote-sha>`\n\nper line), recognises protected-branch deletions (remote-sha is zero) and force-pushes (via`git merge-base --is-ancestor`\n\n). Override protected branches with`SHIELD_PROTECTED_BRANCHES=trunk,deploy/*`\n\n.- Hooks are written with an\n`APERION-SHIELD-HOOK v1`\n\nbanner so`--install-hooks`\n\nis idempotent and never clobbers a foreign hook silently.`--chain-existing`\n\nrenames the foreign hook to`.aperion-backup`\n\nand chains Shield in front of it. `--suggest-rules`\n\naggregates per-rule statistics across the analysis window, then evaluates three emit conditions:`RULE_NEVER_FIRES`\n\n(zero matches with rule present in shieldset),`CONSISTENTLY_DEMOTED`\n\n(≥ N matches with > 70%`Allow`\n\n/`AllowWithWarn`\n\nafter the adaptive layer demoted),`NOISY_WARN`\n\n(high-frequency`Warn`\n\nwith no human intervention recorded).\n\n### Tests\n\n192 total tests, all green (was 148 in v0.6.0):\n\n- 26 new unit tests covering hooks install round-trips, diff parser fixtures, protected-branch glob matching, env-var override, audit JSONL parsing, RuleStats aggregator, and YAML-patch shape.\n- 18 new end-to-end integration tests against real tempdir git repos: install/uninstall idempotency,\n`DROP DATABASE`\n\nin a migration blocked,`rm -rf /`\n\nin a shell script blocked, force-push to`main`\n\nblocked, fast-forward to`main`\n\nallowed, branch-delete of`main`\n\nblocked, audit-derived suggestion correctness, and YAML splice shape.\n\n### Install\n\n```\n# macOS / Linux (Homebrew)\nbrew install AperionAI/tap/aperion-shield\n\n# Docker (multi-arch distroless ~12 MB)\ndocker pull ghcr.io/aperionai/shield:shield-v0.7.0\n\n# Direct download\n# https://github.com/AperionAI/shield/releases/tag/shield-v0.7.0\n```\n\nThen enable git hooks in any repo where you want commit-time enforcement:\n\n```\ncd /your/repo\naperion-shield --install-hooks\n```\n\n### Supported platforms\n\n- macOS: aarch64-apple-darwin · x86_64-apple-darwin\n- Linux: aarch64-unknown-linux-gnu · x86_64-unknown-linux-gnu\n- Windows: x86_64-pc-windows-msvc\n\n### Security\n\nNo new advisories. Feature-only release. `cargo audit`\n\nclean against `Cargo.lock`\n\nat this commit. New surfaces (`--install-hooks`\n\n, `--check-staged`\n\n, `--check-pushed-refs`\n\n, `--suggest-rules`\n\n) all stay within the standalone process model — no new network endpoints, no new on-disk persistence beyond `.git/hooks/`\n\n(Shield itself) and the operator-redirected audit log. See [SECURITY.md](https://github.com/AperionAI/shield/blob/main/SECURITY.md).\n\n### Docs\n\n- README:\n[https://github.com/AperionAI/shield#readme](https://github.com/AperionAI/shield#readme) - Full docs:\n[https://docs.aperion.ai/aperion-shield.html](https://docs.aperion.ai/aperion-shield.html)", "url": "https://wpnews.pro/news/aperion-shield-v0-7-guardrails-for-ai-coding-agents-now-run-as-git-hooks", "canonical_source": "https://github.com/AperionAI/shield/releases/tag/shield-v0.7.0", "published_at": "2026-05-26 15:17:55+00:00", "updated_at": "2026-05-26 15:38:54.344268+00:00", "lang": "en", "topics": ["ai-safety", "ai-agents", "ai-tools", "ai-products", "ai-infrastructure"], "entities": ["Aperion Shield", "Git"], "alternates": {"html": "https://wpnews.pro/news/aperion-shield-v0-7-guardrails-for-ai-coding-agents-now-run-as-git-hooks", "markdown": "https://wpnews.pro/news/aperion-shield-v0-7-guardrails-for-ai-coding-agents-now-run-as-git-hooks.md", "text": "https://wpnews.pro/news/aperion-shield-v0-7-guardrails-for-ai-coding-agents-now-run-as-git-hooks.txt", "jsonld": "https://wpnews.pro/news/aperion-shield-v0-7-guardrails-for-ai-coding-agents-now-run-as-git-hooks.jsonld"}}