DeployShield is a cross-platform production safety guardrail for Claude Code and Gemini CLI. It intercepts terminal commands before execution and blocks dangerous operations (writes, deletes, etc.) while allowing read-only commands to pass through.
Large Language Models (LLMs) are incredibly capable but can accidentally execute destructive commands in production environments. DeployShield provides a deterministic safety layer that doesn't rely on probabilistic model instructions.
- Deterministic Protection: Uses a curated safe-list of read-only subcommands.
- Recursive Safety: Deeply scans subshells, backticks,
sudo, andbash -c. - Context-Aware: Granular control—block writes in
productionwhile allowing them indev. - Zero-Dependency: Fast, lightweight, and runs on any system with Python 3.8+.
| Category | Guarded CLIs |
|---|---|
| ☁️ Cloud | aws, gcloud, az, kubectl, helm |
| 🗄️ Databases | psql, mysql, mongosh, redis-cli |
| 🏗️ IaC | terraform, pulumi, cdk, sam, serverless (sls), ansible-playbook |
| 📦 Publishing | npm, yarn, pnpm, cargo, twine, gem |
| 🔧 Other | vault, gh, docker, podman |
- Register the marketplace:
/plugin marketplace add matanryngler/deployshield
- Install the plugin:
/plugin install deployshield
- Install directly via GitHub:
gemini extensions install https://github.com/matanryngler/deployshield
By default, DeployShield blocks ALL write operations. Create a .deployshield.json file to allow writes in non-production contexts.
- 🛡️ Safe Local Development: Allow destructive commands on your local machine or dev clusters, but keep the guardrails on for anything that touches production.
- 🤝 Team-Wide Guardrails: Commit a
.deployshield.jsonto your project repository to ensure that every developer follows the same safety standards. - 🏗️ CI/CD Migration: Force changes through PRs by blocking manual applies in production environments.
{
"kubectl": ["prod-cluster", "production", "prod-*"],
"aws": ["production-profile"],
"terraform": ["prod-workspace"]
}For detailed configuration options, see the Configuration Guide.
DeployShield provides deep protection that handles common bypass attempts:
- Nested Subshells:
echo $(terraform destroy)→ Blocked - Administrative Wrappers:
sudo kubectl delete ...→ Blocked - Execution Wrappers:
echo pod-id | xargs kubectl delete pod→ Blocked - Shell Wrappers:
bash -c "aws s3 rm ..."→ Blocked - Process Substitution:
cat <(pulumi destroy)→ Blocked
This project uses uv for dependency management and pre-commit for quality control.
To understand how DeployShield works under the hood, check the Internals Guide.
# Run tests
uv run pytest -v
# Install pre-commit hooks
uv run pre-commit installMIT