Wraps AI agents like Claude Code, intercepting I/O in real-time to detect and block dangerous operations before they execute.
AI tools are powerful but unguarded. WardnMesh adds a security layer without changing your workflow.
Detects code injection, command injection, data exfiltration, privilege escalation, and more with regex pattern matching.
Transform stream architecture scans every I/O chunk against all rules in under 1ms. Zero perceptible latency.
Timeout always means block. No severity level auto-allows. If the system can't confirm, it blocks.
Built-in terminal prompts for threat confirmation. No extra app needed. Experimental desktop app (Tauri) available for native popups.
Every scan, decision, and block is logged locally. Query your history with wardn audit. Nothing leaves your machine.
No telemetry, no cloud sync, no accounts, no API keys. Works completely offline after installation.
Everything you need, nothing you don't.
| Command | Description |
|---|---|
| wardn run <cmd> | Wrap any command with real-time threat detection |
| wardn status | Show rules count, database info, connection status |
| wardn rules list | List all 243 threat rules with severity and category |
| wardn rules enable/disable | Toggle individual rules on or off |
| wardn audit | Query the local audit log with filters |
| wardn decisions | View and manage cached allow/block decisions |
| wardn doctor | System health check and diagnostics |
Three layers between AI output and your system.
One command to install. One command to protect.