Shipping bareguard — 4th piece of the bare suite. Live on npm.
The bare suite, complete:
→ bareagent — agent brain
→ barebrowse — real browser
→ baremobile — Android + iOS
→ bareguard — the leash
The problem bareguard solves:
Agents don't blow up because of what they say. They blow up because of what they do. rm -rf on the wrong path. 10,000 jobs queued overnight. Fork bombs. Reading ~/.ssh. $400 in tokens before anyone notices.
Most teams patch this with scattered if-statements and prayer. Then one bug ships and the postmortem reads "no single place said no."
bareguard is that single place.
Why opinionated:
→ One gate. Tools never self-check.
→ Halt ≠ deny. Budget exhaustion asks a human. It never bubbles to the LLM.
→ Safe defaults ship. DROP TABLE, rm -rf / — denied out of the box.
→ One callback for every human escalation. Slack, TUI, PIN — your choice.
Why lightweight:
→ ~1000 lines. One dependency. Twelve small files.
→ No daemon. No SaaS. No telemetry. No DSL.
→ Audit log is one JSONL file. grep it like a human.
bareagent v0.9 also shipped — the loop runner now has:
→ spawn — delegate to child agents (rate + depth capped, shared budget)
→ defer — queue work now, fire later via cron; revalidated at fire time
→ examples/wake.sh + examples/orchestrator/ — reference wiring
→ MCP calls flow through the same gate as native tools
The one-line test:
If your agent did the worst thing it could in the next 5 minutes — is there a single place that says no, and a single place that writes it down?
If not, you need this layer.
npm install bareguard · Apache 2.0
https://github.com/hamr0/ba...