Skip to content

sasy-guard — Policy-compiled security for Claude Code

sasy-guard is a security guard for Claude Code, built on policy-compiler ideas. It compiles your policy into Soufflé Datalog rules and reasons over a dependency graph rebuilt from the whole session, so every tool call is judged by a fast, deterministic engine running outside the model.

That catches multi-step attacks a single-command check misses: a secret that is read and later leaves the machine, a git push with no clean secret scan, a large unreviewed change about to ship.

Terminal window
# 1. install the runtime
uv tool install sasy-guard
sasy-guard install
# 2a. enable it globally, for every Claude Code session:
claude plugin marketplace add sasy-labs/sasy-demo
claude plugin install sasy-guard
# 2b. ...or enable it for one project only:
cd your-project && sasy-guard enable