TL;DR
A Rulebricks repository provides a hook to enforce decision-table guardrails for Claude Code tool calls. Teams can publish cloud-hosted rules that apply instantly to shell, file, and MCP tool actions and review logs of blocked commands.
What happened
Rulebricks published a small integration called "claude-code-guardrails" that installs a PreToolUse hook for Anthropic's Claude Code. The hook sends tool-use requests to a Rulebricks decision-table API and enforces the API response (allow, deny, or ask) before the tool runs. The project ships templates for common agent-control policies—Bash command guardrails, file access policies, and MCP tool governance—so teams can customize and publish rules from a web UI. Installation is a local clone plus a provided install script that wires the hook into a user's ~/.claude settings; an API key must be set in that settings.json. Published rule updates take effect immediately without restarting Claude Code. The integration includes logging—either to the Rulebricks Logs tab or locally when verbose mode is enabled—and provides simple uninstall instructions, including a one-liner to remove the hook and clean the settings file.
Why it matters
- Policy edits propagate instantly across users—no git pulls or service restarts required.
- A central decision table approach creates an auditable trail of blocked or approved tool calls.
- Rules can express conditional logic (for example, permitting a destructive command in specific folders but not elsewhere).
- Non-developers can edit guardrails via a cloud UI instead of modifying JSON or code.
Key facts
- Repository: rulebricks/claude-code-guardrails on GitHub (public).
- Installation: git clone the repo and run the provided install.sh to wire a PreToolUse hook into Claude Code.
- How it works: Claude Code → PreToolUse hook → Rulebricks API → allow/deny/ask.
- Templates included: Bash Command Guardrails, File Access Policy (read/write/edit), and MCP Tool Governance.
- Configuration requires an API key in ~/.claude/settings.json using env.RULEBRICKS_API_KEY; setting RULEBRICKS_VERBOSE=1 will log decisions to stderr.
- Rule updates are published from the Rulebricks UI and take effect immediately without restarting clients.
- Logs: there is a Logs tab to review histories of blocked commands and query by tool or decision.
- Uninstall: the repo documents removing the hook script and cleaning settings.json, including a provided one-liner to automate cleanup.
- Repository metadata shown: 4 stars, no forks, no releases published; code languages listed as Python and Shell.
What to watch next
- Immediate application of published rule changes across teams and how teams use that agility in practice (confirmed in the source).
- Whether the repository receives formal releases or more structured versioning—no releases are published in the repo at present (confirmed in the source).
- Broader enterprise integrations, additional templates, or deeper private infrastructure deployments: not confirmed in the source.
Quick glossary
- Rulebricks: A cloud-hosted service for decision-table governance and rule publishing used here to host guardrail rules and logs.
- Decision table: A tabular way to express conditional policies that map inputs to actions (for example, allow, deny, or ask).
- PreToolUse hook: A hook point in Claude Code that runs before a tool call and can be used to query external policy services.
- Guardrail: A policy or rule that restricts or conditions an agent's actions to reduce risk or enforce compliance.
- Claude Code: Anthropic's code-oriented variant of the Claude model that exposes tools and shell/file operations to the agent.
Reader FAQ
How do you install this guardrail integration?
Clone the repo and run the provided install.sh; the script wires a PreToolUse hook into your local Claude settings and detects published rules.
How do rule updates get applied?
Edit and publish a new version of a decision table in the Rulebricks UI; changes apply immediately without restarting Claude Code.
Can I see what was blocked and when?
Yes. The integration surfaces histories in a Logs tab and supports querying by tool and decision; setting RULEBRICKS_VERBOSE=1 also logs decisions locally to stderr.
Can this run on private infrastructure instead of the cloud?
The README states you can run it on private infrastructure using your own logging provider and suggests reaching out for details.
How do I remove the integration?
The repository documents removing the hook script and deleting the hooks and RULEBRICKS_* env entries from ~/.claude/settings.json, and provides a one-liner to automate the cleanup.
Claude Code Guardrails settings.json works if: You're fine editing JSON and killing Claude Code sessions every time policy changes Your security team is comfortable making PRs You don't need to…
Sources
- Show HN: Control Claude permissions using cloud-based decision table UIs
- Identity and Access Management – Claude Code Docs
- A complete guide to Claude Code permissions
- Claude Code Internals, Part 8: The Permission System
Related posts
- Control Claude Code permissions with cloud-hosted decision tables
- AI labs see accelerating churn as staff jump between leading companies
- How I Learned Everything I Know About Programming Without LLMs