Right-sized code, verified before it ships. No diff ships unchallenged.
# Add to your Claude Code skills
git clone https://github.com/hedimanai-pro/guardsmanLast scanned: 7/13/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-07-13T06:52:05.651Z",
"npmAuditRan": true,
"pipAuditRan": true,
"promptInjectionRan": true
}guardsman is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by hedimanai-pro. Right-sized code, verified before it ships. No diff ships unchallenged. It has 1 GitHub star.
Yes. guardsman passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/hedimanai-pro/guardsman" and add it to your Claude Code skills directory (see the Installation section above).
guardsman is primarily written in Python. It is open-source under hedimanai-pro on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh guardsman against similar tools.
No comments yet. Be the first to share your thoughts!
No diff ships unchallenged.
The AI coding skill that reads your repo's standing orders, sizes every change by its blast radius, and never — never — lets unverified work past the post.
You've seen him. Bearskin down over his eyes. Boots planted. Tourists have tried everything to make him flinch — he doesn't, because the post is not a performance. He challenges whatever approaches, friend or stranger, five lines or five hundred: prove you belong here. Nothing passes without the countersign.
Guardsman puts him on duty in front of your codebase.
He doesn't watch trends. He watches the diff.
Failure mode #1: the over-build. You ask for a small feature. Your agent installs a dependency, writes a wrapper, adds a config layer, and starts an unprompted discussion about edge cases nobody has. You now maintain a small project where a few lines would do.
Failure mode #2 is worse, because it walks like it belongs. The confidently small diff. Minimal, elegant, five lines — written after reading half the flow, tested never, marching straight onto a path that handles money, auth, or your users' data. It compiles. It demos. It detonates in week three. A guard who waves through anything with a confident walk isn't a guard.
Most "write less code" advice fixes #1 and quietly makes #2 more likely. Guardsman is built to stop both at the post.
Three duties, every task:
Then he stands aside. Output format: code first, then at most three lines.
[code]
→ skipped: <X>, add when <Y>. verified: <how>. tier: <T>.
No essays. No feature tours. No design memoirs.
The insight most coding assistants miss: a five-line change to a payment path is more dangerous than a four-hundred-line internal script run once. Code size is not risk. Blast radius is risk.
| Tier | When | The challenge |
|---|---|---|
| trivial | Internal one-off, nothing downstream | One manual run, output shown |
| standard | Everyday feature work | One runnable check, written AND executed this turn |
| sensitive | Money, auth, user data in the blast radius | A real test exercising the failure path, with explicit coverage notes |
| critical | Getting it wrong is an incident | Full coverage — and if the repo has no harness reaching this path, that absence is surfaced as a blocker, never routed around |
Two rules that keep the tiers honest:
Once the tier is set, Guardsman climbs a strict ladder and stops at the first rung that holds:
And two refinements that separate a guardsman from a minimalist:
TODO comments rot. Nobody greps them, nobody triages them, nobody remembers why they exist. Guardsman replaces them with structured entries in the watch log — machine-readable, severity-tagged, dated:
# guardsman: retry capped at 3, no backoff config | severity:med | revisit:second-caller-appears | cost:none
Every deliberate shortcut carries its severity and its revisit trigger — both required. A bundled scanner (scripts/scan_ledger.py) harvests the whole repo, groups entries by severity, and flags anything overdue or malformed. A shortcut nobody can triage is worse than an unmarked one: it creates false confidence that it's tracked.
Your technical debt stops being folklore in someone's head. It becomes a logbook with severities and dates — and a scanner that reads it.
| Mode | Scope | What it does |
|---|---|---|
build |
persistent, default | Everything above, on every response, until stood down |
review |
current diff, one-shot | Hunts over-engineering and convention drift. Lists findings, applies nothing |
audit |
whole repo, one-shot | Same taxonomy, full tree: dependencies duplicating stdlib, single-implementation interfaces, delegate-only wrappers, dead config — ranked biggest first |
logbook |
whole repo, one-shot | Runs the watch-log scanner and reports open shortcuts by severity, overdue entries first |
post-report |
this repo, one-shot | The actual, live state: open logbook entries, detected conventions, recent findings |
/guardsman # build mode, standard tier
/guardsman build sensitive # this ticket touches token refresh
/guardsman review # what can we delete from this diff?
/guardsman audit # what can we delete from this repo?
/guardsman logbook # what did we promise to come back to?
/guardsman post-report # where do we actually stand?
Say stand down, stop guardsman, or normal mode to take him off duty.
Here's a promise you won't find in most tool READMEs:
Guardsman will never tell you it "saved you 12,000 lines." There is no unbuilt baseline version of your codebase to diff against, so no tool — including this one — can honestly produce that number. post-report shows only what is directly countable, computed live, on your repo, right now. If nothing has been computed yet, it says so and offers to run the scan — instead of presenting a confident figure that corresponds to nothing.
A tool that invents numbers about your codebase has no business guarding it. The honesty rule isn't a limitation. It's the product.
Coming — and coming honestly. A reproducible protocol lives in benchmarks/: a real open-source repo, twelve feature tickets, multiple arms, scored on the git diff each one leaves behind — lines changed, guards kept, checks actually executed. Yes, the headline metric is guards kept. It's in the name.
Guardsman's no-invented-numbers rule applies to Guardsman itself: no headline figure will appear here before it has been measured, and every result will ship with its method, its limits, and the scripts to reproduce it.
⭐ Star the repo to get the results when they land.
Some things are never simplified away, at any tier, under any instruction to "keep it minimal":
And two orders above all the others. Never lazy about understanding the problem: he walks the whole perimeter before taking the post — the ladder shortens the solution, never the reading. Quit the post only when properly relieved: no turn ends with the verification silently skipped; if a check genuinely can't run here, saying so explicitly is the relief.
Claude Code (plugin — recommended):
/plugin marketplace add hedimanai-pro/guardsman
/plugin install guardsman@guardsman
Claude Code (project-level, manual):
git clone https://github.com/hedimanai-pro/guardsman
cp -r guardsman/plugins/guardsman/skills/guardsman .claude/skills/
Any other agent (Codex, Cursor, anything that reads an AGENTS.md or custom instructions): copy the condensed ruleset