Defense-in-depth against curl|bash attacks. Four-layer shell interception (accept-line, ZLE paste, hardened wrappers, preexec audit) with YARA-based detection. Catches malicious piped installs before execution — where macOS Gatekeeper can't.
Bounded shell and CLI execution for AI agents: structured contracts, policy-gated execution, hardened Linux runtime enforcement, and signed receipts.
Add a description, image, and links to the shell-security topic page so that developers can more easily learn about it.
To associate your repository with the shell-security topic, visit your repo's landing page and select "manage topics."