Flows category icon
Agent QA & Security
Advanced

Build a Command Security Pipeline for Your Agent

Replace scattered if-else safety checks with a layered validator pipeline: single-purpose checks, an allow/ask/deny/passthrough contract, and severity-aware ordering.

4 steps12 verify checks120-180 minutesWorks with: emergent · chatgpt · claude · cursor
Start Guided Walkthrough

The Route

0/4 verified

Context Pack

Paste this first. It briefs the AI on requirements, constraints, and the Definition of Done before your first build prompt.

Context Pack
PROJECT CONTEXT:
My agent executes shell commands guarded by a handful of tangled regex checks that are impossible to extend safely. Claude Code runs 20+ independent validators in a deliberately ordered pipeline where each check does one job and the most severe finding wins.

GOAL:
Build a layered command-validation pipeline: a shared result contract, early fast-path validators, a main chain of single-purpose checks, and severity-aware result selection.

REQUIREMENTS:
- A shared validator contract: every check returns allow, ask, deny, or passthrough
- Early validators that short-circuit common safe patterns before the main chain
- Single-purpose main-chain validators - one attack class per check
- Hard path constraints that no permission rule or prompt can override
- Severity ordering: parser-mismatch findings outrank informational ones

CONSTRAINTS:
- Validators must not share mutable state - independence is the point
- A new validator must be addable without editing existing ones

DEFINITION OF DONE:
- All command execution flows through the pipeline - no bypass path
- Each validator has isolated unit tests with attack and benign cases
- Removal of any protected system path is blocked even with explicit permission rules
- A command triggering multiple findings reports the most severe one

COMMON FAILURES TO AVOID:
- One mega-function of nested ifs where fixing one check breaks another
- Validators that mutate shared parse state, creating order-dependent bugs
- Path checks that trust permission rules over the hard denylist
- First-match-wins reporting that surfaces a warning while hiding a critical finding

Paste this into your AI builder first. It teaches the AI what you want before you give it the build prompt.

Related routes

More Agent QA & Security flows that share ground with this one.

Flows category icon
Agent QA & Security

Audit Trails for Tool Calls

Record an immutable, queryable trail of every action your agent takes - who, what, when, why, and outcome - for security and accountability.

01Define the audit record and scope
02Write records reliably and scrubbed
03Make the trail tamper-evident

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate
Flows category icon
Agent QA & Security

Dependency and Supply-Chain Scanning for Agents

Guard against the dependencies your agent adds: vulnerability scanning, hallucinated-package detection, and gated installs.

01Intercept dependency additions
02Verify existence and reputation
03Scan for vulnerabilities

+1 more steps to Done

Best forbuilders who have shipped a basic app before

4 steps60-90 minutesIntermediate
Flows category icon
Agent QA & Security

Detect Command Obfuscation and Parser-Mismatch Attacks

Catch the attacks your parser cannot see: quote-concatenation flags, ANSI-C quoting, brace expansion, and escaped operators that make bash execute something your checks never inspected.

01Build multi-view quote extraction
02Detect quote-trick flag smuggling
03Detect parser-vs-shell divergence

+1 more steps to Done

Best forproduction-grade builds with strict verification

4 steps120-180 minutesAdvanced

Made with Emergent