AxioRankZero-Trust for AI Agents
Open the console
All posts

June 25, 2026 · AxioRank

Govern the agent writing your code: AxioRank for Claude Code, Cursor, Codex, and Copilot

AI coding agents run commands, edit files, and call tools on your machine before you can review them. AxioRank now governs that loop with one hook, blocking dangerous actions locally and minting a signed, offline-verifiable proof that the session was governed.

  • coding-agents
  • governance
  • provenance
  • claude-code
  • cursor
  • codex
  • copilot

AI coding agents crossed a line this year. They no longer just suggest code. Claude Code, Cursor, OpenAI Codex CLI, and GitHub Copilot CLI run shell commands, edit files, and call MCP tools on your machine, often faster than anyone reviews the diff. That is a new, ungoverned execution surface sitting inside every developer's editor.

The risks are concrete and already documented:

  • Destructive commands. An agent runs rm -rf, git push --force, DROP TABLE, or curl ... | sh on a misread instruction.
  • Secret exfiltration. A generated command or file write ships an API key, a token, or your .env somewhere it should never go.
  • Agent hijacking. A poisoned MCP reply or a fetched page carries hidden instructions that steer the agent, the attack class researchers now call agentjacking.

Today we are extending AxioRank to govern that loop, with the same engine that already governs your production agents.

One hook, four agents

@axiorank/coding-guard installs as a hook into Claude Code, Cursor, Codex, and Copilot CLI. On every tool-call lifecycle event the agent hands the action to the guard, which scores it with the exact AxioRank detection engine our hosted gateway runs, then answers allow, deny, or ask in that agent's own response format.

npx -y @axiorank/coding-guard init

That wires up .claude, .codex, .cursor, and .github/hooks in one step. The local guardrail runs fully offline, with no API key and no signup. Blocking a destructive command should never depend on a network call, so it does not.

Then prove it

Most of the field stops at blocking and a dashboard. AxioRank goes one step further, because provenance of AI-written code is becoming a requirement, not a nicety.

Set an API key and each governed session flows into the same policy, audit log, alerts, and approvals as your production agents. When the session ends, AxioRank mints a Coding Session Seal: an Ed25519-signed, offline-verifiable attestation of how many tool calls were governed, how many were blocked, which detector categories fired, and a Merkle root over the session's audit trail. It lands in .axiorank/ in your repo.

Anyone can verify it, with no trust in AxioRank and no network beyond fetching the public key once:

npx -y @axiorank/audit-verify coding-seal .axiorank/session-*.seal.json

That is the part competitors do not have. It is SLSA-style provenance for AI-written code: a portable proof you can keep in a CI artifact or attach to a pull request, that says this session ran under policy.

Free to block, paid to prove

Local guardrails for all four agents are free on every plan. Central reporting and the signed Coding Session Seal come with the Team plan and above.

Read the setup guide, or see how the governance and verification fit together.

Share this post

Share on XShare on LinkedIn

Govern your agents with AxioRank

Score every tool call for leaked secrets, PII, destructive operations, and prompt injection. Start free, or try it locally with no key.

Get an API keyRead the docs