SaneProcess: Workflow Safety Guardrails for AI Programming Agents

This article introduces the SaneProcess project, which provides workflow enforcement mechanisms for AI programming agents such as Claude Code and Codex. It implements shared safety guardrails through hooks, skills, and MCP tools to ensure AI-assisted development is safer and more repeatable. Its core idea is that safety guardrails should be built-in rather than added after the fact. It aims to address risks brought by the high-speed operations of AI programming agents (e.g., modifying key files without context, skipping tests, etc.), making AI-assisted development both efficient and safe.

AI programming assistants (Claude Code, Codex, etc.) improve development efficiency but bring new risks: modifying key files without sufficient context, submitting directly without running tests, ignoring coding standards/security guidelines, conflicting modifications between tasks, and untraceable operation history. Traditional code review processes are difficult to handle the high-speed batch operations of AI, so new mechanisms are needed to ensure safe and efficient development.

SaneProcess is a workflow enforcement framework for AI programming agents. Its core idea is 'safety guardrails should be built-in rather than added after the fact'. Currently, it supports mainstream platforms: Claude Code (validates before key operations via hooks), Codex (supports AGENTS, skills, and MCP architecture; safety guardrails are reusable skill components), and the framework is extensible to adapt to other platforms.

1. Operation Interception & Validation (Hooks): Intercepts file modifications (checking allowlists, coding standards, destructive changes, etc.), command execution (reviewing shell commands, blocking dangerous operations, etc.), and code submissions (ensuring tests run, commit message standards, etc.).
2. Shared Safety Guardrails: Code quality (linter, unit test coverage, etc.), security scanning (hardcoded keys, vulnerable dependencies, etc.), process compliance (code review, CI/CD pass, etc.), and project-specific (architecture adherence, API compatibility, etc.) guardrails.
3. Workflow Orchestration: Standardizes task initiation (parsing descriptions, identifying files, etc.), development execution (step execution + validation), and completion acceptance (test suites, change summaries, etc.).
4. Observability & Auditing: Records complete operation history (modification comparisons, command outputs, security check results, etc.) for troubleshooting, auditing, and optimization.

The architecture is designed as a layered structure: Agent Platform Layer → Hooks Layer → Guardrail Engine Layer → Rule Repository Layer → Observability Layer. Rules are defined in a declarative format (e.g., YAML examples), which is human-readable and machine-parsable. Integration with MCP: Acts as an MCP server to provide security functions (e.g., JSON configuration examples).

1. Protecting production codebases: Prohibit direct modification of the main branch, require PR processes, enforce test suites, and scan for security vulnerabilities.
2. Standardizing team workflows: Unify code formatting, commit message templates, branch naming, and document update requirements.
3. Secure sandbox development: Limit file modification scope, block external commands, require manual confirmation for key operations, and keep detailed logs.
4. Automated compliance checks: Verify audit logs, data processing compliance, access control consistency, and generate compliance reports.

1. Gradual enablement: Observation phase (record only) → Warning phase (warn without blocking) → Enforcement phase (intercept).
2. Rule version management: Include in version control, support rollback, branch differentiation, and traceable changes.
3. Team collaboration: Define rule owners/reviewers, establish approval processes, conduct regular reviews, and collect team feedback.
4. Continuous optimization: Analyze interception logs (false positives/negatives), adjust rules with project changes, learn new threats, and share rule patterns.

AI programming agents are reshaping development methods, but safety and quality cannot be sacrificed. SaneProcess provides a systematic way to build safety guardrails into AI-assisted development processes, making it a must-have for AI programming teams. Future directions: Intelligent rule recommendations, richer integrations, community-driven rule repositories, and visual rule editors.