Why I Built SafeRun

The Story

I'm a Product Marketing Manager with 9 years of experience driving GTM for B2B SaaS. I'm not a professional engineer. I "vibe-coded" SafeRun using AI agents like Cursor and Claude Code.

But here's the irony: while building it, I realized that I'm terrified of my own tools.

When you're not a senior dev, you rely heavily on the AI agent's reasoning. You click "Always allow" to keep the momentum, and then watch in horror as it executes a git push --force, wiping out hours of work.

I built SafeRun because as we give AI agents more autonomy over our codebases, we need a layer of human common sense that is extremely hard for an agent to bypass unintentionally.

The Problem

AI agents follow their reasoning chain, not your safety rules. They can run destructive commands—not maliciously, but just to "solve" a task.

Best case: You lose hours of work.

Worst case: Production is broken and commit history is gone forever.

How it Works

1.

Core Hook Interception

Uses the Git 2.29+ reference-transaction hook to catch operations at the core level. This is the primary defense against agents trying to bypass shell aliases.

2.

Risk Scoring

Evaluates each operation on a scale of 0-10 (7.0 is the base weight for history overwrites).

3.

State-based Detection

Instead of just parsing command strings, SafeRun monitors Ref State changes. This allows us to catch rebase or reset as a "Destructive History Rewrite" even if the agent uses obscure flags.

4.

Human-in-the-loop

Sends a Slack notification with Approve/Reject buttons. You approve from your phone, or the command is blocked.

The Vision: A Governance Layer for the Agentic Future

SafeRun starts with Git because it's where the code lives. But the problem of "autonomous risk" is universal. We are building SafeRun to be the standard governance protocol for the agentic web.

1. Beyond GitHub (Universal Middleware)

Git is just the testbed. In the near future, AI agents will manage database migrations, cloud infrastructure, and payments. SafeRun aims to be the universal "brake pedal" that intercepts DROP TABLE commands in Postgres or high-value transfers in Stripe, enforcing safety policies across your entire stack.

2. From Human-in-the-Loop to Agent-Governance

Humans are the ultimate safety check, but we are a bottleneck. We sleep, we get distracted, and we are slow. The next evolution of SafeRun isn't just asking you for permission. It's enabling "Supervisor Agents"—specialized models trained strictly on security and policy—to audit the work of "Coding Agents" in real-time. They will autonomously approve routine tasks via SafeRun API and escalate only the truest risks to a human.

Honest Trade-offs & Roadmap

Security

Tokens are stored encrypted (AES-256-GCM) on the backend to enable instant Slack notifications. v1.2 roadmap includes a local-only mode.

Known Gaps

git clean -fd is caught by the shell wrapper but may be missed by the core hook if bypassed, as it doesn't change Git refs.

Intent

SafeRun is a seatbelt, not a bunker. It's for developers who want to move fast without the fear of breaking things.

← Back to Home