This is a vibe-engineered plugin. Built with Claude Code, tested by using it on real projects. If you find a bug, that's the vibe working as intended — open an issue.
AI governance framework for Claude Code. Prevents drift, enforces project structure, and keeps humans in control of governance files.
| Layer | How | What |
|---|---|---|
| Native deny | settings.json permissions |
Blocks edits to governance files at the Claude Code level |
| PreToolUse hooks | Shell scripts on every tool call | Catches file writes and bash commands targeting protected paths |
| Skills | Auto-loaded markdown rules | Claude reads governance rules every session, survives context compaction |
Prevents: editing its own instructions, creating junk directories, exceeding depth limits, writing unregistered root files, path traversal, hook tampering, dangerous bash constructs (eval, base64 pipes).
Allows: normal development work unimpeded.
Inside a Claude Code session, run:
/plugin marketplace add HawkannG/Claude-Warden
/plugin install claude-warden@HawkannG-Claude-Warden
Then in your project:
/warden-setup
This creates .claude/CLAUDE.md, .claude/rules/, docs/SESSION-LOG.md, and seeds deny entries in settings.json. Safe to run multiple times.
Requires Git for Windows and jq (winget install jqlang.jq). Set the bash path:
[Environment]::SetEnvironmentVariable("CLAUDE_CODE_GIT_BASH_PATH", "C:\Program Files\Git\bin\bash.exe", [EnvironmentVariableTarget]::User)Inside a Claude Code session:
/plugin update claude-warden@HawkannG-Claude-Warden
/plugin remove claude-warden@HawkannG-Claude-Warden
Your files (.claude/CLAUDE.md, .claude/warden.config.sh, docs/SESSION-LOG.md) are never touched by updates.
All skills are auto-loaded. User-invokable skills:
| Skill | What it does |
|---|---|
/warden-setup |
Initialize Warden in a project, migrate from old curl-install |
/warden-architecture |
Project directory structure template |
/warden-workflow |
PROPOSE > PLAN > BUILD > VERIFY > CLOSE phases |
/warden-feedback |
Track governance gaps and friction |
/warden-security |
Security and privacy by design rules |
/warden-second-opinion |
Spawn fresh subagents when stuck |
/warden-policy loads automatically (not user-invokable) — defines the governance constitution.
Create .claude/warden.config.sh in your project:
PROTECTED_FILES=(".claude/CLAUDE.md" ".claude/rules/*.md" "contracts/**/*.sol")
FORBIDDEN_DIRS=("temp" "tmp" "misc" "drafts" "wip")
MAX_DIRECTORY_DEPTH=5To allow extra root files, add EXTRA_ROOT_FILES to your config:
EXTRA_ROOT_FILES=("Procfile" "fly.toml" "Gemfile" "Rakefile")| Command | What |
|---|---|
/warden-setup |
Run setup / migration |
| "run warden audit" | Drift audit (0-100 score) |
| "run warden version check" | Version and component check |
| "warden check" | Claude re-reads governance rules |
| "wrap up" | Clean session exit + handoff |
The audit and version scripts run automatically via hooks. Ask Claude in natural language to run them manually.
Warden prevents unintentional governance violations, not deliberate adversarial bypass. It's workflow enforcement, not a sandbox. See SECURITY.md for details.
- bash 4.0+, jq 1.5+
- macOS:
brew install jq| Ubuntu:sudo apt install jq| Windows:winget install jqlang.jq
Claude-Warden/
├── .claude-plugin/plugin.json # Plugin manifest
├── hooks/hooks.json # Hook configuration
├── skills/
│ ├── warden-policy/SKILL.md # Governance constitution (auto-loaded)
│ ├── warden-workflow/SKILL.md # Dev workflow protocol
│ ├── warden-architecture/SKILL.md # Directory structure template
│ ├── warden-setup/SKILL.md # Project setup / migration
│ ├── warden-feedback/SKILL.md # Feedback tracking
│ ├── warden-security/SKILL.md # Security & privacy rules
│ └── warden-second-opinion/SKILL.md # Diagnostic protocol
├── scripts/ # Hook scripts (7 scripts)
└── tests/ # Test suite (8 test files)
During normal operation, Warden creates these files in your project's .claude/ directory:
| File | Purpose |
|---|---|
.claude/audit.log |
Timestamped log of all hook actions (auto-rotates at 500 lines) |
.claude/governance-proposals.log |
Captured details of blocked governance changes for human review |
.claude/warden-edit-tracker |
Tracks files modified during a session (used by post-check hook) |
These are safe to delete at any time. They'll be recreated as needed.
MIT — see LICENSE file.