A developer has published "claude-on-a-leash," a small open-source tool that adds hard security limits to Claude Code - limits that don't bend regardless of what the AI decides to do.
The key word here is "deterministic." Most safety behavior in AI coding agents is probabilistic - the model is instructed not to do something, and it usually complies. Claude-on-a-leash takes a different approach: rules are enforced at the system level, so certain file paths, shell commands, or operations are simply blocked before Claude Code ever acts on them. It's closer to a firewall than a content policy.
This matters if you're running Claude Code in a sensitive environment - a client project, a shared server, or anywhere you can't afford a model to accidentally touch production configs or run destructive commands. Trusting an AI's own judgment about what's safe is a reasonable default for personal dev work; it's a harder sell when the stakes are higher.
The project is early - the GitHub repo is freshly published with minimal documentation - but the concept is sound. Deterministic guardrails are a standard pattern in security engineering, and applying them to AI coding agents is overdue. Expect more tools like this as Claude Code and similar agents get deployed beyond individual developers and into team workflows.