scar-safety

A safety system that grows stronger with every incident. Combines static threat detection (regex/heuristic) with a scar-based reflex arc that learns from real security incidents.

How it works

1. 1. Static detection -- Built-in regex patterns catch common threats: secret exposure, dangerous commands, injection patterns, data exfiltration, privilege escalation.
2. Scar memory -- When a real incident occurs, it is recorded as an immutable scar in safety_scars.jsonl.
3. Reflex arc -- Before any action, pattern-match against all scars. Blocks repeat threats instantly with zero LLM calls.
4. Severity levels -- CRITICAL (auto-block), HIGH (warn+confirm), MEDIUM (warn), LOW (log).

Unlike static rule lists, scar-safety adapts: every recorded incident makes the system smarter.

Usage

CODEBLOCK0

Python API

CODEBLOCK1

When to use

• - Before executing any shell command from an AI agent
• Before writing files that might contain secrets
• Before making network requests to untrusted hosts
• As a pre-commit hook to catch leaked secrets
• As part of an AI agent's action pipeline