Add tool guardian hook

[ajithraghavan]

Pull Request Checklist

• I have read and followed the CONTRIBUTING.md guidelines.
• I have read and followed the Guidance for submissions involving paid services.
• My contribution adds a new instruction, prompt, agent, skill, or workflow file in the correct directory.
• The file follows the required naming convention.
• The content is clearly structured and follows the example format.
• I have tested my instructions, prompt, agent, skill, or workflow with GitHub Copilot.
• I have run npm start and verified that README.md is up to date.

---

Description

---

Type of Contribution

• New instruction file.
• New prompt file.
• New agent file.
• New plugin.
• New skill file.
• New agentic workflow.
• Update to existing instruction, prompt, agent, plugin, skill, or workflow.
• Other (please specify):

---

Additional Notes

---

By submitting this pull request, I confirm that my contribution abides by the Code of Conduct and will be licensed under the MIT License.

[aaronpowell]

It looks like you've incorrectly branched from the main branch not staged, and as a result all the materialised plugins are included in this PR.

You can attempt to fix this with a rebase:

git fetch origin staged
git rebase --onto origin/staged origin/main <branch name>
git push --force-with-lease

If that does not resolve it, you can run npm run plugin:clean which will delete the materialised plugins and you can commit that change.

[ajithraghavan]

Thank you for the feedback!

I have rebased the branch onto staged and force pushed. The materialized plugins should no longer be included in the diff.

Apologies for the oversight, please let me know if anything else needs to be fixed.

[aaronpowell]

Given there is allow/disallow tool support built into CLI, VS Code, etc. for Copilot, what would this hook bring that you don't get from the native support?

[ajithraghavan]

The native allow/disallow support works at the tool and subcommand level, e.g., you can allow or deny
shell(git push) or shell(rm). But it can't inspect arguments or flags within a command

So once git push is allowed, there's no way to natively block git push --force origin main while still allowing git push origin feature

This hook fills that gap by pattern matching against the full command String, for example, it can:

• Allow git push but block git push --force to main/master
• Allow rm but block rm -rf /
• Allow DELETE FROM with a WHERE clause but block DELETE FROM table;

It also adds audit logging (JSON Lines), safer alternative suggestions, and a configurable warn/block mode. It's meant to complement native controls as a defense-in-depth layer, not replace them

[ajithraghavan]

I moved it to .github/hooks/tool-guardian/ as suggested, but it seems the repository's build Script (npm start) generates docs/README.hooks.md by scanning the hooks/ directory.

Moving it out of hooks/ causes the Tool Guardian entry to be dropped from the generated README, failing the validate-readme CI check

[aaronpowell]

I moved it to .github/hooks/tool-guardian/ as suggested, but it seems the repository's build Script (npm start) generates docs/README.hooks.md by scanning the hooks/ directory.

Moving it out of hooks/ causes the Tool Guardian entry to be dropped from the generated README, failing the validate-readme CI check

Sorry, I think there was a miscommunication in the suggested refactor - it was just that the log folder should go into .github not the whole thing.

[ajithraghavan]

Sorry for the misunderstanding, reverted the hook files back to hooks/tool-guardian\ and moved just the log directory to .github/logs/copilot/tool-guardian/

Thanks for clarifying!

Kindly check now

[ajithraghavan]

Thanks @aaronpowell