Harness guide
Codex security guide
Terminal-native coding agent with broad shell reach.
Beginner mode: HOL Guard pauses risky actions before they surprise you.
Expert mode: receipts, policy memory, and cloud review keep teams aligned.
Safe demo: learn with static traces before connecting live workflows.
What this app can do
- Read project context.
- Suggest or run commands.
- Call connected tools.
What can go wrong
- Hidden instructions can steer the agent.
- A tool can request private files.
- Build output can look like credentials.
What HOL Guard blocks
- Reads of secret-bearing files.
- High-risk shell commands before execution.
- New or changed tools that need review.
- Suspicious package, MCP, or skill behavior.
Known limits
- HOL Guard cannot inspect encrypted traffic before your harness decrypts it.
- HOL Guard cannot guarantee safety if you manually bypass a blocked action.
- HOL Guard works best when local receipts are connected to Guard Cloud.