Skip to main content
BouncerFox

BouncerFox

AI Agent Config Governance for Your Codebase

Deterministic security scanning for CLAUDE.md, .cursorrules, .mcp.json, and AI agent configuration files. Catch secret leaks, prompt injection, unsafe MCP server configs, and permission escalation before they hit production.

Get Started in 2 MinutesStar on GitHub
brew tap bouncerfox/tap && brew install --cask bouncerfox
$ bouncerfox scan .

CLAUDE.md
  [critical]  SEC_001   Hardcoded secret detected                          :14
              -> Move secrets to environment variables or a secrets manager

.claude/settings.json
  [high]      CFG_001   Unrestricted Bash in allowedTools                  :8
              -> Scope to specific commands, e.g. Bash(npm test)

.mcp.json
  [high]      CFG_003   MCP wildcard permissions                           :12
              -> Restrict to specific resource paths
  [warn]      SEC_002   External URL not in allowlist                      :22
              -> Verify this URL is trusted, or add it to url_allowlist

  [FAIL]  4 findings in 3 files  (1 critical, 2 high, 1 warn)
          8 files scanned . 35 rules . 0 skipped . 0.12s

35 Detection Rules

Four categories covering security, quality, config, and prompt safety. Deterministic pattern matching with zero LLM dependency.

CI/CD Merge Gate

Block PRs that introduce risky AI agent configs. GitHub Action with SARIF output, inline PR comments, and configurable severity thresholds.

Custom Rules

Define project-specific rules in YAML without writing Go code. 19 match primitives including pattern matching, field checks, and logic combinators.

Scans 15 file types across 6 AI agent ecosystems

CLAUDE.mdSKILL.md.cursorrules.windsurfrules.mcp.json.lsp.jsonAGENTS.md.claude/settings*.jsonhooks/hooks.json.github/copilot-instructions.md

See all supported files

Coming Soon

BouncerFox Platform

Centralized governance across repos. Org-wide rule policies, finding history, enforcement dashboards, and cross-project analytics.

Learn more →

Semantic Scanning

AI-powered detection for prompt injection patterns, social engineering instructions, and behavioral manipulation that deterministic rules can't catch.

Offline. Deterministic. No AI in the loop.

Every finding is traceable to a specific rule, line number, and file. Code never leaves your machine.

Get StartedBrowse Rules