
Kastra checks AI coding tools before they run risky actions
Kastra is a tool that checks what are about to do before they do it. It is aimed at people using Claude Code, Codex, Cursor, and OpenClaw. It reviews each action’s tool, target, and inputs, then decides whether to allow, pause, or block it before execution.
The trigger was a Cursor agent that nearly ran `DELETE FROM customers WHERE status='test'` on a . The command was stopped in time, but the bigger issue was that the setup had no hard system that would have blocked it without human attention. A prompt can influence an AI model, but it cannot reliably enforce what the tool is allowed to do.
Kastra lets people write a policy in plain English in a web app, then applies that policy before actions run.
Key points
- Kastra checks actions before they run.
- Claude Code, Codex, Cursor, and OpenClaw are named as target tools.
- Each action can be allowed, paused, or blocked.
- The product was motivated by a near-miss involving a database delete command.
- Prompts can guide AI behavior, but they are not reliable permission controls.
Sources covering this story (4)
- Hacker NewsKastra checks AI coding tools before they run risky actions ↗
- r/cursorHas anyone compared ai agent code review tools, here's what i found after testing 3 ↗
- r/micro_saasDont design with Ai slop - i built a free & open-source design skill for AI coding assistants ↗
- r/ClaudeWorkflows[Workflow] Vallum: A Security Proxy for Claude Code to Sanitize Terminal Output and Prevent Prompt Injection ↗