claudeguardlisted

Pre-merge policy gate. Checks a git diff against versioned house rulesets and returns a structured PASS/FAIL verdict. Use before merging to main/master, when reviewing a branch or PR for policy violations, or when the user asks to "run claudeguard", "gate this branch", or "check policy compliance". Report-only — never edits files.
beemann/claudeguard · ★ 0 · Code & Development · score 72

Install: claude install-skill beemann/claudeguard

# ClaudeGuard — policy gate ClaudeGuard is a **report-only gate**. It does not edit code, apply patches, or fix anything. It reads a diff, evaluates it against the active rulesets, and emits a structured verdict. A human decides what to do with `FAIL`. It deliberately reuses the host agent's existing engine (git, diff reading, reasoning) instead of rebuilding an LLM client, diff analyzer, or patch applier. The only thing ClaudeGuard owns is **policy as data**. ## When to run - Before merging a feature/`dev` branch into `main`/`master`. - On a pull request (via `.github/workflows/claudeguard.yml`). - On demand: "run claudeguard", "gate this branch", "check policy". ## Inputs 1. **The diff under review.** Default range is `origin/main...HEAD` (the merge base, so only commits unique to this branch are judged). The user may override the base (e.g. `dev`, `master`, an explicit SHA). 2. **The active rulesets.** Every `*.md` under `rulesets/` whose `id` is not disabled by `claudeguard.config.json`. See *Resolving rulesets* below. ## Procedure Follow these steps exactly. Do not skip the smoke check. ### 1. Resolve the diff Determine the base ref (default `origin/main`, or the user's override). Get: ``` git fetch --quiet origin # best-effort; ignore failure offline git diff --merge-base <base> -- . # full unified diff of the changeset git diff --merge-base <base> --name-only ``` If the diff is empty, emit a `PASS` verdict with `files_scanned: 0` and s