JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 151
  • Score
    100M100P100Q99258F
  • License MIT

Control what AI agents can do in your codebase

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@way_marks/cli) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    Waymark

    Control what AI agents can do in your codebase.

    Waymark sits between your team and any AI agent. Every file action is intercepted, logged, and checked against your policies before it executes. Dangerous commands are blocked. Sensitive paths require human approval. Everything is reversible.

    The Problem

    AI agents like Claude Code are powerful. They can also write to your .env, run rm -rf, or modify your database schema without asking.

    You find out after it happens.

    The Solution

    Waymark intercepts every action before it runs:

    Agent tries to... Waymark does...
    Write to .env Blocks it instantly. Logged.
    Run rm -rf Blocks it instantly. Logged.
    Pipe curl to bash Blocks it instantly. Logged.
    Modify src/db/schema.ts Holds it. Asks for your approval.
    Write to src/ Allows it. Logged with full rollback.
    Read any file Logged with path and content snapshot.

    Install

    cd your-project
npx @way_marks/cli init
npx @way_marks/cli start

    Restart Claude Code. Done. Waymark is now active in this project.

    How It Works

    Your Prompt
    ↓
Claude Code
    ↓
Waymark MCP Server  ← intercepts here
    ↓
Policy Engine
    ↓
allowed  → executes + logged
blocked  → stopped + logged
pending  → held + approval required
    ↓
Dashboard: http://localhost:3001

    Dashboard

    Open http://localhost:3001 after running npx @way_marks/cli start.

    • See every agent action in real time
    • Approve or reject pending actions
    • Roll back any write with one click
    • Filter by allowed / blocked / pending

    Configuration

    Edit waymark.config.json in your project root:

    {
  "policies": {
    "allowedPaths": [
      "./src/**",
      "./data/**",
      "./README.md"
    ],
    "blockedPaths": [
      "./.env",
      "./.env.*",
      "./package-lock.json",
      "/etc/**"
    ],
    "blockedCommands": [
      "rm -rf",
      "DROP TABLE",
      "regex:\\|\\s*bash",
      "regex:\\$\\(curl"
    ],
    "requireApproval": [
      "./src/db/**",
      "./waymark.config.json"
    ]
  }
}

    Policy Rules

    allowedPaths — Agent can read and write these. Supports glob patterns.

    blockedPaths — Agent can never touch these. Takes priority over allowedPaths.

    blockedCommands — Bash commands containing these strings are blocked. Prefix with regex: for pattern matching.

    requireApproval — Actions on these paths are held until a human approves from the dashboard.

    CLI Commands

    npx @way_marks/cli init    # Set up Waymark in current project
npx @way_marks/cli start   # Start dashboard + MCP server (background)
npx @way_marks/cli stop    # Stop the running servers
npx @way_marks/cli status  # Check if server is running
npx @way_marks/cli logs    # View recent actions in terminal
npx @way_marks/cli logs --pending   # Show only pending actions
npx @way_marks/cli logs --blocked   # Show only blocked actions

    Version Management

    npx @way_marks/cli --version     # Check installed version
npx @way_marks/cli status        # Shows version + update banner if available
npx @way_marks/cli update        # Install latest version from npm

    The CLI automatically checks for updates on startup (non-blocking, 3-second timeout). Results are cached for 24 hours. See the main README for detailed troubleshooting and update instructions.

    Slack Notifications

    Get notified when an agent action needs approval:

    # Add to .env in your project
WAYMARK_SLACK_WEBHOOK_URL=https://hooks.slack.com/...
WAYMARK_SLACK_CHANNEL=#engineering
WAYMARK_BASE_URL=http://localhost:3001

    Create a Slack webhook at: api.slack.com/apps → Incoming Webhooks

    Works With

    • Claude Code — native MCP integration, zero configuration after init
    • Any MCP-compatible agent — register the Waymark MCP server in your agent config
    • More integrations coming

    Requirements

    • Node.js 18 or higher
    • Claude Code (for MCP integration)
    • macOS, Linux, or Windows

    What Works

    Team approval routing — Assign approvals to specific teammates with escalation
    Session-level rollback — Undo an entire agent run at once
    Email notifications — SMTP-based notifications for pending approvals
    Multi-platform — macOS, Linux, and Windows all supported
    Slack integration — Real-time notifications to Slack
    Policy enforcement — Block paths, commands, require approvals
    Action logging — Full audit trail with rollback capability

    Roadmap

    • CLI agent wrapping (waymark run )
    • Proxy mode (drop-in for any OpenAI-compatible agent)
    • REST API integration tests (comprehensive endpoint coverage)

    Contributing

    Waymark is MIT licensed and open to contributions.

    1. Fork the repo
    2. Create a feature branch
    3. Open a pull request

    Please open an issue before starting large changes.

    License

    MIT — see LICENSE

    Built for developers who want to use AI agents seriously — without giving them unsupervised access to production systems.