Part of the Brigade fleet from Escoffier Labs
Nothing leaves the kitchen unchecked.
Content Guard keeps private infrastructure, secrets, and personal context out of public surfaces before they ship. It scans Markdown docs, PR bodies, social drafts, and generated output against JSON policies, then blocks, redacts, warns, or allows. One sloppy paste can leak more than intended. This is the station, Le Passe, where the work gets checked before it goes out.
Policy-driven scanning and publish checks for everything that leaves the machine.
Policy
- JSON policy sets default actions per category
- Categories cover infrastructure, secret, and PII
- Override individual rules by id
- Add private custom regex for internal names
- Bundled public-repo and public-content policies to start from
Decision
- block: fail the scan, for publish gates
- redact: rewrite matching content
- warn: report without failing
- allow: ignore intentional findings
- Inline allow comments clear known-public examples
Deterministic rules first
Conservative rules catch infrastructure, secrets, and high-confidence patterns. Public publishing should fail loudly on infrastructure and secret leakage, so those stay hard blocks.
Four decisions, one report
Every finding resolves to block, redact, warn, or allow. One report format drives publish gates, in-place rewrites, and advisory review from the same engine.
Markdown aware
Scanning understands fenced code blocks, YAML frontmatter, and inline allow comments, so setup docs can discuss real examples without false blocks.
Custom policy files
JSON policies set default actions by category, override individual rules, and add private custom regex for internal names, projects, and unreleased plans.
Zero required dependencies
The core package needs no third-party libraries. The optional OPF backend runs through its own CLI for model-based PII review when it is installed locally.
Built for pipelines
Scan, redact, and diff all speak JSON. The same engine backs PR guards, a git pre-push hook, an n8n advisory step, and an OpenClaw outbound message plugin.
| Command | What it does |
|---|---|
| content-guard scan | Scan a file, directory, or stdin against a policy and report findings. |
| content-guard redact | Rewrite matching content in place using the policy redaction rules. |
| content-guard diff | Show what redaction would change without rewriting the file. |
| content-guard audit | Aggregate scan results across a directory into one report. |
| content-guard baseline | Manage a baseline of pre-existing findings so only new leaks fail. |
Companion entry points wrap the same engine for publishing boundaries: PR bodies, staged files, commit messages, and tracked content before a first public push.
| Command | What it does |
|---|---|
| content-guard-git | Scan staged files, or all tracked files, before a commit or first public push. |
| content-guard-commits | Scan commit messages over a range to catch co-author trailers and metadata leaks. |
| content-guard-publish-check | Combined local pre-publish wrapper: PR body, staged files, and commit messages. |
| content-guard-pr-prepare | Write a stable sanitized PR body path for a later publishing step. |
A repo tip can be clean while an old commit diff still leaks. The bundled git pre-push hook runs two scans before any push: the tracked working tree, and the content introduced by the commits being pushed. That closes the forward-scrub gap, where a scrubbed tip sits on top of commits that leaked in their history.
Point an optional private policy at a local denylist of internal hostnames, usernames, and subnets. That file stays on your machine and is never committed, so the denylist itself does not leak. A push with blocking findings is rejected, with a clear path to fix it or, when you are sure the data is genuinely public, an inline allow marker.
Bundled policies, PR draft guidance, and the OpenClaw outbound message plugin all share the same policy model, so a message and a publish gate get checked the same way.