AI Guardian Lab is a lightweight middleware that sits between an LLM (Ollama, OpenAI, Groq, etc.) and the OS shell. When the agent generates a bash command, the Guardian intercepts it before execution and:
validates it against a regex pattern library (fork bombs, privilege escalation, exfiltration, etc.)
checks it against a binary allowlist (green/yellow/red zones)
normalizes obfuscated commands (base64, hex, IFS tricks, subshell wrappers)
logs every decision to SQLite with full audit trail
It runs entirely self-hosted via Docker Compose. No cloud dependency.
I'm particularly curious whether the normalization + regex approach is fundamentally flawed vs. a semantic/LLM-based approach, and what obvious bypasses people can find.