我构建了一个 Claude 代码插件,可以在更改发生之前检测并阻止它。
1 分•作者: andreahlert•大约 3 小时前
我们都遇到过这种情况:你给 Claude Code 一个简单的提示,比如“修复 utils.js 中的拼写错误”,然后它突然开始重构你的整个配置文件,或者添加不相关的导入。这不仅仅是令人恼火——这是范围蔓延,即 AI 超出任务边界,引入未经授权的修改,这会侵蚀信任、膨胀你的代码库并造成安全风险。但如果我们不把范围蔓延视为 LLM 不可避免的怪癖,而是将其视为我们可以主动防范的事情呢?
受到这里和 X 上关于 AI 代理出现幻觉或过度编辑的讨论的启发,我决定构建 Scope Guard:一个用于 Claude Code 的轻量级插件,它会在代理完成其工作之前进行干预,确保编辑严格限制在你指定的意图范围内。
**为什么范围蔓延很重要**
范围蔓延的发生是因为像 Claude 这样的 LLM 被训练成乐于助人,但如果没有明确的界限,它们会推断过多——导致对你未提及的文件进行更改,或者添加看似“明显”相关但实际上并非如此的内容。在生产工作流程中,这意味着需要花费更多时间进行调试、审查或回滚。最近的帖子(例如关于 Claude Code 中幻觉的帖子)表明,随着我们越来越依赖 AI 进行编码,这是一个日益增长的痛点。
**介绍 Scope Guard**
Scope Guard 是一个零依赖的 JavaScript 插件,它钩入 Claude Code 的生命周期以强制执行提示遵守。它在设计上是极简主义的:没有 API 密钥,没有配置文件,即插即用。
**主要特点:**
* **提示捕获:** 保存你的原始指令以供参考。
* **实时更改跟踪:** 异步记录编辑内容,不会减慢代理的速度。
* **严格评估:** 使用 Git diff 分析工具使用后的修改。仅允许更改明确提及的文件或逻辑上必不可少的文件(例如,用于函数更新的测试文件)。其他一切?被阻止,视为范围蔓延。
* **用户友好的干预:** 如果检测到蔓延,它会停止完成并解释原因,并提供批准、撤消或完善你的提示的选项。
* **清理脚本:** 通过删除旧的会话数据来保持你的项目整洁。
**工作原理**
通过在 Claude Code 中安装 `/plugins add https://github.com/andreahlert/scope-guard` 来安装。
1. 提交提示时,它会捕获意图。
2. 当代理进行编辑时,会跟踪更改。
3. 在停止之前,它会评估:是否提到了这个文件?是否需要更改?如果没有——砰,干预。
**示例:**
* **允许:** 提示“向 auth.js 添加电子邮件验证”→ 编辑 auth.js 和 auth.test.js。
* **阻止:** 相同的提示 → 尝试调整不相关的 db.js?不行。
它已获得 AGPL-3.0 许可,并且该存储库对贡献开放。在这里查看:https://github.com/andreahlert/scope-guard。如果这引起了你的共鸣,请给它点个星,如果你想参与其中,请 fork 它,或者在问题中留下反馈——我很乐意听到它如何适应(或不适应)你的工作流程。
你觉得怎么样?你是否在使用 Claude Code 时遇到过范围蔓延?让我们在下面讨论!
干杯,
André
查看原文
We've all been there: You give Claude Code a simple prompt like "Fix the typo in utils.js," and suddenly it's refactoring your entire config file or adding unrelated imports. This isn't just annoying - it's scope creep, where the AI oversteps the task boundaries, introducing unauthorized modifications that can erode trust, bloat your codebase, and create security risks. But what if we treated scope creep not as an inevitable quirk of LLMs, but as something we can proactively guard against?<p>Inspired by discussions here and on X about AI agents going rogue with hallucinations or excessive edits, I decided to build Scope Guard: a lightweight plugin for Claude Code that intervenes before the agent completes its work, ensuring edits stay strictly within your specified intent.<p>Why Scope Creep Matters
Scope creep happens because LLMs like Claude are trained to be helpful, but without explicit boundaries, they infer too much—leading to changes in files you didn't mention, or additions that seem "obviously" related but aren't. In production workflows, this means more time debugging, reviewing, or rolling back. Recent threads (like those on hallucinations in Claude Code) show this is a growing pain point as we rely more on AI for coding.<p>Introducing Scope Guard
Scope Guard is a zero-dependency JavaScript plugin that hooks into Claude Code's lifecycle to enforce prompt adherence. It's minimalist by design: no API keys, no config files, just plug-and-play.<p>Key Features:
Prompt Capture: Saves your original instruction for reference.<p>Real-Time Change Tracking: Logs edits asynchronously without slowing down the agent.<p>Strict Evaluation: Uses Git diffs to analyze modifications post-tool use. Only allows changes to explicitly mentioned files or those logically essential (e.g., a test file for a function update). Everything else? Blocked as scope creep.<p>User-Friendly Intervention: If creep is detected, it halts completion and explains why, with options to approve, undo, or refine your prompt.<p>Cleanup Script: Keeps your project tidy by removing old session data.<p>How It Works
Install via /plugins add https://github.com/andreahlert/scope-guard in Claude Code.<p>On prompt submit, it captures the intent.<p>As the agent edits, changes are tracked.<p>Before stopping, it evaluates: Is this file mentioned? Is the change required? If not—bam, intervention.<p>Examples:<p>Allowed: Prompt "Add email validation to auth.js" → Edits auth.js and auth.test.js.<p>Blocked: Same prompt → Tries to tweak unrelated db.js? Nope.<p>It's licensed under AGPL-3.0, and the repo is open for contributions. Check it out here: https://github.com/andreahlert/scope-guard. Star it if this resonates, fork it if you want to hack on it, or drop feedback in the issues—I'd love to hear how it fits (or doesn't) in your workflow.<p>What do you think? Have you run into scope creep with Claude Code? Let's discuss below!<p>Cheers,
André