Safe GitHub Copilot agent sandboxing for Android (Kotlin) and iOS (Swift) developers.
kote prep β isolated git worktree β agent works safely β kote cleanup --accept
KoteGuard runs Copilot agents in isolated git worktrees so they can never accidentally commit secrets, break your main branch, or touch real signing credentials. Every session is planned, gated, validated, and audited.
Why KoteGuard?
| Problem | Without KoteGuard | With KoteGuard |
|---|---|---|
Agent pushes to main |
π₯ Happens | --deny-tool='shell(git push)' blocks it |
Agent reads your .jks / .p12 |
π₯ Full access | Replaced with stubs before session starts |
| No record of what the agent did | π¬ Nothing | Per-session audit.jsonl + validation-report.md |
| Agent goes off-script | π¬ No way to know | PLAN.md hard gate + change validation on cleanup |
| Context bloat across sessions | π¬ Expensive | --compact accumulates knowledge into WORKSPACE.md |
Features
- π Smart project analysis β auto-detects Android/iOS, parses
build.gradle+Info.plist, scans docs - π Interactive planning wizard β builds
PLAN.mdwith a refine loop and a hardYESgate - πΏ Isolated git worktrees β agent works on a dedicated branch, never touches
main - π Sensitive file stubs β
.jks,google-services.json,.p12,.envreplaced with safe placeholders - π€ Copilot CLI ready β generates the complete
copilot --deny-tool=...command for you - π Session tracking β rich status table with plan title, age, Android CLI status, skills loaded, context pressure
- β
Auto-validation β validates PLAN.md + changed files on
kote cleanup --accept - π§° Android Skills β official guides synced nightly from
github.com/android/skills;kote android updatefetches the latest - π iOS Skills β bundled SwiftUI, Swift Concurrency, and XCTest guides; auto-detected from your Swift source
- π§ Global config β
kote initwizard sets agent mode, IDE, and worktrees directory - ποΈ Session hygiene β
kote sessions pruneremoves stale session metadata on your schedule - π§ Token hygiene β
--compactsaves session knowledge back intoWORKSPACE.md
Installation
pip install koteguard
Requires Python 3.12+
Or install from source:
git clone https://github.com/alisen/KoteGuard.git
cd KoteGuard
pip install -e ".[dev]"
Local install (no GitHub push needed β for testing before publishing):
# Using pipx (recommended for CLI tools)
brew install pipx && pipx ensurepath
pipx install /path/to/KoteGuard
# Or with pip directly
pip install /path/to/KoteGuard
Quick Start
# One-time setup (optional β configure your defaults)
kote init
cd your-android-or-ios-project
# 1. Run the wizard β it detects your project, plans, creates the worktree
kote prep
# 2. See what it created
kote status
# 3. Copy the ready-to-run Copilot CLI command
kote cli
# 4. Inside the worktree, make sure the agent committed its changes
# KoteGuard diffs branch commits β uncommitted changes will not be merged
# cd /path/to/worktree && git add -A && git commit -m "agent: apply changes"
# 5. Back in your project root β validate + merge back
cd your-android-or-ios-project # same dir as step 1
kote cleanup --accept
# 6. Or throw it away
kote cleanup --discard
Android-first (with skills wizard)
kote prep --android-first
# β detects Compose/Navigation/AGP usage
# β shows checkbox to select which skill guides to inject
# β pre-populates PLAN.md with selected skills
How It Works
kote prep
β
βββ Phase 0: Scan project
β detect Android/iOS Β· parse build.gradle/Info.plist
β scan docs Β· detect Android CLI Β· suggest skills
β
βββ Phase 1: Interactive planning
β title Β· objectives Β· tasks Β· definition of done Β· risks
β ββββ HARD GATE: type YES to proceed, refine to re-edit ββββ
β
βββ Phase 2: Create worktree
new git branch (kote/<session-id>-<slug>)
writes: PLAN.md Β· TASK.md Β· AGENTS.md Β· WORKSPACE.md
.github/copilot-instructions.md
.github/instructions/security.instructions.md
stubs: google-services.json Β· *.jks Β· *.p12 Β· etc.
logs: sessions/<id>/context/ Β· logs/ Β· output/
kote cli
βββ prints: cd /worktree && COPILOT_CUSTOM_INSTRUCTIONS_DIRS=... copilot --deny-tool=...
[agent works here]
kote cleanup --accept
βββ auto-validates PLAN.md + changed files
βββ generates sessions/<id>/output/validation-report.md
βββ merges branch back
βββ archives PLAN Β· TASK Β· diff Β· audit Β· report β .kote/history/
Command Reference
| Command | Description |
|---|---|
kote prep |
Full wizard: analyse β plan β worktree β IDE |
kote prep --android-first |
Wizard with Android skills selection |
kote prep --agent-mode <mode> |
Override agent mode: copilot-cli | copilot-plugin | none |
kote prep --dry-run |
Simulate without creating a worktree |
kote ide [session] |
Launch Android Studio or Xcode for a session |
kote cli [session] |
Print complete copilot command + open terminal |
kote status |
Rich table: all sessions with age, skills, context pressure |
kote cleanup --accept |
Run from the original project root. Validate β merge β archive history. Auto-picks most recent active session. |
kote cleanup <session-id> --accept |
Target a specific session by ID (find IDs with kote status) |
kote cleanup --discard |
Throw away changes, preserve audit trail |
kote cleanup --accept --force |
Accept even when validation has errors or uncommitted changes are detected |
kote cleanup --accept --compact |
Accept + save session summary to WORKSPACE.md |
kote validate [plan.md] |
Validate PLAN.md against schema |
kote validate -w WORKSPACE.md |
Also validate WORKSPACE.md |
kote android skills |
List all skills (cached + bundled) + suggest for current project |
kote android update |
Sync latest skill guides from github.com/android/skills |
kote android update --token <PAT> |
Same, with a GitHub token to avoid rate limits |
kote android docs |
Android KB links + worktree status |
kote ios skills |
List bundled iOS skill guides + suggest for current project |
kote sessions prune |
Remove completed/discarded session metadata older than 30 days |
kote sessions prune --days N |
Prune sessions older than N days |
kote sessions prune --dry-run |
Preview which sessions would be pruned |
kote init |
Interactively configure global defaults (agent mode, IDE, worktrees dir) |
kote version |
Print version |
Tips & Gotchas
-
Run
kote cleanupfrom the project root β the same directory where you rankote prep. Running it from a different directory causes git operations (diff, merge, branch deletion) to target the wrong repository. -
The agent must commit its changes β KoteGuard detects what changed by diffing branch commits against
main. If the agent modifies files but never runsgit commit, those changes do not exist as commits and will not be merged. KoteGuard will block cleanup with a clear error and recovery instructions when this is detected. Use--forceto skip the block and proceed (the uncommitted changes will not be merged). -
βNo changed files detectedβ warning β means the agent branch has no new commits relative to
main. Check the worktree for uncommitted files before accepting. If the session was already committed and merged manually, this is expected. -
Find session IDs β run
kote statusto see all sessions, their IDs, age, and whether the worktree still exists.
Android Skills
KoteGuard bundles best-practice SKILL.md guides that get injected into the agentβs context. The scanner auto-detects which ones are relevant based on your build.gradle.
| Skill | Triggered by | Guide covers |
|---|---|---|
navigation3 |
androidx.navigation dependency |
Type-safe NavHost, @Serializable routes, no string routes |
edge-to-edge |
enableEdgeToEdge / API 35 target |
windowInsetsPadding, Scaffold insets, API 35 enforcement |
agp9 |
AGP 9.x in libs.versions.toml |
JDK 21 requirement, namespace, declarative Kotlin DSL |
compose-migration |
androidx.compose dependency |
State hoisting, collectAsStateWithLifecycle, LazyColumn keys |
kote android update # sync latest skill guides from github.com/android/skills
kote android skills # see all skills (official + bundled) + what's suggested
kote android docs # Android developer documentation links
KoteGuard also runs a nightly GitHub Actions workflow (.github/workflows/sync-android-skills.yml) that automatically checks github.com/android/skills for updates and opens a PR against main whenever skill content changes β so bundled guides stay up to date without any manual work.
iOS Skills
KoteGuard also bundles best-practice guides for iOS/Swift developers. The scanner auto-detects relevant guides based on your Swift source files.
| Skill | Triggered by | Guide covers |
|---|---|---|
swiftui-patterns |
import SwiftUI / @Observable |
State management, NavigationStack, scene lifecycle, performance rules |
swift-concurrency |
async/await/actor usage |
Structured concurrency, AsyncStream, cancellation, @MainActor |
xctest |
import XCTest / SnapshotTesting |
Async tests, protocol mocking, snapshot testing, performance tests |
kote ios skills # see what's available + what's suggested for your project
Spec-Driven Development
Every PLAN.md KoteGuard creates has a machine-readable YAML block at the top. This is the source of truth β not just documentation.
---
spec_version: '1.0'
title: Implement login screen
tasks:
- id: t1
description: Create LoginViewModel
done: false
- id: t2
description: Wire up UI
done: false
definition_of_done:
- All tests pass
- Reviewed
---
# Implement login screen
...
The agent is instructed to update done: true for each task it completes, directly inside that YAML block. When you run kote cleanup --accept, KoteGuard:
- Parses the YAML β reads exactly which tasks were marked done
- Validates semantically β checks that changed files actually match each taskβs keywords (CamelCase-aware:
NavGraphβ searches fornav,graphin file paths) - Warns if tasks are undone β if files changed but all tasks are still
done: false, it flags it - Survives corruption β if the agent breaks the YAML, a regex fallback recovers the plan silently
This is why PLAN.md is not just a text document β itβs a live spec the agent writes back to.
Security Model
KoteGuard is designed so that even a misbehaving agent canβt cause lasting damage.
| Layer | Mechanism |
|---|---|
| Planning gate | Must type YES (or refine) β no accidental starts |
| Branch isolation | Agent never touches main β always a kote/<id> branch |
| Secret stubs | google-services.json, .jks, .p12 etc. swapped for placeholders before the session |
| Deny-tool flags | git push, git clone, git remote add/set-url are CLI-level blocked |
| Dual instructions | Agent gets both a task brief and a security rules file |
| Validation on accept | PLAN.md compliance + file change analysis before any merge |
| Audit trail | Every event written to sessions/<id>/logs/audit.jsonl + global ~/.kote/audit.jsonl |
| History archival | PLAN, TASK, diff, audit, report copied to .kote/history/ on every accept or discard |
Generated Copilot CLI Command
kote cli prints this β ready to paste:
cd /path/to/worktree && \
COPILOT_CUSTOM_INSTRUCTIONS_DIRS=".github/instructions" \
copilot \
--deny-tool='shell(git push)' \
--deny-tool='shell(git remote add)' \
--deny-tool='shell(git remote set-url)' \
--deny-tool='shell(git clone)'
Project Structure
src/koteguard/
βββ cli.py # Typer CLI (kote + kote android subgroup)
βββ models.py # Pydantic v2 models + Android v1.1 skill models
βββ config.py # TOML config Β· session audit Β· worktree context check
βββ project_scanner.py # Phase 0: file-signature detection + gradle parsing + doc analysis
βββ worktree.py # Git worktree engine Β· session subdirs Β· history archival
βββ sensitive_files.py # Sensitive file stub injection
βββ planning.py # PLAN.md Β· WORKSPACE.md Β· Copilot instructions rendering
βββ launcher.py # IDE launcher Β· build_copilot_cli_command()
βββ validation.py # Plan/change/skills validation Β· report generation
βββ templates.py # Template file management
templates/
βββ PLAN.md # Includes Token & Context Rules section
βββ WORKSPACE.md # Includes Android Agent Stack section
βββ TASK.md
βββ instructions.md # Includes model selection guidance
βββ security.instructions.md # applyTo: "**/*" Β· Android + iOS deny rules
βββ AGENTS.md
βββ config.toml
βββ android-skills/
β βββ navigation3.skill.md
β βββ edge-to-edge.skill.md
β βββ agp9.skill.md
β βββ compose-migration.skill.md
βββ ios-skills/
βββ swiftui-patterns.skill.md
βββ swift-concurrency.skill.md
βββ xctest.skill.md
Requirements
- Python 3.12+
- Git 2.5+ (for worktree support)
- GitHub Copilot CLI (
copilotbinary) for the terminal workflow - Android Studio or Xcode (optional, for IDE auto-launch)
Agent Modes
KoteGuard supports three ways to run the Copilot agent. Set the default in ~/.kote/config.toml or override per session with kote prep --agent-mode.
| Mode | How it runs | kote cli output |
|---|---|---|
copilot-cli (default) |
Terminal binary with --deny-tool security flags |
Full copy-pasteable command |
copilot-plugin |
IDE chat panel (Android Studio, VS Code) | Open IDE at worktree path |
none |
Instructions injected only β bring your own agent | cd <worktree> |
Set defaults interactively:
kote init # guided wizard β sets all fields below
Or edit ~/.kote/config.toml directly:
agent_mode = "copilot-cli" # copilot-cli | copilot-plugin | none
default_ide = "auto" # auto | android | ios
android_cli_enabled = true
worktrees_dir = "~/.kote/worktrees"
Override per session:
kote prep --agent-mode copilot-plugin
Contributing
git clone https://github.com/alisen/KoteGuard.git
cd KoteGuard
python -m venv .venv && source .venv/bin/activate
pip install -e ".[dev]"
pytest
License
MIT Β© Alishen