context-guard

Context Guard

Defense in depth for Claude Code context.
State preservation + security layer against prompt injection, leakage, and manipulation.

---

The Problem

When Claude Code hits ~95% context usage, it auto-compacts your conversation. You lose:

• Which files you were editing and why
• Your debugging trail, hypotheses, and decisions
• Build state, test results, error messages
• Uncommitted changes, stashes, and worktree state
• The overall narrative: "where were we?"

Context Guard captures your entire work environment — git state, actual code diffs, build health, worktrees, environment variables, and Claude's own memory — and automatically restores it after compaction.

Before:  "Fix the auth bug in user-service.ts"
         *edits 3 files, runs tests, debugging failing case*
         --- COMPACTION ---
         "I see we're working on a project. How can I help?"

After:   --- COMPACTION ---
         "Resuming: auth bug in user-service.ts, branch feat/auth-fix.
          3 files modified (core:2, ui:1), tests failing on line 42.
          Diff shows we added token validation but missed expiry check.
          Continuing with the expiry logic..."

---

Quick Start

Plugin Install (recommended)

/plugin marketplace add jlceaser/context-guard
/plugin install context-guard@jlceaser

Restart Claude Code. That's it — hooks, skills, and agent are all active.

Manual Install

git clone https://github.com/jlceaser/context-guard.git
cd context-guard
bash install.sh    # auto-configures settings.json via jq
bash test.sh       # verify (31 tests)

One-liner

bash <(curl -sL https://raw.githubusercontent.com/jlceaser/context-guard/main/install.sh)

---

How It Works

                          Context at 80%
                               │
                    ┌──────────▼──────────┐
                    │  PreCompact Hook    │
                    │  ┌────────────────┐ │
                    │  │ Git state      │ │
                    │  │ Code diffs     │ │     ┌─────────────────┐
                    │  │ Build health   │ │────▶│ Snapshot .md     │
                    │  │ Worktrees      │ │     │ + systemMessage  │
                    │  │ Environment    │ │     └────────┬────────┘
                    │  │ Claude memory  │ │              │
                    │  └────────────────┘ │              │
                    └─────────────────────┘              │
                                                        ▼
                    ┌─────────────────────┐    ┌────────────────┐
                    │  --- COMPACTION --- │───▶│ systemMessage   │
                    └─────────────────────┘    │ injected into   │
                                               │ compacted state │
                    ┌─────────────────────┐    └────────┬───────┘
                    │  SessionStart Hook  │◀────────────┘
                    │  Detects snapshot   │
                    │  Injects recovery   │──▶ Claude reads snapshot
                    └─────────────────────┘    and resumes work

Two-phase defense:

1. systemMessage — critical metadata (project, branch, dirty files) is injected directly into the compaction summary. This survives compaction and is immediately available.

2. Snapshot file — full state with code diffs is saved to disk. Claude reads this on the next turn to restore complete context.

Annotation Layer (v4.0.0):

3. Persistent annotations — topic-based notes that survive everything. Save key findings with /cg-annotate <topic> "note", retrieve with /cg-recall <topic>. Stored in ~/.claude/annotations/<project>/<topic>.md. Inspired by context-hub.

---

Context Security

New in v0.5.0 — Context Guard now includes a security layer that protects against prompt injection, credential leakage, and context manipulation.