Your agents read CLAUDE.md, AGENTS.md, .cursorrules, and MCP configs on
every single request, but nothing reviews that layer. ContextGuard lints it
like ESLint lints code: deterministic rules for oversized instructions, secrets in
AI-visible files, and unmeasured token overhead. Pro adds duplicate-context and
contradicting-rule checks, then shows the monthly cost hiding in that context.
Entirely local. No telemetry, no data collection. Your code never leaves your machine during scans.
The invisible problem
When your agent ignores an instruction, you blame the model, not the 6,000-token CLAUDE.md where your one important rule is buried under contradictions and a duplicated style guide. That layer is code: it changes model behavior on every request, and it drifts.
Instruction files and MCP schemas are injected into every session. A 4k-token CLAUDE.md isn't free. ContextGuard shows the token count and monthly cost estimate right in your status bar.
Once a team uses more than one tool, CLAUDE.md and .cursorrules start disagreeing. "Use tabs" in one file, "use spaces" in another, and the agent gets both. Which wins is luck.
Agents happily read files git never sees. A gitignored .env is still AI-visible, and so is the API key someone pasted into a config "just for a second."
What it does
Free proves the problem. Pro is the planned fix-it layer.
Scan your active file, open tabs, or workspace. Free flags oversized instruction files, secrets, MCP configs, generated noise, and token bloat with file, line, and Jump To. Pro adds duplicate Markdown context, contradicting AI rules, and git diff review scans.
Optimize Instruction File turns warnings into edits: dedupe rules within and across files, pick-the-winner conflict resolution, and a receipt like "4.1k → 1.8k tokens, ≈ −$2.10/month."
Free already flags secrets in instruction files (CLAUDE.md, .cursorrules, …) on every save. Live Secret Guard extends that to every other AI-visible source and config file: the moment a key, token, JWT, or DB URL lands in one, you get a status-bar alert and a Problems entry with the exact line, before any agent reads it.
Measure MCP Overhead launches your stdio MCP servers (with consent), calls tools/list, and reports the real schema tokens each one injects per session. No other tool shows that number.
Package clean, paste-ready context for Claude, ChatGPT, or any web AI, with token counts per file, one-click noise removal, automatic secret redaction (Pro), and PR-review packs built from your git diff (Pro).
The same deterministic rules, headless. The CLI fails the build on conflicting instruction rules and AI-visible secrets, so config drift becomes a red build instead of a degraded agent.
The rules
Deterministic, explainable, and consistent across the panel, save-time checks, and CI.
| Rule | What it catches |
|---|---|
| Large / Huge Instruction | AI instruction files over 1.5k–6k tokens that tax every request |
| Duplicate Context / Rule PRO | Repeated Markdown context or the same rule repeated across CLAUDE.md, .cursorrules, AGENTS.md, … |
| Conflicting Rule PRO | "Use tabs" in one file and "use spaces" in another, with Jump To navigation |
| Secret Content | API keys, tokens, JWTs, private keys, and credentialed DB URLs in AI-visible files |
| Sensitive Path | .env, *.pem, keystores, Terraform state, including safely gitignored files |
| MCP Unknown | MCP configs whose runtime schema overhead isn't counted anywhere |
| Large / Huge File | Files over 3k / 8k tokens that would dominate a request |
| Generated / Noisy | dist/, lockfiles, logs, and snapshots that add high-token, low-signal context |
For teams
The CLI is implemented in this repo and planned for npm. Once published, one CI command catches instruction size issues, duplicate and conflicting instruction rules, MCP detection, and secrets in AI-visible files.
# after the npm package is published # .github/workflows/ci.yml, or any CI npx contextguard-cli check --fail-on error # machine-readable output for dashboards npx contextguard-cli check --json
Pricing
No account needed for Free. Pro checkout is not live yet; planned early-access pricing is below.
If ContextGuard trims even 500 tokens off your auto-injected baseline, it pays for itself in API costs. The first secret it stops from reaching a chat window is worth more than the planned subscription.
FAQ
No. Every scan, lint, and bundle runs locally. ContextGuard does not send code or scan contents to a service. The only planned ContextGuard service call is validating a Pro license key against our licensing provider when Pro checkout opens. Measure MCP Overhead launches workspace-configured MCP commands only after consent; those servers may make their own normal network calls. There is no telemetry or data collection, and this website has no analytics or cookies either.
ContextGuard maintains a canonical registry of agent configuration conventions: 21 tools and counting, including Claude Code (CLAUDE.md, .mcp.json), the AGENTS.md standard, Cursor, GitHub Copilot, Cline, Windsurf, Roo Code, Gemini, Codex CLI, Aider, Zed, Continue, JetBrains Junie, Amazon Q, Goose, Amp, Augment Code, and more. When a tool ships a new convention, it gets a registry entry and every surface picks it up. Missing one? That's a bug; tell us.
Because your agent reads them anyway. .gitignore protects files from version control, not from AI tools. A gitignored .env is still injected into context by agents that read your workspace. That gap is exactly what ContextGuard audits.
They're computed from your actual token counts under stated, conservative assumptions: Sonnet-class input pricing ($3/M tokens) at 50 requests/day. Both are settings, so point them at your real usage and model pricing and the estimates become your numbers. The token count is the part that doesn't move; the dollar figure sits on top of it. Prompt caching moves the dollars in both directions — lower when caches hit, higher when they miss and expire — but either way that configuration occupies your context window on every request.
Pro checkout is not live yet, so there are no license keys to buy or activate today. The planned early-access license is one key for up to 5 machines. Once checkout opens, activate with ContextGuard: Activate Pro License from the Command Palette.
No Pro purchases are available today. When Pro sales open, the intended policy is a full refund within 14 days of purchase.
Yes. Everything except license validation is offline by design, and Pro keeps working through a 7-day offline grace window between validations.