diff --git a/packages/guardrails/profile/agents/incident-responder.md b/packages/guardrails/profile/agents/incident-responder.md
index 829c441b2a00..7dbbeb7532fe 100644
--- a/packages/guardrails/profile/agents/incident-responder.md
+++ b/packages/guardrails/profile/agents/incident-responder.md
@@ -20,8 +20,6 @@ permission:
     "rm -rf *": deny
     "rm -r *": deny
     "sudo *": deny
-    "curl * | sh*": deny
-    "wget * | sh*": deny
     "git log*": allow
     "git diff*": allow
     "git show*": allow
@@ -33,6 +31,8 @@ permission:
     "pwd": allow
     "which *": allow
     "curl *": ask
+    "curl * | sh*": deny
+    "wget * | sh*": deny
     "node *": allow
     "bun *": allow
 ---
diff --git a/packages/guardrails/profile/agents/security-engineer.md b/packages/guardrails/profile/agents/security-engineer.md
index 2ab76c8839d2..cb1cefade188 100644
--- a/packages/guardrails/profile/agents/security-engineer.md
+++ b/packages/guardrails/profile/agents/security-engineer.md
@@ -9,7 +9,13 @@ permission:
     "*.pem": deny
     "*.key": deny
     "*secret*": deny
-  grep: allow
+  grep:
+    "*": allow
+    "*.env*": deny
+    "*credentials*": deny
+    "*.pem": deny
+    "*.key": deny
+    "*secret*": deny
   glob: allow
   edit:
     "*": deny
diff --git a/packages/guardrails/profile/plugins/guardrail.ts b/packages/guardrails/profile/plugins/guardrail.ts
index de2190322fa6..8cb13d347135 100644
--- a/packages/guardrails/profile/plugins/guardrail.ts
+++ b/packages/guardrails/profile/plugins/guardrail.ts
@@ -514,7 +514,7 @@ export default async function guardrail(input: {
         const protectedBranch = /^(main|master|develop|dev)$/
         if (/\bgit\s+push\b/i.test(cmd)) {
           // Check explicit branch target
-          const explicitMatch = cmd.match(/\bgit\s+push\s+\S+\s+(?:HEAD:)?(\S+)/i)
+          const explicitMatch = cmd.match(/\bgit\s+push\s+(?:(?:-\w+|--[\w-]+)\s+)*\S+\s+(?:HEAD:)?(\S+)/i)
           if (explicitMatch && protectedBranch.test(explicitMatch[1])) {
             throw new Error(text("direct push to protected branch blocked — use a PR workflow"))
           }
@@ -524,7 +524,7 @@ export default async function guardrail(input: {
             throw new Error(text("direct push to protected branch blocked — use a PR workflow"))
           }
           // Plain `git push` with no branch — check current branch
-          if (!/\bgit\s+push\s+\S+\s+\S+/i.test(cmd)) {
+          if (!/\bgit\s+push\s+(?:(?:-\w+|--[\w-]+)\s+)*\S+\s+\S+/i.test(cmd)) {
             try {
               const result = await git(input.worktree, ["branch", "--show-current"])
               if (result.stdout && protectedBranch.test(result.stdout.trim())) {
@@ -609,7 +609,7 @@ export default async function guardrail(input: {
           out.output += "\n\n📝 Source code edited (3+ operations). Check if related documentation (README, AGENTS.md, ADRs) needs updating."
         }
         // Auto-format reminder after 3+ source edits
-        if (nextEditCount >= 3 && nextEditCount % 3 === 0) {
+        if (code(file) && nextEditCount >= 3 && nextEditCount % 3 === 0) {
           out.output = (out.output || "") + "\n🎨 " + nextEditCount + " source edits — consider running formatter (`prettier --write`, `biome format`, `go fmt`)."
         }
       }