Integrated Development Environments (IDEs) like Visual Studio Code (VS Code) and Cursor are essential tools for developers, but they both rely on a trust-based security model that can leave users vulnerable. When users trust an extension or workspace, it gains significant access, allowing it to execute code and manipulate files without further consent. This poses risks, especially since many developers open projects from unknown sources. Vulnerabilities have been identified within VS Code, including remote code execution risks linked to Jupyter Notebook files and malicious Git repositories. Even with Microsoft's Marketplace vetting process, malicious extensions can slip through, as seen in a recent investigation revealing a proof-of-concept extension that quickly garnered over a thousand downloads. IDE-SHEPHERD is an open-source extension designed to address these security gaps by integrating directly into the IDE's Node.js runtime. It employs a require-in-the-middle layer to monitor and analyze operations in real time. Unlike the standard trust model that extends blanket trust to all extensions from a publisher, IDE-SHEPHERD evaluates each extension's behavior at runtime, allowing for more granular control. It blocks potentially harmful actions based on a growing set of rules, enhancing user security. The tool features both runtime defense, which monitors critical API calls and network communications, and heuristic detection to identify anomalies in extension metadata, such as suspicious version numbers or hidden commands. The extension includes a user-friendly interface that provides real-time security status, risk assessments for installed extensions, and a timeline of suspicious tasks. Users can manage trusted publishers and extensions, ensuring a customized security experience. IDE-SHEPHERD's proactive approach aims to prevent real-world attacks by continuously validating the behavior of extensions and workspaces, adapting to evolving threats in the development environment.