Skip to content

reesepj/agentwall

BranchesTags

Repository files navigation

Agentwall

Agentwall

Runtime control for agentic AI.

Agentwall sits between AI agents and real-world action surfaces: shell commands, tools, network egress, browser actions, communication channels, identity, and content delivery.

It answers one question before an agent acts:

Should this action be allowed, denied, redacted, or routed to a human?

Why it exists

Agent prompts are not a security boundary. Agentwall enforces policy at runtime, where the risk becomes real.

Core principles:

  • Least privilege by default
  • Default-deny egress
  • Human approval for high-risk actions
  • Communication-channel containment
  • Static command preflight before shell execution
  • Tamper-evident audit trails for operator review

What ships now

  • Policy evaluation API
  • DLP scanning for secrets and PII
  • Approval queue and operator controls
  • Telegram/channel guardrails
  • Damage Control bash/command preflight
  • Local Security Command Center dashboard
  • Watchdog and runtime health signals
  • Structured audit events and decision evidence

Dashboard

Agentwall runs a local operator dashboard:

http://127.0.0.1:3015/dashboard

The dashboard is built around three surfaces:

  1. Local Runtime: service health, default-deny posture, approval mode, flood controls
  2. Communication Guardrails: scoped channel policies for agent bots in shared conversations
  3. Bash Firewall: preflight checks for risky shell commands before execution

Advanced mode exposes policy, audit, federation, sessions, and diagnostic views.

Quickstart

git clone https://github.com/reesepj/agentwall.git
cd agentwall
npm install
npm run build
node dist/cli.js init --mode guarded --allow-hosts api.openai.com
node dist/cli.js doctor
node dist/cli.js start

Run tests:

npm test

Example policy posture

policy:
  defaultDecision: "deny"
egress:
  enabled: true
  defaultDeny: true
  allowPrivateRanges: false
  allowedSchemes: ["https"]
  allowedPorts: [443]

Main endpoints

POST /evaluate
POST /inspect/content
POST /integrations/communication-channel/guardrail
POST /integrations/damage-control/command-preflight
GET  /api/dashboard/state

Docs

  • docs/README.md
  • docs/architecture.md
  • docs/product-thesis.md
  • docs/threat-model.md
  • docs/tutorials/

Boundary

This repo is the local/open-source runtime control plane. Managed service operations, enterprise connectors, proprietary policy intelligence, and incident automation workflows belong outside the OSS core.

License

MIT

About

Runtime firewall and operator console for AI agents: policy, approvals, egress controls, audit, and live safety telemetry.

reesepj.github.io/agentwall

Topics

security typescript firewall ai-safety fastify policy-engine ai-agents ai-security agentic-ai agent-security ai-firewall operator-console runtime-defense

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

Agentwall v0.1.0 Latest
Mar 24, 2026

Packages

 
 
 

Contributors

Languages