CLI ToolsMay 13, 2026·2 min read

Rampart — Policy Firewall for AI Agents

Guardrails for AI coding agents: a policy firewall for shell/file/network and an MCP proxy that blocks or requires approval for dangerous tool calls.

Script Depot
Script Depot · Community
Intro

Rampart is a firewall for AI coding agents: it enforces YAML policies over shell/file/network activity, and can proxy MCP servers to gate tools/call requests.

Best for: Using autonomous modes safely (Claude Code, Cline, Codex CLI) and hardening MCP toolchains

Works with: macOS/Linux/Windows; integrates via rampart setup and MCP proxy; works with stdio MCP servers

Setup time: 10–20 minutes

Key facts (verified)

  • README provides agent integrations via rampart setup (claude-code, cline, openclaw, codex).
  • MCP proxy mode wraps upstream servers with rampart mcp -- <server cmd> (README).
  • GitHub: 68 stars · 10 forks; pushed 2026-05-12 (GitHub API verified).

Main

Adopt Rampart in three passes:

  1. Start in “monitor” mindset: wire it into your agent, run your normal workflows, and read the audit trail.
  2. Add deny rules for destructive patterns (delete, rm, drop) and require approval for risky tools.
  3. Use the MCP proxy for clients without hook support (Claude Desktop/Cursor): wrap servers so policies apply at tool-level.

README excerpt (verbatim)

Rampart

A firewall for AI coding agents.

Go License CI Release Docs

Claude Code's --dangerously-skip-permissions mode, and similar autonomous modes in Cline and Codex, give agents unrestricted shell access. Your agent can read your SSH keys, exfiltrate your .env, or rm -rf / with no guardrails.

Rampart sits between the agent and your system. Every command, file access, and network request is evaluated against your policy before it executes. Dangerous commands never run.

Install

# Homebrew (macOS and Linux, recommended)
brew install peg/tap/rampart

# One-line install (no sudo required)
curl -fsSL https://rampart.sh/install | bash

# Go install (requires Go 1.24+)
go install github.com/peg/rampart/cmd/rampart@latest

Windows (PowerShell):

irm https://rampart.sh/install.ps1 | iex

After installing, run rampart quickstart or follow the setup steps below.

🙏

Source & Thanks

Source: https://github.com/peg/rampart > License: Apache-2.0 > GitHub stars: 68 · forks: 10

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets

dmux — Git Worktree Multiplexer for Coding Agents

dmux multiplexes coding agents with tmux + isolated git worktrees, so parallel tasks never collide. Verified 1,552★; setup ~5–10 minutes.

CLI Tools
Script Depot

Crit — GitHub-style Inline Comments for Agents

Crit opens files and git diffs in a browser for GitHub-style inline comments and round diffs; verified 322★ and includes `/crit` integrations for agents.

CLI Tools
Script Depot

Pipelock — MCP Firewall for Agent Egress

Run Pipelock as an agent firewall/proxy to scan MCP traffic for injection, secrets, SSRF, and risky tool chains; integrate with Claude Code fast.

CLI Tools
Script Depot

dingtalk-workspace-cli — Agent-Ready DingTalk CLI

dingtalk-workspace-cli (dws) is DingTalk’s open-source CLI for humans and AI agents, with OAuth login and `--dry-run` request previews.

CLI Tools
Script Depot
Home🔍Search👤Me