← All docs

Installation

Install agentjail and wire it into your coding agent in under a minute.

agentjail installs a set of binaries plus a default policy bundle. The install script detects your platform and drops everything into place.

Platform note: the agentjail install command (daemon + hook wiring) is macOS-only today. Claude Code is the only supported agent; Codex and Cursor support is not yet available.

Install

curl -fsSL https://agentjail.io/install.sh | sh

This downloads the release tarball for your platform (macOS arm64/amd64, Linux arm64/amd64), verifies the SHA256 checksum, and installs the following binaries to ~/.agentjail/bin/:

  • agentjail — the main CLI
  • agentjail-hook — the tiny binary called by Claude Code’s PreToolUse hook
  • agentjail-daemon — the persistent background daemon that keeps OPA warm
  • agentjail-shield and agentjail-netproxy — supporting binaries

Alternatively, if you use Homebrew:

brew install agentjail/tap/agentjail

Verify

agentjail --version
agentjail policy list

The first command confirms the binary is on your PATH; the second prints the policies that are currently active.

Wire it into Claude Code

Run the install command to register the daemon and hook:

agentjail install --for claude-code

This starts the agentjail-daemon (via launchctl on macOS) and writes the PreToolUse hook entry into ~/.claude/settings.json:

{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": "*",
        "hooks": [{ "type": "command", "command": "~/.agentjail/bin/agentjail-hook" }]
      }
    ]
  }
}

From this point on, every tool call Claude Code is about to make passes through agentjail-hook, which forwards it to the daemon for policy evaluation in under 5 ms. Allowed calls run as normal; denied calls never reach the shell.