# Quickstart

> Go from zero to a blocked tool call in about two minutes.

This page gets you from zero to a live, blocked tool call in about two minutes.
For a more detailed setup walkthrough, see [Installation](/docs/installation).

> **Prerequisites:** macOS (arm64 or amd64). Claude Code is the only supported
> agent today; Codex and Cursor support is not yet available.

## 1. Install agentjail

```sh
curl -fsSL https://agentjail.io/install.sh | sh
```

This downloads the release tarball, verifies its SHA256 checksum, and installs
the agentjail binaries to `~/.agentjail/bin/`.

## 2. Confirm the install

```sh
agentjail --version
```

Then check that the default policies are loaded:

```sh
agentjail policy list
```

You should see the core policies (such as `file_policy`) listed in the output.

## 3. Wire it into Claude Code

```sh
agentjail install --for claude-code
```

This starts the background daemon (`agentjail-daemon`) and registers
`agentjail-hook` as a `PreToolUse` hook in `~/.claude/settings.json`. From
this point on, every tool call Claude Code is about to make is evaluated against
your policy before it runs. Denied calls never reach the shell.

## 4. See a denial in action

With the daemon running, pipe a `PreToolUse` payload directly to `agentjail-hook`
to confirm the policy is working:

```sh
echo '{"hook_event_name":"PreToolUse","tool_name":"Bash","tool_input":{"command":"rm -rf ~/.ssh/"}}' \
  | agentjail-hook
```

You should get a nonzero exit code and a message like:

```text
DENY: Blocked: command targets sensitive path ~/.ssh/
```

The call is blocked. Because `agentjail-hook` is wired into Claude Code's
`PreToolUse` hook, the same evaluation happens automatically for every tool call
Claude Code tries to make.

## Next steps

- [How it works](/docs/concepts/how-it-works): understand the tool-call boundary
  and how evaluation runs offline.
- [Installation](/docs/installation): the full setup guide, including binary
  paths and policy bundle details.