# agentjail

> Policy guardrails for coding agents. Block dangerous tool calls before your agent fires them. Open source, Apache-2.0.

## Getting Started

- [Introduction](https://agentjail.io/docs/introduction.md): What agentjail is, the problem it solves, and how policy enforcement sits between your coding agent and the tools it calls.
- [Quickstart](https://agentjail.io/docs/quickstart.md): Go from zero to a blocked tool call in about two minutes.
- [Installation](https://agentjail.io/docs/installation.md): Install agentjail and wire it into your coding agent in under a minute.

## Concepts

- [How it works](https://agentjail.io/docs/concepts/how-it-works.md): How agentjail intercepts tool calls, evaluates them offline, and returns a verdict before any command reaches the shell.
- [The policy model](https://agentjail.io/docs/concepts/policy-model.md): How agentjail policies are written, matched against tool calls, and evaluated offline with deny-by-rule semantics.
- [Verdicts](https://agentjail.io/docs/concepts/verdicts.md): The three verdicts agentjail can return, what triggers each one, and what the agent receives for each outcome.

## Writing policies

- [Your first rule](https://agentjail.io/docs/policies/first-rule.md): Anatomy of a deny rule, how to write one that blocks a command, where to put it, and how to test it.
- [The input schema](https://agentjail.io/docs/policies/input-schema.md): The shape of the input object passed to every policy rule, with a JSON example and notes on per-tool fields.
- [Rule recipes](https://agentjail.io/docs/policies/recipes.md): Copy-pasteable deny rules for common cases: sensitive paths, destructive commands, network egress, and git push guards.
- [Testing policies](https://agentjail.io/docs/policies/testing.md): Iterate on rules using opa test for unit tests and the agentjail-hook pipe for end-to-end verification.

## Integrations

- [Claude Code](https://agentjail.io/docs/integrations/claude-code.md): Wire agentjail into Claude Code's PreToolUse hook to enforce policy before every tool call.
- [Cursor](https://agentjail.io/docs/integrations/cursor.md): Wire agentjail into Cursor's pre-tool-use hook to enforce policy before every tool call.
- [Codex](https://agentjail.io/docs/integrations/codex.md): Wire agentjail into Codex's pre-tool-use hook to enforce policy before every tool call.
- [Generic pre-tool-use hook](https://agentjail.io/docs/integrations/generic-hook.md): How any coding agent with a pre-tool-use hook can call agentjail-hook to enforce policy before a tool call runs.

## Reference

- [CLI reference](https://agentjail.io/docs/reference/cli.md): The agentjail command-line interface: subcommands, flags, and example output.
- [Default policies](https://agentjail.io/docs/reference/default-policies.md): The policy rulesets that ship with agentjail out of the box: file_policy, command_policy, and mcp_policy.
- [Configuration](https://agentjail.io/docs/reference/configuration.md): What you can configure in agentjail: the policy.yaml overlay, custom Rego rules, daemon flags, and how rules compose.

## Guides

- [Run in CI](https://agentjail.io/docs/guides/ci.md): How agentjail can protect agents running unattended in CI — and what is not yet available.
- [Safely skipping permission prompts](https://agentjail.io/docs/guides/skip-permissions.md): How agentjail enforces a hard boundary when you run an agent with permission prompts disabled.