GitHub Repository

Open-source firewall for AI agents. Policy engine that audits and controls what OpenClaw, Claude Code, Cursor, Codex, and any AI tool can do on your machine.

72 starsGo

Rampart – Runtime firewall for Claude Code and AI agents in YOLO mode

Name: Rampart – Runtime firewall for Claude Code and AI agents in YOLO mode
Availability: InStock
Author: trevxr

by trevxr·Feb 13, 2026·2 points·0 comments

Visit Project View on HN

AI Analysis

●●●BangerSolve My ProblemZero to One

Prevents `rm -rf ~` from your hallucinating agent in two commands, works with any CLI tool.

Strengths

•Solves a genuine security gap: no existing tool sandboxes AI agent shell access at the wire protocol level
•Multiple integration paths (native hooks, shell shim, LD_PRELOAD, MCP proxy) cover Cursor, Codex, Cline, OpenClaw without code changes
•Policy evaluation at ~20μs + optional rampart-verify sidecar gives both speed and flexibility for ambiguous cases

Weaknesses

•Targeting a small but growing problem space; only matters if you're running agents unsupervised (many devs still don't)
•Early-stage: only 24 GH stars, no evidence of production use at scale yet

Post Description

You're probably running Claude Code with `--dangerously-skip-permissions`. Or Codex in full-auto. Or an OpenClaw agent with unsupervised shell access.

Nothing stops a hallucination from running `rm -rf ~` or reading your SSH keys while you're getting coffee. I built Rampart after my own agent nearly nuked a directory on my home lab.

It checks every command against YAML rules before it executes. Dangerous stuff gets blocked. Everything gets logged.

brew install peg/rampart/rampart rampart setup claude-code

Two commands, runs locally, no account. Works with Claude Code, Codex, Cline, Cursor, or anything with a CLI. Go, Apache 2.0.