Quick Start¶

Get Rampart protecting your AI agent in under a minute.

Zero risk to try

Rampart fails open — if the policy engine crashes or is unreachable, your tools keep working normally. You'll never get locked out of your own machine. Use default_action: allow with action: log rules to observe without blocking anything.

Claude Code (Recommended)¶

If you're using Claude Code, this is a one-liner:

rampart setup claude-code

This installs native hooks into Claude Code's hook system. Every Bash command, file read, and file write gets evaluated against Rampart's policy engine before execution.

Then just use Claude Code normally:

claude

Rampart is completely transparent — safe commands pass through in microseconds, dangerous commands get blocked before they execute.

See It Working¶

Open a second terminal and watch decisions in real time:

rampart watch

╔══════════════════════════════════════════════════════════════╗
║  RAMPART — enforce — 3 policies                             ║
╠══════════════════════════════════════════════════════════════╣
║  ✅ 21:03:42 exec  "git push origin main"     [allow-git]   ║
║  ✅ 21:03:41 read  ~/project/src/main.go      [default]     ║
║  🔴 21:03:38 exec  "rm -rf /tmp/*"            [protect-sys] ║
║  ✅ 21:03:35 exec  "npm test"                 [allow-dev]   ║
║  🟡 21:03:33 exec  "curl https://api.io"      [log-http]    ║
╠══════════════════════════════════════════════════════════════╣
║  1,247 total │ 1,201 allow │ 12 deny │ 34 log               ║
╚══════════════════════════════════════════════════════════════╝

Other Agents¶

Any CLI AgentMCP ServersLD_PRELOAD

# Wrap any agent that reads $SHELL
rampart wrap -- aider
rampart wrap -- opencode
rampart wrap -- python my_agent.py

# Proxy MCP with policy enforcement
rampart mcp -- npx @modelcontextprotocol/server-fs .

# Universal — works with any dynamically-linked process
rampart preload -- codex
rampart preload -- node agent.js

Built-in Profiles¶

Rampart ships with three profiles to get you started:

Profile	Default Action	Description
`standard`	allow	Block dangerous commands, log suspicious ones, allow the rest
`paranoid`	deny	Explicit allowlist — everything is blocked unless you say otherwise
`yolo`	allow	Log everything, block nothing — for auditing only

# Initialize with a specific profile
rampart init --profile standard

Test the Policy Engine¶

You can test decisions without running an agent:

echo '{"tool_name":"Bash","tool_input":{"command":"rm -rf /"}}' | rampart hook

{"hookSpecificOutput":{"permissionDecision":"deny","permissionDecisionReason":"Rampart: Destructive command blocked"}}

What's Next?¶

Configuration → — Write custom policies
Integration Guides → — Set up your specific agent
Policy Engine → — Deep dive into matching rules