AI Coding Agents
Agent Keeper monitors AI coding agents across the major IDEs. Shell commands, file reads and writes, MCP tool calls, and prompts are intercepted before execution so you can block, warn, or audit every action.
Coverage and enforcement capabilities differ by IDE based on what each platform exposes through its hook system.
Capability matrix
| Capability | Claude Code | Codex | Gemini CLI | Cursor | VS Code Copilot | Windsurf |
|---|---|---|---|---|---|---|
| Shell command blocking | Yes | Yes | Yes | Yes | Yes | Yes |
| File read audit | Yes | Yes | Yes | Yes | Yes | Yes |
| File write blocking | Yes | Yes | Yes | Audit only | Audit only | Yes |
| Prompt blocking | Yes | Yes | Yes | Yes | Preview | Yes |
| MCP call monitoring | Yes | Yes | Yes | Yes | Limited | Yes |
| Session check-in | Yes | Yes | Yes | First event | First event | First event |
| Hook config location | ~/.claude/settings.json | .codex/config.toml | .gemini/settings.json | .cursor/hooks.json | .github/hooks/agentkeeper.json | .windsurf/hooks.json |
Setup guides
- Claude Code Setup: plugin-based setup with full enforcement and MCP monitoring.
- Codex Setup: OpenAI Codex hooks with shell, patch, prompt, and MCP policy coverage.
- Gemini CLI Setup: Gemini command hooks with file, shell, prompt, and MCP policy coverage.
- Cursor Setup: project hooks for Cursor with shell, prompt, file, and MCP coverage.
- VS Code Copilot Setup: GitHub Copilot agent hook configuration where Preview hooks are available.
- Windsurf Setup: Windsurf Cascade hooks with strong file write enforcement.
How monitoring works
Each IDE integration works by registering Agent Keeper as an HTTP hook receiver. When the agent is about to execute a tool call, the IDE sends the event to Agent Keeper before the action runs. Agent Keeper evaluates the event against your org's security policies and returns a verdict:
- Block: the tool call is denied; the agent receives a rejection message.
- Warn: the call proceeds but is flagged in the audit trail.
- Pass: the call proceeds and is logged.
All events are recorded in the Activity page regardless of verdict.
Runtime Shield
The Runtime Shield runs across all IDE integrations. It detects credential exfiltration patterns, reverse shells, prompt injection, and 55+ threat patterns in prompts and tool call inputs. Shield events appear in the Security dashboard and can trigger email alerts (Pro+) or webhook alerts (Team+).