Runtime Shield
Runtime Shield evaluates AI agent actions before they execute. It runs across Claude Code, Cursor, Codex, Gemini CLI, Windsurf, GitHub Copilot, and Cowork so one policy model follows the developer instead of a single tool.
How It Works
- The agent is about to run a tool: terminal command, file read/write, web request, MCP call, or prompt submit.
- The local hook sends a compact event to Agent Keeper.
- Agent Keeper checks organization policy, group overrides, and Runtime Shield detection rules.
- The hook receives an allow, warn, or deny decision.
- The action and decision are written to the audit trail.
Detection Coverage
| Area | Examples |
|---|---|
| Credential exfiltration | Secret reads followed by network calls, .env uploads, SSH key exposure |
| Dangerous shell activity | Reverse shells, destructive deletes, firewall teardown, history tampering |
| File-system risk | Writes to system paths, startup scripts, CI workflows, git hooks |
| Web and MCP calls | Raw-IP calls, exfiltration endpoints, restricted MCP servers |
| Prompt injection | Instruction overrides, persona hijacks, encoded payloads, data extraction attempts |
Policy Controls
- Block or warn on specific tools.
- Block command substrings and write-path patterns.
- Flag sensitive reads without breaking normal development.
- Restrict WebFetch and allowed domains.
- Allowlist or deny MCP servers and tools.
- Apply stricter controls to identity-provider groups.
Fail-Open Behavior
Agent Keeper is designed to avoid breaking a developer workstation during an outage. If a hook cannot reach the evaluation endpoint, it fails open and records the condition locally where the hook supports local logging.
Setup
Use the dashboard setup flow:
/plugin marketplace add agentkeeper/security
/plugin install agentkeeper
/agentkeeper:connect
For Cursor, Codex, Gemini CLI, Windsurf, and Copilot, use /setup or the agent-specific setup guide to copy the current hook command and API key instructions.