Agentjail is an open-source security tool designed to enforce policy guardrails for coding agents, with a focus on blocking dangerous tool calls before they are executed. The platform addresses risks associated with AI agents issuing destructive or unauthorized commands, such as deleting sensitive files or force-pushing to production repositories. It is intended for development teams and individuals who utilize coding agents and require deterministic, auditable controls over agent actions.
The tool operates by intercepting every tool call from an agent and evaluating it against user-defined policies written in Rego, using a local OPA (Open Policy Agent) daemon. This evaluation happens in under five milliseconds, and if a command matches a blocked pattern or violates a policy, agentjail denies execution before the command reaches the shell. env files, and blocking commands such as rm -rf, curl|bash, sudo, force-push, and others. Additional opt-in library rules are available to further restrict actions like writing to shell initialization files, modifying application binaries, or reading shell history and browser cookies.
Agentjail supports granular, tool-level policies for MCP (multi-cloud provider) servers, maintains a full inventory of server configurations, and enforces a default-deny posture. Every decision made by the tool is logged for auditability, and policy enforcement can be customized at global, project, or session levels. The platform also features a live dashboard, full-screen session replay, and automatic daemon updates. Defense-in-depth is provided through a kernel sandbox and network proxy, which can block file and network access if hooks are bypassed. Self-protection measures prevent agents from disabling their own hooks or policy files.
Installation is performed via a shell script, and the tool operates offline on the user’s machine. 0 license, with its source code openly available. The service is positioned within the class of policy enforcement and security tools for coding agents, emphasizing deterministic, policy-as-code controls and rapid, local enforcement.
agentjail sits in PulseGate's AI & ML category. It focuses on preventing AI coding agents from executing dangerous or unauthorized commands on user systems. agentjail is an open-source project aimed at developers using AI coding agents. The project is open source (Apache-2.0). The product ships for the web and the command line, and it can be self-hosted.
agentjail contributors builds and maintains agentjail, and the product first shipped in 2026. The project is developed in the open on GitHub with 39 stars and 458 commits in the last 90 days. Across PulseGate's embedding index, agentjail has few near neighbours, marking it as relatively distinct. Among its 7 catalogued features are policy guardrails, command blocking, and offline mode. It exposes integrations via an MCP server and a public API.
Latest indexed changes and source events
Hand it your codebase. Not your secrets discovered by the PulseGate indexer
Other apps tracked under the same category.