Run AI agents safely on your local machine
AgentWall |
Run AI agents safely on your local machine
Your AI agent has root access to your filesystem, your database, and your shell. Do you know what it's doing?
AgentWall is a policy-enforcing MCP proxy. It sits between your AI client and every MCP server, intercepts every tool call, and enforces your rules before anything executes. Works with Claude Desktop, Cursor, Windsurf, Claude Code, and OpenClaw — one command to install.

The killer feature
AI clients have their own approval flows. AgentWall ignores them.
Claude Desktop approved the call. OpenClaw approved the call. AgentWall blocked both.
18:14:47 mcp DENY policy list_directory ← BLOCKED despite Claude "Always allow"
18:14:51 openclaw DENY policy exec ← BLOCKED despite OpenClaw approval
Your YAML policy is the final word. Not the client. Not the model. You.
Features
- Works everywhere — Claude Desktop, Cursor, Windsurf, Claude Code, OpenClaw, any MCP client
- One command install —
npx @agentwall/agentwall setupauto-detects and wraps all your MCP servers - Browser approval UI — approve or deny tool calls from your browser, works in GUI clients with no terminal
- YAML policy engine — deny, allow, ask with glob matching, SQL content matching, path rules
- Independent audit log — ground truth record of every tool call, regardless of what the model claims
- Hot-reload — edit
~/.agentwall/policy.yamland changes apply instantly, no restart needed - Rate limiting — cap tool calls per minute to catch runaway agent loops
- Fully reversible —
agentwall undorestores all original configs in one command
Install
npx @agentwall/agentwall setup
AgentWall detects Claude Desktop, Cursor, Windsurf, Claude Code, and OpenClaw. Wraps every MCP server automatically. Backs up your originals. Zero JSON editing.
# Or install globally
npm install -g @agentwall/agentwall
agentwall setup
Requires Node.js >= 22.
To verify protection is active:
agentwall status
# AgentWall v0.8.0
# Protected: Claude Desktop (3 servers) · Cursor (1 server) · OpenClaw
# Policy: ~/.agentwall/policy.yaml
# Decisions today: 47 allowed · 0 blocked · 2 approved
Quick start
# 1. Install and wrap your MCP servers
npx @agentwall/agentwall setup
# 2. Create a default policy (protects credentials, database, shell)
agentwall init
# 3. Start the web UI first — it owns port 7823
agentwall ui
# → http://localhost:7823
# 4. Start OpenClaw gateway (if using OpenClaw)
openclaw gateway
# Detects AgentWall on port 7823 and routes approvals to the browser
# 5. Open your AI client (Claude Desktop, Cursor, etc.)
# MCP proxies spawn automatically and connect to the same UI
Boot order matters. Start agentwall ui before the OpenClaw gateway and before opening AI clients. The gateway and MCP proxies detect the UI on startup and route approval requests to it. If the UI isn't running yet, they fall back to terminal prompts.
Supported clients
| Client | Approval method | Integration |
|---|---|---|
| Claude Desktop | Browser UI at localhost:7823 | MCP proxy |
| Cursor | Browser UI at localhost:7823 | MCP proxy |
| Windsurf | Browser UI at localhost:7823 | MCP proxy |
| Claude Code | Terminal y/n/a prompt |
MCP proxy |
| OpenClaw | Terminal y/n/a prompt |
Native plugin |
| Any MCP client | Browser UI or terminal | MCP proxy |
GUI clients (Cursor, Claude Desktop, Windsurf) have no terminal — approval requests appear in your browser at http://localhost:7823. Auto-denies after 30 seconds if no response.
Terminal clients (Claude Code, OpenClaw) get an inline y/n/a prompt. Press a to always allow an operation for the rest of the session.
Web UI
agentwall ui # → http://localhost:7823
Approval / — approve or deny tool calls from your browser in real time. Auto-denies after 30 seconds.
Policy editor /policy — edit rules visually or in raw YAML. Both modes edit the same file. Changes apply instantly.
Log viewer /log — searchable view of everything your agent has done. Filter by runtime, decision, tool name, date.
Clients /clients — see every supported client on your machine, which MCP servers are protected, and wrap
Configuration
AgentWall automatically wraps your existing MCP servers via the setup command, so manual JSON editing is not required.