Run AI agents safely on your local machine

Your AI agent has root access to your filesystem, your database, and your shell. Do you know what it's doing?

AgentWall is a policy-enforcing MCP proxy. It sits between your AI client and every MCP server, intercepts every tool call, and enforces your rules before anything executes. Works with Claude Desktop, Cursor, Windsurf, Claude Code, and OpenClaw — one command to install.

The killer feature

AI clients have their own approval flows. AgentWall ignores them.

Claude Desktop approved the call. OpenClaw approved the call. AgentWall blocked both.

18:14:47   mcp        DENY    policy   list_directory   ← BLOCKED despite Claude "Always allow"
18:14:51   openclaw   DENY    policy   exec             ← BLOCKED despite OpenClaw approval

Your YAML policy is the final word. Not the client. Not the model. You.

Features

• Works everywhere — Claude Desktop, Cursor, Windsurf, Claude Code, OpenClaw, any MCP client
• One command install — npx @agentwall/agentwall setup auto-detects and wraps all your MCP servers
• Browser approval UI — approve or deny tool calls from your browser, works in GUI clients with no terminal
• YAML policy engine — deny, allow, ask with glob matching, SQL content matching, path rules
• Independent audit log — ground truth record of every tool call, regardless of what the model claims
• Hot-reload — edit ~/.agentwall/policy.yaml and changes apply instantly, no restart needed
• Rate limiting — cap tool calls per minute to catch runaway agent loops
• Fully reversible — agentwall undo restores all original configs in one command

Install

npx @agentwall/agentwall setup

AgentWall detects Claude Desktop, Cursor, Windsurf, Claude Code, and OpenClaw. Wraps every MCP server automatically. Backs up your originals. Zero JSON editing.

# Or install globally
npm install -g @agentwall/agentwall
agentwall setup

Requires Node.js >= 22.

To verify protection is active:

agentwall status
# AgentWall v0.8.0
# Protected: Claude Desktop (3 servers) · Cursor (1 server) · OpenClaw
# Policy: ~/.agentwall/policy.yaml
# Decisions today: 47 allowed · 0 blocked · 2 approved

Quick start

# 1. Install and wrap your MCP servers
npx @agentwall/agentwall setup

# 2. Create a default policy (protects credentials, database, shell)
agentwall init

# 3. Start the web UI first — it owns port 7823
agentwall ui
# → http://localhost:7823

# 4. Start OpenClaw gateway (if using OpenClaw)
openclaw gateway
# Detects AgentWall on port 7823 and routes approvals to the browser

# 5. Open your AI client (Claude Desktop, Cursor, etc.)
# MCP proxies spawn automatically and connect to the same UI

Boot order matters. Start agentwall ui before the OpenClaw gateway and before opening AI clients. The gateway and MCP proxies detect the UI on startup and route approval requests to it. If the UI isn't running yet, they fall back to terminal prompts.

Supported clients

GUI clients (Cursor, Claude Desktop, Windsurf) have no terminal — approval requests appear in your browser at http://localhost:7823. Auto-denies after 30 seconds if no response.

Terminal clients (Claude Code, OpenClaw) get an inline y/n/a prompt. Press a to always allow an operation for the rest of the session.

Web UI

agentwall ui    # → http://localhost:7823

Approval / — approve or deny tool calls from your browser in real time. Auto-denies after 30 seconds.

Policy editor /policy — edit rules visually or in raw YAML. Both modes edit the same file. Changes apply instantly.

Log viewer /log — searchable view of everything your agent has done. Filter by runtime, decision, tool name, date.

Clients /clients — see every supported client on your machine, which MCP servers are protected, and wrap