Headless agents in CI, containers, and dev environments execute fast. AgentSH intercepts system calls and evaluates them against policy locally before they run. Allow, block, prompt, or redirect. You decide.
Allow. Block. Prompt. Redirect. Steer agents toward approved alternatives instead of forcing retry loops.
Action proceeds immediately. No user interaction needed.
Action is denied. Agent receives an error response.
User must approve before the action can proceed.
Action is transparently routed to an approved alternative.
AgentSH intercepts network connections, file operations, and process execution before they happen.
Write policies that understand context, not just actions.
Define policies in YAML or JSON. Version in git. Test in CI. Deploy with confidence.
No background services required. No cloud connection required. Works in air-gapped environments.
Agents that fetch dependencies and run commands under policy, so builds stay safe without slowing down.
Agents that touch repos and credentials, constrained to approved actions and destinations.
Agents that run infra actions (terraform, kubectl) under policy so blast radius is bounded.
Environments where blast radius must be bounded by default, with no human in the loop.
AgentSH works great on its own. When you need centralized policy, approvals routing, audit logs, and a kill switch, add Watchtower. If your risk is supervised AI on endpoints, use Beacon.
Protects supervised AI on employee endpoints — macOS and Windows. Visibility, policy, and human-in-the-loop approvals for desktop AI tools.
Learn about Beacon →Centralized policy, approvals routing, audit logs, and a kill switch across your entire AI fleet — both supervised and unsupervised.
Learn about Watchtower →AgentSH is open source and free to use. Clone the repo or read the docs.