Blog
Operational guides for vendor-neutral agent safety & security.
2026-06-29
Guarding your working agent with OpenGuardrails and openafw
Standard security tools tell you a request happened. But an agent's two dangerous moments — reading untrusted content, and handing a key to an invisible middleman — need an agent-specific probe on the wire. A walkthrough of the OGR gateway altitude, landed locally as openafw, with a familiar OpenTelemetry analogy.
Read →2026-06-29
When your coding agent installs the malware
A real incident: a coding agent in bypass mode ran an obfuscated curl|bash from a phishing site and let in an AMOS Stealer variant. The full attack chain, where OpenGuardrails would have stopped it at the entry point — and, honestly, where it wouldn't (it's not antivirus).
Read →2026-06-29
Guarding Claude Code with OpenGuardrails (even in bypass mode)
Install one plugin and risky Claude Code tool calls are denied before they run — even in bypass mode, because the PreToolUse hook fires above the permission system. The one place the built-in classifier can't reach.
Read →2026-06-29
Guarding an opencode agent with OpenGuardrails
Guard opencode — a TypeScript coding agent — as a pure plugin on the tool.execute.before hook. The deny-and-continue model, your own model as the judge, and the upstream PR that turns require_approval into a first-class human ask.
Read →2026-06-29
From AI Gatekeeper to OpenGuardrails: guarding Kilo CLI
Kilo CLI had a bespoke LLM command-approval classifier. We routed it through OpenGuardrails — one GuardEvent → Verdict, composed detectors, reasoning-blind, your own model as judge — and deleted the one-off backend enum.
Read →2026-06-29
Guarding an OpenClaw agent with OpenGuardrails
Guard OpenClaw as a pure plugin on its before_tool_call hook — with a first-class human-approval gate. block AND require_approval both work natively, no core change. Published and smoke-verified.
Read →2026-06-28
Guarding a Hermes agent with OpenGuardrails
Guard a Hermes agent behind one neutral contract — intercept every tool call and real exec, enforce one policy you own, and plug in any vendor's detector without rewiring the agent. What Hermes exposes, what you pip install, the one policy that controls it, and how to verify end to end.
Read →