https://github.com/pegasi-ai/reins
Stop AI agents from doing things you didn't ask for.
https://github.com/pegasi-ai/reins
agent-observability agent-security ai-monitoring ai-safety audit-trail browser-automation claude-code-marketplace claude-code-plugin claude-code-skill cua human-in-the-loop intervention mcp openclaw-security
Last synced: 9 days ago
JSON representation
Stop AI agents from doing things you didn't ask for.
- Host: GitHub
- URL: https://github.com/pegasi-ai/reins
- Owner: pegasi-ai
- License: apache-2.0
- Created: 2023-04-13T12:53:46.000Z (about 3 years ago)
- Default Branch: main
- Last Pushed: 2026-05-19T14:09:36.000Z (about 1 month ago)
- Last Synced: 2026-05-19T17:10:00.117Z (about 1 month ago)
- Topics: agent-observability, agent-security, ai-monitoring, ai-safety, audit-trail, browser-automation, claude-code-marketplace, claude-code-plugin, claude-code-skill, cua, human-in-the-loop, intervention, mcp, openclaw-security
- Language: Python
- Homepage: https://www.reins.sh
- Size: 207 MB
- Stars: 414
- Watchers: 11
- Forks: 72
- Open Issues: 15
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
> In Greek myth, Athena gave Bellerophon the golden bridle — reins included — that let him guide Pegasus. Reins applies the same idea to AI agents: raw power is not enough — what matters is making it controllable.
Reins enforces deterministic security policies on every agent action, scans your configs for OWASP ASI10 vulnerabilities, and tracks drift over time. Policies evaluate in under 50ms. Works with Claude Code PreToolUse and PostToolUse hooks, OpenClaw, and any MCP-compatible agent.
## Quickstart
```bash
npm install -g @pegasi-ai/reins
reins init
```
## Claude Code Skill
Install the Reins skill to give Claude Code awareness of your security posture:
```bash
mkdir -p ~/.claude/skills/reins
curl -o ~/.claude/skills/reins/SKILL.md \
https://raw.githubusercontent.com/pegasi-ai/reins/main/.claude/skills/reins/SKILL.md
```
Or clone the repo — the skill is included at `.claude/skills/reins/` automatically.
## Demo
An OpenClaw agent tries to bulk-delete 4,382 Gmail messages. Reins blocks it before execution.
## What Reins does
- **Prevent** — Block destructive actions before execution. Score irreversibility. Detect risky browser state.
- **Pause** — Route high-impact actions through terminal or messaging approval flows. Require explicit `CONFIRM-*` tokens for catastrophic operations.
- **Prove** — Preserve an immutable audit trail of every decision, approval, and block.
## Security guarantees
- **Zero Trust** — every action evaluated before execution
- **Synchronous** — agent cannot proceed until the hook exits
- **No network in the hot path** — policies cached locally, enforced offline
- **Fail-closed** — any unhandled hook error blocks the action
- **Immutable audit** — append-only JSONL at `~/.openclaw/reins/decisions.jsonl`
## Documentation
Full docs at [reins.sh/docs](https://reins.sh/docs):
- [Getting Started](https://reins.sh/docs/getting-started)
- [How It Works](https://reins.sh/docs/how-it-works)
- [Security Policies](https://reins.sh/docs/policies)
- [CLI Reference](https://reins.sh/docs/cli)
- [Security Scan](https://reins.sh/docs/scan)
- [Reins Cloud](https://reins.sh/docs/reins-cloud)
- [Use as a Library](https://reins.sh/docs/library)
- [Architecture](https://reins.sh/docs/architecture)
## Contributing
PRs welcome. See [CONTRIBUTING.md](CONTRIBUTING.md).
## License
Apache 2.0 — see [LICENSE](LICENSE).
