Quickstart
Get AgentGuard catching risky agent actions in under 5 minutes.
1 · Install and connect
Run the installer in the terminal where your agent runs. OpenClaw can finish browser activation; Claude Code and Codex currently connect to Cloud with an API key.
Go to API Keys2 · Install the local guard
Run this in the terminal where your agent runs. It installs @goplus/agentguard, writes a local config, and connects to AgentGuard Cloud.
curl -fsSL https://agentguard.gopluslabs.io/install.sh | bashirm https://agentguard.gopluslabs.io/install.ps1 | iexVerify it's installed:
agentguard status && agentguard doctor3 · Pick a policy mode
Three presets get you started. You can override any rule later.
- · Observe — log everything; nothing is blocked. Best for the first week.
- · Balanced — block destructive commands and remote-exec; ask for approval on secrets and deploys. Recommended default.
- · Strict — most risky actions wait for explicit approval or are refused outright.
4 · Trigger a test action
Ask your agent to do something risky on purpose. The guard should intercept it and either pause for your approval or refuse outright.
Example prompt to try:
5 · Watch it land in the dashboard
Every evaluated action shows up on the Live Activity page with the decision, the risk score, and the reasons that triggered it. That's your audit trail.
Open Live ActivityCommon questions
Does the agent send my code to the cloud?▼
No. Policy decisions happen locally. The only thing synced to Cloud is the redacted action metadata you see in Live Activity.
What happens if I'm offline?▼
The guard falls back to the cached policy. If no cache exists, it falls back to a conservative built-in default. Outage degrades visibility, not safety.
Can I run it in CI?▼
Yes. Set AGENTGUARD_DECISION_MODE=cloud and require_approval actions will park in the dashboard's headless approval inbox instead of asking the local terminal.
Need help?
Open an issue on GitHub or jump into our Discord — we usually reply within a few hours.