coding-agents-kit
Experimental Preview — This project is under active development and released as an early preview. Interfaces and behavior may change between releases. We welcome your feedback to help shape its future.
Falco meets AI Coding Agents
coding-agents-kit brings Falco to the world of AI coding agents. It is designed for developers who use coding agents daily and want visibility and control over what those agents do on their machines.
True to Falco's tradition, the primary goal is detection. The kit provides a monitor mode that lets you observe every tool call your coding agent makes — shell commands, file writes, reads, API calls — in real time, evaluated against Falco rules you define. This gives you a clear picture of what the agent is actually doing during a session.
Unlike classic Falco, this project operates entirely in user space — no kernel modules, no root, no containers. This makes it easy to run on your development machine but comes with known limitations: Falco evaluates tool calls as declared by the agent, not the system calls those commands produce.
That said, detecting unwanted behavior is still valuable — even at the tool-call level, it helps you catch the unexpected. The kit also provides a lightweight enforcement mode that relies on the coding agent's own hook API to block or prompt for confirmation. Think of it as a way to let Falco instruct the agent to behave as expected and avoid potentially harmful behaviors. This is not a substitute for sandboxing or system hardening — it complements those techniques by adding a policy layer at the agent level.
Ultimately, coding-agents-kit is a new way to let Falco and coding agents collaborate, and a foundation for exploring new approaches to protecting your systems against AI-driven threats.
How It Works
When your coding agent tries to use a tool, coding-agents-kit intercepts the call before it executes, evaluates it against your security rules, and decides what happens next:
| Verdict | What Happens |
|---|---|
| Allow | The tool call proceeds normally |
| Deny | The tool call is blocked — the agent is told why |
| Ask | You are prompted to approve or reject the call |
Security policies are written as standard Falco rules in YAML. You get a set of sensible defaults out of the box, and you can add your own rules for your specific needs.
Quick Start
macOS
Download the .pkg installer from the latest release and open it:
open coding-agents-kit-0.1.0-darwin-universal.pkg
The macOS Installer wizard guides you through the setup. Once complete, the service starts automatically on login.
[!NOTE] Since the binaries are not code-signed, macOS Gatekeeper may block them on first run. Go to System Settings > Privacy & Security and allow the blocked binary, or run:
xattr -dr com.apple.quarantine ~/.coding-agents-kit/bin/*
Linux
Download the package for your architecture from the latest release:
tar xzf coding-agents-kit-0.1.0-linux-x86_64.tar.gz
cd coding-agents-kit-0.1.0-linux-x86_64
bash install.sh
The installer copies all components to ~/.coding-agents-kit/, starts a systemd user service, and registers the hook automatically.
Verify
~/.coding-agents-kit/bin/coding-agents-kit-ctl status
~/.coding-agents-kit/bin/coding-agents-kit-ctl hook status
Tip: Add
export PATH="$HOME/.coding-agents-kit/bin:$PATH"to your shell profile to usecoding-agents-kit-ctlwithout the full path.
Managing
# Check status
~/.coding-agents-kit/bin/coding-agents-kit-ctl status
# Monitor mode — rules evaluate and log, but verdicts are not enforced
~/.coding-agents-kit/bin/coding-agents-kit-ctl mode monitor
# Enforcement mode (default) — verdicts are enforced
~/.coding-agents-kit/bin/coding-agents-kit-ctl mode enforcement
# View live logs
~/.coding-agents-kit/bin/coding-agents-kit-ctl logs
# Temporarily disable interception (tool calls proceed unmonitored)
~/.coding-agents-kit/bin/coding-agents-kit-ctl hook remove
# Re-enable interception
~/.coding-agents-kit/bin/coding-agents-kit-ctl hook add