Runwall
Runtime security guardrails for Claude Code, Codex, and MCP-based coding setups.
Runwall sits between the agent and risky actions so you can:
- block obvious bad shell, git, MCP, and exfiltration flows
- scan a repo or runtime setup before enabling it
- keep a practical security baseline without turning normal coding into sludge
Why Use It
Coding agents can:
- run shell commands
- edit files
- push git changes
- call MCP tools
- touch secrets, browsers, databases, and local services
That is useful, but it is also enough to leak data or damage a machine fast.
Runwall helps reduce that risk with:
- preflight checks before risky actions run
- output inspection after tools return untrusted content
- local trust tracking for tools, hooks, data stores, IPC targets, and approvals
- installable profiles:
minimal, balanced, and strict
Fast Start
Claude Code
claude plugin marketplace add efij/secure-claude-code
claude plugin install runwall@runwall
claude plugin list
Expected result:
runwall@runwallStatus: enabled
Codex
If your Codex supports local bundle install, install this repo as a plugin bundle.
Fallback:
./bin/runwall generate-runtime-config codex balanced
Local CLI Install
git clone https://github.com/efij/secure-claude-code.git
cd secure-claude-code
./bin/runwall install balanced
./bin/runwall doctor
Profiles
minimal: lowest frictionbalanced: sensible defaultstrict: strongest blocking and review prompts
What It Protects
- shell execution
- git and repo actions
- MCP requests and responses
- plugin and skill trust boundaries
- secrets and local credential stores
- local services, IPC, and browser sessions
- destructive actions and production access
Protection families
Secrets & IdentitySupply Chain & DependenciesGit & Source ControlMCP, Plugins & SkillsRuntime, Network & EgressInfra & Production AccessTrust, Persistence & EvasionQuality & WorkflowMemory & KnowledgeSaaS & Control PlanesFileless & Inline ExecutionRemote Content PromotionLocal Data StoresLocal IPC & HelpersPublish, Release & Supply ChainDestructive Actions & Blast Radius
Full guard inventory: GUARDS.md
Common Commands
./bin/runwall install balanced
./bin/runwall doctor
./bin/runwall audit .
./bin/runwall list protections
./bin/runwall list runtimes
./bin/runwall generate-runtime-config codex balanced
./bin/runwall generate-runtime-config cursor balanced
./bin/runwall generate-runtime-config windsurf balanced
./bin/runwall generate-runtime-config claude-desktop balanced
Advanced trust-plane commands
./bin/runwall tools list --json
./bin/runwall tools approve <name-or-path>
./bin/runwall hooks list --json
./bin/runwall hooks diff <path-or-key>
./bin/runwall approvals list --json
./bin/runwall services list --json
./bin/runwall data list --json
./bin/runwall ipc list --json
./bin/runwall browser sessions --json
./bin/runwall flow list --json
./bin/runwall agents graph --json
./bin/runwall memory list --json
./bin/runwall knowledge list --json
./bin/runwall review list --json
./bin/runwall artifacts list --json
./bin/runwall release list --json
./bin/runwall destructive list --json
./bin/runwall handoff graph --json
./bin/runwall auth list --json
./bin/runwall apps list --json
./bin/runwall safety list --json
Supported Runtimes
| Runtime | Status | How |
|---|
| Claude Code | First-class | native plugin hooks |
| Codex | Supported | plugin bundle or generated MCP config |
| Cursor | Supported | generated mcp.json |
| Windsurf | Supported | generated mcp_config.json |
| Claude Desktop | Supported | generated claude_desktop_config.json |
| Generic MCP clients | Supported | inline MCP gateway |
| CI | Supported | CLI policy checks |
More detail: RUNTIMES.md
Audit First
If you want to inspect before enabling:
./bin/runwall audit .
./bin/runwall audit . --format html --output runwall-audit.html
./bin/runwall audit . --format sarif --output runwall-audit.sarif
Troubleshooting
Claude plugin says failed to load
Run:
claude plugin uninstall runwall@runwall
claude plugin marketplace remove runwall
claude plugin marketplace add efij/secure-claude-code
claude plugin install runwall@runwall
claude plugin list
You want: