Secure Agent Launcher is a macOS guard tool for AI agent CLIs (codex, claude, gemini, etc.).
It blocks execution before access to protected paths such as ~/.ssh, ~/.aws, and ~/Library/Keychains, then records the result in an audit log.
日本語版: README.ja.md
- lets you register paths you do not want AI tools to touch
- checks paths before command execution and blocks matching runs
- records each blocked or allowed decision in an audit log
- lets you configure settings in the GUI and generate a one-line agent launch command
- macOS
bash,curl, andtar- Homebrew (only for Homebrew install)
- Install:
brew install mark0011astra/Secure-Agent-Launcher/secure-agent-locker- Open GUI:
secure-agent-locker gui- Add paths in the UI, click
Generate Run Command, and run the generated line in your terminal.
If a command is blocked, you will see blocked_path: in output.
brew install mark0011astra/Secure-Agent-Launcher/secure-agent-lockerOr tap once and install:
brew tap mark0011astra/Secure-Agent-Launcher
brew install secure-agent-lockercurl -fsSL https://raw.githubusercontent.com/mark0011astra/Secure-Agent-Launcher/main/scripts/install-from-github.sh \
| bash -s -- --repo mark0011astra/Secure-Agent-LauncherInstalled paths:
~/.local/bin/secure-agent-locker~/.local/bin/secure-agent-locker-uninstall
If needed, add ~/.local/bin to your PATH.
Install a specific tag:
bash scripts/install-from-github.sh --repo mark0011astra/Secure-Agent-Launcher --tag v0.1.0./scripts/install.shsecure-agent-locker-uninstallTo remove policy and audit logs too:
secure-agent-locker-uninstall --purge-configFor Homebrew installs:
brew uninstall secure-agent-locker- Policy JSON:
~/.config/secure-agent-locker/policy.json - Audit log:
~/.local/state/secure-agent-locker/audit.log - Audit lock file:
~/.local/state/secure-agent-locker/audit.log.lock - Rotated audit logs:
audit.log.1toaudit.log.3(rotation starts at ~2MB)
secure-agent-locker gui- Add paths to protect in
AI Access Deny List(left panel). - Enter the agent command and working folder (right panel).
- Click
Generate Run Command. - Copy the generated one-liner and run it in any terminal.
Notes:
- The GUI does not auto-launch an external terminal.
- The generated command uses the installed
secure-agent-lockerlauncher when available. - If the preflight check detects a blocked path, command generation is stopped.
- The GUI runs in fixed-size window mode and blocks fullscreen shortcuts.
Initialize default policy:
secure-agent-locker initShow current policy JSON:
secure-agent-locker showManage deny paths:
secure-agent-locker policy list
secure-agent-locker policy add ~/.ssh ~/.aws
secure-agent-locker policy remove ~/.aws
secure-agent-locker policy status
secure-agent-locker policy on
secure-agent-locker policy offDry-run (check only):
secure-agent-locker run -- codexActual execution:
secure-agent-locker run --execute -- codexWith explicit working directory:
secure-agent-locker run --execute --cwd ~/work/project -- codex --model gpt-5runchecks command paths againstdeny_paths.- Any match returns blocked result with exit code
25. runwithout--executeis dry-run only.--timeout-secmust be a positive integer.- If
AGENT_LOCKER_TEST_MODE=1, execution is blocked with exit code26. - Every run decision is appended to the audit log.
Tag and publish a release on GitHub.
The workflow at .github/workflows/release-macos.yml automatically builds and uploads:
secure-agent-locker-macos-arm64.tar.gzsecure-agent-locker-macos-x64.tar.gz
Users can install the latest release binary with scripts/install-from-github.sh and do not need Python.
python3 -m venv .venv
source .venv/bin/activate
pip install -e .python3 -m unittest discover -s tests -vMIT License. See LICENSE.