Skip to main content
Rampart provides a comprehensive CLI for installing, configuring, and managing policy enforcement for AI coding agents.

Command structure

rampart <command> [subcommand] [flags]
All commands support --help for detailed usage information.

Command groups

Setup

Commands for installing and configuring Rampart:
  • rampart quickstart - One-shot setup: install service, configure hooks, verify
  • rampart setup - Set up integrations with AI agents (Claude Code, Cline, OpenClaw, Codex)
  • rampart upgrade - Upgrade to the latest or specified release
  • rampart uninstall - Remove Rampart from your system
  • rampart doctor - Check installation health

Policy

Commands for managing security policies:
  • rampart policy - Policy utilities (lint, explain, fetch, sync)
  • rampart test - Test how policies evaluate commands
  • rampart bench - Benchmark policy coverage against attack corpus
  • rampart watch - Live TUI dashboard for audit decisions
  • rampart allow - Add an allow rule to custom policy
  • rampart block - Add a block rule to custom policy
  • rampart rules - Manage custom rules

Runtime

Commands for running the policy engine:
  • rampart serve - Start policy runtime and file watcher
  • rampart token - Manage bearer tokens
  • rampart status - Quick dashboard showing protection status
  • rampart log - Pretty-print recent audit events

Approvals

Commands for managing human-in-the-loop approvals:
  • rampart pending - List pending approval requests
  • rampart approve - Approve a pending tool call
  • rampart deny - Deny a pending tool call

Hooks

Commands for wrapping and intercepting tool calls:
  • rampart hook - AI agent hook (reads JSON from stdin, returns allow/deny)
  • rampart preload - Run a command with librampart preloaded (LD_PRELOAD)
  • rampart wrap - Wrap a process with policy enforcement

Global flags

--config
string
default:"rampart.yaml"
Path to policy config file
--verbose
boolean
default:"false"
Enable debug logging
--version
boolean
default:"false"
Print version information and exit

Exit codes

  • 0 - Success
  • 1 - General error or test failure
  • 126 - Command denied by policy

Environment variables

RAMPART_TOKEN
string
Bearer token for API authentication (auto-detected from ~/.rampart/token)
RAMPART_SESSION
string
Session identifier for audit events (auto-detected from git repo/branch)
RAMPART_SERVE_URL
string
default:"http://localhost:9090"
URL for rampart serve API
RAMPART_MODE
string
default:"enforce"
Runtime mode: enforce, monitor, or disabled
RAMPART_NO_PROJECT_POLICY
string
Set to 1 to skip project policy loading (security precaution for untrusted repos)

Common patterns

Initial setup

# Auto-detect and configure everything
rampart quickstart

# Or manual setup
rampart serve install
rampart setup claude-code
rampart init --profile standard

Testing policies

# Test a single command
rampart test "rm -rf /"

# Test a file read
rampart test --tool read "/etc/shadow"

# Run a test suite
rampart test tests.yaml

# Explain policy evaluation
rampart policy explain "git push origin main"

Monitoring

# Live dashboard
rampart watch

# Recent events
rampart log --deny

# Audit statistics
rampart audit stats --since 24h

# Search audit trail
rampart audit search "npm install"

Managing approvals

# List pending approvals
rampart pending

# Approve a request
rampart approve 01HGW1...

# Deny a request
rampart deny 01HGW1...

Configuration files

Policy files

  • ~/.rampart/policies/standard.yaml - Built-in standard policy
  • ~/.rampart/policies/custom.yaml - User-defined rules
  • .rampart/policy.yaml - Project-specific policy (git-committed)

Runtime files

  • ~/.rampart/token - Persisted bearer token
  • ~/.rampart/audit/ - Audit trail (JSONL files)
  • ~/.rampart/signing.key - HMAC key for approval URLs
  • ~/.rampart/ACTIVE_POLICY.md - Current policy summary

Agent integrations

  • ~/.claude/settings.json - Claude Code hooks
  • ~/.config/Cline/settings.json - Cline hooks (VS Code)
  • ~/.local/bin/rampart-shim - OpenClaw shell wrapper

Getting help

# Show all commands
rampart --help

# Command-specific help
rampart serve --help
rampart policy --help

# Check installation
rampart doctor

# View version and build info
rampart --version

Build docs developers (and LLMs) love

Get started for freeTalk to us