Skip to main content
Rampart integrates natively with Claude Code through its PreToolUse and PostToolUseFailure hook system. Every tool call — Bash, Read, Write, Edit, Fetch, Task, and future tools — flows through your policy engine before execution.

Quick Setup

1

Install Rampart service

Start the background policy server and save the authentication token:
rampart serve install
This installs a systemd (Linux) or launchd (macOS) service that:
  • Runs on port 9090 by default
  • Saves a bearer token to ~/.rampart/token
  • Starts automatically on boot
  • Enables the web dashboard at http://localhost:9090/dashboard/
2

Wire Claude Code hooks

Install the Rampart hook into Claude Code settings:
rampart setup claude-code
This modifies ~/.claude/settings.json to add:
  • PreToolUse hook: Evaluates every tool call before execution
  • PostToolUseFailure hook: Prevents Claude from retrying denied commands
Safe to run multiple times — won’t duplicate hooks or overwrite existing settings.
3

Use Claude normally

Launch Claude Code with dangerous mode enabled:
claude --dangerously-skip-permissions
All tool calls now route through Rampart. No wrapper needed.

How It Works

Claude Code fires PreToolUse for every tool. Rampart returns:
  • "permissionDecision": "allow" → Tool executes normally
  • "permissionDecision": "deny" → Tool is blocked, reason shown to user
  • "permissionDecision": "ask" → Claude shows native approval prompt

What Gets Protected

The hook intercepts all Claude Code tools using a wildcard matcher ("matcher": ".*"): 
tool: exec
params:
  command: "npm install lodash"
Even future tools added to Claude Code are automatically covered — the wildcard matcher ensures comprehensive protection.

Configuration Details

The setup command installs this configuration to ~/.claude/settings.json: 
{
  "hooks": {
    "PreToolUse": [
      {
        "matcher": ".*",
        "hooks": [
          {
            "type": "command",
            "command": "rampart hook"
          }
        ]
      }
    ],
    "PostToolUseFailure": [
      {
        "matcher": ".*",
        "hooks": [
          {
            "type": "command",
            "command": "rampart hook"
          }
        ]
      }
    ]
  }
}
The hook command must be in your system PATH. If you see “command not found” errors, add rampart to PATH:Linux/macOS:
export PATH="$HOME/.local/bin:$PATH"
Windows (PowerShell):
$env:PATH += ";$env:USERPROFILE\.rampart\bin"

Example Session

Terminal output when Claude attempts dangerous operations: 
$ claude --dangerously-skip-permissions

You: Install the latest version of numpy

Claude: I'll install numpy for you.

$ pip install numpy
✅ Allowed by policy [allow-dev]

You: Delete all temporary files

Claude: I'll clean up /tmp for you.

$ rm -rf /tmp/*
🔴 Rampart: Destructive command blocked
   Reason: Matches pattern 'rm -rf *' in policy block-destructive

Claude: I apologize, but I cannot execute that command as it's blocked 
by your security policy. Would you like me to delete specific files instead?

Policy Customization

Create custom rules for Claude Code workflows:
~/.rampart/policies/custom.yaml
version: "1"
default_action: allow

policies:
  - name: claude-safe-npm
    match:
      agent: ["claude-code"]
      tool: ["exec"]
    rules:
      - action: allow
        when:
          command_matches:
            - "npm install *"
            - "npm run test"
            - "npm run build"
        message: "Safe npm commands allowed"

  - name: claude-protect-credentials
    match:
      agent: ["claude-code"]
      tool: ["read"]
    rules:
      - action: deny
        when:
          path_matches:
            - "**/.env"
            - "**/.aws/credentials"
            - "**/.ssh/id_*"
        message: "Credential file access denied"

  - name: claude-ask-before-deploy
    match:
      agent: ["claude-code"]
      tool: ["exec"]
    rules:
      - action: ask
        when:
          command_contains:
            - "kubectl apply"
            - "terraform apply"
            - "docker push"
        message: "Deployment command requires approval"
After editing, reload: 
rampart serve --reload

Monitoring

Open http://localhost:9090/dashboard/ in your browser:
  • Active tab: Live stream of tool calls with approve/deny buttons
  • History tab: Browse past tool calls, filter by decision
  • Policy tab: Test commands before Claude runs them
No authentication required on localhost.

Troubleshooting

Hook not firing

  1. Check rampart is in PATH: 
    which rampart
# Should output a path, not "not found"
  2. Verify settings.json was updated: 
    cat ~/.claude/settings.json | grep rampart
# Should show "rampart hook" command
  3. Check service is running: 
    curl http://localhost:9090/healthz
# Should return "ok"

Permission denied errors

If all commands are denied:
  1. Check token is accessible: 
    cat ~/.rampart/token
# Should output a token starting with "rampart_"
  2. Verify policy loaded: 
    rampart doctor
# Check "Policy loaded" shows your active policy
  3. Test policy directly: 
    echo '{"tool_name":"Bash","tool_input":{"command":"echo test"}}' | rampart hook
# Should output {"hookSpecificOutput":{"permissionDecision":"allow"}}

Uninstalling

Remove Rampart hooks from Claude Code: 
rampart setup claude-code --remove
This removes the PreToolUse and PostToolUseFailure hooks while preserving other settings. To completely remove Rampart: 
rampart serve uninstall  # Stop and remove service
rm -rf ~/.rampart        # Delete config and audit logs

Advanced: Session Tagging

Tag Claude sessions by project for granular audit trails: 
# In your shell profile (~/.bashrc, ~/.zshrc)
export RAMPART_SESSION="myapp/main"
Then write session-specific policies: 
policies:
  - name: production-branch-protection
    match:
      agent: ["claude-code"]
    rules:
      - action: ask
        when:
          session_matches: ["myapp/main", "myapp/production"]
          command_contains: ["git push", "deploy"]
        message: "Production deployments require approval"
Audit events will be tagged with the session identifier for filtering and reporting.

Build docs developers (and LLMs) love

Get started for freeTalk to us