Skip to content

openagentlock/rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
docs
docs
 
 
rules
rules
 
 
schema
schema
 
 
site
site
 
 
tools
tools
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

OpenAgentLock Rules Registry

Community-maintained rules for OpenAgentLock — the local-first firewall for AI coding agents.

A "rule" is a single policy gate (e.g. block rm -rf, deny secret exfiltration via curl). Each rule lives in its own directory under rules/, contains a rule.yaml and a README.md, and ships independently. The browsable site at https://openagentlock.github.io/rules indexes every rule and gives you a one-line install command.

Pair this repo with openagentlock/skills

Need a rule that isn't in the catalog yet? The skills repo ships agent skills (Claude Code, Cursor, Codex) that turn natural-language intent into a policy gate. Tell the agent "block any bash command that pipes a file into nc", and the block-pattern skill drafts the YAML, runs agentlock rules install, and reports the deny verdict back. Once a rule has earned its keep, open a PR here to upstream it.

Layout

rules/<rule-id>/
├── rule.yaml          # the gate definition
├── README.md          # what it catches, why it matters, false-positive notes
└── tests/             # (optional) synthetic tool-call fixtures

The site (under site/) is plain HTML/CSS/JS that fetches site/data/index.json — a flat index generated by tools/build-index.ts on every CI run. No backend, no database. The repo is the database.

Adding a rule

  1. Fork this repo.
  2. Copy rules/destructive-bash/ as a starting template.
  3. Edit rule.yaml and README.md.
  4. Open a PR. CI validates the YAML against schema/rule.schema.json.

See docs/adding-a-rule.md for the full walkthrough.

Installing a rule

From the rules site, search for what you want and copy the install command, e.g.:

agentlock rules install openagentlock/rules:destructive-bash

The CLI command is roadmap — see openagentlock/OpenAgentLock#42 for the in-flight signer work that backs agentlock rules.

Adding your own registry

You aren't locked into this repo. Any git URL with the same layout works:

agentlock rules add https://github.com/your-org/your-rules.git
agentlock rules sync

Multiple registries are merged at sync time; rule ids must be unique within a single registry but are namespaced by registry url upstream.

License

Apache-2.0 — see LICENSE. Individual rules may declare a different license in rule.yaml's license field; the default is Apache-2.0 to match the registry.

About

Community-maintained policy rules for the OpenAgentLock AI-agent firewall.

openagentlock.github.io/rules

Resources

Readme

License

View license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages