reins

In Greek myth, Athena gave Bellerophon the golden bridle — reins included — that let him guide Pegasus. Reins applies the same idea to AI agents: raw power is not enough — what matters is making it controllable.

Reins enforces deterministic security policies on every agent action, scans your configs for OWASP ASI10 vulnerabilities, and tracks drift over time. Policies evaluate in under 50ms. Works with Claude Code PreToolUse and PostToolUse hooks, OpenClaw, and any MCP-compatible agent.

Quickstart

npm install -g @pegasi-ai/reins
reins init

Claude Code Skill

Install the Reins skill to give Claude Code awareness of your security posture:

mkdir -p ~/.claude/skills/reins
curl -o ~/.claude/skills/reins/SKILL.md \
  https://raw.githubusercontent.com/pegasi-ai/reins/main/.claude/skills/reins/SKILL.md

Or clone the repo — the skill is included at .claude/skills/reins/ automatically.

Demo

An OpenClaw agent tries to bulk-delete 4,382 Gmail messages. Reins blocks it before execution.

What Reins does

• Prevent — Block destructive actions before execution. Score irreversibility. Detect risky browser state.
• Pause — Route high-impact actions through terminal or messaging approval flows. Require explicit CONFIRM-* tokens for catastrophic operations.
• Prove — Preserve an immutable audit trail of every decision, approval, and block.

Security guarantees

• Zero Trust — every action evaluated before execution
• Synchronous — agent cannot proceed until the hook exits
• No network in the hot path — policies cached locally, enforced offline
• Fail-closed — any unhandled hook error blocks the action
• Immutable audit — append-only JSONL at ~/.openclaw/reins/decisions.jsonl

Documentation

Full docs at reins.sh/docs:

• Getting Started
• How It Works
• Security Policies
• CLI Reference
• Security Scan
• Reins Cloud
• Use as a Library
• Architecture

Contributing

PRs welcome. See CONTRIBUTING.md.

License

Apache 2.0 — see LICENSE.