In Greek myth, Athena gave Bellerophon the golden bridle — reins included — that let him guide Pegasus. Reins applies the same idea to AI agents: raw power is not enough — what matters is making it controllable.
Reins enforces deterministic security policies on every agent action, scans your configs for OWASP ASI10 vulnerabilities, and tracks drift over time. Policies evaluate in under 50ms. Works with Claude Code PreToolUse and PostToolUse hooks, OpenClaw, and any MCP-compatible agent.
npm install -g @pegasi-ai/reins
reins initInstall the Reins skill to give Claude Code awareness of your security posture:
mkdir -p ~/.claude/skills/reins
curl -o ~/.claude/skills/reins/SKILL.md \
https://raw.githubusercontent.com/pegasi-ai/reins/main/.claude/skills/reins/SKILL.mdOr clone the repo — the skill is included at .claude/skills/reins/ automatically.
An OpenClaw agent tries to bulk-delete 4,382 Gmail messages. Reins blocks it before execution.
- Prevent — Block destructive actions before execution. Score irreversibility. Detect risky browser state.
- Pause — Route high-impact actions through terminal or messaging approval flows. Require explicit
CONFIRM-*tokens for catastrophic operations. - Prove — Preserve an immutable audit trail of every decision, approval, and block.
- Zero Trust — every action evaluated before execution
- Synchronous — agent cannot proceed until the hook exits
- No network in the hot path — policies cached locally, enforced offline
- Fail-closed — any unhandled hook error blocks the action
- Immutable audit — append-only JSONL at
~/.openclaw/reins/decisions.jsonl
Full docs at reins.sh/docs:
- Getting Started
- How It Works
- Security Policies
- CLI Reference
- Security Scan
- Reins Cloud
- Use as a Library
- Architecture
PRs welcome. See CONTRIBUTING.md.
Apache 2.0 — see LICENSE.