Getting Started

Get Agent Wall protecting your MCP servers in under 2 minutes.

Installation

npmpnpmyarn

bash

npm install -g @agent-wall/cli

bash

pnpm add -g @agent-wall/cli

bash

yarn global add @agent-wall/cli

Quick Start

1. Generate a policy config

bash

agent-wall init

This creates agent-wall.yaml with sensible defaults.

2. Wrap your MCP server

bash

agent-wall wrap -- npx @modelcontextprotocol/server-filesystem /home/user

That's it. Agent Wall is now intercepting every tool call and enforcing your policy.

3. Integrate with your MCP client

Update your MCP client config to use Agent Wall as the command:

json

// ~/.claude/mcp_servers.json
{
  "mcpServers": {
    "filesystem": {
      "command": "agent-wall",
      "args": ["wrap", "--", "npx", "@modelcontextprotocol/server-filesystem", "/home/user"]
    }
  }
}

json

// ~/.cursor/mcp.json
{
  "mcpServers": {
    "filesystem": {
      "command": "agent-wall",
      "args": ["wrap", "--", "npx", "@modelcontextprotocol/server-filesystem", "/home/user"]
    }
  }
}

json

// ~/Library/Application Support/Claude/claude_desktop_config.json
{
  "mcpServers": {
    "filesystem": {
      "command": "agent-wall",
      "args": ["wrap", "--silent", "--", "npx", "@modelcontextprotocol/server-filesystem", "/home/user"]
    }
  }
}

json

// .vscode/mcp.json
{
  "mcpServers": {
    "filesystem": {
      "command": "agent-wall",
      "args": ["wrap", "--", "npx", "@modelcontextprotocol/server-filesystem", "/home/user"]
    }
  }
}

json

// ~/.codeium/windsurf/mcp_config.json
{
  "mcpServers": {
    "filesystem": {
      "command": "agent-wall",
      "args": ["wrap", "--", "npx", "@modelcontextprotocol/server-filesystem", "/home/user"]
    }
  }
}

Verify It Works

Test a tool call against your policy without starting a server:

bash

# Should be DENIED (SSH key access)
agent-wall test --tool read_file --arg path=/home/.ssh/id_rsa

# Should be ALLOWED (normal file read)
agent-wall test --tool read_file --arg path=/home/user/project/README.md

Run the health check to verify everything is set up:

bash

agent-wall doctor

Environment Variables

Set these once to avoid repeating flags:

bash

export AGENT_WALL_CONFIG=/path/to/agent-wall.yaml
export AGENT_WALL_LOG=/var/log/agent-wall.log

These are used as fallbacks by wrap, test, validate, and doctor.

What's Next?

How It Works — Understand the two-way architecture
Policy Configuration — Customize your rules and response scanning
Response Scanning — Detect leaked secrets in server responses
Real-Time Dashboard — Monitor security events in your browser
CLI Reference — All available commands
Audit Logging — Monitor tool call activity
Any MCP Client — Works with every MCP server and client

Getting Started ​

Installation ​

Quick Start ​

1. Generate a policy config ​

2. Wrap your MCP server ​

3. Integrate with your MCP client ​

Verify It Works ​

Environment Variables ​

What's Next? ​

Getting Started

Installation

Quick Start

1. Generate a policy config

2. Wrap your MCP server

3. Integrate with your MCP client

Verify It Works

Environment Variables

What's Next?