Open-source firewall for AI agents. Policy engine that audits and controls what OpenClaw, Claude Code, Cursor, Codex, and any AI tool can do on your machine.
Drift inferred · capture-to-capture
No drift recorded — single capability capture; advisories appear once its surface changes.
transport stdio counts 0 tools · 0 res
· 0 prompts
permission surface via code analysis
No tools enumerated yet for this server.
evidence-backed
findings quoted directly from the published source artifact — not inferred
filesystem 3
- fs peg-rampart-cb2e54f/hooks/node-fs-hook.js :4
* Intercepts fs.readFile(Sync), fs.writeFile(Sync), and fs.promises variants - fs peg-rampart-cb2e54f/internal/plugin/openclaw/index.js :11
import { readFile } from "fs/promises"; - fs peg-rampart-cb2e54f/scripts/compat-openclaw-latest.mjs :11
import { mkdtempSync, mkdirSync, rmSync, writeFileSync } from 'node:fs';
shell / exec 2
- shell peg-rampart-cb2e54f/hooks/node-fs-hook.js :18
const { execFileSync } = require('child_process'); - shell peg-rampart-cb2e54f/scripts/compat-openclaw-latest.mjs :14
import { spawnSync } from 'node:child_process';
network 2
- net peg-rampart-cb2e54f/hooks/node-fs-hook.js :150
const resp = await fetch(url, { - net peg-rampart-cb2e54f/internal/plugin/openclaw/index.js :195
const resp = await fetch(`${serveUrl}/v1/tool/${encodeURIComponent(toolName)}`, {
secrets 1
- secrets peg-rampart-cb2e54f/hooks/node-fs-hook.js :21
const RAMPART_TOKEN = process.env.RAMPART_TOKEN || '';