AGENTLEASH_
SECTION

┌─ Getting Started ─┐

AgentLeash monitors and controls what files and resources AI coding agents access in your projects. See exactly what your agent touched, set boundaries on what it can reach, and maintain full visibility over automated changes.

The Problem

AI coding agents like Claude Code and Cursor are powerful, but they operate with broad access to your codebase. Without visibility:

[!] You don't know which files the agent actually read
[!] Sensitive files might be accessed unintentionally
[!] No audit trail for compliance or debugging
[!] Agents might modify files outside intended scope

The Solution

[1] Initialize AgentLeash in your project
[2] Define scope rules (allow, deny)
[3] Run your AI agent session through AgentLeash
[4] Review the access log after the session
[5] Refine rules based on actual behavior

Quick Start

terminal
# Install the CLI
$ npm install -g agentleash

# Initialize in your project
$ cd your-project
$ leash init
[/] Created .agentleash.yml

# Start a monitored session
$ leash watch --agent claude-code
╔═══════════════════════════════════════════╗
║  AGENTLEASH                  [WATCHING]   ║
╠═══════════════════════════════════════════╣
║  Agent:  Claude Code                      ║
║  Mode:   PASSIVE                          ║
╚═══════════════════════════════════════════╝
[*] Watching for file operations...

# ... run your AI agent normally ...
# Press Ctrl+C to stop and see summary

Supported AI Agents

Claude CodeSupported
CursorSupported
WindsurfSupported
GitHub CopilotSupported
AiderSupported
ContinueSupported

Agent Setup

Start a monitored session by passing the agent name with the --agent flag:

per-agent setup
# Claude Code
$ leash watch --agent claude-code

# Cursor
$ leash watch --agent cursor

# Windsurf
$ leash watch --agent windsurf

# Aider
$ leash watch --agent aider

# GitHub Copilot
$ leash watch --agent github-copilot

# Continue
$ leash watch --agent continue
[i] Works with any file-accessing agent
AgentLeash monitors at the filesystem level. Any tool that reads or writes files in your project directory will be tracked, regardless of native integration. The --agent flag labels the session for filtering in logs and reports.