Prempti is a new experimental project from the Falco ecosystem that adds policy enforcement and visibility to AI coding agent tool calls. It runs as a lightweight user-space service (no root or kernel modules required) and intercepts every tool call — file reads/writes, shell commands — before execution, evaluating them against Falco YAML rules. Verdicts can allow, deny, or prompt the user interactively. Two modes are available: Monitor (observe only) and Guardrails (enforce). The default ruleset covers sensitive path protection, credential access, pipe-to-shell attacks, MCP config poisoning, and persistence vectors. Prempti is honest about its scope: it operates at the agent tool-call level, not the OS syscall level, and is a policy complement rather than a full sandbox. Currently supports Claude Code on Linux, macOS, and Windows, with Codex integration planned.
Table of contents
Agents are a black box at runtimeHow Prempti worksTwo modes: Monitor and GuardrailsRules: familiar Falco YAML, new contextHonest about limitationsGetting startedGet involvedSort: