Reins
Stop AI agents from doing things you didn't ask for.
What is Reins?
Reins is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to stop ai agents from doing things you didn't ask for.
Stop AI agents from doing things you didn't ask for.
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Stop AI agents from doing things you didn't ask for.
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx reinsConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Reins
Reins is a security and observability layer for AI agents that intercepts, scores, and optionally blocks high-impact tool calls before they execute. It evaluates every agent action synchronously with sub-50ms latency, maintains an immutable append-only audit log at `~/.openclaw/reins/decisions.jsonl`, and routes destructive or irreversible operations through explicit human approval flows. Security teams and developers use Reins to enforce least-privilege policies on Claude Code, OpenClaw, and MCP-compatible agents — preventing accidental bulk deletions, unauthorized deployments, or out-of-scope file modifications.
Prerequisites
- Node.js 18.0.0 or higher installed
- npm available for global package installation
- Claude Code CLI or another MCP-compatible agent client
- An AI agent workflow that uses PreToolUse/PostToolUse hooks (e.g., Claude Code)
Install Reins globally via npm
Install the Reins package globally so the `reins` CLI is available system-wide. Then run the initialization command to set up configuration files and the audit log directory.
npm install -g @pegasi-ai/reins
reins initInstall the Claude Code skill (optional but recommended)
For Claude Code integration, install the Reins skill file into your Claude skills directory. This enables the /reins slash command and automatic hook integration within Claude Code sessions.
mkdir -p ~/.claude/skills/reins
curl -o ~/.claude/skills/reins/SKILL.md \
https://raw.githubusercontent.com/pegasi-ai/reins/main/.claude/skills/reins/SKILL.mdConfigure Reins as an MCP server
Add Reins to your MCP client configuration. Reins intercepts tool calls from your agent and evaluates them against its policy engine before allowing execution.
{
"mcpServers": {
"reins": {
"command": "reins",
"args": ["serve"],
"env": {}
}
}
}Review the audit log to understand agent behavior
Reins writes every tool call decision — allowed, blocked, or escalated — to an immutable JSONL file. Use this log to audit what your agents have done and tune policies accordingly.
cat ~/.openclaw/reins/decisions.jsonl | tail -20Set up approval flows for high-impact actions
Reins routes high-irreversibility actions through an approval flow. When triggered, the agent pauses and requests an explicit confirmation token before proceeding. Review the Reins documentation at github.com/pegasi-ai/reins for policy configuration syntax.
Reins Examples
Client configuration
Configure Reins as an MCP server in Claude Desktop or Claude Code to enable agent action interception and audit logging.
{
"mcpServers": {
"reins": {
"command": "reins",
"args": ["serve"],
"env": {}
}
}
}Prompts to try
Reins works transparently in the background. These prompts test its blocking and audit capabilities when used with an agent that has filesystem or email access.
- "Delete all files in my Downloads folder that are older than 30 days" (Reins should intercept for approval)
- "Show me the last 10 decisions Reins made about my agent's actions"
- "What is the irreversibility score threshold before Reins blocks an action?"
- "Send a bulk email to all my contacts" (Reins should block or require confirmation token)Troubleshooting Reins
reins command not found after npm install
Ensure npm's global bin directory is in your PATH. Run `npm config get prefix` to find the prefix, then add `<prefix>/bin` to your PATH. Alternatively use `npx @pegasi-ai/reins serve` in the MCP config args instead of the bare `reins` command.
Agent actions are not being intercepted by Reins
Reins must be configured as an MCP server in the same client your agent uses. Verify the MCP server config is correct and that Claude Code or your client has been restarted after adding Reins. Check that PreToolUse hooks are enabled in your client.
Approval flow is blocking every action, including harmless reads
Adjust the irreversibility scoring thresholds in the Reins configuration (created by `reins init` in `~/.openclaw/reins/`). Read-only operations should have low scores and bypass approval flows by default — check the config for any overly restrictive policy rules.
Frequently Asked Questions about Reins
What is Reins?
Reins is a Model Context Protocol (MCP) server that stop ai agents from doing things you didn't ask for. It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Reins?
Follow the installation instructions on the Reins GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Reins?
Reins works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Reins free to use?
Yes, Reins is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
Reins Alternatives — Similar Security Servers
Looking for alternatives to Reins? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Reins in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Reins?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.