In Greek myth, Athena gave Bellerophon the golden bridle — reins included — that let him guide Pegasus. Reins applies the same idea to AI agents: raw power is not enough — what matters is making it controllable.

Reins enforces deterministic security policies on every agent action via Claude Code PreToolUse and PostToolUse hooks. Policies are evaluated in under 50ms with no LLM in the enforcement path.

Quickstart

npm install -g @pegasi/reins
reins init

Claude Code Skill

Install the Reins skill to give Claude Code awareness of your security posture:

mkdir -p ~/.claude/skills/reins
curl -o ~/.claude/skills/reins/SKILL.md \
  https://raw.githubusercontent.com/pegasi-ai/reins/main/.claude/skills/reins/SKILL.md

Or clone the repo — the skill is included at .claude/skills/reins/ automatically.

Demo

An OpenClaw agent tries to bulk-delete 4,382 Gmail messages. Reins blocks it before execution.

In The News

• TechCrunch (February 23, 2026): A Meta AI security researcher said an OpenClaw agent ran amok on her inbox

What Reins does

• Prevent — Block destructive actions before execution. Score irreversibility. Detect risky browser state.
• Pause — Route high-impact actions through terminal or messaging approval flows. Require explicit CONFIRM-* tokens for catastrophic operations.
• Prove — Preserve an immutable audit trail of every decision, approval, and block.

Security guarantees

• Zero Trust — every action evaluated before execution
• Synchronous — agent cannot proceed until the hook exits
• No network in the hot path — policies cached locally, enforced offline
• Fail-closed — any unhandled hook error blocks the action
• Immutable audit — append-only JSONL at ~/.openclaw/reins/decisions.jsonl

Documentation

Full docs at docs/:

• Getting Started
• How It Works
• Security Policies
• CLI Reference
• Security Scan
• Watchtower
• Use as a Library
• Architecture

Contributing

PRs welcome. See CONTRIBUTING.md.

License

Apache 2.0 — see LICENSE.