AuthSecAuthSec
H
Security7 min readMay 5, 2026

How to Install, Verify, and Use AuthSec Agent Shield

A complete step-by-step guide to getting AuthSec Agent Shield running on your machine — from building the binary to approving your first blocked command on your phone.

Agent ShieldInstall GuideSecurityAI Agents
B

Bishnu

Engineering

What Is AuthSec Agent Shield?

AI coding tools — Claude Code, Codex, Cursor, OpenClaw — run directly on your machine with access to your terminal, filesystem, and cloud credentials. When an AI agent runs rm -rf, git push --force, or DROP TABLE users, by the time you notice it's already done.

AuthSec Agent Shield is a single binary that installs at the OS level and intercepts every risky command before it executes. It scores each command locally, with no network call. Safe commands (git status, docker ps, ls) pass instantly with zero latency. Dangerous commands push a notification to your phone. You approve or deny. Then it executes — or doesn't.

This guide walks you through the full setup: building the binary, logging in, installing the four protection layers, and verifying everything is working.

Prerequisites

Before you start, make sure you have the following:

  • Windows 10/11, macOS, or Linux.
  • Go 1.22 or later installed (to build from source).
  • An AuthSec account — your admin provides your client ID.
  • The authsec-agent-shield source code cloned locally.

Step 1 — Build the Binary

Start by cloning the repository:

terminal
git clone https://github.com/authsec-ai/authsec-agent-shield.git
terminal
cd authsec-agent-shield

Then build the shield binary for your platform:

Windows
go build -o shield.exe ./cmd/shield/
macOS / Linux
go build -o authsec-shield ./cmd/shield/

This produces a single self-contained binary. No external dependencies are needed at runtime.

Step 2 — Configure with Your Client ID

Run the setup command with the client ID your AuthSec admin gave you:

Windows
.\shield.exe setup --client-id <YOUR_CLIENT_ID> --base-url https://prod.api.authsec.ai
macOS / Linux
./authsec-shield setup --client-id <YOUR_CLIENT_ID> --base-url https://prod.api.authsec.ai

This stores your organization's configuration locally. The base URL points to the AuthSec API that handles push notifications and approval routing. You only need to run setup once per machine.

Step 3 — Log In

Run the login command to authenticate your user account:

Windows
.\shield.exe login
macOS / Linux
./authsec-shield login

The shield opens your browser to the AuthSec SSO login page. Sign in with your organization credentials. After signing in, a short activation code is displayed in your terminal.

Go to the AuthSec end-user platform (the URL will be shown in your terminal), enter the code displayed, and confirm the activation. Once you confirm, the shield receives your credentials automatically — no copy-pasting of tokens required.

After activation, the terminal will confirm that you are successfully logged in and your session is ready.

Code verification on the AuthSec end-user platform

Step 4 — Install Protection Layers

The install command deploys all four protection layers on your machine.

On macOS/Linux, a single sudo command handles everything:

macOS / Linux
sudo ./authsec-shield install

On Windows, the process has two steps. First, install the hooks and command wrappers from a normal terminal:

Windows — Step 1 (normal terminal)
.\shield.exe install

Then open an Administrator PowerShell and run the shim installer:

Windows — Step 2 (Administrator PowerShell)
.\install-shims.ps1

Alternatively, launch both steps in one command from a normal terminal:

Windows — one-liner
Start-Process powershell -Verb RunAs -ArgumentList "-NoExit", "-ExecutionPolicy", "Bypass", "-Command", "& {Set-Location 'C:\path\to\authsec-agent-shield'; .\install-shims.ps1}"

Installation deploys four layers of protection:

  • Binary Shims — replaces rm, git, docker, kubectl, mysql, psql with shield wrappers at the OS level. Every process on the machine is governed, including AI tools.
  • Filesystem Protection — applies NTFS DENY write ACLs (Windows) or chattr locks (Linux) to sensitive directories: .ssh, .aws, .kube, .env.
  • Shell Hooks — adds a PowerShell CommandValidationHandler for cmdlets like Remove-Item and Set-Content; Bash preexec via DEBUG trap; Zsh native preexec.
  • MCP Proxy — a transparent JSON-RPC proxy that intercepts write_file, delete_file, and execute_command tool calls from Claude Desktop, Codex, and Cursor before they reach MCP servers.

Step 5 — Verify with shield doctor

Once installation completes, run the diagnostics command to confirm every protection layer is active:

Windows
.\shield.exe doctor
macOS / Linux
./authsec-shield doctor

The doctor command checks that binary shims are in place and pointing to the shield, that shell hooks are loaded in your active shell profiles, that filesystem ACLs are applied to sensitive directories, and that your authentication credentials are valid and not expired.

A healthy output shows all checks passing with green status indicators. If any check fails, the doctor output tells you exactly which layer is missing and the command to fix it.

Executing Commands — What Happens at Runtime

Once installed, the shield works silently in the background. You do not need to prefix commands or change your workflow.

Every command is scored locally with no network call. The scoring engine stacks risk signals — destructive verbs, force flags, sensitive paths, SQL statements — to produce a score from 0 to 100.

Commands scoring 30 or below pass instantly with zero latency. Commands scoring above 30 trigger a push notification to your phone via AuthSec CIBA. You approve or deny from the mobile app. Only after approval does the command execute.

Here is how common commands score in practice:

  • ls, git status, docker ps, cat README.md — score 0. Pass instantly.
  • git push (no flags) — score 30. Pass instantly (at threshold).
  • rm file.txt — score 40. Blocked. Phone notification sent.
  • git push --force origin main — score 100. Blocked immediately.
  • rm -rf / — score 100. Blocked immediately.
  • kubectl delete namespace production — score 100. Blocked immediately.
  • mysql -e 'DROP TABLE users' — score 100. Blocked immediately.

Testing Risk Scores

You can dry-run the risk scorer against any command without executing it:

terminal
shield test "rm -rf /"
terminal
shield test "git status"

shield check is the internal variant used by shell hooks. Call it directly to evaluate any command string and see the full scoring breakdown:

terminal
shield check "<your command>"

Use shield test to audit commands before running them, or to verify that your organization's policy thresholds are configured as expected.

Pausing and Re-enabling Protection

When you need to work freely — running a batch migration, doing a large file cleanup — you can pause protection for a set duration:

terminal
shield pause 1h
terminal
shield pause 30m
terminal
shield enable

During a pause, all commands pass through unchecked. The pause is time-bounded — protection resumes automatically when the duration expires. Use shield status at any time to see whether protection is active or paused and how long remains.

Uninstalling

To fully remove Agent Shield from your machine, run the uninstall command from an Administrator PowerShell (Windows) or with sudo (macOS/Linux):

Windows (Administrator PowerShell)
.\shield.exe uninstall
macOS / Linux
sudo ./authsec-shield uninstall

Uninstall restores all original system binaries from their .shield-real backups, removes PowerShell and shell hooks from profile files, removes all NTFS DENY ACLs and chattr locks from protected directories, and deletes all shield configuration and credential files.

Share this article:

Continue Reading

More from the Blog

Stop Re-Explaining Your Work to Every AI Coding Tool: We Bridged Claude, Codex, and Gemini Sessions
Security

Stop Re-Explaining Your Work to Every AI Coding Tool: We Bridged Claude, Codex, and Gemini Sessions

You hit Claude's rate limit mid-problem, switch to Codex, and spend 20 minutes re-explaining the same architecture. We built a small CLI that transfers your session — context, decisions, tradeoffs — between Claude Code, Codex, and Gemini in one command.

May 7, 202610 min read
We Built a Firewall for AI Agents. Here's What Happened When Claude Code Tried to Delete Our Files.
Security

We Built a Firewall for AI Agents. Here's What Happened When Claude Code Tried to Delete Our Files.

You give Claude Code your terminal. You give Codex your codebase. You give OpenClaw your entire machine — and they can rm -rf your home directory or git push --force to production before you know it. AuthSec Agent Shield stops that at the OS level. Here's what happened when we put it head-to-head with Claude Code.

Apr 20, 20268 min read
AuthSec for AI: Your Organization's Kill Switch for AI Agent Actions
Security

AuthSec for AI: Your Organization's Kill Switch for AI Agent Actions

AI agents can delete files, push code, query databases, scale infrastructure, and send customer emails with a single prompt. AuthSec adds a human approval layer before risky actions execute.

Apr 14, 202610 min read
View all posts