Bulwark|Docs

Introduction

Bulwark is a policy-driven permission control system for AI coding agents. It gives you centralized, enforceable control over what your agents can do — without being stuck in the terminal.

The Problem

AI coding agents like Claude Code are powerful, but their built-in permission systems have limitations:

  • Terminal-bound: Permissions only work when you're watching the session. Step away and your agent waits. Run it in the background? No approval possible.
  • Easily bypassed: Anyone can run --dangerously-skip-all-permissions. One flag and all your rules are ignored.
  • No visibility: Running multiple agents? Each one is isolated. No centralized view of what's happening across your team.

The Solution

Bulwark extends your agent's permissions into a centralized system that works even when you're not watching:

  • Approve from anywhere: Dashboard accessible from any device. Approve requests from your phone while the agent runs on your workstation.
  • Bypass-proof: Policies are enforced at the network level, not in the CLI. Flags don't work.
  • Full visibility: See all sessions, all requests, all decisions in one place.

Key Concepts

Policies

Policies are rules that determine what happens when an agent tries to use a tool. Each policy can:

  • Allow: Auto-approve matching tool calls
  • Deny: Auto-reject with an optional message
  • Ask: Require manual approval via the dashboard

Sessions

A session represents a single Claude Code conversation. Bulwark tracks all tool calls within each session, giving you a complete audit trail.

Hooks

Hooks are the individual tool call events that Bulwark intercepts. Each hook contains the tool name, input, and context needed to evaluate policies.

Devices

Devices are authenticated CLI installations. You can manage multiple devices and revoke access at any time.

Next Steps

Ready to get started? Continue to Installation to set up Bulwark.