Introduction
Bulwark is a policy-driven permission control system for AI coding agents. It gives you centralized, enforceable control over what your agents can do — without being stuck in the terminal.
The Problem
AI coding agents like Claude Code are powerful, but their built-in permission systems have limitations:
- Terminal-bound: Permissions only work when you're watching the session. Step away and your agent waits. Run it in the background? No approval possible.
- Easily bypassed: Anyone can run
--dangerously-skip-all-permissions. One flag and all your rules are ignored. - No visibility: Running multiple agents? Each one is isolated. No centralized view of what's happening across your team.
The Solution
Bulwark extends your agent's permissions into a centralized system that works even when you're not watching:
- Approve from anywhere: Dashboard accessible from any device. Approve requests from your phone while the agent runs on your workstation.
- Bypass-proof: Policies are enforced at the network level, not in the CLI. Flags don't work.
- Full visibility: See all sessions, all requests, all decisions in one place.
Key Concepts
Policies
Policies are rules that determine what happens when an agent tries to use a tool. Each policy can:
- Allow: Auto-approve matching tool calls
- Deny: Auto-reject with an optional message
- Ask: Require manual approval via the dashboard
Sessions
A session represents a single Claude Code conversation. Bulwark tracks all tool calls within each session, giving you a complete audit trail.
Hooks
Hooks are the individual tool call events that Bulwark intercepts. Each hook contains the tool name, input, and context needed to evaluate policies.
Devices
Devices are authenticated CLI installations. You can manage multiple devices and revoke access at any time.
Next Steps
Ready to get started? Continue to Installation to set up Bulwark.