Anthropic Releases Prempti: Open-Source Guardrails for AI Coding Agents

Summary

Anthropic has released Prempti, an open-source tool that brings Falco-style rule-based guardrails to AI coding agents. Prempti provides real-time visibility and control over tool calls made by coding agents—including shell commands, file writes, reads, API calls, and MCP calls—through customizable YAML-based Falco rules that developers can tailor to their workflows.

The tool operates in two modes: "guardrails mode" (the default) where rules can block, allow, or request confirmation on agent actions, and "monitor mode" where tool calls proceed but are logged and evaluated for audit purposes. When a tool call is blocked or flagged in guardrails mode, the agent receives an LLM-friendly explanation of the policy violation and adapts its behavior accordingly, creating a cooperative feedback loop between user policy and agent behavior.

Prempti is designed for developers, product managers, designers, and other users of coding agents who want both security boundaries and transparency into agent activity. It includes a sensible default ruleset covering common attack surfaces like credential exposure, sandbox-disable attempts, data exfiltration, persistence, and MCP/skill poisoning. The project also provides a CLI tool (premptictl) for mode switching, log streaming, and health checks, plus a rule-authoring skill for Claude Code that helps users draft and validate custom rules interactively.

Currently in experimental preview, Prempti is cross-platform (Linux, macOS, Windows on x86_64 and aarch64) and explicitly emphasizes that it complements but does not replace traditional security measures like sandboxing, OS-level security, and least-privilege environments.