Security Layer
Getting started

Quick start

Get Security Layer protecting your AI agents in minutes.

This guide gets you from zero to protected in minutes.

1. Install

bun add -g securitylayer

2. Initialize

sl init

Accept the defaults or customize your session capabilities. The wizard creates config files at ~/.securitylayer/.

3. Set up integration

Claude Code — native hooks integration:

sl setup claude-code

This installs PreToolUse and PostToolUse hooks into ~/.claude/hooks.json. Every tool call Claude Code makes is evaluated against your security policy before execution.

Shell shim — universal protection for any AI tool:

sl shield enable

This installs PATH-priority wrapper scripts that intercept all shell commands. Works with any AI tool — Cursor, Aider, Copilot, or anything that runs shell commands.

4. Verify

sl status

You should see your configuration loaded, your session capabilities, and your integration status (hooks installed or shield active).

5. Test it

Run a dry-run policy check to see Security Layer in action:

sl policy check "rm -rf /"

You'll see the full evaluation — capability gate, rules engine, and risk score — with the final decision.

What's happening

When an AI agent tries to execute a command:

  1. Capability gate — Is this action type allowed? (exec, file.write, etc.)
  2. Taint check — Is the session trust level sufficient?
  3. Normalization — Resolve paths, decode encodings, split command chains
  4. Rules engine — Match against deterministic patterns
  5. LLM judge — Semantic analysis for contextual anomalies (if enabled)
  6. Decision — Most restrictive result wins: ALLOW, DENY, or REQUIRE_APPROVAL

Next steps

Installation

Install the CLI and system requirements.

Claude Code

Native hooks integration for Claude Code.

On this page

1. Install2. Initialize3. Set up integration4. Verify5. Test itWhat's happeningNext steps