Quickstart
Get the Prismor runtime guard protecting your AI coding agent in about five minutes: install, run the setup wizard, enroll this machine, hook your agent, and verify it's working.
This walks through
prismor, the runtime guard that watches your AI agent. If you're looking for the repo/SBOM vulnerability scanner instead, that's the separateprismor-clitool — see the CLI docs.
1. Check prerequisites
python3 --version # need >= 3.7
pip3 --version
python3 -c "import yaml" # PyYAML — required by the policy engine
If import yaml fails, install it first: pip3 install pyyaml.
2. Install
curl -sSL https://prismor.dev/install | sh
Or with pip directly:
pip install prismor
3. Run the setup wizard
prismor setup
This is an interactive 4-step wizard: pick enforcement mode, select which agents to hook, enable secret cloaking, and choose install scope (project vs. user). For CI or scripted environments, skip the prompts:
prismor setup --non-interactive --mode observe
4. Enroll this device
If your team uses the Prismor dashboard, enroll this machine so it reports to your org's policy. Get a one-time enrollment token from Dashboard → Getting Started checklist → Enroll device (or the Agent Monitoring tab), then:
prismor enroll <token>
The token is single-use and expires in 24 hours. Skip this step if you're only running Prismor locally with no org.
5. Hook your agent
Wire Prismor into your coding agent. Start in observe mode — it logs every tool call without blocking anything, so you can see what the policy would do before it does it:
prismor install-hooks --agent claude --scope project --mode observe
Swap claude for cursor, windsurf, codex, openclaw, hermes, or all to hook every agent found in the workspace. This must be run from inside the project directory you want protected — --scope project writes the hook registration into that workspace's agent settings (e.g. .claude/settings.json for Claude Code), not a global config.
Once you've reviewed a day or two of logs and trust the policy, switch to blocking:
prismor install-hooks --agent claude --scope project --mode enforce
6. Verify it's working
prismor dashboard # opens http://127.0.0.1:7070
Run a normal session with your agent, then check the dashboard — you should see tool calls appearing as events. If it's empty, you haven't run an agent session in a hooked workspace yet (see Troubleshooting).
If you enrolled the device in step 4, also confirm it shows up under Dashboard → My Policy with a recent check-in.
Next steps
- Prismor Overview — how the policy engine, hooks, and telemetry pipeline fit together
- Authoring a Policy — customize rules in
.prismor/policy.yaml - Cloak — keep real secrets out of your agent's context
- Troubleshooting — fixes for common setup issues