Quickstart

Get the Prismor runtime guard protecting your AI coding agent in about five minutes: install, run the setup wizard, enroll this machine, hook your agent, and verify it's working.

This walks through prismor, the runtime guard that watches your AI agent. If you're looking for the repo/SBOM vulnerability scanner instead, that's the separate prismor-cli tool — see the CLI docs.


1. Check prerequisites

python3 --version   # need >= 3.7
pip3 --version
python3 -c "import yaml"   # PyYAML — required by the policy engine

If import yaml fails, install it first: pip3 install pyyaml.

2. Install

curl -sSL https://prismor.dev/install | sh

Or with pip directly:

pip install prismor

3. Run the setup wizard

prismor setup

This is an interactive 4-step wizard: pick enforcement mode, select which agents to hook, enable secret cloaking, and choose install scope (project vs. user). For CI or scripted environments, skip the prompts:

prismor setup --non-interactive --mode observe

4. Enroll this device

If your team uses the Prismor dashboard, enroll this machine so it reports to your org's policy. Get a one-time enrollment token from Dashboard → Getting Started checklist → Enroll device (or the Agent Monitoring tab), then:

prismor enroll <token>

The token is single-use and expires in 24 hours. Skip this step if you're only running Prismor locally with no org.

5. Hook your agent

Wire Prismor into your coding agent. Start in observe mode — it logs every tool call without blocking anything, so you can see what the policy would do before it does it:

prismor install-hooks --agent claude --scope project --mode observe

Swap claude for cursor, windsurf, codex, openclaw, hermes, or all to hook every agent found in the workspace. This must be run from inside the project directory you want protected — --scope project writes the hook registration into that workspace's agent settings (e.g. .claude/settings.json for Claude Code), not a global config.

Once you've reviewed a day or two of logs and trust the policy, switch to blocking:

prismor install-hooks --agent claude --scope project --mode enforce

6. Verify it's working

prismor dashboard   # opens http://127.0.0.1:7070

Run a normal session with your agent, then check the dashboard — you should see tool calls appearing as events. If it's empty, you haven't run an agent session in a hooked workspace yet (see Troubleshooting).

If you enrolled the device in step 4, also confirm it shows up under Dashboard → My Policy with a recent check-in.


Next steps