Block bad agent behavior, one rule at a time.

A community-maintained catalog of policy rules for OpenAgentLock. The registry is just YAML files in a public Git repo — no backend, no database. Search, copy a one-liner, install.

Latest from openagentlock/rules

Sort Per page …

Use the upstream registry

The default registry is this repo. Once you have OpenAgentLock running locally, install any rule you find:

agentlock rules sync
agentlock rules search exfil
agentlock rules install rogue.destructive-bash

Installs POST the rule's gate block to the daemon's /v1/policy/gates/yaml endpoint. The local web dashboard at 127.0.0.1:7879/rules picks up the new gate immediately.

Run your own registry

Any Git repo with the same layout works — useful for company rules you don't want to upstream:

agentlock rules add https://github.com/your-org/your-rules.git
agentlock rules sources
agentlock rules sync
# pin only your private source if compliance requires it
agentlock rules remove openagentlock-rules

Multiple registries are merged at sync time. Rule ids must be unique within a single registry; collisions across registries are reported and resolved with the registryId:ruleId shorthand.

Contribute a rule

Open a PR against openagentlock/rules:

Fork the repo.
Copy rules/destructive-bash/ as a template; one rule per directory.
Run bun run validate and bun run build-index in tools/.
Open the PR. CI re-runs both. Site rebuilds on merge.